diff --git a/config/tests/samples/create/harness.go b/config/tests/samples/create/harness.go index d8889bc7c2..dd3522615c 100644 --- a/config/tests/samples/create/harness.go +++ b/config/tests/samples/create/harness.go @@ -727,6 +727,7 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured case schema.GroupKind{Group: "apigee.cnrm.cloud.google.com", Kind: "ApigeeEnvgroup"}: case schema.GroupKind{Group: "apigee.cnrm.cloud.google.com", Kind: "ApigeeEnvironment"}: + case schema.GroupKind{Group: "apigee.cnrm.cloud.google.com", Kind: "ApigeeInstance"}: case schema.GroupKind{Group: "apigee.cnrm.cloud.google.com", Kind: "ApigeeOrganization"}: case schema.GroupKind{Group: "apikeys.cnrm.cloud.google.com", Kind: "APIKeysKey"}: diff --git a/mockgcp/mockapigee/envgroup.go b/mockgcp/mockapigee/envgroup.go index 227506988a..91c5ef3b9f 100644 --- a/mockgcp/mockapigee/envgroup.go +++ b/mockgcp/mockapigee/envgroup.go @@ -105,7 +105,7 @@ func (s *EnvgroupV1) PatchOrganizationsEnvgroup(ctx context.Context, req *pb.Pat // Required. A list of fields to be updated in this request. paths := req.GetUpdateMask() - fieldMask, err := field_mask.New(obj, paths) + fieldMask, err := field_mask.New(obj, strings.Split(paths, ",")...) if err != nil { return nil, err } diff --git a/mockgcp/mockapigee/instance.go b/mockgcp/mockapigee/instance.go new file mode 100644 index 0000000000..31e8af3158 --- /dev/null +++ b/mockgcp/mockapigee/instance.go @@ -0,0 +1,207 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package mockapigee + +import ( + "context" + "fmt" + "strings" + + "cloud.google.com/go/longrunning/autogen/longrunningpb" + pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/apigee/v1" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/fieldmaskpb" +) + +type instanceName struct { + Organization string + Instance string +} + +func (n *instanceName) Parent() string { + return fmt.Sprintf("organizations/%v", n.Organization) +} + +func (n *instanceName) String() string { + return fmt.Sprintf("organizations/%v/instances/%v", n.Organization, n.Instance) +} + +// parseInstanceName parses a string into a instanceName. +// The expected form is organizations/{organization}/instances/{instance}. +func (s *instancesServer) parseInstanceName(name string) (*instanceName, error) { + expectedFormat := "organizations/{organization}/instances/{instance}" + parts := strings.Split(name, "/") + if len(parts) != 4 || parts[0] != "organizations" || parts[2] != "instances" { + return nil, fmt.Errorf("name '%s' is not of the form %s", name, expectedFormat) + } + return &instanceName{ + Organization: parts[1], + Instance: parts[3], + }, nil +} + +type instancesServer struct { + *MockService + pb.UnimplementedOrganizationsInstancesServerServer +} + +func (s *instancesServer) GetOrganizationsInstance(ctx context.Context, req *pb.GetOrganizationsInstanceRequest) (*pb.GoogleCloudApigeeV1Instance, error) { + name, err := s.parseInstanceName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.GoogleCloudApigeeV1Instance{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + if status.Code(err) == codes.NotFound { + return nil, status.Errorf(codes.NotFound, "generic::not_found: resource %s not found", fqn) + } + return nil, err + } + return obj, nil +} + +func (s *instancesServer) CreateOrganizationsInstance(ctx context.Context, req *pb.CreateOrganizationsInstanceRequest) (*longrunningpb.Operation, error) { + reqName := req.Parent + "/instances/" + req.OrganizationsInstance.Name + name, err := s.parseInstanceName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := proto.Clone(req.OrganizationsInstance).(*pb.GoogleCloudApigeeV1Instance) + obj.Name = req.OrganizationsInstance.Name + populateDefaultsForOrganizationsInstance(obj) + if err := s.storage.Create(ctx, fqn, obj); err != nil { + return nil, err + } + + metadata := &pb.GoogleCloudApigeeV1OperationMetadata{ + OperationType: "INSERT", + State: "IN_PROGRESS", + TargetResourceName: fqn, + } + op, err := s.operations.StartLRO(ctx, req.GetParent(), metadata, func() (proto.Message, error) { + metadata.Progress = &pb.GoogleCloudApigeeV1OperationMetadataProgress{ + Description: "Succeeded", + PercentDone: 100, + } + metadata.State = "FINISHED" + result := proto.Clone(obj).