kpt-grpc-demo/google/cloud/orchestration/airflow/service/v1/environments.proto

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.orchestration.airflow.service.v1;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";

option go_package = "google.golang.org/genproto/googleapis/cloud/orchestration/airflow/service/v1;service";
option java_multiple_files = true;
option java_package = "com.google.cloud.orchestration.airflow.service.v1";

// Managed Apache Airflow Environments.
service Environments {
  option (google.api.default_host) = "composer.googleapis.com";
  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Create a new environment.
  rpc CreateEnvironment(CreateEnvironmentRequest) returns (google.longrunning.Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*}/environments"
      body: "environment"
    };
    option (google.api.method_signature) = "parent,environment";
    option (google.longrunning.operation_info) = {
      response_type: "Environment"
      metadata_type: "google.cloud.orchestration.airflow.service.v1.OperationMetadata"
    };
  }

  // Get an existing environment.
  rpc GetEnvironment(GetEnvironmentRequest) returns (Environment) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/environments/*}"
    };
    option (google.api.method_signature) = "name";
  }

  // List environments.
  rpc ListEnvironments(ListEnvironmentsRequest) returns (ListEnvironmentsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/environments"
    };
    option (google.api.method_signature) = "parent";
  }

  // Update an environment.
  rpc UpdateEnvironment(UpdateEnvironmentRequest) returns (google.longrunning.Operation) {
    option (google.api.http) = {
      patch: "/v1/{name=projects/*/locations/*/environments/*}"
      body: "environment"
    };
    option (google.api.method_signature) = "name,environment,update_mask";
    option (google.longrunning.operation_info) = {
      response_type: "Environment"
      metadata_type: "google.cloud.orchestration.airflow.service.v1.OperationMetadata"
    };
  }

  // Delete an environment.
  rpc DeleteEnvironment(DeleteEnvironmentRequest) returns (google.longrunning.Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/environments/*}"
    };
    option (google.api.method_signature) = "name";
    option (google.longrunning.operation_info) = {
      response_type: "google.protobuf.Empty"
      metadata_type: "google.cloud.orchestration.airflow.service.v1.OperationMetadata"
    };
  }
}

// Create a new environment.
message CreateEnvironmentRequest {
  // The parent must be of the form
  // "projects/{projectId}/locations/{locationId}".
  string parent = 1;

  // The environment to create.
  Environment environment = 2;
}

// Get an environment.
message GetEnvironmentRequest {
  // The resource name of the environment to get, in the form:
  // "projects/{projectId}/locations/{locationId}/environments/{environmentId}"
  string name = 1;
}

// List environments in a project and location.
message ListEnvironmentsRequest {
  // List environments in the given project and location, in the form:
  // "projects/{projectId}/locations/{locationId}"
  string parent = 1;

  // The maximum number of environments to return.
  int32 page_size = 2;

  // The next_page_token value returned from a previous List request, if any.
  string page_token = 3;
}

// The environments in a project and location.
message ListEnvironmentsResponse {
  // The list of environments returned by a ListEnvironmentsRequest.
  repeated Environment environments = 1;

  // The page token used to query for the next page if one exists.
  string next_page_token = 2;
}

// Delete an environment.
message DeleteEnvironmentRequest {
  // The environment to delete, in the form:
  // "projects/{projectId}/locations/{locationId}/environments/{environmentId}"
  string name = 1;
}

// Update an environment.
message UpdateEnvironmentRequest {
  // The relative resource name of the environment to update, in the form:
  // "projects/{projectId}/locations/{locationId}/environments/{environmentId}"
  string name = 2;

  // A patch environment. Fields specified by the `updateMask` will be copied
  // from the patch environment into the environment under update.
  Environment environment = 1;

