kpt-grpc-demo/google/cloud/gkemulticloud/v1/azure_resources.proto

// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.gkemulticloud.v1;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/gkemulticloud/v1/common_resources.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.GkeMultiCloud.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/gkemulticloud/v1;gkemulticloud";
option java_multiple_files = true;
option java_outer_classname = "AzureResourcesProto";
option java_package = "com.google.cloud.gkemulticloud.v1";
option php_namespace = "Google\\Cloud\\GkeMultiCloud\\V1";
option ruby_package = "Google::Cloud::GkeMultiCloud::V1";

// An Anthos cluster running on Azure.
message AzureCluster {
  option (google.api.resource) = {
    type: "gkemulticloud.googleapis.com/AzureCluster"
    pattern: "projects/{project}/locations/{location}/azureClusters/{azure_cluster}"
  };

  // The lifecycle state of the cluster.
  enum State {
    // Not set.
    STATE_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the cluster is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the cluster has been created and is fully
    // usable.
    RUNNING = 2;

    // The RECONCILING state indicates that some work is actively being done on
    // the cluster, such as upgrading the control plane replicas.
    RECONCILING = 3;

    // The STOPPING state indicates the cluster is being deleted.
    STOPPING = 4;

    // The ERROR state indicates the cluster is in a broken unrecoverable
    // state.
    ERROR = 5;

    // The DEGRADED state indicates the cluster requires user action to
    // restore full functionality.
    DEGRADED = 6;
  }

  // The name of this resource.
  //
  // Cluster names are formatted as
  // `projects/<project-number>/locations/<region>/azureClusters/<cluster-id>`.
  //
  // See [Resource Names](https://cloud.google.com/apis/design/resource_names)
  // for more details on GCP resource names.
  string name = 1;

  // Optional. A human readable description of this cluster.
  // Cannot be longer than 255 UTF-8 encoded bytes.
  string description = 2 [(google.api.field_behavior) = OPTIONAL];

  // Required. The Azure region where the cluster runs.
  //
  // Each Google Cloud region supports a subset of nearby Azure regions.
  // You can call
  // [GetAzureServerConfig][google.cloud.gkemulticloud.v1.AzureClusters.GetAzureServerConfig]
  // to list all supported Azure regions within a given Google Cloud region.
  string azure_region = 3 [(google.api.field_behavior) = REQUIRED];

  // Required. The ARM ID of the resource group where the cluster resources are deployed.
  // For example:
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>`
  string resource_group_id = 17 [(google.api.field_behavior) = REQUIRED];

  // Required. Name of the [AzureClient][google.cloud.gkemulticloud.v1.AzureClient] that contains authentication configuration for
  // how the Anthos Multi-Cloud API connects to Azure APIs.
  //
  // The `AzureClient` resource must reside on the same GCP project and region
  // as the `AzureCluster`.
  //
  // `AzureClient` names are formatted as
  // `projects/<project-number>/locations/<region>/azureClients/<client-id>`.
  //
  // See [Resource Names](https://cloud.google.com/apis/design/resource_names)
  // for more details on Google Cloud resource names.
  string azure_client = 16 [(google.api.field_behavior) = REQUIRED];

  // Required. Cluster-wide networking configuration.
  AzureClusterNetworking networking = 4 [(google.api.field_behavior) = REQUIRED];

  // Required. Configuration related to the cluster control plane.
  AzureControlPlane control_plane = 5 [(google.api.field_behavior) = REQUIRED];

  // Required. Configuration related to the cluster RBAC settings.
  AzureAuthorization authorization = 6 [(google.api.field_behavior) = REQUIRED];

  // Output only. The current state of the cluster.
  State state = 7 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The endpoint of the cluster's API server.
  string endpoint = 8 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. A globally unique identifier for the cluster.
  string uid = 9 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. If set, there are currently changes in flight to the cluster.
  bool reconciling = 10 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time at which this cluster was created.
  google.protobuf.Timestamp create_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time at which this cluster was last updated.
  google.protobuf.Timestamp update_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Allows clients to perform consistent read-modify-writes
  // through optimistic concurrency control.
  //
  // Can be sent on update and delete requests to ensure the
  // client has an up-to-date value before proceeding.
  string etag = 13;

  // Optional. Annotations on the cluster.
  //
  // This field has the same restrictions as Kubernetes annotations.
  // The total size of all keys and values combined is limited to 256k.
  // Keys can have 2 segments: prefix (optional) and name (required),
  // separated by a slash (/).
  // Prefix must be a DNS subdomain.
  // Name must be 63 characters or less, begin and end with alphanumerics,
  // with dashes (-), underscores (_), dots (.), and alphanumerics between.
  map<string, string> annotations = 14 [(google.api.field_behavior) = OPTIONAL];

