// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.run.v2;

import "google/api/resource.proto";

option go_package = "cloud.google.com/go/run/apiv2/runpb;runpb";
option java_multiple_files = true;
option java_outer_classname = "VendorSettingsProto";
option java_package = "com.google.cloud.run.v2";

// VPC Access settings. For more information on creating a VPC Connector, visit
// https://cloud.google.com/vpc/docs/configure-serverless-vpc-access For
// information on how to configure Cloud Run with an existing VPC Connector,
// visit https://cloud.google.com/run/docs/configuring/connecting-vpc
message VpcAccess {
  // Egress options for VPC access.
  enum VpcEgress {
    // Unspecified
    VPC_EGRESS_UNSPECIFIED = 0;

    // All outbound traffic is routed through the VPC connector.
    ALL_TRAFFIC = 1;

    // Only private IP ranges are routed through the VPC connector.
    PRIVATE_RANGES_ONLY = 2;
  }

  // VPC Access connector name.
  // Format: projects/{project}/locations/{location}/connectors/{connector},
  // where {project} can be project id or number.
  string connector = 1 [(google.api.resource_reference) = {
    type: "vpcaccess.googleapis.com/Connector"
  }];

  // Traffic VPC egress settings.
  VpcEgress egress = 2;
}

// Settings for Binary Authorization feature.
message BinaryAuthorization {
  oneof binauthz_method {
    // If True, indicates to use the default project's binary authorization
    // policy. If False, binary authorization will be disabled.
    bool use_default = 1;
  }

  // If present, indicates to use Breakglass using this justification.
  // If use_default is False, then it must be empty.
  // For more information on breakglass, see
  // https://cloud.google.com/binary-authorization/docs/using-breakglass
  string breakglass_justification = 2;
}

// Settings for revision-level scaling settings.
message RevisionScaling {
  // Minimum number of serving instances that this resource should have.
  int32 min_instance_count = 1;

  // Maximum number of serving instances that this resource should have.
  int32 max_instance_count = 2;
}

// Allowed ingress traffic for the Container.
enum IngressTraffic {
  // Unspecified
  INGRESS_TRAFFIC_UNSPECIFIED = 0;

  // All inbound traffic is allowed.
  INGRESS_TRAFFIC_ALL = 1;

  // Only internal traffic is allowed.
  INGRESS_TRAFFIC_INTERNAL_ONLY = 2;

  // Both internal and Google Cloud Load Balancer traffic is allowed.
  INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER = 3;
}

// Alternatives for execution environments.
enum ExecutionEnvironment {
  // Unspecified
  EXECUTION_ENVIRONMENT_UNSPECIFIED = 0;

  // Uses the First Generation environment.
  EXECUTION_ENVIRONMENT_GEN1 = 1;

  // Uses Second Generation environment.
  EXECUTION_ENVIRONMENT_GEN2 = 2;
}

// Specifies behavior if an encryption key used by a resource is revoked.
enum EncryptionKeyRevocationAction {
  // Unspecified
  ENCRYPTION_KEY_REVOCATION_ACTION_UNSPECIFIED = 0;

  // Prevents the creation of new instances.
  PREVENT_NEW = 1;

  // Shuts down existing instances, and prevents creation of new ones.
  SHUTDOWN = 2;
}