Google Git
Sign in
android/platform/external/python/google-api-python-client/e4e4b403f89a92d0f2d0661bf47d5ccd490d7bbd/./googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json
blob: b3a0d2eff79e92f7123d99fdfe6ef7fc75bf774f [file]
{
"kind": "discovery#restDescription",
"documentationLink": "https://cloud.google.com/",
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"servicePath": "",
"basePath": "",
"revision": "20201029",
"name": "networkmanagement",
"protocol": "rest",
"description": "The Network Management API provides a collection of network performance monitoring and diagnostic capabilities.",
"schemas": {
"LoadBalancerInfo": {
"type": "object",
"description": "For display only. Metadata associated with a load balancer.",
"properties": {
"backendType": {
"enum": [
"BACKEND_TYPE_UNSPECIFIED",
"BACKEND_SERVICE",
"TARGET_POOL"
],
"type": "string",
"description": "Type of load balancer's backend configuration.",
"enumDescriptions": [
"Type is unspecified.",
"Backend Service as the load balancer's backend.",
"Target Pool as the load balancer's backend."
]
},
"healthCheckUri": {
"type": "string",
"description": "URI of the health check for the load balancer."
},
"backends": {
"items": {
"$ref": "LoadBalancerBackend"
},
"description": "Information for the loadbalancer backends.",
"type": "array"
},
"loadBalancerType": {
"enum": [
"LOAD_BALANCER_TYPE_UNSPECIFIED",
"INTERNAL_TCP_UDP",
"NETWORK_TCP_UDP",
"HTTP_PROXY",
"TCP_PROXY",
"SSL_PROXY"
],
"description": "Type of the load balancer.",
"type": "string",
"enumDescriptions": [
"Type is unspecified.",
"Internal TCP/UDP load balancer.",
"Network TCP/UDP load balancer.",
"HTTP(S) proxy load balancer.",
"TCP proxy load balancer.",
"SSL proxy load balancer."
]
},
"backendUri": {
"description": "Backend configuration URI.",
"type": "string"
}
},
"id": "LoadBalancerInfo"
},
"ListConnectivityTestsResponse": {
"type": "object",
"description": "Response for the `ListConnectivityTests` method.",
"id": "ListConnectivityTestsResponse",
"properties": {
"unreachable": {
"type": "array",
"items": {
"type": "string"
},
"description": "Locations that could not be reached (when querying all locations with `-`)."
},
"nextPageToken": {
"description": "Page token to fetch the next set of Connectivity Tests.",
"type": "string"
},
"resources": {
"items": {
"$ref": "ConnectivityTest"
},
"description": "List of Connectivity Tests.",
"type": "array"
}
}
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:[email protected]\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting [email protected] from DATA_READ logging.",
"id": "AuditLogConfig",
"type": "object",
"properties": {
"exemptedMembers": {
"items": {
"type": "string"
},
"description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
"type": "array"
},
"logType": {
"type": "string",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"description": "The log type that this config enables.",
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
]
}
}
},
"Empty": {
"type": "object",
"properties": {},
"id": "Empty",
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`."
},
"AuditConfig": {
"id": "AuditConfig",
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:[email protected]\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:[email protected]\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts [email protected] from DATA_READ logging, and [email protected] from DATA_WRITE logging.",
"type": "object",
"properties": {
"auditLogConfigs": {
"items": {
"$ref": "AuditLogConfig"
},
"type": "array",
"description": "The configuration for logging of each type of permission."
},
"service": {
"description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
"type": "string"
}
}
},
"ListOperationsResponse": {
"properties": {
"nextPageToken": {
"type": "string",
"description": "The standard List next-page token."
},
"operations": {
"type": "array",
"items": {
"$ref": "Operation"
},
"description": "A list of operations that matches the specified filter in the request."
}
},
"description": "The response message for Operations.ListOperations.",
"type": "object",
"id": "ListOperationsResponse"
},
"LatencyPercentile": {
"properties": {
"latencyMicros": {
"format": "int64",
"description": "percent-th percentile of latency observed, in microseconds. Fraction of percent/100 of samples have latency lower or equal to the value of this field.",
"type": "string"
},
"percent": {
"description": "Percentage of samples this data point applies to.",
"format": "int32",
"type": "integer"
}
},
"id": "LatencyPercentile",
"description": "Latency percentile rank and value.",
"type": "object"
},
"TestIamPermissionsRequest": {
"type": "object",
"id": "TestIamPermissionsRequest",
"description": "Request message for `TestIamPermissions` method.",
"properties": {
"permissions": {
"items": {
"type": "string"
},
"type": "array",
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions)."
}
}
},
"CancelOperationRequest": {
"type": "object",
"id": "CancelOperationRequest",
"properties": {},
"description": "The request message for Operations.CancelOperation."
},
"InstanceInfo": {
"properties": {
"interface": {
"type": "string",
"description": "Name of the network interface of a Compute Engine instance."
},
"networkUri": {
"type": "string",
"description": "URI of a Compute Engine network."
},
"networkTags": {
"description": "Network tags configured on the instance.",
"type": "array",
"items": {
"type": "string"
}
},
"uri": {
"type": "string",
"description": "URI of a Compute Engine instance."
},
"displayName": {
"description": "Name of a Compute Engine instance.",
"type": "string"
},
"internalIp": {
"type": "string",
"description": "Internal IP address of the network interface."
},
"serviceAccount": {
"description": "Service account authorized for the instance.",
"type": "string"
},
"externalIp": {
"type": "string",
"description": "External IP address of the network interface."
}
},
"id": "InstanceInfo",
"description": "For display only. Metadata associated with a Compute Engine instance.",
"type": "object"
},
"TestIamPermissionsResponse": {
"type": "object",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is allowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"id": "TestIamPermissionsResponse",
"description": "Response message for `TestIamPermissions` method."
},
"EndpointInfo": {
"id": "EndpointInfo",
"description": "For display only. The specification of the endpoints for the test. EndpointInfo is derived from source and destination Endpoint and validated by the backend data plane model.",
"properties": {
"protocol": {
"description": "IP protocol in string format, for example: \"TCP\", \"UDP\", \"ICMP\".",
"type": "string"
},
"destinationNetworkUri": {
"type": "string",
"description": "URI of the network where this packet is sent to."
},
"sourceNetworkUri": {
"description": "URI of the network where this packet originates from.",
"type": "string"
},
"sourcePort": {
"format": "int32",
"description": "Source port. Only valid when protocol is TCP or UDP.",
"type": "integer"
},
"destinationPort": {
"format": "int32",
"type": "integer",
"description": "Destination port. Only valid when protocol is TCP or UDP."
