• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.networkconnectivity.v1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/api/resource.proto";
23import "google/cloud/networkconnectivity/v1/common.proto";
24import "google/longrunning/operations.proto";
25import "google/protobuf/empty.proto";
26import "google/protobuf/timestamp.proto";
27
28option csharp_namespace = "Google.Cloud.NetworkConnectivity.V1";
29option go_package = "cloud.google.com/go/networkconnectivity/apiv1/networkconnectivitypb;networkconnectivitypb";
30option java_multiple_files = true;
31option java_outer_classname = "PolicyBasedRoutingProto";
32option java_package = "com.google.cloud.networkconnectivity.v1";
33option php_namespace = "Google\\Cloud\\NetworkConnectivity\\V1";
34option ruby_package = "Google::Cloud::NetworkConnectivity::V1";
35
36// Policy-Based Routing allows GCP customers to specify flexibile routing
37// policies for Layer 4 traffic traversing through the connected service.
38service PolicyBasedRoutingService {
39  option (google.api.default_host) = "networkconnectivity.googleapis.com";
40  option (google.api.oauth_scopes) =
41      "https://www.googleapis.com/auth/cloud-platform";
42
43  // Lists PolicyBasedRoutes in a given project and location.
44  rpc ListPolicyBasedRoutes(ListPolicyBasedRoutesRequest)
45      returns (ListPolicyBasedRoutesResponse) {
46    option (google.api.http) = {
47      get: "/v1/{parent=projects/*/locations/global}/policyBasedRoutes"
48    };
49    option (google.api.method_signature) = "parent";
50  }
51
52  // Gets details of a single PolicyBasedRoute.
53  rpc GetPolicyBasedRoute(GetPolicyBasedRouteRequest)
54      returns (PolicyBasedRoute) {
55    option (google.api.http) = {
56      get: "/v1/{name=projects/*/locations/global/policyBasedRoutes/*}"
57    };
58    option (google.api.method_signature) = "name";
59  }
60
61  // Creates a new PolicyBasedRoute in a given project and location.
62  rpc CreatePolicyBasedRoute(CreatePolicyBasedRouteRequest)
63      returns (google.longrunning.Operation) {
64    option (google.api.http) = {
65      post: "/v1/{parent=projects/*/locations/global}/policyBasedRoutes"
66      body: "policy_based_route"
67    };
68    option (google.api.method_signature) =
69        "parent,policy_based_route,policy_based_route_id";
70    option (google.longrunning.operation_info) = {
71      response_type: "PolicyBasedRoute"
72      metadata_type: "OperationMetadata"
73    };
74  }
75
76  // Deletes a single PolicyBasedRoute.
77  rpc DeletePolicyBasedRoute(DeletePolicyBasedRouteRequest)
78      returns (google.longrunning.Operation) {
79    option (google.api.http) = {
80      delete: "/v1/{name=projects/*/locations/global/policyBasedRoutes/*}"
81    };
82    option (google.api.method_signature) = "name";
83    option (google.longrunning.operation_info) = {
84      response_type: "google.protobuf.Empty"
85      metadata_type: "OperationMetadata"
86    };
87  }
88}
89
90// Policy Based Routes (PBR) are more powerful routes that allows GCP customers
91// to route their L4 network traffic based on not just destination IP, but also
92// source IP, protocol and more. A PBR always take precedence when it conflicts
93// with other types of routes.
94// Next id: 22
95message PolicyBasedRoute {
96  option (google.api.resource) = {
97    type: "networkconnectivity.googleapis.com/PolicyBasedRoute"
98    pattern: "projects/{project}/locations/global/PolicyBasedRoutes/{policy_based_route}"
99  };
100
101  // VM instances to which this policy based route applies to.
102  message VirtualMachine {
103    // Optional. A list of VM instance tags to which this policy based route
104    // applies to. VM instances that have ANY of tags specified here will
105    // install this PBR.
106    repeated string tags = 1 [(google.api.field_behavior) = OPTIONAL];
107  }
108
109  // InterconnectAttachment to which this route applies to.
110  message InterconnectAttachment {
111    // Optional. Cloud region to install this policy based route on interconnect
112    // attachment. Use `all` to install it on all interconnect attachments.
113    string region = 1 [(google.api.field_behavior) = OPTIONAL];
114  }
115
116  // Filter matches L4 traffic.
117  message Filter {
118    // The internet protocol version.
119    enum ProtocolVersion {
120      // Default value.
121      PROTOCOL_VERSION_UNSPECIFIED = 0;
122
123      // The PBR is for IPv4 internet protocol traffic.
124      IPV4 = 1;
125    }
126
127    // Optional. The IP protocol that this policy based route applies to. Valid
128    // values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.