  // Required. A comma-separated list of paths, relative to `Environment`, of
  // fields to update.
  // For example, to set the version of scikit-learn to install in the
  // environment to 0.19.0 and to remove an existing installation of
  // numpy, the `updateMask` parameter would include the following two
  // `paths` values: "config.softwareConfig.pypiPackages.scikit-learn" and
  // "config.softwareConfig.pypiPackages.numpy". The included patch
  // environment would specify the scikit-learn version as follows:
  //
  //     {
  //       "config":{
  //         "softwareConfig":{
  //           "pypiPackages":{
  //             "scikit-learn":"==0.19.0"
  //           }
  //         }
  //       }
  //     }
  //
  // Note that in the above example, any existing PyPI packages
  // other than scikit-learn and numpy will be unaffected.
  //
  // Only one update type may be included in a single request's `updateMask`.
  // For example, one cannot update both the PyPI packages and
  // labels in the same request. However, it is possible to update multiple
  // members of a map field simultaneously in the same request. For example,
  // to set the labels "label1" and "label2" while clearing "label3" (assuming
  // it already exists), one can
  // provide the paths "labels.label1", "labels.label2", and "labels.label3"
  // and populate the patch environment as follows:
  //
  //     {
  //       "labels":{
  //         "label1":"new-label1-value"
  //         "label2":"new-label2-value"
  //       }
  //     }
  //
  // Note that in the above example, any existing labels that are not
  // included in the `updateMask` will be unaffected.
  //
  // It is also possible to replace an entire map field by providing the
  // map field's path in the `updateMask`. The new value of the field will
  // be that which is provided in the patch environment. For example, to
  // delete all pre-existing user-specified PyPI packages and
  // install botocore at version 1.7.14, the `updateMask` would contain
  // the path "config.softwareConfig.pypiPackages", and
  // the patch environment would be the following:
  //
  //     {
  //       "config":{
  //         "softwareConfig":{
  //           "pypiPackages":{
  //             "botocore":"==1.7.14"
  //           }
  //         }
  //       }
  //     }
  //
  // **Note:** Only the following fields can be updated:
  //
  // * `config.softwareConfig.pypiPackages`
  //     * Replace all custom custom PyPI packages. If a replacement
  //       package map is not included in `environment`, all custom
  //       PyPI packages are cleared. It is an error to provide both
  //       this mask and a mask specifying an individual package.
  // * `config.softwareConfig.pypiPackages.`packagename
  //     * Update the custom PyPI package *packagename*,
  //       preserving other packages. To delete the package, include it in
  //       `updateMask`, and omit the mapping for it in
  //       `environment.config.softwareConfig.pypiPackages`. It is an error
  //       to provide both a mask of this form and the
  //       `config.softwareConfig.pypiPackages` mask.
  // * `labels`
  //     * Replace all environment labels. If a replacement labels map is not
  //       included in `environment`, all labels are cleared. It is an error to
  //       provide both this mask and a mask specifying one or more individual
  //       labels.
  // * `labels.`labelName
  //     * Set the label named *labelName*, while preserving other
  //       labels. To delete the label, include it in `updateMask` and omit its
  //       mapping in `environment.labels`. It is an error to provide both a
  //       mask of this form and the `labels` mask.
  // * `config.nodeCount`
  //     * Horizontally scale the number of nodes in the environment. An integer
  //       greater than or equal to 3 must be provided in the `config.nodeCount`
  //       field.
  // * `config.webServerNetworkAccessControl`
  //     * Replace the environment's current `WebServerNetworkAccessControl`.
  // * `config.databaseConfig`
  //     * Replace the environment's current `DatabaseConfig`.
  // * `config.webServerConfig`
  //     * Replace the environment's current `WebServerConfig`.
  // * `config.softwareConfig.airflowConfigOverrides`
  //     * Replace all Apache Airflow config overrides. If a replacement config
  //       overrides map is not included in `environment`, all config overrides
  //       are cleared.
  //       It is an error to provide both this mask and a mask specifying one or
  //       more individual config overrides.
  // * `config.softwareConfig.airflowConfigOverrides.`section-name
  //     * Override the Apache Airflow config property *name* in the
  //       section named *section*, preserving other properties. To
  //       delete the property override, include it in `updateMask` and omit its
  //       mapping in
  //       `environment.config.softwareConfig.airflowConfigOverrides`.
  //       It is an error to provide both a mask of this form and the
  //       `config.softwareConfig.airflowConfigOverrides` mask.
  // * `config.softwareConfig.envVariables`
  //     * Replace all environment variables. If a replacement environment
  //       variable map is not included in `environment`, all custom environment
  //       variables  are cleared.
  //       It is an error to provide both this mask and a mask specifying one or
  //       more individual environment variables.
  google.protobuf.FieldMask update_mask = 3;
}

// Configuration information for an environment.
message EnvironmentConfig {
  // Output only. The Kubernetes Engine cluster used to run this environment.
  string gke_cluster = 1;

  // Output only. The Cloud Storage prefix of the DAGs for this environment. Although Cloud
  // Storage objects reside in a flat namespace, a hierarchical file tree
  // can be simulated using "/"-delimited object name prefixes. DAG objects for
  // this environment reside in a simulated directory with the given prefix.
  string dag_gcs_prefix = 2;