},
"destinationIp": {
"description": "Destination IP address.",
"type": "string"
},
"sourceIp": {
"description": "Source IP address.",
"type": "string"
}
},
"type": "object"
},
"FirewallInfo": {
"type": "object",
"properties": {
"action": {
"description": "Possible values: ALLOW, DENY",
"type": "string"
},
"networkUri": {
"description": "URI of a Compute Engine network.",
"type": "string"
},
"priority": {
"format": "int32",
"type": "integer",
"description": "Priority of the firewall rule."
},
"uri": {
"type": "string",
"description": "URI of a Compute Engine firewall rule. Implied default rule does not have URI."
},
"displayName": {
"description": "Name of a Compute Engine firewall rule.",
"type": "string"
},
"targetServiceAccounts": {
"type": "array",
"description": "Target service accounts of the firewall rule.",
"items": {
"type": "string"
}
},
"targetTags": {
"type": "array",
"description": "Target tags of the firewall rule.",
"items": {
"type": "string"
}
},
"direction": {
"type": "string",
"description": "Possible values: INGRESS, EGRESS"
}
},
"description": "For display only. Metadata associated with a Compute Engine firewall rule.",
"id": "FirewallInfo"
},
"LoadBalancerBackend": {
"id": "LoadBalancerBackend",
"properties": {
"healthCheckBlockingFirewallRules": {
"type": "array",
"items": {
"type": "string"
},
"description": "A list of firewall rule URIs blocking probes from health check IP ranges."
},
"uri": {
"description": "URI of a Compute Engine instance or network endpoint.",
"type": "string"
},
"displayName": {
"description": "Name of a Compute Engine instance or network endpoint.",
"type": "string"
},
"healthCheckAllowingFirewallRules": {
"description": "A list of firewall rule URIs allowing probes from health check IP ranges.",
"type": "array",
"items": {
"type": "string"
}
},
"healthCheckFirewallState": {
"enumDescriptions": [
"State is unspecified. Default state if not populated.",
"There are configured firewall rules to allow health check probes to the backend.",
"There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer."
],
"enum": [
"HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED",
"CONFIGURED",
"MISCONFIGURED"
],
"type": "string",
"description": "State of the health check firewall configuration."
}
},
"description": "For display only. Metadata associated with a specific load balancer backend.",
"type": "object"
},
"RouteInfo": {
"description": "For display only. Metadata associated with a Compute Engine route.",
"type": "object",
"id": "RouteInfo",
"properties": {
"priority": {
"description": "Priority of the route.",
"type": "integer",
"format": "int32"
},
"instanceTags": {
"items": {
"type": "string"
},
"type": "array",
"description": "Instance tags of the route."
},
"nextHopType": {
"enumDescriptions": [
"Unspecified type. Default value.",
"Next hop is an IP address.",
"Next hop is a Compute Engine instance.",
"Next hop is a VPC network gateway.",
"Next hop is a peering VPC.",
"Next hop is an interconnect.",
"Next hop is a VPN tunnel.",
"Next hop is a VPN Gateway. This scenario only happens when tracing connectivity from an on-premises network to GCP through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arrives at a Cloud VPN gateway.",
"Next hop is an internet gateway.",
"Next hop is blackhole; that is, the next hop either does not exist or is not running.",
"Next hop is the forwarding rule of an Internal Load Balancer."
],
"type": "string",
"description": "Type of next hop.",
"enum": [
"NEXT_HOP_TYPE_UNSPECIFIED",
"NEXT_HOP_IP",
"NEXT_HOP_INSTANCE",
"NEXT_HOP_NETWORK",
"NEXT_HOP_PEERING",
"NEXT_HOP_INTERCONNECT",
"NEXT_HOP_VPN_TUNNEL",
"NEXT_HOP_VPN_GATEWAY",
"NEXT_HOP_INTERNET_GATEWAY",
"NEXT_HOP_BLACKHOLE",
"NEXT_HOP_ILB"
]
},
"uri": {
"type": "string",
"description": "URI of a Compute Engine route. Dynamic route from cloud router does not have a URI. Advertised route from Google Cloud VPC to on-premises network also does not have a URI."
},
"destIpRange": {
"type": "string",
"description": "Destination IP range of the route."
},
"networkUri": {
"type": "string",
"description": "URI of a Compute Engine network."
},
"displayName": {
"description": "Name of a Compute Engine route.",
"type": "string"
},
"nextHop": {
"type": "string",
"description": "Next hop of the route."
},
"routeType": {
"enum": [
"ROUTE_TYPE_UNSPECIFIED",
"SUBNET",
"STATIC",
"DYNAMIC",
"PEERING_SUBNET",
"PEERING_STATIC",
"PEERING_DYNAMIC"
],
"description": "Type of route.",
"type": "string",
"enumDescriptions": [
"Unspecified type. Default value.",
"Route is a subnet route automatically created by the system.",
"Static route created by the user including the default route to the Internet.",
"Dynamic route exchanged between BGP peers.",
"A subnet route received from peering network.",
"A static route received from peering network.",
"A dynamic route received from peering network."
]
}
}
},
"DeliverInfo": {
"id": "DeliverInfo",
"description": "Details of the final state \"deliver\" and associated resource.",
"type": "object",
"properties": {
"resourceUri": {
"type": "string",
"description": "URI of the resource that the packet is delivered to."
},
"target": {
"enumDescriptions": [
"Target not specified.",
"Target is a Compute Engine instance.",
"Target is the Internet.",
"Target is a Google API.",
"Target is a Google Kubernetes Engine cluster master.",
"Target is a Cloud SQL instance."
],
"type": "string",
"enum": [
"TARGET_UNSPECIFIED",
"INSTANCE",
"INTERNET",
"GOOGLE_API",
"GKE_MASTER",
"CLOUD_SQL_INSTANCE"
],
"description": "Target type where the packet is delivered to."
}
}
},
"Step": {
"properties": {
"instance": {
"description": "Display info of a Compute Engine instance.",
"$ref": "InstanceInfo"
},
"abort": {
"$ref": "AbortInfo",
"description": "Display info of the final state \"abort\" and reason."
