package google.events.cloud.networkservices.v1

Get desktop application:
View/edit binary Protocol Buffers messages

A definition of a matcher that selects endpoints to which the policies should be applied.

Used in: EndpointPolicy

• oneof matcher_type

  Specifies type of the matcher used for this endpoint matcher.

  • EndpointMatcher.MetadataLabelMatcher metadata_label_matcher = 1

    The matcher is based on node metadata presented by xDS clients.

The matcher that is based on node metadata presented by xDS clients.

Used in: EndpointMatcher

• MetadataLabelMatcher.MetadataLabelMatchCriteria metadata_label_match_criteria = 1

  Specifies how matching should be done. Supported values are: MATCH_ANY: At least one of the Labels specified in the matcher should match the metadata presented by xDS client. MATCH_ALL: The metadata presented by the xDS client should contain all of the labels specified here. The selection is determined based on the best match. For example, suppose there are three EndpointPolicy resources P1, P2 and P3 and if P1 has a the matcher as MATCH_ANY <A:1, B:1>, P2 has MATCH_ALL <A:1,B:1>, and P3 has MATCH_ALL <A:1,B:1,C:1>. If a client with label <A:1> connects, the config from P1 will be selected. If a client with label <A:1,B:1> connects, the config from P2 will be selected. If a client with label <A:1,B:1,C:1> connects, the config from P3 will be selected. If there is more than one best match, (for example, if a config P4 with selector <A:1,D:1> exists and if a client with label <A:1,B:1,D:1> connects), an error will be thrown.

• repeated MetadataLabelMatcher.MetadataLabels metadata_labels = 2

  The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list can have at most 64 entries. The list can be empty if the match criteria is MATCH_ANY, to specify a wildcard match (i.e this matches any client).

Possible criteria values that define logic of how matching is made.

Used in: MetadataLabelMatcher

• METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED = 0

  Default value. Should not be used.

• MATCH_ANY = 1

  At least one of the Labels specified in the matcher should match the metadata presented by xDS client.

• MATCH_ALL = 2

  The metadata presented by the xDS client should contain all of the labels specified here.

Defines a name-pair value for a single label.

Used in: MetadataLabelMatcher

• string label_name = 1

  Required. Label name presented as key in xDS Node Metadata.

• string label_value = 2

  Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.

Used in: EndpointPolicyEventData

• string name = 1

  Required. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}`.

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• map<string, string> labels = 4

  Optional. Set of label tags associated with the EndpointPolicy resource.

• EndpointPolicy.EndpointPolicyType type = 5

  Required. The type of endpoint policy. This is primarily used to validate the configuration.

• string authorization_policy = 7

  Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.

• optional EndpointMatcher endpoint_matcher = 9

  Required. A matcher that selects endpoints to which the policies should be applied.

• optional TrafficPortSelector traffic_port_selector = 10

  Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

• string description = 11

  Optional. A free-text description of the resource. Max length 1024 characters.

• string server_tls_policy = 12

  Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.

• string client_tls_policy = 13

  Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.

The type of endpoint policy.

Used in: EndpointPolicy

• ENDPOINT_POLICY_TYPE_UNSPECIFIED = 0

  Default value. Must not be used.

• SIDECAR_PROXY = 1

  Represents a proxy deployed as a sidecar.

• GRPC_SERVER = 2

  Represents a proxyless gRPC backend.

The CloudEvent raised when an EndpointPolicy is created.

• optional EndpointPolicyEventData data = 1

  The data associated with the event.

The CloudEvent raised when an EndpointPolicy is deleted.

• optional EndpointPolicyEventData data = 1

  The data associated with the event.

The data within all EndpointPolicy events.

Used in: EndpointPolicyCreatedEvent, EndpointPolicyDeletedEvent, EndpointPolicyUpdatedEvent

• optional EndpointPolicy payload = 1

  Optional. The EndpointPolicy event payload. Unset for deletion events.

The CloudEvent raised when an EndpointPolicy is updated.

