davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/__init__.py Normal file
View File

@@ -0,0 +1,35 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command group for the Remote Build Execution CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.Hidden
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class RemoteBuildExecution(base.Group):
"""Manage Remote Build Execution.
Implementation for commands for Remote Build Execution Admin API integration.
"""
category = base.CI_CD_CATEGORY
def Filter(self, context, args):
del context, args

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command Group for Remote Build Execution Instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.DefaultUniverseOnly
class Instances(base.Group):
"""Manage Remote Build Execution Instances.
Create, delete, list, and view instances for remote build execution. Also
manage per-instance feature policies and backend IAM bindings.
"""

0
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/__init__.yaml Normal file
View File

386
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/create.yaml Normal file
View File

@@ -0,0 +1,386 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Creates a Remote Build Execution instance.
description: |
Creates a Remote Build Execution instance, which contains a remote cache and can contain
worker pools for execution of build and test actions.
examples: |
The following creates an instance named 'new_instance':
$ {command} new_instance
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to create.
params:
- api_field: instance.location
arg_name: location
required: false
default: "us-central1"
help_text: |
The Cloud location to create the instance in.
- api_field: instance.featurePolicy.dockerPrivileged.policy
arg_name: docker-privileged
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerPrivileged can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerPrivileged cannot be used.
help_text: |
Whether dockerPrivileged can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerRunAsRoot.policy
arg_name: docker-run-as-root
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerRunAsRoot can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerRunAsRoot cannot be used.
help_text: |
Whether dockerRunAsRoot can be used. If unspecified, the default is equivalent to
"forbidden".
- group:
required: false
help_text: |
Flags for container image sources - either only container-image-sources or both flags may
be specified.
params:
- api_field: instance.featurePolicy.containerImageSources.policy
arg_name: container-image-sources
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
Images from any container image sources can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
No images from any container image sources can be used.
- arg_value: restricted
enum_value: restricted
help_text: |
Container images can be used, if and only if, they are stored in one of the allowed
container image sources.
help_text: |
Whether container image sources can be used. Note that all RBE actions require a
container image so if this is set to "forbidden", all tasks will fail. If unspecified,
the default is equivalent to "allowed".
- api_field: instance.featurePolicy.containerImageSources.allowedValues
arg_name: container-image-sources-allowlist
required: false
help_text: |
The list of allowed container image sources. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerAddCapabilities - either only docker-add-capabilities or both flags may be
specified.
params:
- api_field: instance.featurePolicy.dockerAddCapabilities.policy
arg_name: docker-add-capabilities
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerAddCapabilities can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerAddCapabilities.allowedValues
arg_name: docker-add-capabilities-allowlist
required: false
help_text: |
The list of allowed dockerAddCapabilities values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerChrootPath - either only docker-chroot-path or both flags may be
specified.
params:
- api_field: instance.featurePolicy.dockerChrootPath.policy
arg_name: docker-chroot-path
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerChrootPath can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerChrootPath.allowedValues
arg_name: docker-chroot-path-allowlist
required: false
help_text: |
The list of allowed dockerChrootPath values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerNetwork - either only docker-network or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerNetwork.policy
arg_name: docker-network
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerNetwork can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerNetwork.allowedValues
arg_name: docker-network-allowlist
required: false
help_text: |
The list of allowed dockerNetwork values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRunAsContainerProvidedUser - either only docker-run-as-container-provided-user