},
"state": {
"type": "string",
"description": "Each step is in one of the pre-defined states.",
"enumDescriptions": [
"Unspecified state.",
"Initial state: packet originating from a Compute Engine instance. An InstanceInfo will be populated with starting instance info.",
"Initial state: packet originating from Internet. The endpoint info will be populated.",
"Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo will be populated with details of the network.",
"Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo will be populated with starting instance info.",
"Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo will be populated with starting instance info.",
"Config checking state: verify ingress firewall rule.",
"Config checking state: verify egress firewall rule.",
"Config checking state: verify route.",
"Config checking state: match forwarding rule.",
"Config checking state: packet sent or received under foreign IP address and allowed.",
"Forwarding state: arriving at a Compute Engine instance.",
"Forwarding state: arriving at a Compute Engine internal load balancer.",
"Forwarding state: arriving at a Compute Engine external load balancer.",
"Forwarding state: arriving at a Cloud VPN gateway.",
"Forwarding state: arriving at a Cloud VPN tunnel.",
"Transition state: packet header translated.",
"Transition state: original connection is terminated and a new proxied connection is initiated.",
"Final state: packet delivered.",
"Final state: packet dropped.",
"Final state: packet forwarded to a network with an unknown configuration.",
"Final state: analysis is aborted.",
"Special state: viewer of the test result does not have permission to see the configuration in this step."
],
"enum": [
"STATE_UNSPECIFIED",
"START_FROM_INSTANCE",
"START_FROM_INTERNET",
"START_FROM_PRIVATE_NETWORK",
"START_FROM_GKE_MASTER",
"START_FROM_CLOUD_SQL_INSTANCE",
"APPLY_INGRESS_FIREWALL_RULE",
"APPLY_EGRESS_FIREWALL_RULE",
"APPLY_ROUTE",
"APPLY_FORWARDING_RULE",
"SPOOFING_APPROVED",
"ARRIVE_AT_INSTANCE",
"ARRIVE_AT_INTERNAL_LOAD_BALANCER",
"ARRIVE_AT_EXTERNAL_LOAD_BALANCER",
"ARRIVE_AT_VPN_GATEWAY",
"ARRIVE_AT_VPN_TUNNEL",
"NAT",
"PROXY_CONNECTION",
"DELIVER",
"DROP",
"FORWARD",
"ABORT",
"VIEWER_PERMISSION_MISSING"
]
},
"causesDrop": {
"type": "boolean",
"description": "This is a step that leads to the final state Drop."
},
"forwardingRule": {
"description": "Display info of a Compute Engine forwarding rule.",
"$ref": "ForwardingRuleInfo"
},
"gkeMaster": {
"description": "Display info of a Google Kubernetes Engine cluster master.",
"$ref": "GKEMasterInfo"
},
"drop": {
"$ref": "DropInfo",
"description": "Display info of the final state \"drop\" and reason."
},
"vpnTunnel": {
"$ref": "VpnTunnelInfo",
"description": "Display info of a Compute Engine VPN tunnel."
},
"deliver": {
"description": "Display info of the final state \"deliver\" and reason.",
"$ref": "DeliverInfo"
},
"endpoint": {
"$ref": "EndpointInfo",
"description": "Display info of the source and destination under analysis. The endpiont info in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy."
},
"cloudSqlInstance": {
"$ref": "CloudSQLInstanceInfo",
"description": "Display info of a Cloud SQL instance."
},
"route": {
"description": "Display info of a Compute Engine route.",
"$ref": "RouteInfo"
},
"projectId": {
"type": "string",
"description": "Project ID that contains the configuration this step is validating."
},
"loadBalancer": {
"$ref": "LoadBalancerInfo",
"description": "Display info of the load balancers."
},
"forward": {
"description": "Display info of the final state \"forward\" and reason.",
"$ref": "ForwardInfo"
},
"network": {
"$ref": "NetworkInfo",
"description": "Display info of a GCP network."
},
"firewall": {
"$ref": "FirewallInfo",
"description": "Display info of a Compute Engine firewall rule."
},
"description": {
"description": "A description of the step. Usually this is a summary of the state.",
"type": "string"
},
"vpnGateway": {
"description": "Display info of a Compute Engine VPN gateway.",
"$ref": "VpnGatewayInfo"
}
},
"description": "A simulated forwarding path is composed of multiple steps. Each step has a well-defined state and an associated configuration.",
"type": "object",
"id": "Step"
},
"ProbingDetails": {
"description": "The details of probing from the latest run.",
"type": "object",
"properties": {
"error": {
"$ref": "Status",
"description": "The details of an internal failure or a cancellation of reachability analysis."
},
"abortCause": {
"type": "string",
"enumDescriptions": [
"Abort reason unspecified.",
"Aborted because the user lacks the permission to access all or part of the network configurations required to run the test.",
"Aborted because no valid source endpoint is derived from the input test request."
],
"description": "Causes that the probing was aborted.",
"enum": [
"PROBING_ABORT_CAUSE_UNSPECIFIED",
"PERMISSION_DENIED",
"NO_SOURCE_LOCATION"
]
},
"successfulProbeCount": {
"format": "int32",
"type": "integer",
"description": "Number of probes that reached destination."
},
"endpointInfo": {
"$ref": "EndpointInfo",
"description": "Derived from the test input. The actual source and destination endpoint where the probing was run."
},
"sentProbeCount": {
"format": "int32",
"type": "integer",
"description": "Number of probes sent."
},
"verifyTime": {
"type": "string",
"format": "google-datetime",
"description": "The time the reachability state was verified."
},
"result": {
"type": "string",
"enum": [
"PROBING_RESULT_UNSPECIFIED",
"REACHABLE",
"UNREACHABLE",
"REACHABILITY_INCONSISTENT",
"UNDETERMINED"
],
"enumDescriptions": [
"Result is not specified.",
"95% or more packets originating from source reached destination.",
"No packet originating from source reached destination.",
"Less than 95% packets originating from source reached destination.",
"The reachability could not be determined. Possible reasons are: * Analysis is aborted due to permission error. User does not have read permission to the projects listed in the test. * Analysis is aborted due to internal errors."
],
"description": "The overall reachability result of the test."
},
"probingLatency": {
"description": "One way probing latency distribution. The latency is measured as duration of packet traversal of Google Cloud network, from source to destination endpoint.",
"$ref": "LatencyDistribution"
}
},
"id": "ProbingDetails"
},
"Location": {
"description": "A resource that represents Google Cloud Platform location.",
"type": "object",
"properties": {
"labels": {
"description": "Cross-service attributes for the location. For example {\"cloud.googleapis.com/region\": \"us-east1\"}",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"name": {
"description": "Resource name for the location, which may vary between implementations. For example: `\"projects/example-project/locations/us-east1\"`",
"type": "string"
},
"displayName": {
"type": "string",
"description": "The friendly name for this location, typically a nearby city name. For example, \"Tokyo\"."