(*pb.GoogleCloudApigeeV1Instance) + populateOutputsForOrganizationsInstance(result) + s.storage.Update(ctx, fqn, result) + return result, nil + }) + return op, err +} + +func (s *instancesServer) PatchOrganizationsInstance(ctx context.Context, req *pb.PatchOrganizationsInstanceRequest) (*longrunningpb.Operation, error) { + name, err := s.parseInstanceName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + obj := &pb.GoogleCloudApigeeV1Instance{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + return nil, err + } + + // Required. A list of fields to be updated in this request. + paths := req.GetUpdateMask() + fieldMask, err := fieldmaskpb.New(obj, strings.Split(paths, ",")...) + if err != nil { + return nil, err + } + + for _, path := range fieldMask.GetPaths() { + switch path { + case "access_logging_config": + obj.AccessLoggingConfig = req.OrganizationsInstance.AccessLoggingConfig + case "consumer_accept_list": + obj.ConsumerAcceptList = req.OrganizationsInstance.ConsumerAcceptList + default: + return nil, status.Errorf(codes.InvalidArgument, "update mask path %q not supported by mockgcp", path) + } + } + + if err := s.storage.Update(ctx, fqn, obj); err != nil { + return nil, err + } + + metadata := &pb.GoogleCloudApigeeV1OperationMetadata{ + OperationType: "PATCH", + State: "IN_PROGRESS", + TargetResourceName: fqn, + } + op, err := s.operations.StartLRO(ctx, name.Parent(), metadata, func() (proto.Message, error) { + metadata.State = "FINISHED" + result := proto.Clone(obj).(*pb.GoogleCloudApigeeV1Instance) + return result, nil + }) + return op, err +} + +func (s *instancesServer) DeleteOrganizationsInstance(ctx context.Context, req *pb.DeleteOrganizationsInstanceRequest) (*longrunningpb.Operation, error) { + name, err := s.parseInstanceName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + + oldObj := &pb.GoogleCloudApigeeV1Instance{} + if err := s.storage.Delete(ctx, fqn, oldObj); err != nil { + return nil, err + } + + metadata := &pb.GoogleCloudApigeeV1OperationMetadata{ + OperationType: "DELETE", + State: "IN_PROGRESS", + TargetResourceName: fqn, + } + op, err := s.operations.StartLRO(ctx, name.Parent(), metadata, func() (proto.Message, error) { + metadata.State = "FINISHED" + return &pb.GoogleCloudApigeeV1Instance{}, nil + }) + return op, err +} + +func populateDefaultsForOrganizationsInstance(obj *pb.GoogleCloudApigeeV1Instance) { + if len(obj.ConsumerAcceptList) == 0 { + obj.ConsumerAcceptList = []string{"${projectId}"} + } + if obj.IpRange == "" { + obj.IpRange = "10.39.56.0/22,10.14.0.64/28" + } + if obj.PeeringCidrRange == "" { + obj.PeeringCidrRange = "SLASH_22" + } +} + +func populateOutputsForOrganizationsInstance(obj *pb.GoogleCloudApigeeV1Instance) { + obj.CreatedAt = 123456789 + obj.Host = "10.39.56.2" + obj.LastModifiedAt = 123456789 + obj.Port = "443" + obj.RuntimeVersion = "1-14-0-apigee-4" + obj.ServiceAttachment = "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd" + obj.State = "ACTIVE" +} diff --git a/mockgcp/mockapigee/service.go b/mockgcp/mockapigee/service.go index c47057f181..3c9a388629 100644 --- a/mockgcp/mockapigee/service.go +++ b/mockgcp/mockapigee/service.go @@ -52,6 +52,7 @@ func (s *MockService) ExpectedHosts() []string { func (s *MockService) Register(grpcServer *grpc.Server) { pb.RegisterOrganizationsEnvironmentsServerServer(grpcServer, &environmentsServer{MockService: s}) pb.RegisterOrganizationsEnvgroupsServerServer(grpcServer, &EnvgroupV1{MockService: s}) + pb.RegisterOrganizationsInstancesServerServer(grpcServer, &instancesServer{MockService: s}) pb.RegisterOrganizationsServerServer(grpcServer, &organizationsServer{MockService: s}) } @@ -59,6 +60,7 @@ func (s *MockService) NewHTTPMux(ctx context.Context, conn *grpc.ClientConn) (ht mux, err := httpmux.NewServeMux(ctx, conn, httpmux.Options{}, pb.RegisterOrganizationsEnvironmentsServerHandler, pb.RegisterOrganizationsEnvgroupsServerHandler, + pb.RegisterOrganizationsInstancesServerHandler, pb.RegisterOrganizationsServerHandler, s.operations.RegisterOperationsPath("/v1/{prefix=**}/operations/{name}")) if err != nil { diff --git a/mockgcp/mockserviceusage/serviceusagev1beta1.go b/mockgcp/mockserviceusage/serviceusagev1beta1.go index 041cf9e75a..97e2069f48 100644 --- a/mockgcp/mockserviceusage/serviceusagev1beta1.go +++ b/mockgcp/mockserviceusage/serviceusagev1beta1.go @@ -68,6 +68,9 @@ func (s *ServiceUsageV1Beta1) GenerateServiceIdentity(ctx context.Context, req * case "bigquery.googleapis.com": identity.Email = "bq-" + strconv.FormatInt(name.Project.Number, 10) + "@bigquery-encryption.iam.gserviceaccount.com" identity.UniqueId = "123456789007" + case "apigee.googleapis.com": + identity.Email = "service-" + strconv.FormatInt(name.Project.Number, 10) + "@gcp-sa-apigee.iam.gserviceaccount.com" + identity.UniqueId = "123456789008" default: return nil, fmt.Errorf("generating serviceIdentity for service %q not implemented in mock", name.ServiceName) } diff --git a/pkg/controller/direct/apigee/instance_controller.go b/pkg/controller/direct/apigee/instance_controller.go index 79f548b9a8..76372114c5 100644 --- a/pkg/controller/direct/apigee/instance_controller.go +++ b/pkg/controller/direct/apigee/instance_controller.go @@ -175,11 +175,11 @@ func (a *ApigeeInstanceAdapter) Update(ctx context.Context, updateOp *directbase if resource.AccessLoggingConfig != nil && !reflect.DeepEqual(resource.AccessLoggingConfig, a.actual.AccessLoggingConfig) { log.V(2).Info("change detected: accessLoggingConfig") - updateMask.Paths = append(updateMask.Paths, "accessLoggingConfig") + updateMask.Paths = append(updateMask.Paths, "access_logging_config") } if resource.ConsumerAcceptList != nil && !reflect.DeepEqual(asSortedCopy(resource.ConsumerAcceptList), asSortedCopy(a.actual.ConsumerAcceptList)) { log.V(2).Info("change detected: consumerAcceptList") - updateMask.Paths = append(updateMask.Paths, "consumerAcceptList") + updateMask.Paths = append(updateMask.Paths, "consumer_accept_list") } if len(updateMask.Paths) == 0 { diff --git a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_generated_object_apigeeinstance-basic.golden.yaml b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_generated_object_apigeeinstance-basic.golden.yaml index c1a2071767..0134751a7a 100644 --- a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_generated_object_apigeeinstance-basic.golden.yaml +++ b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_generated_object_apigeeinstance-basic.golden.yaml @@ -28,5 +28,5 @@ status: lastModifiedAt: 1711974896 port: "443" runtimeVersion: 1-14-0-apigee-4 - serviceAttachment: projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-8dhb + serviceAttachment: projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd state: ACTIVE diff --git a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_http.log b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_http.log index f701ebf9be..c1812812bd 100644 --- a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-basic/_http.log @@ -2,6 +2,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigee User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 404 Not Found +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -31,6 +32,7 @@ User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-confi } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -42,7 +44,7 @@ X-Xss-Protection: 0 { "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "INSERT", "state": "IN_PROGRESS", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" @@ -56,6 +58,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/operations/${ope User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -68,7 +71,7 @@ X-Xss-Protection: 0 { "done": true, "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "INSERT", "progress": { "description": "Succeeded", @@ -79,7 +82,7 @@ X-Xss-Protection: 0 }, "name": "organizations/${projectId}/operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.Instance", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1Instance", "consumerAcceptList": [ "${projectId}" ], @@ -92,7 +95,7 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-8dhb", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } } @@ -103,6 +106,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigee User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -125,7 +129,7 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-8dhb", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } @@ -135,6 +139,7 @@ DELETE https://apigee.googleapis.com/v1/organizations/${projectId}/instances/api User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -146,7 +151,7 @@ X-Xss-Protection: 0 { "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "DELETE", "state": "IN_PROGRESS", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" @@ -160,6 +165,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/operations/${ope User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -172,13 +178,13 @@ X-Xss-Protection: 0 { "done": true, "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "DELETE", "state": "FINISHED", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" }, "name": "organizations/${projectId}/operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.protobuf.Empty" + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1Instance" } } \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_generated_object_apigeeinstance-full.golden.yaml b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_generated_object_apigeeinstance-full.golden.yaml index 515e22e49b..5d2287b735 100644 --- a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_generated_object_apigeeinstance-full.golden.yaml +++ b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_generated_object_apigeeinstance-full.golden.yaml @@ -40,5 +40,5 @@ status: lastModifiedAt: 1711974896 port: "443" runtimeVersion: 1-14-0-apigee-4 - serviceAttachment: projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-i9mj + serviceAttachment: projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd state: ACTIVE diff --git a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_http.log b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_http.log index dff46efa67..23117cf183 100644 --- a/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/apigee/v1alpha1/apigeeinstance/apigeeinstance-full/_http.log @@ -3,6 +3,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -16,7 +17,7 @@ X-Xss-Protection: 0 "done": true, "name": "operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity", + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", "email": "service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com", "uniqueId": "12345678" } @@ -35,6 +36,7 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -45,16 +47,61 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "bindings": [ - { - "members": [ - "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" - ], - "role": "roles/apigee.serviceAgent" - }, - ], - "etag": "abcdef0123A=", - "version": 1 + "etag": "abcdef0123A=" +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=" +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=" } --- @@ -66,18 +113,12 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog { "policy": { "bindings": [ - { - "members": [ - "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" - ], - "role": "roles/apigee.serviceAgent" - }, { "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - }, + } ], "etag": "abcdef0123A=", "version": 3 @@ -86,6 +127,7 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -101,14 +143,44 @@ X-Xss-Protection: 0 "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], - "role": "roles/apigee.serviceAgent" - }, + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + ], + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "bindings": [ { "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - }, + } ], "etag": "abcdef0123A=", "version": 1 @@ -127,6 +199,7 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -142,14 +215,80 @@ X-Xss-Protection: 0 "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], - "role": "roles/apigee.serviceAgent" - }, + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + ], + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "bindings": [ { "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - }, + } + ], + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "bindings": [ + { + "members": [ + "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" + ], + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } ], "etag": "abcdef0123A=", "version": 1 @@ -162,6 +301,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 404 Not Found +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -186,6 +326,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -207,6 +348,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -228,6 +370,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 404 Not Found +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -260,6 +403,7 @@ User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-confi } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -299,6 +443,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -337,6 +482,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigee User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 404 Not Found +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -374,6 +520,7 @@ User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-confi } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -385,7 +532,7 @@ X-Xss-Protection: 0 { "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "INSERT", "state": "IN_PROGRESS", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" @@ -399,6 +546,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/operations/${ope User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -411,7 +559,7 @@ X-Xss-Protection: 0 { "done": true, "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "INSERT", "progress": { "description": "Succeeded", @@ -422,9 +570,9 @@ X-Xss-Protection: 0 }, "name": "organizations/${projectId}/operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.Instance", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1Instance", "accessLoggingConfig": { - "filter": "status_code \u003e= 200 and status_code \u003c 300" + "filter": "status_code \u003e= 200 \u0026\u0026 status_code \u003c 300" }, "consumerAcceptList": [ "${projectId}" @@ -441,7 +589,7 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-i9mj", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } } @@ -452,6 +600,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigee User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -463,7 +612,7 @@ X-Xss-Protection: 0 { "accessLoggingConfig": { - "filter": "status_code \u003e= 200 and status_code \u003c 300" + "filter": "status_code \u003e= 200 \u0026\u0026 status_code \u003c 300" }, "consumerAcceptList": [ "${projectId}" @@ -480,13 +629,13 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-i9mj", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } --- -PATCH https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigeeinstance-${uniqueId}?alt=json&prettyPrint=false&updateMask=accessLoggingConfig +PATCH https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigeeinstance-${uniqueId}?alt=json&prettyPrint=false&updateMask=access_logging_config%2Cconsumer_accept_list Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} @@ -507,6 +656,7 @@ User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-confi } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -518,8 +668,8 @@ X-Xss-Protection: 0 { "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", - "operationType": "UPDATE", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", + "operationType": "PATCH", "state": "IN_PROGRESS", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" }, @@ -532,6 +682,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/operations/${ope User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -544,14 +695,14 @@ X-Xss-Protection: 0 { "done": true, "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", - "operationType": "UPDATE", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", + "operationType": "PATCH", "state": "FINISHED", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" }, "name": "organizations/${projectId}/operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.Instance", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1Instance", "accessLoggingConfig": { "enabled": true, "filter": "status_code \u003e= 200 \u0026\u0026 status_code \u003c 400" @@ -571,7 +722,7 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-i9mj", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } } @@ -582,6 +733,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/instances/apigee User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -611,7 +763,7 @@ X-Xss-Protection: 0 "peeringCidrRange": "SLASH_22", "port": "443", "runtimeVersion": "1-14-0-apigee-4", - "serviceAttachment": "projects/eef779b38d9fb4b50p-tp/regions/us-central1/serviceAttachments/apigee-us-central1-i9mj", + "serviceAttachment": "projects/${projectId}/regions/us-central1/serviceAttachments/apigee-us-central1-abcd", "state": "ACTIVE" } @@ -621,6 +773,7 @@ DELETE https://apigee.googleapis.com/v1/organizations/${projectId}/instances/api User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -632,7 +785,7 @@ X-Xss-Protection: 0 { "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "DELETE", "state": "IN_PROGRESS", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" @@ -646,6 +799,7 @@ GET https://apigee.googleapis.com/v1/organizations/${projectId}/operations/${ope User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -658,14 +812,14 @@ X-Xss-Protection: 0 { "done": true, "metadata": { - "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1OperationMetadata", "operationType": "DELETE", "state": "FINISHED", "targetResourceName": "organizations/${projectId}/instances/apigeeinstance-${uniqueId}" }, "name": "organizations/${projectId}/operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.protobuf.Empty" + "@type": "type.googleapis.com/google.cloud.apigee.v1.GoogleCloudApigeeV1Instance" } } @@ -676,6 +830,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -714,6 +869,7 @@ GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-centra User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -746,6 +902,7 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog {} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -772,6 +929,7 @@ Content-Type: application/json User-Agent: kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -788,27 +946,18 @@ X-Xss-Protection: 0 --- -POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:setIamPolicy?alt=json&prettyPrint=false +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false Content-Type: application/json User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} { - "policy": { - "bindings": [ - { - "members": [ - "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" - ], - "role": "roles/apigee.serviceAgent" - }, - ], - "etag": "abcdef0123A=", - "version": 1 - }, - "updateMask": "bindings,etag,auditConfigs" + "options": { + "requestedPolicyVersion": 3 + } } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -824,8 +973,8 @@ X-Xss-Protection: 0 "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], - "role": "roles/apigee.serviceAgent" - }, + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } ], "etag": "abcdef0123A=", "version": 1 @@ -844,6 +993,7 @@ User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/Goog } 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -859,9 +1009,151 @@ X-Xss-Protection: 0 "members": [ "serviceAccount:service-${projectNumber}@gcp-sa-apigee.iam.gserviceaccount.com" ], - "role": "roles/apigee.serviceAgent" - }, + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } ], "etag": "abcdef0123A=", "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:setIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "policy": { + "etag": "abcdef0123A=", + "version": 1 + }, + "updateMask": "bindings,etag,auditConfigs" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=", + "version": 1 +} + +--- + +POST https://cloudresourcemanager.googleapis.com/v1/projects/${projectId}:getIamPolicy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 kcc/${kccVersion} (+https://github.com/GoogleCloudPlatform/k8s-config-connector) kcc/controller-manager/${kccVersion} + +{ + "options": { + "requestedPolicyVersion": 3 + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "etag": "abcdef0123A=", + "version": 1 } \ No newline at end of file