• optional EndpointPolicyEventData data = 1

  The data associated with the event.

Gateway represents the configuration for a proxy, typically a load balancer. It captures the ip:port over which the services are exposed by the proxy, along with any policy configurations. Routes have reference to to Gateways to dictate how requests should be routed by this Gateway.

Used in: GatewayEventData

• string name = 1

  Required. Name of the Gateway resource. It matches pattern `projects/*/locations/*/gateways/<gateway_name>`.

• string self_link = 13

  Output only. Server-defined URL of this resource

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• map<string, string> labels = 4

  Optional. Set of label tags associated with the Gateway resource.

• string description = 5

  Optional. A free-text description of the resource. Max length 1024 characters.

• Gateway.Type type = 6

  Immutable. The type of the customer managed gateway. This field is required. If unspecified, an error is returned.

• repeated string addresses = 7

  Optional. Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6.

• repeated int32 ports = 11

  Required. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports.

• string scope = 8

  Optional. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.

• string server_tls_policy = 9

  Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.

• repeated string certificate_urls = 14

  Optional. A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.

• string gateway_security_policy = 18

  Optional. A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. For example: `projects/*/locations/*/gatewaySecurityPolicies/swg-policy`. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.

• string network = 16

  Optional. The relative resource name identifying the VPC network that is using this configuration. For example: `projects/*/global/networks/network-1`. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.

• string subnetwork = 17

  Optional. The relative resource name identifying the subnetwork in which this SWG is allocated. For example: `projects/*/regions/us-central1/subnetworks/network-1` Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY".

The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY

Used in: Gateway

• TYPE_UNSPECIFIED = 0

  The type of the customer managed gateway is unspecified.

• OPEN_MESH = 1

  The type of the customer managed gateway is TrafficDirector Open Mesh.

• SECURE_WEB_GATEWAY = 2

  The type of the customer managed gateway is SecureWebGateway (SWG).

The CloudEvent raised when a Gateway is created.

• optional GatewayEventData data = 1

  The data associated with the event.

The CloudEvent raised when a Gateway is deleted.

• optional GatewayEventData data = 1

  The data associated with the event.

The data within all Gateway events.

Used in: GatewayCreatedEvent, GatewayDeletedEvent, GatewayUpdatedEvent

• optional Gateway payload = 1

  Optional. The Gateway event payload. Unset for deletion events.

The CloudEvent raised when a Gateway is updated.

• optional GatewayEventData data = 1

  The data associated with the event.

GrpcRoute is the resource defining how gRPC traffic routed by a Mesh or Gateway resource is routed.

Used in: GrpcRouteEventData

• string name = 1

  Required. Name of the GrpcRoute resource. It matches pattern `projects/*/locations/global/grpcRoutes/<grpc_route_name>`

• string self_link = 12

  Output only. Server-defined URL of this resource

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• map<string, string> labels = 4

  Optional. Set of label tags associated with the GrpcRoute resource.

• string description = 5

  Optional. A free-text description of the resource. Max length 1024 characters.

• repeated string hostnames = 6

  Required. Service hostnames with an optional port for which this route describes traffic. Format: <hostname>[:<port>] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.com`) or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Mesh or Gateway must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames `*.foo.bar.com` and `*.bar.com` to be associated with the same route, it is not possible to associate two routes both with `*.bar.com` or both with `bar.com`. If a port is specified, then gRPC clients must use the channel URI with the port to match this rule (i.e. "xds:///service:123"), otherwise they must supply the URI without a port (i.e. "xds:///service").

• repeated string meshes = 9

  Optional. Meshes defines a list of meshes this GrpcRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/global/meshes/<mesh_name>`

• repeated string gateways = 10

  Optional. Gateways defines a list of gateways this GrpcRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/global/gateways/<gateway_name>`

• repeated GrpcRoute.RouteRule rules = 7

  Required. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied.

The destination to which traffic will be routed.

Used in: RouteAction

• oneof destination_type

  Specifies the kind of destination to which traffic will be routed.