  // Output only. Workload Identity settings.
  WorkloadIdentityConfig workload_identity_config = 18 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. PEM encoded x509 certificate of the cluster root of trust.
  string cluster_ca_certificate = 19 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Optional. Fleet configuration.
  Fleet fleet = 20 [(google.api.field_behavior) = OPTIONAL];

  // Output only. Mananged Azure resources for this cluster.
  AzureClusterResources managed_resources = 21 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Optional. Logging configuration for this cluster.
  LoggingConfig logging_config = 23 [(google.api.field_behavior) = OPTIONAL];
}

// ClusterNetworking contains cluster-wide networking configuration.
message AzureClusterNetworking {
  // Required. The Azure Resource Manager (ARM) ID of the VNet associated with your
  // cluster.
  //
  // All components in the cluster (i.e. control plane and node pools) run on a
  // single VNet.
  //
  // Example:
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/virtualNetworks/<vnet-id>`
  //
  // This field cannot be changed after creation.
  string virtual_network_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The IP address range of the pods in this cluster, in CIDR
  // notation (e.g. `10.96.0.0/14`).
  //
  // All pods in the cluster get assigned a unique IPv4 address from these
  // ranges. Only a single range is supported.
  //
  // This field cannot be changed after creation.
  repeated string pod_address_cidr_blocks = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. The IP address range for services in this cluster, in CIDR
  // notation (e.g. `10.96.0.0/14`).
  //
  // All services in the cluster get assigned a unique IPv4 address from these
  // ranges. Only a single range is supported.
  //
  // This field cannot be changed after creating a cluster.
  repeated string service_address_cidr_blocks = 3 [(google.api.field_behavior) = REQUIRED];

  // Optional. The ARM ID of the subnet where Kubernetes private service type load
  // balancers are deployed. When unspecified, it defaults to
  // AzureControlPlane.subnet_id.
  //
  // Example:
  // "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid456"
  string service_load_balancer_subnet_id = 5 [(google.api.field_behavior) = OPTIONAL];
}

// AzureControlPlane represents the control plane configurations.
message AzureControlPlane {
  // Required. The Kubernetes version to run on control plane replicas
  // (e.g. `1.19.10-gke.1000`).
  //
  // You can list all supported versions on a given Google Cloud region by
  // calling
  // [GetAzureServerConfig][google.cloud.gkemulticloud.v1.AzureClusters.GetAzureServerConfig].
  string version = 1 [(google.api.field_behavior) = REQUIRED];

  // Optional. The ARM ID of the default subnet for the control plane. The control plane
  // VMs are deployed in this subnet, unless
  // `AzureControlPlane.replica_placements` is specified. This subnet will also
  // be used as default for `AzureControlPlane.endpoint_subnet_id` if
  // `AzureControlPlane.endpoint_subnet_id` is not specified. Similarly it will
  // be used as default for
  // `AzureClusterNetworking.service_load_balancer_subnet_id`.
  //
  // Example:
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.Network/virtualNetworks/<vnet-id>/subnets/default`.
  string subnet_id = 2 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The Azure VM size name. Example: `Standard_DS2_v2`.
  //
  // For available VM sizes, see
  // https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions.
  //
  // When unspecified, it defaults to `Standard_DS2_v2`.
  string vm_size = 3 [(google.api.field_behavior) = OPTIONAL];

  // Required. SSH configuration for how to access the underlying control plane
  // machines.
  AzureSshConfig ssh_config = 11 [(google.api.field_behavior) = REQUIRED];

  // Optional. Configuration related to the root volume provisioned for each
  // control plane replica.
  //
  // When unspecified, it defaults to 32-GiB Azure Disk.
  AzureDiskTemplate root_volume = 4 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration related to the main volume provisioned for each
  // control plane replica.
  // The main volume is in charge of storing all of the cluster's etcd state.
  //
  // When unspecified, it defaults to a 8-GiB Azure Disk.
  AzureDiskTemplate main_volume = 5 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration related to application-layer secrets encryption.
  AzureDatabaseEncryption database_encryption = 10 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Proxy configuration for outbound HTTP(S) traffic.
  AzureProxyConfig proxy_config = 12 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration related to vm config encryption.
  AzureConfigEncryption config_encryption = 14 [(google.api.field_behavior) = OPTIONAL];