  // The number of nodes in the Kubernetes Engine cluster that will be
  // used to run this environment.
  int32 node_count = 3;

  // The configuration settings for software inside the environment.
  SoftwareConfig software_config = 4;

  // The configuration used for the Kubernetes Engine cluster.
  NodeConfig node_config = 5;

  // The configuration used for the Private IP Cloud Composer environment.
  PrivateEnvironmentConfig private_environment_config = 7;

  // Optional. The network-level access control policy for the Airflow web server. If
  // unspecified, no network-level access restrictions will be applied.
  WebServerNetworkAccessControl web_server_network_access_control = 8 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The configuration settings for Cloud SQL instance used internally by Apache
  // Airflow software.
  DatabaseConfig database_config = 9 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The configuration settings for the Airflow web server App Engine instance.
  WebServerConfig web_server_config = 10 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The encryption options for the Cloud Composer environment
  // and its dependencies. Cannot be updated.
  EncryptionConfig encryption_config = 11 [(google.api.field_behavior) = OPTIONAL];

  // Output only. The URI of the Apache Airflow Web UI hosted within this environment (see
  // [Airflow web
  // interface](/composer/docs/how-to/accessing/airflow-web-interface)).
  string airflow_uri = 6;
}

// Network-level access control policy for the Airflow web server.
message WebServerNetworkAccessControl {
  // Allowed IP range with user-provided description.
  message AllowedIpRange {
    // IP address or range, defined using CIDR notation, of requests that this
    // rule applies to.
    // Examples: `192.168.1.1` or `192.168.0.0/16` or `2001:db8::/32`
    //           or `2001:0db8:0000:0042:0000:8a2e:0370:7334`.
    //
    // IP range prefixes should be properly truncated. For example,
    // `1.2.3.4/24` should be truncated to `1.2.3.0/24`. Similarly, for IPv6,
    // `2001:db8::1/32` should be truncated to `2001:db8::/32`.
    string value = 1;

    // Optional. User-provided description. It must contain at most 300 characters.
    string description = 2 [(google.api.field_behavior) = OPTIONAL];
  }

  // A collection of allowed IP ranges with descriptions.
  repeated AllowedIpRange allowed_ip_ranges = 1;
}

// The configuration of Cloud SQL instance that is used by the Apache Airflow
// software.
message DatabaseConfig {
  // Optional. Cloud SQL machine type used by Airflow database.
  // It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8
  // or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.
  string machine_type = 1 [(google.api.field_behavior) = OPTIONAL];
}

// The configuration settings for the Airflow web server App Engine instance.
message WebServerConfig {
  // Optional. Machine type on which Airflow web server is running.
  // It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or
  // composer-n1-webserver-8.
  // If not specified, composer-n1-webserver-2 will be used.
  // Value custom is returned only in response, if Airflow web server parameters
  // were manually changed to a non-standard values.
  string machine_type = 1 [(google.api.field_behavior) = OPTIONAL];
}

// The encryption options for the Cloud Composer environment
// and its dependencies.
message EncryptionConfig {
  // Optional. Customer-managed Encryption Key available through Google's Key Management
  // Service. Cannot be updated.
  // If not specified, Google-managed key will be used.
  string kms_key_name = 1 [(google.api.field_behavior) = OPTIONAL];
}

// Specifies the selection and configuration of software inside the environment.
message SoftwareConfig {
  // The version of the software running in the environment.
  // This encapsulates both the version of Cloud Composer functionality and the
  // version of Apache Airflow. It must match the regular expression
  // `composer-([0-9]+\.[0-9]+\.[0-9]+|latest)-airflow-[0-9]+\.[0-9]+(\.[0-9]+.*)?`.
  // When used as input, the server also checks if the provided version is
  // supported and denies the request for an unsupported version.
  //
  // The Cloud Composer portion of the version is a
  // [semantic version](https://semver.org) or `latest`. When the patch version
  // is omitted, the current Cloud Composer patch version is selected.
  // When `latest` is provided instead of an explicit version number,
  // the server replaces `latest` with the current Cloud Composer version
  // and stores that version number in the same field.
  //
  // The portion of the image version that follows *airflow-* is an
  // official Apache Airflow repository
  // [release name](https://github.com/apache/incubator-airflow/releases).
  //
  // See also [Version
  // List](/composer/docs/concepts/versioning/composer-versions).
  string image_version = 1;