},
"locationId": {
"type": "string",
"description": "The canonical id for this location. For example: `\"us-east1\"`."
},
"metadata": {
"type": "object",
"description": "Service-specific metadata. For example the available capacity at the given location.",
"additionalProperties": {
"type": "any",
"description": "Properties of the object. Contains field @type with type URL."
}
}
},
"id": "Location"
},
"Trace": {
"properties": {
"endpointInfo": {
"$ref": "EndpointInfo",
"description": "Derived from the source and destination endpoints definition, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpoint_info may be different between traces."
},
"steps": {
"description": "A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted). The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them.",
"items": {
"$ref": "Step"
},
"type": "array"
}
},
"id": "Trace",
"type": "object",
"description": "Trace represents one simulated packet forwarding path. - Each trace contains multiple ordered steps. - Each step is in a particular state and has an associated configuration. - State is categorized as a final or non-final state. - Each final state has a reason associated with it. - Each trace must end with a final state (the last step). |---------------------Trace----------------------| Step1(State) Step2(State) --- StepN(State(final)) "
},
"LatencyDistribution": {
"id": "LatencyDistribution",
"properties": {
"latencyPercentiles": {
"items": {
"$ref": "LatencyPercentile"
},
"type": "array",
"description": "Representative latency percentiles."
}
},
"type": "object",
"description": "Describes measured latency distribution."
},
"ReachabilityDetails": {
"id": "ReachabilityDetails",
"description": "The details of reachability state from the latest run.",
"type": "object",
"properties": {
"verifyTime": {
"type": "string",
"format": "google-datetime",
"description": "The time the reachability state was verified."
},
"traces": {
"items": {
"$ref": "Trace"
},
"description": "Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends.",
"type": "array"
},
"result": {
"type": "string",
"enum": [
"RESULT_UNSPECIFIED",
"REACHABLE",
"UNREACHABLE",
"AMBIGUOUS",
"UNDETERMINED"
],
"description": "The overall reachability result of the test.",
"enumDescriptions": [
"Result is not specified.",
"Packet originating from source is expected to reach destination.",
"Packet originating from source is expected to be dropped before reaching destination.",
"If the source and destination endpoint does not uniquely identify the test location in the network, and the reachability result contains multiple traces with mixed reachable and unreachable states, then this result is returned.",
"The reachability could not be determined. Possible reasons are: * Analysis is aborted due to permission error. User does not have read permission to the projects listed in the test. * Analysis is aborted due to internal errors. * Analysis is partially complete based on configurations where the user has permission. The Final state indicates that the packet is forwarded to another network where the user has no permission to access the configurations."
]
},
"error": {
"$ref": "Status",
"description": "The details of a failure or a cancellation of reachability analysis."
}
}
},
"Expr": {
"properties": {
"location": {
"type": "string",
"description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file."
},
"title": {
"type": "string",
"description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
},
"description": {
"description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language syntax.",
"type": "string"
}
},
"type": "object",
"id": "Expr",
"description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information."
},
"CloudSQLInstanceInfo": {
"properties": {
"displayName": {
"type": "string",
"description": "Name of a Cloud SQL instance."
},
"externalIp": {
"type": "string",
"description": "External IP address of Cloud SQL instance."
},
"region": {
"description": "Region in which the Cloud SQL instance is running.",
"type": "string"
},
"internalIp": {
"description": "Internal IP address of Cloud SQL instance.",
"type": "string"
},
"networkUri": {
"type": "string",
"description": "URI of a Cloud SQL instance network or empty string if instance does not have one."
},
"uri": {
"description": "URI of a Cloud SQL instance.",
"type": "string"
}
},
"id": "CloudSQLInstanceInfo",
"description": "For display only. Metadata associated with a Cloud SQL instance.",
"type": "object"
},
"NetworkInfo": {
"properties": {
"displayName": {
"description": "Name of a Compute Engine network.",
"type": "string"
},
"matchedIpRange": {
"description": "The IP range that matches the test.",
"type": "string"
},
"uri": {
"description": "URI of a Compute Engine network.",
"type": "string"
}
},
"id": "NetworkInfo",
"description": "For display only. Metadata associated with a Compute Engine network.",
"type": "object"
},
"ForwardInfo": {
"properties": {
"target": {
"enumDescriptions": [
"Target not specified.",
"Forwarded to a VPC peering network.",
"Forwarded to a Cloud VPN gateway.",
"Forwarded to an Cloud Interconnect connection.",
"Forwarded to a Google Kubernetes Engine Container cluster master.",
"Forwarded to the next hop of a custom route imported from a peering VPC.",
"Forwarded to a Cloud SQL Instance."
],
"description": "Target type where this packet is forwarded to.",
"enum": [
"TARGET_UNSPECIFIED",
"PEERING_VPC",
"VPN_GATEWAY",
"INTERCONNECT",
"GKE_MASTER",
"IMPORTED_CUSTOM_ROUTE_NEXT_HOP",
"CLOUD_SQL_INSTANCE"
],
"type": "string"
},
"resourceUri": {
"type": "string",
"description": "URI of the resource that the packet is forwarded to."
}
},
"type": "object",
"description": "Details of the final state \"forward\" and associated resource.",
"id": "ForwardInfo"
},
"Operation": {
"id": "Operation",
"properties": {
"done": {
"type": "boolean",
"description": "If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available."
},
"metadata": {
"description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.",
"type": "object",
"additionalProperties": {
"type": "any",
"description": "Properties of the object. Contains field @type with type URL."
}
},
"name": {
"type": "string",
"description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`."
},
"response": {
"description": "The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.",
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"error": {
"description": "The error result of the operation in case of failure or cancellation.",
"$ref": "Status"
}
},
"type": "object",
"description": "This resource represents a long-running operation that is the result of a network API call."
},
"Policy": {
"properties": {
"bindings": {
"items": {
"$ref": "Binding"
},
"type": "array",
"description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member."