  // Optional. A set of tags to apply to all underlying control plane Azure resources.
  map<string, string> tags = 7 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration for where to place the control plane replicas.
  //
  // Up to three replica placement instances can be specified. If
  // replica_placements is set, the replica placement instances will be applied
  // to the three control plane replicas as evenly as possible.
  repeated ReplicaPlacement replica_placements = 13 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The ARM ID of the subnet where the control plane load balancer is deployed.
  // When unspecified, it defaults to AzureControlPlane.subnet_id.
  //
  // Example:
  // "/subscriptions/d00494d6-6f3c-4280-bbb2-899e163d1d30/resourceGroups/anthos_cluster_gkeust4/providers/Microsoft.Network/virtualNetworks/gke-vnet-gkeust4/subnets/subnetid123"
  string endpoint_subnet_id = 15 [(google.api.field_behavior) = OPTIONAL];
}

// Configuration for the placement of a control plane replica.
message ReplicaPlacement {
  // Required. For a given replica, the ARM ID of the subnet where the control plane VM is
  // deployed. Make sure it's a subnet under the virtual network in the cluster
  // configuration.
  string subnet_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. For a given replica, the Azure availability zone where to provision the
  // control plane VM and the ETCD disk.
  string azure_availability_zone = 2 [(google.api.field_behavior) = REQUIRED];
}

// Details of a proxy config stored in Azure Key Vault.
message AzureProxyConfig {
  // The ARM ID the of the resource group containing proxy keyvault.
  //
  // Resource group ids are formatted as
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>`.
  string resource_group_id = 1;

  // The URL the of the proxy setting secret with its version.
  //
  // Secret ids are formatted as
  // `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version>`.
  string secret_id = 2;
}

// Configuration related to application-layer secrets encryption.
//
// Anthos clusters on Azure encrypts your Kubernetes data at rest
// in etcd using Azure Key Vault.
message AzureDatabaseEncryption {
  // Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt data.
  //
  // For example:
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>`
  // Encryption will always take the latest version of the key and hence
  // specific version is not supported.
  string key_id = 3 [(google.api.field_behavior) = REQUIRED];
}

// Configuration related to config data encryption.
//
// Azure VM bootstrap secret is envelope encrypted with the provided key vault
// key.
message AzureConfigEncryption {
  // Required. The ARM ID of the Azure Key Vault key to encrypt / decrypt config data.
  //
  // For example:
  // `/subscriptions/<subscription-id>/resourceGroups/<resource-group-id>/providers/Microsoft.KeyVault/vaults/<key-vault-id>/keys/<key-name>`
  string key_id = 2 [(google.api.field_behavior) = REQUIRED];

  // Optional. RSA key of the Azure Key Vault public key to use for encrypting the data.
  //
  // This key must be formatted as a PEM-encoded SubjectPublicKeyInfo (RFC 5280)
  // in ASN.1 DER form. The string must be comprised of a single PEM block of
  // type "PUBLIC KEY".
  string public_key = 3 [(google.api.field_behavior) = OPTIONAL];
}

// Configuration for Azure Disks.
message AzureDiskTemplate {
  // Optional. The size of the disk, in GiBs.
  //
  // When unspecified, a default value is provided. See the specific reference
  // in the parent resource.
  int32 size_gib = 1 [(google.api.field_behavior) = OPTIONAL];
}

// `AzureClient` resources hold client authentication information needed by the
// Anthos Multi-Cloud API to manage Azure resources on your Azure subscription.
//
// When an [AzureCluster][google.cloud.gkemulticloud.v1.AzureCluster] is created, an `AzureClient` resource needs to be
// provided and all operations on Azure resources associated to that cluster
// will authenticate to Azure services using the given client.
//
// `AzureClient` resources are immutable and cannot be modified upon creation.
//
// Each `AzureClient` resource is bound to a single Azure Active Directory
// Application and tenant.
message AzureClient {
  option (google.api.resource) = {
    type: "gkemulticloud.googleapis.com/AzureClient"
    pattern: "projects/{project}/locations/{location}/azureClients/{azure_client}"
  };

  // The name of this resource.
  //
  // `AzureClient` resource names are formatted as
  // `projects/<project-number>/locations/<region>/azureClients/<client-id>`.
  //
  // See [Resource Names](https://cloud.google.com/apis/design/resource_names)
  // for more details on Google Cloud resource names.
  string name = 1;