  • string service_name = 1

    Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService.

• optional int32 weight = 2

  Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.

The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests.

Used in: RouteAction

• optional FaultInjectionPolicy.Delay delay = 1

  The specification for injecting delay to client requests.

• optional FaultInjectionPolicy.Abort abort = 2

  The specification for aborting to client requests.

Specification of how client requests are aborted as part of fault injection before being sent to a destination.

Used in: FaultInjectionPolicy

• optional int32 http_status = 1

  The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive.

• optional int32 percentage = 2

  The percentage of traffic which will be aborted. The value must be between [0, 100]

Specification of how client requests are delayed as part of fault injection before being sent to a destination.

Used in: FaultInjectionPolicy

• optional protobuf.Duration fixed_delay = 1

  Specify a fixed delay before forwarding the request.

• optional int32 percentage = 2

  The percentage of traffic on which delay will be injected. The value must be between [0, 100]

A match against a collection of headers.

Used in: RouteMatch

• HeaderMatch.Type type = 1

  Optional. Specifies how to match against the value of the header. If not specified, a default value of EXACT is used.

• string key = 2

  Required. The key of the header.

• string value = 3

  Required. The value of the header.

The type of match.

Used in: HeaderMatch

• TYPE_UNSPECIFIED = 0

  Unspecified.

• EXACT = 1

  Will only match the exact value provided.

• REGULAR_EXPRESSION = 2

  Will match paths conforming to the prefix specified by value. RE2 syntax is supported.

Specifies a match against a method.

Used in: RouteMatch

• MethodMatch.Type type = 1

  Optional. Specifies how to match against the name. If not specified, a default value of "EXACT" is used.

• string grpc_service = 2

  Required. Name of the service to match against. If unspecified, will match all services.

• string grpc_method = 3

  Required. Name of the method to match against. If unspecified, will match all methods.

• optional bool case_sensitive = 4

  Optional. Specifies that matches are case sensitive. The default value is true. case_sensitive must not be used with a type of REGULAR_EXPRESSION.

The type of the match.

Used in: MethodMatch

• TYPE_UNSPECIFIED = 0

  Unspecified.

• EXACT = 1

  Will only match the exact name provided.

• REGULAR_EXPRESSION = 2

  Will interpret grpc_method and grpc_service as regexes. RE2 syntax is supported.

The specifications for retries.

Used in: RouteAction

• repeated string retry_conditions = 1

  - connect-failure: Router will retry on failures connecting to Backend Services, for example due to connection timeouts. - refused-stream: Router will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: Router will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Router will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Router will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Router will retry if the gRPC status code in the response header is set to unavailable

• uint32 num_retries = 2

  Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1.

Specifies how to route matched traffic.

Used in: RouteRule

• repeated Destination destinations = 1

  Optional. The destination services to which traffic should be forwarded. If multiple destinations are specified, traffic will be split between Backend Service(s) according to the weight field of these destinations.

• optional FaultInjectionPolicy fault_injection_policy = 3

  Optional. The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy

• optional protobuf.Duration timeout = 7

  Optional. Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries.

• optional RetryPolicy retry_policy = 8

  Optional. Specifies the retry policy associated with this route.

Criteria for matching traffic. A RouteMatch will be considered to match when all supplied fields match.

Used in: RouteRule

• optional MethodMatch method = 1

  Optional. A gRPC method to match against. If this field is empty or omitted, will match all methods.

• repeated HeaderMatch headers = 2

  Optional. Specifies a collection of headers to match.

Describes how to route traffic.

Used in: GrpcRoute

• repeated RouteMatch matches = 1

  Optional. Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. If no matches field is specified, this rule will unconditionally match traffic.

• optional RouteAction action = 2

  Required. A detailed rule defining how to route traffic. This field is required.

The CloudEvent raised when a GrpcRoute is created.

• optional GrpcRouteEventData data = 1

  The data associated with the event.

The CloudEvent raised when a GrpcRoute is deleted.

• optional GrpcRouteEventData data = 1

  The data associated with the event.