or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerRunAsContainerProvidedUser.policy
arg_name: docker-run-as-container-provided-user
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRunAsContainerProvidedUser can be used. If unspecified, the default is
equivalent to "forbidden".
- api_field: instance.featurePolicy.dockerRunAsContainerProvidedUser.allowedValues
arg_name: docker-run-as-container-provided-user-allowlist
required: false
help_text: |
The list of allowed dockerRunAsContainerProvidedUser values. Note: this will only be
used if the corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRuntime - either only docker-runtime or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerRuntime.policy
arg_name: docker-runtime
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRuntime can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerRuntime.allowedValues
arg_name: docker-runtime-allowlist
required: false
help_text: |
The list of allowed dockerRuntime values. Note: this will only be used if the
corresponding policy is set to "restricted".
- api_field: instance.featurePolicy.dockerSiblingContainers.policy
arg_name: docker-sibling-containers
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerSiblingSontainers can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.linuxIsolation
arg_name: linux-isolation
required: false
choices:
- arg_value: gvisor
enum_value: gvisor
help_text: |
gVisor will be used as the isolation mechanism for all linux execution.
- arg_value: 'off'
enum_value: 'off'
help_text: |
No additional isolation mechanisms will be used beyond the default linux runtime.
help_text: |
Which Linux isolation mechanism should be used for execution. If unspecified, the default
Linux runtime will be used.
- api_field: instance.featurePolicy.linuxExecution
arg_name: linux-execution
required: false
choices:
- arg_value: forbidden
enum_value: LINUX_EXECUTION_FORBIDDEN
help_text: |
Forbid Linux actions and worker pools.
- arg_value: unrestricted
enum_value: LINUX_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Linux actions or worker pools by this policy.
- arg_value: hardened-gvisor
enum_value: LINUX_EXECUTION_HARDENED_GVISOR
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be rejected.
- arg_value: hardened-gvisor-or-terminal
enum_value: LINUX_EXECUTION_HARDENED_GVISOR_OR_TERMINAL
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be made terminal, i.e., the worker that ran the action will be terminated after the
action completes.
help_text: |
Defines whether Linux actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.windowsExecution
arg_name: windows-execution
required: false
choices:
- arg_value: forbidden
enum_value: WINDOWS_EXECUTION_FORBIDDEN
help_text: |
Forbid Windows actions and worker pools.
- arg_value: unrestricted
enum_value: WINDOWS_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Windows actions or worker pools by this policy.
- arg_value: terminal
enum_value: WINDOWS_EXECUTION_TERMINAL
help_text: |
Windows workers will be terminated after they finish running an action.
help_text: |
Defines whether Windows actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.macExecution
arg_name: mac-execution
required: false
choices:
- arg_value: forbidden
enum_value: MAC_EXECUTION_FORBIDDEN
help_text: |
Forbid Mac actions and worker pools.
- arg_value: unrestricted
enum_value: MAC_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Mac actions or worker pools by this policy.
help_text: |
Defines whether Mac actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.actionIsolation
arg_name: action-isolation
required: false
choices:
- arg_value: enforced
enum_value: ACTION_ISOLATION_ENFORCED
help_text: |
Isolation of actions is enforced.
- arg_value: 'off'
enum_value: ACTION_ISOLATION_OFF
help_text: |
No enforcement of isolation for actions.
help_text: |
Defines levels of isolation of actions executed on this instance by requiring other
isolation related feature policies like linux-execution, windows-execution, etc to be set
a certain way.
- api_field: instance.featurePolicy.actionHermeticity
arg_name: action-hermeticity
required: false
choices:
- arg_value: enforced
enum_value: ACTION_HERMETICITY_ENFORCED
help_text: |
Hermeticity of actions is enforced.
- arg_value: best-effort
enum_value: ACTION_HERMETICITY_BEST_EFFORT
help_text: |
Hermeticity of actions is best effort.
- arg_value: 'off'
enum_value: ACTION_HERMETICITY_OFF
help_text: |
No Hermeticity restrictions for actions.
help_text: |
Defines levels of hermeticity for actions executed on this instance by requiring other
isolation and hermeticity related feature policies like linux-execution, windows-execution,
etc to be set a certain way.
- api_field: instance.featurePolicy.dockerUlimits.policy
arg_name: docker-ulimits
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerUlimits can be used. If unspecified, the default is equivalent to "forbidden".