  // Required. The Azure Active Directory Tenant ID.
  string tenant_id = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. The Azure Active Directory Application ID.
  string application_id = 3 [(google.api.field_behavior) = REQUIRED];

  // Optional. Annotations on the resource.
  //
  // This field has the same restrictions as Kubernetes annotations.
  // The total size of all keys and values combined is limited to 256k.
  // Keys can have 2 segments: prefix (optional) and name (required),
  // separated by a slash (/).
  // Prefix must be a DNS subdomain.
  // Name must be 63 characters or less, begin and end with alphanumerics,
  // with dashes (-), underscores (_), dots (.), and alphanumerics between.
  map<string, string> annotations = 8 [(google.api.field_behavior) = OPTIONAL];

  // Output only. The PEM encoded x509 certificate.
  string pem_certificate = 7 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. A globally unique identifier for the client.
  string uid = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time at which this resource was created.
  google.protobuf.Timestamp create_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Configuration related to the cluster RBAC settings.
message AzureAuthorization {
  // Required. Users that can perform operations as a cluster admin. A managed
  // ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
  // to the users. Up to ten admin users can be provided.
  //
  // For more info on RBAC, see
  // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
  repeated AzureClusterUser admin_users = 1 [(google.api.field_behavior) = REQUIRED];
}

// Identities of a user-type subject for Azure clusters.
message AzureClusterUser {
  // Required. The name of the user, e.g. `my-gcp-id@gmail.com`.
  string username = 1 [(google.api.field_behavior) = REQUIRED];
}

// An Anthos node pool running on Azure.
message AzureNodePool {
  option (google.api.resource) = {
    type: "gkemulticloud.googleapis.com/AzureNodePool"
    pattern: "projects/{project}/locations/{location}/azureClusters/{azure_cluster}/azureNodePools/{azure_node_pool}"
  };

  // The lifecycle state of the node pool.
  enum State {
    // Not set.
    STATE_UNSPECIFIED = 0;

    // The PROVISIONING state indicates the node pool is being created.
    PROVISIONING = 1;

    // The RUNNING state indicates the node pool has been created and is fully
    // usable.
    RUNNING = 2;

    // The RECONCILING state indicates that the node pool is being reconciled.
    RECONCILING = 3;

    // The STOPPING state indicates the node pool is being deleted.
    STOPPING = 4;

    // The ERROR state indicates the node pool is in a broken unrecoverable
    // state.
    ERROR = 5;

    // The DEGRADED state indicates the node pool requires user action to
    // restore full functionality.
    DEGRADED = 6;
  }

  // The name of this resource.
  //
  // Node pool names are formatted as
  // `projects/<project-number>/locations/<region>/azureClusters/<cluster-id>/azureNodePools/<node-pool-id>`.
  //
  // For more details on Google Cloud resource names,
  // see [Resource Names](https://cloud.google.com/apis/design/resource_names)
  string name = 1;

  // Required. The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.
  string version = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. The node configuration of the node pool.
  AzureNodeConfig config = 22 [(google.api.field_behavior) = REQUIRED];

  // Required. The ARM ID of the subnet where the node pool VMs run. Make sure it's a
  // subnet under the virtual network in the cluster configuration.
  string subnet_id = 3 [(google.api.field_behavior) = REQUIRED];

  // Required. Autoscaler configuration for this node pool.
  AzureNodePoolAutoscaling autoscaling = 4 [(google.api.field_behavior) = REQUIRED];

  // Output only. The current state of the node pool.
  State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. A globally unique identifier for the node pool.
  string uid = 8 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. If set, there are currently pending changes to the node
  // pool.
  bool reconciling = 9 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time at which this node pool was created.
  google.protobuf.Timestamp create_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time at which this node pool was last updated.
  google.protobuf.Timestamp update_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Allows clients to perform consistent read-modify-writes
  // through optimistic concurrency control.
  //
  // Can be sent on update and delete requests to ensure the
  // client has an up-to-date value before proceeding.
  string etag = 12;

  // Optional. Annotations on the node pool.
  //
  // This field has the same restrictions as Kubernetes annotations.
  // The total size of all keys and values combined is limited to 256k.
  // Keys can have 2 segments: prefix (optional) and name (required),
  // separated by a slash (/).
  // Prefix must be a DNS subdomain.
  // Name must be 63 characters or less, begin and end with alphanumerics,
  // with dashes (-), underscores (_), dots (.), and alphanumerics between.
  map<string, string> annotations = 13 [(google.api.field_behavior) = OPTIONAL];