The data within all GrpcRoute events.

Used in: GrpcRouteCreatedEvent, GrpcRouteDeletedEvent, GrpcRouteUpdatedEvent

• optional GrpcRoute payload = 1

  Optional. The GrpcRoute event payload. Unset for deletion events.

The CloudEvent raised when a GrpcRoute is updated.

• optional GrpcRouteEventData data = 1

  The data associated with the event.

HttpRoute is the resource defining how HTTP traffic should be routed by a Mesh or Gateway resource.

Used in: HttpRouteEventData

• string name = 1

  Required. Name of the HttpRoute resource. It matches pattern `projects/*/locations/global/httpRoutes/http_route_name>`.

• string self_link = 11

  Output only. Server-defined URL of this resource

• string description = 2

  Optional. A free-text description of the resource. Max length 1024 characters.

• optional protobuf.Timestamp create_time = 3

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 4

  Output only. The timestamp when the resource was updated.

• repeated string hostnames = 5

  Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.com`) or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Mesh or Gateways must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames `*.foo.bar.com` and `*.bar.com` to be associated with the same Mesh (or Gateways under the same scope), it is not possible to associate two routes both with `*.bar.com` or both with `bar.com`.

• repeated string meshes = 8

  Optional. Meshes defines a list of meshes this HttpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/global/meshes/<mesh_name>` The attached Mesh should be of a type SIDECAR

• repeated string gateways = 9

  Optional. Gateways defines a list of gateways this HttpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/global/gateways/<gateway_name>`

• map<string, string> labels = 10

  Optional. Set of label tags associated with the HttpRoute resource.

• repeated HttpRoute.RouteRule rules = 6

  Required. Rules that define how traffic is routed and handled. Rules will be matched sequentially based on the RouteMatch specified for the rule.

The Specification for allowing client side cross-origin requests.

Used in: RouteAction

• repeated string allow_origins = 1

  Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes.

• repeated string allow_origin_regexes = 2

  Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax.

• repeated string allow_methods = 3

  Specifies the content for Access-Control-Allow-Methods header.

• repeated string allow_headers = 4

  Specifies the content for Access-Control-Allow-Headers header.

• repeated string expose_headers = 5

  Specifies the content for Access-Control-Expose-Headers header.

• string max_age = 6

  Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header.

• bool allow_credentials = 7

  In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false.

• bool disabled = 8

  If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.

Specifications of a destination to which the request should be routed to.

Used in: RequestMirrorPolicy, RouteAction

• string service_name = 1

  The URL of a BackendService to route traffic to.

• int32 weight = 2

  Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.

The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced by client proxy on a percentage of requests before sending those requests to the destination service. Similarly requests can be aborted by client proxy for a percentage of requests.

Used in: RouteAction

• optional FaultInjectionPolicy.Delay delay = 1

  The specification for injecting delay to client requests.

• optional FaultInjectionPolicy.Abort abort = 2

  The specification for aborting to client requests.

Specification of how client requests are aborted as part of fault injection before being sent to a destination.

Used in: FaultInjectionPolicy

• int32 http_status = 1

  The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive.

• int32 percentage = 2

  The percentage of traffic which will be aborted. The value must be between [0, 100]

Specification of how client requests are delayed as part of fault injection before being sent to a destination.

Used in: FaultInjectionPolicy

• optional protobuf.Duration fixed_delay = 1

  Specify a fixed delay before forwarding the request.

• int32 percentage = 2

  The percentage of traffic on which delay will be injected. The value must be between [0, 100]

Specifies how to select a route rule based on HTTP request headers.

Used in: RouteMatch

• oneof MatchType

  • string exact_match = 2

    The value of the header should match exactly the content of exact_match.

  • string regex_match = 3

    The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax

  • string prefix_match = 4

    The value of the header must start with the contents of prefix_match.

  • bool present_match = 5

    A header with header_name must exist. The match takes place whether or not the header has a value.

  • string suffix_match = 6

    The value of the header must end with the contents of suffix_match.