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/create_binding.yaml Normal file
View File

@@ -0,0 +1,37 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Create a backend IAM binding for an instance.
description: |
Creates a backend IAM binding on the backend project of a Remote Build Execution instance,
which will add the specified IAM role for the specified principal on the IAM policy of the
backend project in question.
examples: |
The following creates an example backend IAM binding:
$ {command} default_instance --principal=group:foo@twosync.google.com \
--role=roles/servicemanagement.quotaAdmin
request:
collection: remotebuildexecution.projects.instances
api_version: v1alpha
method: createBackendIAMBinding
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to update backend IAM bindings for.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaCreateBackendIAMBindingRequest.backendIamBinding.principal
arg_name: principal
required: true
help_text: |
The IAM binding principal formatted as <PRINCIPAL_TYPE_IDENTIFIER>:<PRINCIPAL>. For example,
`user:foo@google.com`.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaCreateBackendIAMBindingRequest.backendIamBinding.role
arg_name: role
required: true
help_text: |
The IAM binding role formatted as roles/<ROLE>. For example, `roles/editor`.

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete.yaml Normal file
View File

@@ -0,0 +1,27 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Delete a given instance and all contained worker pools.
description: |
Deletes the instance, as well as all worker pools, cached build inputs and cached build
artifacts contained within that instance.
examples: |
The following will delete the instance named 'instance_to_delete':
$ {command} instance_to_delete
You can also provide the fully qualified resource name for the instance like so:
$ {command} projects/my_project/instances/instance_to_delete
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments and flags specifying the instance you want to delete.

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_binding.yaml Normal file
View File

@@ -0,0 +1,37 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Delete a backend IAM binding for an instance.
description: |
Deletes a backend IAM binding on the backend project of a Remote Build Execution instance,
which will add the specified IAM role for the specified principal on the IAM policy of the
backend project in question.
examples: |
The following deletes an example backend IAM binding:
$ {command} default_instance --principal=group:foo@twosync.google.com \
--role=roles/servicemanagement.quotaAdmin
request:
collection: remotebuildexecution.projects.instances
api_version: v1alpha
method: deleteBackendIAMBinding
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to update backend IAM bindings for.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaDeleteBackendIAMBindingRequest.backendIamBinding.principal
arg_name: principal
required: true
help_text: |
The IAM binding principal formatted as <PRINCIPAL_TYPE_IDENTIFIER>:<PRINCIPAL>. For example,
`user:foo@google.com`.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaDeleteBackendIAMBindingRequest.backendIamBinding.role
arg_name: role
required: true
help_text: |
The IAM binding role formatted as roles/<ROLE>. For example, `roles/editor`.

25
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_drained_zones.yaml Normal file
View File

@@ -0,0 +1,25 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Deletes all drained zones for an instance.
description: |
Removes all existing drains for an instance.
examples: |
The following deletes the feature policy for an instance named 'default_instance':
$ {command} default_instance
request:
collection: remotebuildexecution.projects.instances
method: patch
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.instance_update_util:RemoveZoneDrains
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to remove drains from.

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_feature_policy.yaml Normal file
View File

@@ -0,0 +1,26 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Deletes the feature policy for an instance.
description: |
Deletes the feature policy for a Remote Build Execution instance, which will remove any
existing limitations on what features can be used during execution.
examples: |
The following deletes the feature policy for an instance named 'default_instance':
$ {command} default_instance
request:
collection: remotebuildexecution.projects.instances
method: patch
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.instance_update_util:RemoveFeaturePolicy
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the feature policy to delete.

23
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/describe.yaml Normal file
View File

@@ -0,0 +1,23 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Describe an instance.
description: |
Describes the given instance.
examples: |
The following will describe the instance named 'instance1' for the active project:
$ {command} instance1
You can also provide the fully qualified resource name for the instance like so:
$ {command} projects/my_project/instances/instance1
request:
collection: remotebuildexecution.projects.instances
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
The instance to describe.

23
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/list.yaml Normal file
View File

@@ -0,0 +1,23 @@
- release_tracks: [ALPHA]
help_text:
brief: |
List instances in given project.
description: |
Lists all the instances for a given project.
examples: |
The following will list all instances for the active project:
$ {command}
To list the instances for a specific project, use the following:
$ {command} --project=projectId
request:
collection: remotebuildexecution.projects.instances
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:project
help_text: |
The project to list the instances for.

40
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/set_drained_zones.yaml Normal file
View File

@@ -0,0 +1,40 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Sets the zone drains for an instance.
description: |
Sets a list of zones to drain for an instance. Draining a zone prevents tasks from being
scheduled there. Zone can be drained fully or partially, with higher drain percentage
preventing more tasks from being scheduled there.
examples: |
$ gcloud remote-build-execution instances set-drained-zones default_instance \
--drains zone=us-central1-a,percentage=100 \
--drains zone=us-central1-b,percentage=50
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the drains to set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.zoneDrains
arg_name: drains
required: true
help_text: |
A list of zone drains to set.
type:
arg_dict:
flatten: false
spec:
- api_field: zone
arg_name: zone
- api_field: percent
arg_name: percent
type: int