129    string ip_protocol = 1 [(google.api.field_behavior) = OPTIONAL];
130
131    // Optional. The source IP range of outgoing packets that this policy based
132    // route applies to. Default is "0.0.0.0/0" if protocol version is IPv4.
133    string src_range = 2 [(google.api.field_behavior) = OPTIONAL];
134
135    // Optional. The destination IP range of outgoing packets that this policy
136    // based route applies to. Default is "0.0.0.0/0" if protocol version is
137    // IPv4.
138    string dest_range = 3 [(google.api.field_behavior) = OPTIONAL];
139
140    // Required. Internet protocol versions this policy based route applies to.
141    // For this version, only IPV4 is supported.
142    ProtocolVersion protocol_version = 6
143        [(google.api.field_behavior) = REQUIRED];
144  }
145
146  // Informational warning message.
147  message Warnings {
148    // Warning code for Policy Based Routing. Expect to add values in the
149    // future.
150    enum Code {
151      // Default value.
152      WARNING_UNSPECIFIED = 0;
153
154      // The policy based route is not active and functioning. Common causes are
155      // the dependent network was deleted or the resource project was turned
156      // off.
157      RESOURCE_NOT_ACTIVE = 1;
158
159      // The policy based route is being modified (e.g. created/deleted) at this
160      // time.
161      RESOURCE_BEING_MODIFIED = 2;
162    }
163
164    // Output only. A warning code, if applicable.
165    Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
166
167    // Output only. Metadata about this warning in key: value format. The key
168    // should provides more detail on the warning being returned. For example,
169    // for warnings where there are no results in a list request for a
170    // particular zone, this key might be scope and the key value might be the
171    // zone name. Other examples might be a key indicating a deprecated resource
172    // and a suggested replacement.
173    map<string, string> data = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
174
175    // Output only. A human-readable description of the warning code.
176    string warning_message = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
177  }
178
179  // The other routing cases.
180  enum OtherRoutes {
181    // Default value.
182    OTHER_ROUTES_UNSPECIFIED = 0;
183
184    // Use the routes from the default routing tables (system-generated routes,
185    // custom routes, peering route) to determine the next hop. This will
186    // effectively exclude matching packets being applied on other PBRs with a
187    // lower priority.
188    DEFAULT_ROUTING = 1;
189  }
190
191  // Target specifies network endpoints to which this policy based route applies
192  // to. If none of the target is specified, the PBR will be installed on all
193  // network endpoints (e.g. VMs, VPNs, and Interconnects) in the VPC.
194  oneof target {
195    // Optional. VM instances to which this policy based route applies to.
196    VirtualMachine virtual_machine = 18
197        [(google.api.field_behavior) = OPTIONAL];
198
199    // Optional. The interconnect attachments to which this route applies to.
200    InterconnectAttachment interconnect_attachment = 9
201        [(google.api.field_behavior) = OPTIONAL];
202  }
203
204  oneof next_hop {
205    // Optional. The IP of a global access enabled L4 ILB that should be the
206    // next hop to handle matching packets. For this version, only
207    // next_hop_ilb_ip is supported.
208    string next_hop_ilb_ip = 12 [(google.api.field_behavior) = OPTIONAL];
209
210    // Optional. Other routes that will be referenced to determine the next hop
211    // of the packet.
212    OtherRoutes next_hop_other_routes = 21
213        [(google.api.field_behavior) = OPTIONAL];
214  }
215
216  // Immutable. A unique name of the resource in the form of
217  // `projects/{project_number}/locations/global/PolicyBasedRoutes/{policy_based_route_id}`
218  string name = 1 [(google.api.field_behavior) = IMMUTABLE];
219
220  // Output only. Time when the PolicyBasedRoute was created.
221  google.protobuf.Timestamp create_time = 2
222      [(google.api.field_behavior) = OUTPUT_ONLY];
223
224  // Output only. Time when the PolicyBasedRoute was updated.
225  google.protobuf.Timestamp update_time = 3
226      [(google.api.field_behavior) = OUTPUT_ONLY];
227
228  // User-defined labels.
229  map<string, string> labels = 4;
230
231  // Optional. An optional description of this resource. Provide this field when
232  // you create the resource.
233  string description = 5 [(google.api.field_behavior) = OPTIONAL];
234
235  // Required. Fully-qualified URL of the network that this route applies to.
236  // e.g. projects/my-project/global/networks/my-network.
237  string network = 6 [
238    (google.api.field_behavior) = REQUIRED,
239    (google.api.resource_reference) = { type: "compute.googleapis.com/Network" }
240  ];
241
242  // Required. The filter to match L4 traffic.