  // Optional. Apache Airflow configuration properties to override.
  //
  // Property keys contain the section and property names, separated by a
  // hyphen, for example "core-dags_are_paused_at_creation". Section names must
  // not contain hyphens ("-"), opening square brackets ("["),  or closing
  // square brackets ("]"). The property name must not be empty and must not
  // contain an equals sign ("=") or semicolon (";"). Section and property names
  // must not contain a period ("."). Apache Airflow configuration property
  // names must be written in
  // [snake_case](https://en.wikipedia.org/wiki/Snake_case). Property values can
  // contain any character, and can be written in any lower/upper case format.
  //
  // Certain Apache Airflow configuration property values are
  // [blocked](/composer/docs/concepts/airflow-configurations),
  // and cannot be overridden.
  map<string, string> airflow_config_overrides = 2;

  // Optional. Custom Python Package Index (PyPI) packages to be installed in
  // the environment.
  //
  // Keys refer to the lowercase package name such as "numpy"
  // and values are the lowercase extras and version specifier such as
  // "==1.12.0", "[devel,gcp_api]", or "[devel]>=1.8.2, <1.9.2". To specify a
  // package without pinning it to a version specifier, use the empty string as
  // the value.
  map<string, string> pypi_packages = 3;

  // Optional. Additional environment variables to provide to the Apache Airflow
  // scheduler, worker, and webserver processes.
  //
  // Environment variable names must match the regular expression
  // `[a-zA-Z_][a-zA-Z0-9_]*`. They cannot specify Apache Airflow
  // software configuration overrides (they cannot match the regular expression
  // `AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+`), and they cannot match any of the
  // following reserved names:
  //
  // * `AIRFLOW_HOME`
  // * `C_FORCE_ROOT`
  // * `CONTAINER_NAME`
  // * `DAGS_FOLDER`
  // * `GCP_PROJECT`
  // * `GCS_BUCKET`
  // * `GKE_CLUSTER_NAME`
  // * `SQL_DATABASE`
  // * `SQL_INSTANCE`
  // * `SQL_PASSWORD`
  // * `SQL_PROJECT`
  // * `SQL_REGION`
  // * `SQL_USER`
  map<string, string> env_variables = 4;

  // Optional. The major version of Python used to run the Apache Airflow
  // scheduler, worker, and webserver processes.
  //
  // Can be set to '2' or '3'. If not specified, the default is '3'. Cannot be
  // updated.
  string python_version = 6;
}

// Configuration for controlling how IPs are allocated in the
// GKE cluster running the Apache Airflow software.
message IPAllocationPolicy {
  // Optional. Whether or not to enable Alias IPs in the GKE cluster.
  // If `true`, a VPC-native cluster is created.
  bool use_ip_aliases = 1 [(google.api.field_behavior) = OPTIONAL];

  // Configuration of allocating IP addresses for pods in the GKE cluster.
  oneof cluster_ip_allocation {
    // Optional. The name of the GKE cluster's secondary range used to allocate
    // IP addresses to pods.
    //
    // This field is applicable only when `use_ip_aliases` is true.
    string cluster_secondary_range_name = 2 [(google.api.field_behavior) = OPTIONAL];

    // Optional. The IP address range used to allocate IP addresses to pods in
    // the GKE cluster.
    //
    // This field is applicable only when `use_ip_aliases` is true.
    //
    // Set to blank to have GKE choose a range with the default size.
    //
    // Set to /netmask (e.g. `/14`) to have GKE choose a range with a specific
    // netmask.
    //
    // Set to a
    // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
    // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
    // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
    // to use.
    string cluster_ipv4_cidr_block = 4 [(google.api.field_behavior) = OPTIONAL];
  }

  // Configuration of allocating IP addresses for services in the GKE cluster.
  oneof services_ip_allocation {
    // Optional. The name of the services' secondary range used to allocate
    // IP addresses to the GKE cluster.
    //
    // This field is applicable only when `use_ip_aliases` is true.
    string services_secondary_range_name = 3 [(google.api.field_behavior) = OPTIONAL];

    // Optional. The IP address range of the services IP addresses in this
    // GKE cluster.
    //
    // This field is applicable only when `use_ip_aliases` is true.
    //
    // Set to blank to have GKE choose a range with the default size.
    //
    // Set to /netmask (e.g. `/14`) to have GKE choose a range with a specific
    // netmask.
    //
    // Set to a
    // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
    // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.
    // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range
    // to use.
    string services_ipv4_cidr_block = 5 [(google.api.field_behavior) = OPTIONAL];
  }
}