  • HeaderMatch.IntegerRange range_match = 7

    If specified, the rule will match if the request header value is within the range.

• string header = 1

  The name of the HTTP header to match against.

• bool invert_match = 8

  If specified, the match result will be inverted before checking. Default value is set to false.

Represents an integer value range.

Used in: HeaderMatch

• int32 start = 1

  Start of the range (inclusive)

• int32 end = 2

  End of the range (exclusive)

The specification for modifying HTTP header in HTTP request and HTTP response.

Used in: RouteAction

• map<string, string> set = 1

  Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header.

• map<string, string> add = 2

  Add the headers with given map where key is the name of the header, value is the value of the header.

• repeated string remove = 3

  Remove headers (matching by header names) specified in the list.

Specifications to match a query parameter in the request.

Used in: RouteMatch

• oneof MatchType

  • string exact_match = 2

    The value of the query parameter must exactly match the contents of exact_match. Only one of exact_match, regex_match, or present_match must be set.

  • string regex_match = 3

    The value of the query parameter must match the regular expression specified by regex_match. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of exact_match, regex_match, or present_match must be set.

  • bool present_match = 4

    Specifies that the QueryParameterMatcher matches if request contains query parameter, irrespective of whether the parameter has a value or not. Only one of exact_match, regex_match, or present_match must be set.

• string query_parameter = 1

  The name of the query parameter to match.

The specification for redirecting traffic.

Used in: RouteAction

• string host_redirect = 1

  The host that will be used in the redirect response instead of the one that was supplied in the request.

• string path_redirect = 2

  The path that will be used in the redirect response instead of the one that was supplied in the request. path_redirect can not be supplied together with prefix_redirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.

• string prefix_rewrite = 3

  Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows URLs be dynamically created based on the request.

• Redirect.ResponseCode response_code = 4

  The HTTP Status code to use for the redirect.

• bool https_redirect = 5

  If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. The default is set to false.

• bool strip_query = 6

  if set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false.

• int32 port_redirect = 7

  The port that will be used in the redirected request instead of the one that was supplied in the request.

Supported HTTP response code.

Used in: Redirect

• RESPONSE_CODE_UNSPECIFIED = 0

  Default value

• MOVED_PERMANENTLY_DEFAULT = 1

  Corresponds to 301.

• FOUND = 2

  Corresponds to 302.

• SEE_OTHER = 3

  Corresponds to 303.

• TEMPORARY_REDIRECT = 4

  Corresponds to 307. In this case, the request method will be retained.

• PERMANENT_REDIRECT = 5

  Corresponds to 308. In this case, the request method will be retained.

Specifies the policy on how requests are shadowed to a separate mirrored destination service. The proxy does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow.

Used in: RouteAction

• optional Destination destination = 1

  The destination the requests will be mirrored to. The weight of the destination will be ignored.

The specifications for retries.

Used in: RouteAction

• repeated string retry_conditions = 1

  Specifies one or more conditions when this retry policy applies. Valid values are: 5xx: Proxy will attempt a retry if the destination service responds with any 5xx response code, of if the destination service does not respond at all, example: disconnect, reset, read timeout, connection failure and refused streams. gateway-error: Similar to 5xx, but only applies to response codes 502, 503, 504. reset: Proxy will attempt a retry if the destination service does not respond at all (disconnect/reset/read timeout) connect-failure: Proxy will retry on failures connecting to destination for example due to connection timeouts. retriable-4xx: Proxy will retry fro retriable 4xx response codes. Currently the only retriable error supported is 409. refused-stream: Proxy will retry if the destination resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.

• int32 num_retries = 2

  Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1.

• optional protobuf.Duration per_try_timeout = 3

  Specifies a non-zero timeout per retry attempt.

The specifications for routing traffic and applying associated policies.

Used in: RouteRule

• repeated Destination destinations = 1

  The destination to which traffic should be forwarded.

• optional Redirect redirect = 2

  If set, the request is directed as configured by this field.