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"format": "int32",
"description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"type": "integer"
},
"auditConfigs": {
"type": "array",
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
}
}
},
"type": "object",
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:[email protected]\", \"group:[email protected]\", \"domain:google.com\", \"serviceAccount:[email protected]\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:[email protected]\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:[email protected] - group:[email protected] - domain:google.com - serviceAccount:[email protected] role: roles/resourcemanager.organizationAdmin - members: - user:[email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy"
},
"AbortInfo": {
"properties": {
"cause": {
"type": "string",
"enumDescriptions": [
"Cause is unspecified.",
"Aborted due to unknown network. The reachability analysis cannot proceed because the user does not have access to the host project's network configurations, including firewall rules and routes. This happens when the project is a service project and the endpoints being traced are in the host project's network.",
"Aborted because the IP address(es) are unknown.",
"Aborted because no project information can be derived from the test input.",
"Aborted because the user lacks the permission to access all or part of the network configurations required to run the test.",
"Aborted because no valid source endpoint is derived from the input test request.",
"Aborted because the source and/or destination endpoint specified in the test are invalid. The possible reasons that an endpoint is invalid include: malformed IP address; nonexistent instance or network URI; IP address not in the range of specified network URI; and instance not owning the network interface in the specified network.",
"Aborted because traffic is sent from a public IP to an instance without an external IP.",
"Aborted because none of the traces matches destination information specified in the input test request.",
"Aborted because the number of steps in the trace exceeding a certain limit which may be caused by routing loop.",
"Aborted due to internal server error."
],
"enum": [
"CAUSE_UNSPECIFIED",
"UNKNOWN_NETWORK",
"UNKNOWN_IP",
"UNKNOWN_PROJECT",
"PERMISSION_DENIED",
"NO_SOURCE_LOCATION",
"INVALID_ARGUMENT",
"NO_EXTERNAL_IP",
"UNINTENDED_DESTINATION",
"TRACE_TOO_LONG",
"INTERNAL_ERROR"
],
"description": "Causes that the analysis is aborted."
},
"resourceUri": {
"type": "string",
"description": "URI of the resource that caused the abort."
}
},
"type": "object",
"id": "AbortInfo",
"description": "Details of the final state \"abort\" and associated resource."
},
"VpnTunnelInfo": {
"properties": {
"remoteGatewayIp": {
"description": "Remote VPN gateway's IP address.",
"type": "string"
},
"displayName": {
"description": "Name of a VPN tunnel.",
"type": "string"
},
"remoteGateway": {
"description": "URI of a VPN gateway at remote end of the tunnel.",
"type": "string"
},
"sourceGatewayIp": {
"description": "Local VPN gateway's IP address.",
"type": "string"
},
"networkUri": {
"description": "URI of a Compute Engine network where the VPN tunnel is configured.",
"type": "string"
},
"region": {
"type": "string",
"description": "Name of a GCP region where this VPN tunnel is configured."
},
"uri": {
"type": "string",
"description": "URI of a VPN tunnel."
},
"sourceGateway": {
"description": "URI of the VPN gateway at local end of the tunnel.",
"type": "string"
},
"routingType": {
"enum": [
"ROUTING_TYPE_UNSPECIFIED",
"ROUTE_BASED",
"POLICY_BASED",
"DYNAMIC"
],
"type": "string",
"enumDescriptions": [
"Unspecified type. Default value.",
"Route based VPN.",
"Policy based routing.",
"Dynamic (BGP) routing."
],
"description": "Type of the routing policy."
}
},
"description": "For display only. Metadata associated with a Compute Engine VPN tunnel.",
"type": "object",
"id": "VpnTunnelInfo"
},
"ForwardingRuleInfo": {
"description": "For display only. Metadata associated with a Compute Engine forwarding rule.",
"type": "object",
"id": "ForwardingRuleInfo",
"properties": {
"networkUri": {
"description": "Network URI. Only valid for Internal Load Balancer.",
"type": "string"
},
"matchedPortRange": {
"description": "Port range defined in the forwarding rule that matches the test.",
"type": "string"
},
"vip": {
"description": "VIP of the forwarding rule.",
"type": "string"
},
"matchedProtocol": {
"type": "string",
"description": "Protocol defined in the forwarding rule that matches the test."
},
"target": {
"description": "Target type of the forwarding rule.",
"type": "string"
},
"uri": {
"description": "URI of a Compute Engine forwarding rule.",
"type": "string"
},
"displayName": {
"type": "string",
"description": "Name of a Compute Engine forwarding rule."
}
}
},
"ListLocationsResponse": {
"type": "object",
"properties": {
"locations": {
"description": "A list of locations that matches the specified filter in the request.",
"items": {
"$ref": "Location"
},
"type": "array"
},
"nextPageToken": {
"type": "string",
"description": "The standard List next-page token."
}
},
"id": "ListLocationsResponse",
"description": "The response message for Locations.ListLocations."
},
"Status": {
"type": "object",
"id": "Status",
"properties": {
"code": {
"type": "integer",
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.",
"type": "string"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.",
"type": "array",
"items": {
"additionalProperties": {
"type": "any",
"description": "Properties of the object. Contains field @type with type URL."
},
"type": "object"
}
}
},
"description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)."
},
"GKEMasterInfo": {
"properties": {
"clusterUri": {
"description": "URI of a Google Kubernetes Engine cluster.",
"type": "string"
},
"clusterNetworkUri": {
"description": "URI of a Google Kubernetes Engine cluster network.",
"type": "string"
},
"externalIp": {
"description": "External IP address of a Google Kubernetes Engine cluster master.",
"type": "string"
},
"internalIp": {
"type": "string",
"description": "Internal IP address of a Google Kubernetes Engine cluster master."
}
},
"description": "For display only. Metadata associated with a Google Kubernetes Engine cluster master.",
"type": "object",
"id": "GKEMasterInfo"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.",
"$ref": "Policy"
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"OperationMetadata": {
"type": "object",
"id": "OperationMetadata",
"properties": {
"createTime": {
"description": "The time the operation was created.",
"format": "google-datetime",
"type": "string"
},
"verb": {
"description": "Name of the verb executed by the operation.",
"type": "string"
},
"cancelRequested": {
"type": "boolean",
"description": "Specifies if cancellation was requested for the operation."
},
"apiVersion": {
"type": "string",
"description": "API version."
},
"endTime": {
"format": "google-datetime",
"type": "string",
"description": "The time the operation finished running."
},
"statusDetail": {
"description": "Human-readable status of the operation, if any.",
"type": "string"
},
"target": {
"description": "Target of the operation - for example projects/project-1/locations/global/connectivityTests/test-1",
"type": "string"
}
},
"description": "Metadata describing an Operation"
},
"ConnectivityTest": {
"type": "object",
"description": "A Connectivity Test for a network reachability analysis.",
"properties": {
"probingDetails": {
"readOnly": true,
"$ref": "ProbingDetails",
"description": "Output only. The probing details of this test from the latest run, present for applicable tests only. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test."
},
"relatedProjects": {
"type": "array",
"items": {
"type": "string"
},
"description": "Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries."
},
"source": {
"$ref": "Endpoint",
"description": "Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test."
},
"description": {
"type": "string",
"description": "The user-supplied description of the Connectivity Test. Maximum of 512 characters."