243  Filter filter = 10 [(google.api.field_behavior) = REQUIRED];
244
245  // Optional. The priority of this policy based route. Priority is used to
246  // break ties in cases where there are more than one matching policy based
247  // routes found. In cases where multiple policy based routes are matched, the
248  // one with the lowest-numbered priority value wins. The default value is
249  // 1000. The priority value must be from 1 to 65535, inclusive.
250  int32 priority = 11 [(google.api.field_behavior) = OPTIONAL];
251
252  // Output only. If potential misconfigurations are detected for this route,
253  // this field will be populated with warning messages.
254  repeated Warnings warnings = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
255
256  // Output only. Server-defined fully-qualified URL for this resource.
257  string self_link = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
258
259  // Output only. Type of this resource. Always
260  // networkconnectivity#policyBasedRoute for Policy Based Route resources.
261  string kind = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
262}
263
264// Request for [PolicyBasedRouting.ListPolicyBasedRoutes][] method.
265message ListPolicyBasedRoutesRequest {
266  // Required. The parent resource's name.
267  string parent = 1 [
268    (google.api.field_behavior) = REQUIRED,
269    (google.api.resource_reference) = {
270      type: "locations.googleapis.com/Location"
271    }
272  ];
273
274  // The maximum number of results per page that should be returned.
275  int32 page_size = 2;
276
277  // The page token.
278  string page_token = 3;
279
280  // A filter expression that filters the results listed in the response.
281  string filter = 4;
282
283  // Sort the results by a certain order.
284  string order_by = 5;
285}
286
287// Response for [PolicyBasedRouting.ListPolicyBasedRoutes][] method.
288message ListPolicyBasedRoutesResponse {
289  // Policy based routes to be returned.
290  repeated PolicyBasedRoute policy_based_routes = 1;
291
292  // The next pagination token in the List response. It should be used as
293  // page_token for the following request. An empty value means no more result.
294  string next_page_token = 2;
295
296  // Locations that could not be reached.
297  repeated string unreachable = 3;
298}
299
300// Request for [PolicyBasedRouting.GetPolicyBasedRoute][] method.
301message GetPolicyBasedRouteRequest {
302  // Required. Name of the PolicyBasedRoute resource to get.
303  string name = 1 [
304    (google.api.field_behavior) = REQUIRED,
305    (google.api.resource_reference) = {
306      type: "networkconnectivity.googleapis.com/PolicyBasedRoute"
307    }
308  ];
309}
310
311// Request for [PolicyBasedRouting.CreatePolicyBasedRoute][] method.
312message CreatePolicyBasedRouteRequest {
313  // Required. The parent resource's name of the PolicyBasedRoute.
314  string parent = 1 [
315    (google.api.field_behavior) = REQUIRED,
316    (google.api.resource_reference) = {
317      type: "locations.googleapis.com/Location"
318    }
319  ];
320
321  // Required. Unique id for the Policy Based Route to create.
322  string policy_based_route_id = 2 [(google.api.field_behavior) = REQUIRED];
323
324  // Required. Initial values for a new Policy Based Route.
325  PolicyBasedRoute policy_based_route = 3
326      [(google.api.field_behavior) = REQUIRED];
327
328  // Optional. An optional request ID to identify requests. Specify a unique
329  // request ID so that if you must retry your request, the server will know to
330  // ignore the request if it has already been completed. The server will
331  // guarantee that for at least 60 minutes since the first request.
332  //
333  // For example, consider a situation where you make an initial request and
334  // the request times out. If you make the request again with the same request
335  // ID, the server can check if original operation with the same request ID
336  // was received, and if so, will ignore the second request. This prevents
337  // clients from accidentally creating duplicate commitments.
338  //
339  // The request ID must be a valid UUID with the exception that zero UUID is
340  // not supported (00000000-0000-0000-0000-000000000000).
341  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
342}
343
344// Request for [PolicyBasedRouting.DeletePolicyBasedRoute][] method.
345message DeletePolicyBasedRouteRequest {
346  // Required. Name of the PolicyBasedRoute resource to delete.
347  string name = 1 [
348    (google.api.field_behavior) = REQUIRED,
349    (google.api.resource_reference) = {
350      type: "networkconnectivity.googleapis.com/PolicyBasedRoute"
351    }
352  ];
353
354  // Optional. An optional request ID to identify requests. Specify a unique
355  // request ID so that if you must retry your request, the server will know to
356  // ignore the request if it has already been completed. The server will
357  // guarantee that for at least 60 minutes after the first request.
358  //
359  // For example, consider a situation where you make an initial request and
360  // the request times out. If you make the request again with the same request
361  // ID, the server can check if original operation with the same request ID
362  // was received, and if so, will ignore the second request. This prevents
363  // clients from accidentally creating duplicate commitments.
364  //
365  // The request ID must be a valid UUID with the exception that zero UUID is
366  // not supported (00000000-0000-0000-0000-000000000000).
367  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
368}
369