• optional FaultInjectionPolicy fault_injection_policy = 4

  The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy

• optional HeaderModifier request_header_modifier = 5

  The specification for modifying the headers of a matching request prior to delivery of the request to the destination.

• optional HeaderModifier response_header_modifier = 6

  The specification for modifying the headers of a response prior to sending the response back to the client.

• optional URLRewrite url_rewrite = 7

  The specification for rewrite URL before forwarding requests to the destination.

• optional protobuf.Duration timeout = 8

  Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries.

• optional RetryPolicy retry_policy = 9

  Specifies the retry policy associated with this route.

• optional RequestMirrorPolicy request_mirror_policy = 10

  Specifies the policy on how requests intended for the routes destination are shadowed to a separate mirrored destination. Proxy will not wait for the shadow destination to respond before returning the response. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow.

• optional CorsPolicy cors_policy = 11

  The specification for allowing client side cross-origin requests.

RouteMatch defines specifications used to match requests. If multiple match types are set, this RouteMatch will match if ALL type of matches are matched.

Used in: RouteRule

• oneof PathMatch

  • string full_path_match = 1

    The HTTP request path value should exactly match this value. Only one of full_path_match, prefix_match, or regex_match should be used.

  • string prefix_match = 2

    The HTTP request path value must begin with specified prefix_match. prefix_match must begin with a /. Only one of full_path_match, prefix_match, or regex_match should be used.

  • string regex_match = 3

    The HTTP request path value must satisfy the regular expression specified by regex_match after removing any query parameters and anchor supplied with the original URL. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of full_path_match, prefix_match, or regex_match should be used.

• bool ignore_case = 4

  Specifies if prefix_match and full_path_match matches are case sensitive. The default value is false.

• repeated HeaderMatch headers = 5

  Specifies a list of HTTP request headers to match against. ALL of the supplied headers must be matched.

• repeated QueryParameterMatch query_parameters = 6

  Specifies a list of query parameters to match against. ALL of the query parameters must be matched.

Specifies how to match traffic and how to route traffic when traffic is matched.

Used in: HttpRoute

• repeated RouteMatch matches = 1

  A list of matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. If no matches field is specified, this rule will unconditionally match traffic. If a default rule is desired to be configured, add a rule with no matches specified to the end of the rules list.

• optional RouteAction action = 2

  The detailed rule defining how to route matched traffic.

The specification for modifying the URL of the request, prior to forwarding the request to the destination.

Used in: RouteAction

• string path_prefix_rewrite = 1

  Prior to forwarding the request to the selected destination, the matching portion of the requests path is replaced by this value.

• string host_rewrite = 2

  Prior to forwarding the request to the selected destination, the requests host header is replaced by this value.

The CloudEvent raised when a HttpRoute is created.

• optional HttpRouteEventData data = 1

  The data associated with the event.

The CloudEvent raised when a HttpRoute is deleted.

• optional HttpRouteEventData data = 1

  The data associated with the event.

The data within all HttpRoute events.

Used in: HttpRouteCreatedEvent, HttpRouteDeletedEvent, HttpRouteUpdatedEvent

• optional HttpRoute payload = 1

  Optional. The HttpRoute event payload. Unset for deletion events.

The CloudEvent raised when a HttpRoute is updated.

• optional HttpRouteEventData data = 1

  The data associated with the event.

Mesh represents a logical configuration grouping for workload to workload communication within a service mesh. Routes that point to mesh dictate how requests are routed within this logical mesh boundary.

Used in: MeshEventData

• string name = 1

  Required. Name of the Mesh resource. It matches pattern `projects/*/locations/global/meshes/<mesh_name>`.

• string self_link = 9

  Output only. Server-defined URL of this resource

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• map<string, string> labels = 4

  Optional. Set of label tags associated with the Mesh resource.

• string description = 5

  Optional. A free-text description of the resource. Max length 1024 characters.

• int32 interception_port = 8

  Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to be redirected to this port regardless of its actual ip:port destination. If unset, a port '15001' is used as the interception port. This is applicable only for sidecar proxy deployments.