},
"destination": {
"$ref": "Endpoint",
"description": "Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test."
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Resource labels to represent user-provided metadata.",
"type": "object"
},
"reachabilityDetails": {
"description": "Output only. The reachability details of this test from the latest run. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test.",
"$ref": "ReachabilityDetails",
"readOnly": true
},
"updateTime": {
"readOnly": true,
"format": "google-datetime",
"description": "Output only. The time the test's configuration was updated.",
"type": "string"
},
"createTime": {
"readOnly": true,
"format": "google-datetime",
"type": "string",
"description": "Output only. The time the test was created."
},
"protocol": {
"type": "string",
"description": "IP Protocol of the test. When not provided, \"TCP\" is assumed."
},
"name": {
"type": "string",
"description": "Required. Unique name of the resource using the form: `projects/{project_id}/locations/global/connectivityTests/{test}`"
},
"displayName": {
"type": "string",
"readOnly": true,
"description": "Output only. The display name of a Connectivity Test."
}
},
"id": "ConnectivityTest"
},
"Binding": {
"type": "object",
"id": "Binding",
"properties": {
"condition": {
"description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"$ref": "Expr"
},
"role": {
"description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
},
"bindingId": {
"type": "string"
},
"members": {
"items": {
"type": "string"
},
"description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `[email protected]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"type": "array"
}
},
"description": "Associates `members` with a `role`."
},
"RerunConnectivityTestRequest": {
"type": "object",
"id": "RerunConnectivityTestRequest",
"description": "Request for the `RerunConnectivityTest` method.",
"properties": {}
},
"DropInfo": {
"properties": {
"resourceUri": {
"type": "string",
"description": "URI of the resource that caused the drop."
},
"cause": {
"enumDescriptions": [
"Cause is unspecified.",
"Destination external address cannot be resolved to a known target.",
"a Compute Engine instance can only send or receive a packet with a foreign IP if ip_forward is enabled.",
"Dropped due to a firewall rule unless allowed due to connection tracking.",
"Dropped due to no routes.",
"Dropped due to invalid route. Route's next hop is a blackhole.",
"Packet is sent to a wrong (unintended) network. Example: user traces a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP addresss to Network3.",
"Packet with internal destination address sent to Internet gateway.",
"Instance with only an internal IP tries to access Google API and Services, and private Google access is not enabled.",
"Instance with only internal IP tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allows this connection. See [Special Configurations for VM instances](https://cloud.google.com/vpc/docs/special-configurations) for details.",
"Destination internal address cannot be resolved to a known target.",
"Forwarding rule's protocol and ports do not match the packet header.",
"Forwarding rule does not have backends configured.",
"Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. See [Health check firewall rules](https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules) for more details.",
"Packet is sent from or to a Compute Engine instance that is not in a running state.",
"The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See [Always blocked traffic](https://cloud.google.com/vpc/docs/firewalls#blockedtraffic) for more details.",
"Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See [Access to the cluster endpoints](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints) for more details.",
"Access to the Cloud SQL instance endpoint is not authorized. See [Authorizing with authorized networks](https://cloud.google.com/sql/docs/mysql/authorize-networks) for more details.",
"Packet was dropped inside Google Kubernetes Engine Service.",
"Packet was dropped inside Cloud SQL Service."
],
"description": "Cause that the packet is dropped.",
"type": "string",
"enum": [
"CAUSE_UNSPECIFIED",
"UNKNOWN_EXTERNAL_ADDRESS",
"FOREIGN_IP_DISALLOWED",
"FIREWALL_RULE",
"NO_ROUTE",
"ROUTE_BLACKHOLE",
"ROUTE_WRONG_NETWORK",
"PRIVATE_TRAFFIC_TO_INTERNET",
"PRIVATE_GOOGLE_ACCESS_DISALLOWED",
"NO_EXTERNAL_ADDRESS",
"UNKNOWN_INTERNAL_ADDRESS",
"FORWARDING_RULE_MISMATCH",
"FORWARDING_RULE_NO_INSTANCES",
"FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK",
"INSTANCE_NOT_RUNNING",
"TRAFFIC_TYPE_BLOCKED",
"GKE_MASTER_UNAUTHORIZED_ACCESS",
"CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS",
"DROPPED_INSIDE_GKE_SERVICE",
"DROPPED_INSIDE_CLOUD_SQL_SERVICE"
]
}
},
"id": "DropInfo",
"description": "Details of the final state \"drop\" and associated resource.",
"type": "object"
},
"Endpoint": {
"description": "Source or destination of the Connectivity Test.",
"id": "Endpoint",
"properties": {
"projectId": {
"description": "Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: 1. Only the IP address is specified, and the IP address is within a GCP project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.",
"type": "string"
},
"networkType": {
"type": "string",
"enumDescriptions": [
"Default type if unspecified.",
"A network hosted within Google Cloud Platform. To receive more detailed output, specify the URI for the source or destination network.",
"A network hosted outside of Google Cloud Platform. This can be an on-premises network, or a network hosted by another cloud provider."
],
"enum": [
"NETWORK_TYPE_UNSPECIFIED",
"GCP_NETWORK",
"NON_GCP_NETWORK"
],
"description": "Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source."
},
"port": {
"type": "integer",
"description": "The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.",
"format": "int32"
},
"gkeMasterCluster": {
"type": "string",
"description": "A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture)."
},
"cloudSqlInstance": {
"description": "A [Cloud SQL](https://cloud.google.com/sql) instance URI.",
"type": "string"
},
"instance": {
"type": "string",
"description": "A Compute Engine instance URI."
},
"network": {
"type": "string",
"description": "A Compute Engine network URI."
},
"ipAddress": {
"description": "The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a [global load balancer VIP](https://cloud.google.com/load-balancing/docs/load-balancing-overview).",
"type": "string"
}
},
"type": "object"
},
"VpnGatewayInfo": {
"description": "For display only. Metadata associated with a Compute Engine VPN gateway.",
"type": "object",
"id": "VpnGatewayInfo",
"properties": {
"region": {
"description": "Name of a GCP region where this VPN gateway is configured.",
"type": "string"
},
"vpnTunnelUri": {
"type": "string",
"description": "A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed."
},
"networkUri": {
"description": "URI of a Compute Engine network where the VPN gateway is configured.",
"type": "string"
},
"displayName": {
"description": "Name of a VPN gateway.",
"type": "string"
},
"ipAddress": {
"type": "string",
"description": "IP address of the VPN gateway."
},
"uri": {
"type": "string",
"description": "URI of a VPN gateway."