381
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/set_feature_policy.yaml Normal file
View File

@@ -0,0 +1,381 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Sets the feature policy for an instance.
description: |
Sets the feature policy for a Remote Build Execution instance, which will control which RBE
execution features can be used with commands run against that instance.
examples: |
The following sets a simple feature policy for an instance called 'default_instance':
$ {command} default_instance --linux-isolation=gvisor --docker-privileged=forbidden --docker-runtime=restricted --docker-runtime-allowlist=runc,runsc
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the feature policy to set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerPrivileged.policy
arg_name: docker-privileged
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerPrivileged can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerPrivileged cannot be used.
help_text: |
Whether dockerPrivileged can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsRoot.policy
arg_name: docker-run-as-root
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerRunAsRoot can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerRunAsRoot cannot be used.
help_text: |
Whether dockerRunAsRoot can be used. If unspecified, the default is equivalent to
"forbidden".
- group:
required: false
help_text: |
Flags for container image sources - either only container-image-sources or both flags may
be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.containerImageSources.policy
arg_name: container-image-sources
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
Images from any container image sources can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
No images from any container image sources can be used.
- arg_value: restricted
enum_value: restricted
help_text: |
Container images can be used, if and only if, they are stored in one of the allowed
container image sources.
help_text: |
Whether container image sources can be used. Note that all RBE actions require a
container image so if this is set to "forbidden", all tasks will fail. If unspecified,
the default is equivalent to "allowed".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.containerImageSources.allowedValues
arg_name: container-image-sources-allowlist
required: false
help_text: |
The list of allowed container image sources. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerAddCapabilities - either only docker-add-capabilities or both flags may be
specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerAddCapabilities.policy
arg_name: docker-add-capabilities
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerAddCapabilities can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerAddCapabilities.allowedValues
arg_name: docker-add-capabilities-allowlist
required: false
help_text: |
The list of allowed dockerAddCapabilities values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerChrootPath - either only docker-chroot-path or both flags may be
specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerChrootPath.policy
arg_name: docker-chroot-path
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerChrootPath can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerChrootPath.allowedValues
arg_name: docker-chroot-path-allowlist
required: false
help_text: |
The list of allowed dockerChrootPath values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerNetwork - either only docker-network or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerNetwork.policy
arg_name: docker-network
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerNetwork can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerNetwork.allowedValues
arg_name: docker-network-allowlist
required: false
help_text: |
The list of allowed dockerNetwork values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRunAsContainerProvidedUser - either only docker-run-as-container-provided-user
or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsContainerProvidedUser.policy
arg_name: docker-run-as-container-provided-user
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRunAsContainerProvidedUser can be used. If unspecified, the default is
equivalent to "forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsContainerProvidedUser.allowedValues
arg_name: docker-run-as-container-provided-user-allowlist
required: false
help_text: |
The list of allowed dockerRunAsContainerProvidedUser values. Note: this will only be
used if the corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRuntime - either only docker-runtime or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRuntime.policy
arg_name: docker-runtime
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRuntime can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRuntime.allowedValues
arg_name: docker-runtime-allowlist
required: false
help_text: |
The list of allowed dockerRuntime values. Note: this will only be used if the
corresponding policy is set to "restricted".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerSiblingContainers.policy
arg_name: docker-sibling-containers
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerSiblingSontainers can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.linuxIsolation
arg_name: linux-isolation
required: false
choices:
- arg_value: gvisor
enum_value: gvisor
help_text: |
gVisor will be used as the isolation mechanism for all linux execution.
- arg_value: 'off'
enum_value: 'off'
help_text: |
No additional isolation mechanisms will be used beyond the default linux runtime.
help_text: |
Which Linux isolation mechanism should be used for execution. If unspecified, the default
Linux runtime will be used.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.linuxExecution
arg_name: linux-execution
required: false
choices:
- arg_value: forbidden
enum_value: LINUX_EXECUTION_FORBIDDEN
help_text: |
Forbid Linux actions and worker pools.
- arg_value: unrestricted
enum_value: LINUX_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Linux actions or worker pools by this policy.
- arg_value: hardened-gvisor
enum_value: LINUX_EXECUTION_HARDENED_GVISOR
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be rejected.
- arg_value: hardened-gvisor-or-terminal
enum_value: LINUX_EXECUTION_HARDENED_GVISOR_OR_TERMINAL
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be made terminal, i.e., the worker that ran the action will be terminated after the
action completes.
help_text: |
Defines whether Linux actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.windowsExecution
arg_name: windows-execution
required: false
choices:
- arg_value: forbidden
enum_value: WINDOWS_EXECUTION_FORBIDDEN
help_text: |
Forbid Windows actions and worker pools.
- arg_value: unrestricted
enum_value: WINDOWS_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Windows actions or worker pools by this policy.
- arg_value: terminal
enum_value: WINDOWS_EXECUTION_TERMINAL
help_text: |
Windows workers will be terminated after they finish running an action.
help_text: |
Defines whether Windows actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.macExecution
arg_name: mac-execution
required: false
choices:
- arg_value: forbidden
enum_value: MAC_EXECUTION_FORBIDDEN
help_text: |
Forbid Mac actions and worker pools.
- arg_value: unrestricted
enum_value: Mac_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Mac actions or worker pools by this policy.
help_text: |
Defines whether Mac actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.actionIsolation
arg_name: action-isolation
required: false
choices:
- arg_value: enforced
enum_value: ACTION_ISOLATION_ENFORCED
help_text: |
Isolation of actions is enforced.
- arg_value: 'off'
enum_value: ACTION_ISOLATION_OFF
help_text: |
No enforcement of isolation for actions.
help_text: |
Defines levels of isolation of actions executed on this instance by requiring other
isolation related feature policies like linux-execution, windows-execution, etc to be set
a certain way.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.actionHermeticity
arg_name: action-hermeticity
required: false
choices:
- arg_value: enforced
enum_value: ACTION_HERMETICITY_ENFORCED
help_text: |
Hermeticity of actions is enforced.
- arg_value: best-effort
enum_value: ACTION_HERMETICITY_BEST_EFFORT
help_text: |
Hermeticity of actions is best effort.
- arg_value: 'off'
enum_value: ACTION_HERMETICITY_OFF
help_text: |
No Hermeticity restrictions for actions.
help_text: |
Defines levels of hermeticity for actions executed on this instance by requiring other
isolation and hermeticity related feature policies like linux-execution, windows-execution,
etc to be set a certain way.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerUlimits.policy
arg_name: docker-ulimits
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerUlimits can be used. If unspecified, the default is equivalent to "forbidden".