// The configuration information for the Kubernetes Engine nodes running
// the Apache Airflow software.
message NodeConfig {
  // Optional. The Compute Engine [zone](/compute/docs/regions-zones) in which
  // to deploy the VMs used to run the Apache Airflow software, specified as a
  // [relative resource
  // name](/apis/design/resource_names#relative_resource_name). For example:
  // "projects/{projectId}/zones/{zoneId}".
  //
  // This `location` must belong to the enclosing environment's project and
  // location. If both this field and `nodeConfig.machineType` are specified,
  // `nodeConfig.machineType` must belong to this `location`; if both are
  // unspecified, the service will pick a zone in the Compute Engine region
  // corresponding to the Cloud Composer location, and propagate that choice to
  // both fields. If only one field (`location` or `nodeConfig.machineType`) is
  // specified, the location information from the specified field will be
  // propagated to the unspecified field.
  string location = 1;

  // Optional. The Compute Engine
  // [machine type](/compute/docs/machine-types) used for cluster instances,
  // specified as a
  // [relative resource
  // name](/apis/design/resource_names#relative_resource_name). For example:
  // "projects/{projectId}/zones/{zoneId}/machineTypes/{machineTypeId}".
  //
  // The `machineType` must belong to the enclosing environment's project and
  // location. If both this field and `nodeConfig.location` are specified,
  // this `machineType` must belong to the `nodeConfig.location`; if both are
  // unspecified, the service will pick a zone in the Compute Engine region
  // corresponding to the Cloud Composer location, and propagate that choice to
  // both fields. If exactly one of this field and `nodeConfig.location` is
  // specified, the location information from the specified field will be
  // propagated to the unspecified field.
  //
  // The `machineTypeId` must not be a [shared-core machine
  // type](/compute/docs/machine-types#sharedcore).
  //
  // If this field is unspecified, the `machineTypeId` defaults
  // to "n1-standard-1".
  string machine_type = 2;

  // Optional. The Compute Engine network to be used for machine
  // communications, specified as a
  // [relative resource
  // name](/apis/design/resource_names#relative_resource_name). For example:
  // "projects/{projectId}/global/networks/{networkId}".
  //
  // If unspecified, the "default" network ID in the environment's project is
  // used. If a [Custom Subnet Network](/vpc/docs/vpc#vpc_networks_and_subnets)
  // is provided, `nodeConfig.subnetwork` must also be provided. For
  // [Shared VPC](/vpc/docs/shared-vpc) subnetwork requirements, see
  // `nodeConfig.subnetwork`.
  string network = 3;

  // Optional. The Compute Engine subnetwork to be used for machine
  // communications, specified as a
  // [relative resource
  // name](/apis/design/resource_names#relative_resource_name). For example:
  // "projects/{projectId}/regions/{regionId}/subnetworks/{subnetworkId}"
  //
  // If a subnetwork is provided, `nodeConfig.network` must also be provided,
  // and the subnetwork must belong to the enclosing environment's project and
  // location.
  string subnetwork = 4;

  // Optional. The disk size in GB used for node VMs. Minimum size is 20GB.
  // If unspecified, defaults to 100GB. Cannot be updated.
  int32 disk_size_gb = 5;

  // Optional. The set of Google API scopes to be made available on all
  // node VMs. If `oauth_scopes` is empty, defaults to
  // ["https://www.googleapis.com/auth/cloud-platform"]. Cannot be updated.
  repeated string oauth_scopes = 6;

  // Optional. The Google Cloud Platform Service Account to be used by the node
  // VMs. If a service account is not specified, the "default" Compute Engine
  // service account is used. Cannot be updated.
  string service_account = 7;

  // Optional. The list of instance tags applied to all node VMs. Tags are used
  // to identify valid sources or targets for network firewalls. Each tag within
  // the list must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt).
  // Cannot be updated.
  repeated string tags = 8;

  // Optional. The configuration for controlling how IPs are allocated in the GKE cluster.
  IPAllocationPolicy ip_allocation_policy = 9 [(google.api.field_behavior) = OPTIONAL];
}

// Configuration options for the private GKE cluster in a Cloud Composer
// environment.
message PrivateClusterConfig {
  // Optional. If `true`, access to the public endpoint of the GKE cluster is
  // denied.
  bool enable_private_endpoint = 1 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The CIDR block from which IPv4 range for GKE master will be reserved. If
  // left blank, the default value of '172.16.0.0/23' is used.
  string master_ipv4_cidr_block = 2 [(google.api.field_behavior) = OPTIONAL];