}
}
}
},
"fullyEncodeReservedExpansion": true,
"canonicalName": "Network Management",
"id": "networkmanagement:v1beta1",
"rootUrl": "https://networkmanagement.googleapis.com/",
"mtlsRootUrl": "https://networkmanagement.mtls.googleapis.com/",
"batchPath": "batch",
"baseUrl": "https://networkmanagement.googleapis.com/",
"version_module": true,
"version": "v1beta1",
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"title": "Network Management API",
"parameters": {
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"type": "string",
"location": "query"
},
"access_token": {
"location": "query",
"type": "string",
"description": "OAuth access token."
},
"$.xgafv": {
"location": "query",
"description": "V1 error format.",
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"enum": [
"1",
"2"
],
"type": "string"
},
"quotaUser": {
"type": "string",
"location": "query",
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters."
},
"upload_protocol": {
"location": "query",
"type": "string",
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
},
"alt": {
"default": "json",
"type": "string",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"description": "Data format for response."
},
"oauth_token": {
"type": "string",
"location": "query",
"description": "OAuth 2.0 token for the current user."
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"location": "query",
"type": "string",
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token."
},
"prettyPrint": {
"default": "true",
"type": "boolean",
"description": "Returns response with indentations and line breaks.",
"location": "query"
},
"callback": {
"type": "string",
"location": "query",
"description": "JSONP"
}
},
"ownerDomain": "google.com",
"discoveryVersion": "v1",
"resources": {
"projects": {
"resources": {
"locations": {
"methods": {
"list": {
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"response": {
"$ref": "ListLocationsResponse"
},
"parameters": {
"pageSize": {
"format": "int32",
"description": "The standard list page size.",
"type": "integer",
"location": "query"
},
"pageToken": {
"type": "string",
"location": "query",
"description": "The standard list page token."
},
"filter": {
"location": "query",
"type": "string",
"description": "The standard list filter."
},
"name": {
"location": "path",
"pattern": "^projects/[^/]+$",
"description": "The resource that owns the locations collection, if applicable.",
"required": true,
"type": "string"
}
},
"flatPath": "v1beta1/projects/{projectsId}/locations",
"path": "v1beta1/{+name}/locations",
"parameterOrder": [
"name"
],
"httpMethod": "GET",
"id": "networkmanagement.projects.locations.list",
"description": "Lists information about the supported locations for this service."
},
"get": {
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}",
"parameterOrder": [
"name"
],
"path": "v1beta1/{+name}",
"httpMethod": "GET",
"parameters": {
"name": {
"description": "Resource name for the location.",
"location": "path",
"type": "string",
"required": true,
"pattern": "^projects/[^/]+/locations/[^/]+$"
}
},
"response": {
"$ref": "Location"
},
"description": "Gets information about a location.",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"id": "networkmanagement.projects.locations.get"
}
},
"resources": {
"global": {
"resources": {
"connectivityTests": {
"methods": {
"patch": {
"id": "networkmanagement.projects.locations.global.connectivityTests.patch",
"request": {
"$ref": "ConnectivityTest"
},
"path": "v1beta1/{+name}",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}",
"description": "Updates the configuration of an existing `ConnectivityTest`. After you update a test, the reachability analysis is performed as part of the long running operation, which completes when the analysis completes. The Reachability state in the test resource is updated with the new result. If the endpoint specifications in `ConnectivityTest` are invalid (for example, they contain non-existent resources in the network, or the user does not have read permissions to the network configurations of listed projects), then the reachability result returns a value of UNKNOWN. If the endpoint specifications in `ConnectivityTest` are incomplete, the reachability result returns a value of `AMBIGUOUS`. See the documentation in `ConnectivityTest` for for more details.",
"httpMethod": "PATCH",
"parameters": {
"updateMask": {
"location": "query",
"format": "google-fieldmask",
"type": "string",
"description": "Required. Mask of fields to update. At least one path must be supplied in this field."
},
"name": {
"description": "Required. Unique name of the resource using the form: `projects/{project_id}/locations/global/connectivityTests/{test}`",
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$",
"required": true,
"location": "path",
"type": "string"
}
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"parameterOrder": [
"name"
]
},
"getIamPolicy": {
"id": "networkmanagement.projects.locations.global.connectivityTests.getIamPolicy",
"description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
"httpMethod": "GET",
"path": "v1beta1/{+resource}:getIamPolicy",
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer",
"location": "query"
},
"resource": {
"required": true,
"location": "path",
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$",
"type": "string",
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field."
}
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}:getIamPolicy",
"parameterOrder": [
"resource"
],
"response": {
"$ref": "Policy"
}
},
"get": {
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"id": "networkmanagement.projects.locations.global.connectivityTests.get",
"httpMethod": "GET",
"parameterOrder": [
"name"
],
"path": "v1beta1/{+name}",
"parameters": {
"name": {
"description": "Required. `ConnectivityTest` resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}`",
"required": true,
"location": "path",
"type": "string",
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$"
}
},
"response": {
"$ref": "ConnectivityTest"
},
"description": "Gets the details of a specific Connectivity Test."