  // Required. The constraint on the maximum number of pods that can be run
  // simultaneously on a node in the node pool.
  MaxPodsConstraint max_pods_constraint = 21 [(google.api.field_behavior) = REQUIRED];

  // Optional. The Azure availability zone of the nodes in this nodepool.
  //
  // When unspecified, it defaults to `1`.
  string azure_availability_zone = 23 [(google.api.field_behavior) = OPTIONAL];
}

// Parameters that describe the configuration of all node machines
// on a given node pool.
message AzureNodeConfig {
  // Optional. The Azure VM size name. Example: `Standard_DS2_v2`.
  //
  // See [Supported VM
  // sizes](/anthos/clusters/docs/azure/reference/supported-vms) for options.
  //
  // When unspecified, it defaults to `Standard_DS2_v2`.
  string vm_size = 1 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration related to the root volume provisioned for each
  // node pool machine.
  //
  // When unspecified, it defaults to a 32-GiB Azure Disk.
  AzureDiskTemplate root_volume = 2 [(google.api.field_behavior) = OPTIONAL];

  // Optional. A set of tags to apply to all underlying Azure resources for this node
  // pool. This currently only includes Virtual Machine Scale Sets.
  //
  // Specify at most 50 pairs containing alphanumerics, spaces, and symbols
  // (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to
  // 255 Unicode characters.
  map<string, string> tags = 3 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The OS image type to use on node pool instances.
  // Can have a value of `ubuntu`, or `windows` if the cluster enables
  // the Windows node pool preview feature.
  //
  // When unspecified, it defaults to `ubuntu`.
  string image_type = 8 [(google.api.field_behavior) = OPTIONAL];

  // Required. SSH configuration for how to access the node pool machines.
  AzureSshConfig ssh_config = 7 [(google.api.field_behavior) = REQUIRED];

  // Optional. Proxy configuration for outbound HTTP(S) traffic.
  AzureProxyConfig proxy_config = 9 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration related to vm config encryption.
  AzureConfigEncryption config_encryption = 12 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The initial taints assigned to nodes of this node pool.
  repeated NodeTaint taints = 10 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The initial labels assigned to nodes of this node pool. An object
  // containing a list of "key": value pairs. Example: { "name": "wrench",
  // "mass": "1.3kg", "count": "3" }.
  map<string, string> labels = 11 [(google.api.field_behavior) = OPTIONAL];
}

// Configuration related to Kubernetes cluster autoscaler.
//
// The Kubernetes cluster autoscaler will automatically adjust the
// size of the node pool based on the cluster load.
message AzureNodePoolAutoscaling {
  // Required. Minimum number of nodes in the node pool. Must be greater than or equal to
  // 1 and less than or equal to max_node_count.
  int32 min_node_count = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Maximum number of nodes in the node pool. Must be greater than or equal to
  // min_node_count and less than or equal to 50.
  int32 max_node_count = 2 [(google.api.field_behavior) = REQUIRED];
}

// AzureServerConfig contains information about a Google Cloud location, such as
// supported Azure regions and Kubernetes versions.
message AzureServerConfig {
  option (google.api.resource) = {
    type: "gkemulticloud.googleapis.com/AzureServerConfig"
    pattern: "projects/{project}/locations/{location}/azureServerConfig"
  };

  // The `AzureServerConfig` resource name.
  //
  // `AzureServerConfig` names are formatted as
  // `projects/<project-number>/locations/<region>/azureServerConfig`.
  //
  // See [Resource Names](https://cloud.google.com/apis/design/resource_names)
  // for more details on GCP resource names.
  string name = 1;

  // List of valid Kubernetes versions.
  repeated AzureK8sVersionInfo valid_versions = 2;

  // The list of supported Azure regions.
  repeated string supported_azure_regions = 3;
}

// Information about a supported Kubernetes version.
message AzureK8sVersionInfo {
  // A supported Kubernetes version (for example, `1.19.10-gke.1000`)
  string version = 1;
}

// SSH configuration for Azure resources.
message AzureSshConfig {
  // Required. The SSH public key data for VMs managed by Anthos. This accepts the
  // authorized_keys file format used in OpenSSH according to the sshd(8) manual
  // page.
  string authorized_key = 1 [(google.api.field_behavior) = REQUIRED];
}

// Managed Azure resources for the cluster.
//
// The values could change and be empty, depending on the state of the cluster.
message AzureClusterResources {
  // Output only. The ARM ID of the cluster network security group.
  string network_security_group_id = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The ARM ID of the control plane application security group.
  string control_plane_application_security_group_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
}