The CloudEvent raised when a Mesh is created.

• optional MeshEventData data = 1

  The data associated with the event.

The CloudEvent raised when a Mesh is deleted.

• optional MeshEventData data = 1

  The data associated with the event.

The data within all Mesh events.

Used in: MeshCreatedEvent, MeshDeletedEvent, MeshUpdatedEvent

• optional Mesh payload = 1

  Optional. The Mesh event payload. Unset for deletion events.

The CloudEvent raised when a Mesh is updated.

• optional MeshEventData data = 1

  The data associated with the event.

ServiceBinding is the resource that defines a Service Directory Service to be used in a BackendService resource.

Used in: ServiceBindingEventData

• string name = 1

  Required. Name of the ServiceBinding resource. It matches pattern `projects/*/locations/global/serviceBindings/service_binding_name`.

• string description = 2

  Optional. A free-text description of the resource. Max length 1024 characters.

• optional protobuf.Timestamp create_time = 3

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 4

  Output only. The timestamp when the resource was updated.

• string service = 5

  Required. The full Service Directory Service name of the format projects/*/locations/*/namespaces/*/services/*

• string service_id = 8

  Output only. The unique identifier of the Service Directory Service against which the Service Binding resource is validated. This is populated when the Service Binding resource is used in another resource (like Backend Service). This is of the UUID4 format.

• map<string, string> labels = 7

  Optional. Set of label tags associated with the ServiceBinding resource.

The CloudEvent raised when a ServiceBinding is created.

• optional ServiceBindingEventData data = 1

  The data associated with the event.

The CloudEvent raised when a ServiceBinding is deleted.

• optional ServiceBindingEventData data = 1

  The data associated with the event.

The data within all ServiceBinding events.

Used in: ServiceBindingCreatedEvent, ServiceBindingDeletedEvent

• optional ServiceBinding payload = 1

  Optional. The ServiceBinding event payload. Unset for deletion events.

TcpRoute is the resource defining how TCP traffic should be routed by a Mesh/Gateway resource.

Used in: TcpRouteEventData

• string name = 1

  Required. Name of the TcpRoute resource. It matches pattern `projects/*/locations/global/tcpRoutes/tcp_route_name>`.

• string self_link = 11

  Output only. Server-defined URL of this resource

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• string description = 4

  Optional. A free-text description of the resource. Max length 1024 characters.

• repeated TcpRoute.RouteRule rules = 5

  Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.

• repeated string meshes = 8

  Optional. Meshes defines a list of meshes this TcpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/global/meshes/<mesh_name>` The attached Mesh should be of a type SIDECAR

• repeated string gateways = 9

  Optional. Gateways defines a list of gateways this TcpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/global/gateways/<gateway_name>`

• map<string, string> labels = 10

  Optional. Set of label tags associated with the TcpRoute resource.

The specifications for routing traffic and applying associated policies.

Used in: RouteRule

• repeated RouteDestination destinations = 1

  Optional. The destination services to which traffic should be forwarded. At least one destination service is required. Only one of route destination or original destination can be set.

• bool original_destination = 3

  Optional. If true, Router will use the destination IP and port of the original connection as the destination of the request. Default is false. Only one of route destinations or original destination can be set.

Describe the destination for traffic to be routed to.

Used in: RouteAction

• string service_name = 1

  Required. The URL of a BackendService to route traffic to.

• int32 weight = 2

  Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.

RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.

Used in: RouteRule

• string address = 1

  Required. Must be specified in the CIDR range format. A CIDR range consists of an IP Address and a prefix length to construct the subnet mask. By default, the prefix length is 32 (i.e. matches a single IP address). Only IPV4 addresses are supported. Examples: "10.0.0.1" - matches against this exact IP address. "10.0.0.0/8" - matches against any IP address within the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" - matches against any IP address'.

• string port = 2

  Required. Specifies the destination port to match against.

Specifies how to match traffic and how to route traffic when traffic is matched.