},
"testIamPermissions": {
"path": "v1beta1/{+resource}:testIamPermissions",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}:testIamPermissions",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"required": true,
"type": "string",
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$",
"location": "path"
}
},
"httpMethod": "POST",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"parameterOrder": [
"resource"
],
"response": {
"$ref": "TestIamPermissionsResponse"
},
"id": "networkmanagement.projects.locations.global.connectivityTests.testIamPermissions"
},
"create": {
"request": {
"$ref": "ConnectivityTest"
},
"path": "v1beta1/{+parent}/connectivityTests",
"httpMethod": "POST",
"parameters": {
"parent": {
"location": "path",
"description": "Required. The parent resource of the Connectivity Test to create: `projects/{project_id}/locations/global`",
"required": true,
"pattern": "^projects/[^/]+/locations/global$",
"type": "string"
},
"testId": {
"description": "Required. The logical name of the Connectivity Test in your project with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-40 characters. * Must end with a number or a letter. * Must be unique within the customer project",
"location": "query",
"type": "string"
}
},
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests",
"parameterOrder": [
"parent"
],
"id": "networkmanagement.projects.locations.global.connectivityTests.create",
"description": "Creates a new Connectivity Test. After you create a test, the reachability analysis is performed as part of the long running operation, which completes when the analysis completes. If the endpoint specifications in `ConnectivityTest` are invalid (for example, containing non-existent resources in the network, or you don't have read permissions to the network configurations of listed projects), then the reachability result returns a value of `UNKNOWN`. If the endpoint specifications in `ConnectivityTest` are incomplete, the reachability result returns a value of AMBIGUOUS. For more information, see the Connectivity Test documentation.",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"rerun": {
"request": {
"$ref": "RerunConnectivityTestRequest"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"parameterOrder": [
"name"
],
"httpMethod": "POST",
"parameters": {
"name": {
"required": true,
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$",
"type": "string",
"description": "Required. Connectivity Test resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}`",
"location": "path"
}
},
"description": "Rerun an existing `ConnectivityTest`. After the user triggers the rerun, the reachability analysis is performed as part of the long running operation, which completes when the analysis completes. Even though the test configuration remains the same, the reachability result may change due to underlying network configuration changes. If the endpoint specifications in `ConnectivityTest` become invalid (for example, specified resources are deleted in the network, or you lost read permissions to the network configurations of listed projects), then the reachability result returns a value of `UNKNOWN`.",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}:rerun",
"path": "v1beta1/{+name}:rerun",
"response": {
"$ref": "Operation"
},
"id": "networkmanagement.projects.locations.global.connectivityTests.rerun"
},
"setIamPolicy": {
"request": {
"$ref": "SetIamPolicyRequest"
},
"parameters": {
"resource": {
"type": "string",
"location": "path",
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"required": true,
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$"
}
},
"id": "networkmanagement.projects.locations.global.connectivityTests.setIamPolicy",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}:setIamPolicy",
"parameterOrder": [
"resource"
],
"httpMethod": "POST",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"path": "v1beta1/{+resource}:setIamPolicy",
"response": {
"$ref": "Policy"
}
},
"list": {
"response": {
"$ref": "ListConnectivityTestsResponse"
},
"id": "networkmanagement.projects.locations.global.connectivityTests.list",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"httpMethod": "GET",
"parameters": {
"pageToken": {
"type": "string",
"description": "Page token from an earlier query, as returned in `next_page_token`.",
"location": "query"
},
"filter": {
"description": "Lists the `ConnectivityTests` that match the filter expression. A filter expression filters the resources listed in the response. The expression must be of the form ` ` where operators: `\u003c`, `\u003e`, `\u003c=`, `\u003e=`, `!=`, `=`, `:` are supported (colon `:` represents a HAS operator which is roughly synonymous with equality). can refer to a proto or JSON field, or a synthetic field. Field names can be camelCase or snake_case. Examples: - Filter by name: name = \"projects/proj-1/locations/global/connectivityTests/test-1 - Filter by labels: - Resources that have a key called `foo` labels.foo:* - Resources that have a key called `foo` whose value is `bar` labels.foo = bar",
"location": "query",
"type": "string"
},
"orderBy": {
"type": "string",
"location": "query",
"description": "Field to use to sort the list."
},
"pageSize": {
"location": "query",
"description": "Number of `ConnectivityTests` to return.",
"type": "integer",
"format": "int32"
},
"parent": {
"location": "path",
"required": true,
"pattern": "^projects/[^/]+/locations/global$",
"description": "Required. The parent resource of the Connectivity Tests: `projects/{project_id}/locations/global`",
"type": "string"
}
},
"parameterOrder": [
"parent"
],
"description": "Lists all Connectivity Tests owned by a project.",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests",
"path": "v1beta1/{+parent}/connectivityTests"
},
"delete": {
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"description": "Deletes a specific `ConnectivityTest`.",
"parameters": {
"name": {
"pattern": "^projects/[^/]+/locations/global/connectivityTests/[^/]+$",
"description": "Required. Connectivity Test resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}`",
"required": true,
"location": "path",
"type": "string"
}
},
"response": {
"$ref": "Operation"
},
"flatPath": "v1beta1/projects/{projectsId}/locations/global/connectivityTests/{connectivityTestsId}",
"parameterOrder": [
"name"
],
"id": "networkmanagement.projects.locations.global.connectivityTests.delete",
"httpMethod": "DELETE",
"path": "v1beta1/{+name}"
}
}
},
"operations": {
"methods": {
"list": {
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"parameters": {
"filter": {
"type": "string",
"description": "The standard list filter.",
"location": "query"
},
"name": {
"required": true,
"location": "path",
"description": "The name of the operation's parent resource.",
"pattern": "^projects/[^/]+/locations/global$",
"type": "string"
},
"pageSize": {
"description": "The standard list page size.",
"location": "query",
"format": "int32",
"type": "integer"
},
"pageToken": {
"location": "query",
"type": "string",
"description": "The standard list page token."
}
},
"id": "networkmanagement.projects.locations.global.operations.list",
"response": {
"$ref": "ListOperationsResponse"
},
"path": "v1beta1/{+name}/operations",
"description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `\"/v1/{name=users/*}/operations\"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.",
"parameterOrder": [
"name"
],
"flatPath": "v1beta1/projects/{projectsId}/locations/global/operations",
"httpMethod": "GET"
},
"get": {
"parameterOrder": [
"name"
],
"response": {
"$ref": "Operation"
},
"parameters": {
"name": {
"location": "path",
"required": true,
"type": "string",
"pattern": "^projects/[^/]+/locations/global/operations/[^/]+$",
"description": "The name of the operation resource."
}
},
"path": "v1beta1/{+name}",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/operations/{operationsId}",
"id": "networkmanagement.projects.locations.global.operations.get",
"httpMethod": "GET",
"description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"id": "networkmanagement.projects.locations.global.operations.delete",
"path": "v1beta1/{+name}",
"parameters": {
"name": {
"description": "The name of the operation resource to be deleted.",
"type": "string",
"location": "path",
"required": true,
"pattern": "^projects/[^/]+/locations/global/operations/[^/]+$"
}
},
"httpMethod": "DELETE",
"description": "Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.",
"flatPath": "v1beta1/projects/{projectsId}/locations/global/operations/{operationsId}",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"parameterOrder": [
"name"
],
"response": {
"$ref": "Empty"
}
},
"cancel": {
"httpMethod": "POST",
"response": {
"$ref": "Empty"
},
"parameters": {
"name": {
"type": "string",
"location": "path",
"required": true,
"description": "The name of the operation resource to be cancelled.",
"pattern": "^projects/[^/]+/locations/global/operations/[^/]+$"
}
},
"flatPath": "v1beta1/projects/{projectsId}/locations/global/operations/{operationsId}:cancel",
"description": "Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
"request": {
"$ref": "CancelOperationRequest"
},
"parameterOrder": [
"name"
],
"path": "v1beta1/{+name}:cancel",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"id": "networkmanagement.projects.locations.global.operations.cancel"
}
}
}
}
}
}
}
}
}
},
"ownerName": "Google"
}