  // Output only. The IP range in CIDR notation to use for the hosted master network. This
  // range is used for assigning internal IP addresses to the GKE cluster
  // master or set of masters and to the internal load balancer virtual IP.
  // This range must not overlap with any other ranges in use
  // within the cluster's network.
  string master_ipv4_reserved_range = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// The configuration information for configuring a Private IP Cloud Composer
// environment.
message PrivateEnvironmentConfig {
  // Optional. If `true`, a Private IP Cloud Composer environment is created.
  // If this field is set to true, `IPAllocationPolicy.use_ip_aliases` must be
  // set to true.
  bool enable_private_environment = 1 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Configuration for the private GKE cluster for a Private IP
  // Cloud Composer environment.
  PrivateClusterConfig private_cluster_config = 2 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The CIDR block from which IP range for web server will be reserved. Needs
  // to be disjoint from `private_cluster_config.master_ipv4_cidr_block` and
  // `cloud_sql_ipv4_cidr_block`.
  string web_server_ipv4_cidr_block = 3 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The CIDR block from which IP range in tenant project will be reserved for
  // Cloud SQL. Needs to be disjoint from `web_server_ipv4_cidr_block`.
  string cloud_sql_ipv4_cidr_block = 4 [(google.api.field_behavior) = OPTIONAL];

  // Output only. The IP range reserved for the tenant project's App Engine VMs.
  string web_server_ipv4_reserved_range = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// An environment for running orchestration tasks.
message Environment {
  option (google.api.resource) = {
    type: "composer.googleapis.com/Environment"
    pattern: "projects/{project}/locations/{location}/environments/{environment}"
  };

  // State of the environment.
  enum State {
    // The state of the environment is unknown.
    STATE_UNSPECIFIED = 0;

    // The environment is in the process of being created.
    CREATING = 1;

    // The environment is currently running and healthy. It is ready for use.
    RUNNING = 2;

    // The environment is being updated. It remains usable but cannot receive
    // additional update requests or be deleted at this time.
    UPDATING = 3;

    // The environment is undergoing deletion. It cannot be used.
    DELETING = 4;

    // The environment has encountered an error and cannot be used.
    ERROR = 5;
  }

  // The resource name of the environment, in the form:
  // "projects/{projectId}/locations/{locationId}/environments/{environmentId}"
  //
  // EnvironmentId must start with a lowercase letter followed by up to 63
  // lowercase letters, numbers, or hyphens, and cannot end with a hyphen.
  string name = 1;

  // Configuration parameters for this environment.
  EnvironmentConfig config = 2;

  // Output only. The UUID (Universally Unique IDentifier) associated with this environment.
  // This value is generated when the environment is created.
  string uuid = 3;

  // The current state of the environment.
  State state = 4;

  // Output only. The time at which this environment was created.
  google.protobuf.Timestamp create_time = 5;

  // Output only. The time at which this environment was last modified.
  google.protobuf.Timestamp update_time = 6;

  // Optional. User-defined labels for this environment.
  // The labels map can contain no more than 64 entries. Entries of the labels
  // map are UTF8 strings that comply with the following restrictions:
  //
  // * Keys must conform to regexp: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}
  // * Values must conform to regexp:  [\p{Ll}\p{Lo}\p{N}_-]{0,63}
  // * Both keys and values are additionally constrained to be <= 128 bytes in
  // size.
  map<string, string> labels = 7;
}

// Message containing information about the result of an upgrade check
// operation.
message CheckUpgradeResponse {
  // Whether there were python modules conflict during image build.
  enum ConflictResult {
    // It is unknown whether build had conflicts or not.
    CONFLICT_RESULT_UNSPECIFIED = 0;

    // There were python packages conflicts.
    CONFLICT = 1;

    // There were no python packages conflicts.
    NO_CONFLICT = 2;
  }

  // Output only. Url for a docker build log of an upgraded image.
  string build_log_uri = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Whether build has succeeded or failed on modules conflicts.
  ConflictResult contains_pypi_modules_conflict = 4 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Extract from a docker image build log containing information about pypi
  // modules conflicts.
  string pypi_conflict_build_log_extract = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Composer image for which the build was happening.
  string image_version = 5;

  // Pypi dependencies specified in the environment configuration, at the time
  // when the build was triggered.
  map<string, string> pypi_dependencies = 6;
}