Used in: TcpRoute

• repeated RouteMatch matches = 1

  Optional. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.

• optional RouteAction action = 2

  Required. The detailed rule defining how to route matched traffic.

The CloudEvent raised when a TcpRoute is created.

• optional TcpRouteEventData data = 1

  The data associated with the event.

The CloudEvent raised when a TcpRoute is deleted.

• optional TcpRouteEventData data = 1

  The data associated with the event.

The data within all TcpRoute events.

Used in: TcpRouteCreatedEvent, TcpRouteDeletedEvent, TcpRouteUpdatedEvent

• optional TcpRoute payload = 1

  Optional. The TcpRoute event payload. Unset for deletion events.

The CloudEvent raised when a TcpRoute is updated.

• optional TcpRouteEventData data = 1

  The data associated with the event.

TlsRoute defines how traffic should be routed based on SNI and other matching L3 attributes.

Used in: TlsRouteEventData

• string name = 1

  Required. Name of the TlsRoute resource. It matches pattern `projects/*/locations/global/tlsRoutes/tls_route_name>`.

• string self_link = 8

  Output only. Server-defined URL of this resource

• optional protobuf.Timestamp create_time = 2

  Output only. The timestamp when the resource was created.

• optional protobuf.Timestamp update_time = 3

  Output only. The timestamp when the resource was updated.

• string description = 4

  Optional. A free-text description of the resource. Max length 1024 characters.

• repeated TlsRoute.RouteRule rules = 5

  Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.

• repeated string meshes = 6

  Optional. Meshes defines a list of meshes this TlsRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/global/meshes/<mesh_name>` The attached Mesh should be of a type SIDECAR

• repeated string gateways = 7

  Optional. Gateways defines a list of gateways this TlsRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/global/gateways/<gateway_name>`

The specifications for routing traffic and applying associated policies.

Used in: RouteRule

• repeated RouteDestination destinations = 1

  Required. The destination services to which traffic should be forwarded. At least one destination service is required.

Describe the destination for traffic to be routed to.

Used in: RouteAction

• string service_name = 1

  Required. The URL of a BackendService to route traffic to.

• int32 weight = 2

  Optional. Specifies the proportion of requests forwareded to the backend referenced by the service_name field. This is computed as: weight/Sum(weights in destinations) Weights in all destinations does not need to sum up to 100.

RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "AND"ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.

Used in: RouteRule

• repeated string sni_host = 1

  Optional. SNI (server name indicator) to match against. SNI will be matched against all wildcard domains, i.e. `www.example.com` will be first matched against `www.example.com`, then `*.example.com`, then `*.com.` Partial wildcards are not supported, and values like *w.example.com are invalid. At least one of sni_host and alpn is required. Up to 5 sni hosts across all matches can be set.

• repeated string alpn = 2

  Optional. ALPN (Application-Layer Protocol Negotiation) to match against. Examples: "http/1.1", "h2". At least one of sni_host and alpn is required. Up to 5 alpns across all matches can be set.

Specifies how to match traffic and how to route traffic when traffic is matched.

Used in: TlsRoute

• repeated RouteMatch matches = 1

  Required. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation.

• optional RouteAction action = 2

  Required. The detailed rule defining how to route matched traffic.

The CloudEvent raised when a TlsRoute is created.

• optional TlsRouteEventData data = 1

  The data associated with the event.

The CloudEvent raised when a TlsRoute is deleted.

• optional TlsRouteEventData data = 1

  The data associated with the event.

The data within all TlsRoute events.

Used in: TlsRouteCreatedEvent, TlsRouteDeletedEvent, TlsRouteUpdatedEvent

• optional TlsRoute payload = 1

  Optional. The TlsRoute event payload. Unset for deletion events.

The CloudEvent raised when a TlsRoute is updated.

• optional TlsRouteEventData data = 1

  The data associated with the event.

Specification of a port-based selector.

Used in: EndpointPolicy

• repeated string ports = 1

  Optional. A list of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.