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command Group for Remote Build Execution Worker Pools."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class WorkerPools(base.Group):
"""Manage Remote Build Execution Worker Pools.
Create, delete, list, view, and update worker pool configurations for
Remote Build Execution instances.
"""

0
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/__init__.yaml Normal file
View File

216
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/create.yaml Normal file
View File

@@ -0,0 +1,216 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Create a worker pool in the specified instance.
description: |
Create a worker pool in the specified instance.
examples: |
The following command creates a worker pool called 'pool1' in the instance called
'default_instance' with 25 workers configured with default machine type (e2-standard-2) and
disk size (200Gb):
$ {command} pool1 --instance=default_instance --worker-count=25
The following command creates a worker pool called 'heftypool' in the instance called
'default_instance' with 5 workers configured with 64 cores and 2000Gb disks:
$ {command} heftypool --instance=default_instance --worker-count=5 --disk-size=2000 --machine-type=n1-standard-64
request:
collection: remotebuildexecution.projects.instances.workerpools
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.workerpool_create_util:RemoveDiskTypeForMacOS
static_fields:
workerPool.workerConfig.diskType: "pd-standard"
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:workerpool
help_text: |
Arguments and flags specifying the worker pool you want to create.
params:
- api_field: workerPool.hostOs
arg_name: host-os
required: false
default: ubuntu
help_text: |
OS type of the worker pool.
- api_field: workerPool.channel
arg_name: channel
required: false
default: current
help_text: |
The release channel of the worker pool.
- api_field: workerPool.workerConfig.vmImage
arg_name: vm-image
required: false
help_text: |
The VM image used by RBE workers. This field should only be set when channel is set to manual.
- api_field: workerPool.workerConfig.diskSizeGb
arg_name: disk-size
required: false
default: 200
help_text: |
Size of the disk, in Gb, for each worker. Defaults to 200Gb.
- api_field: workerPool.workerConfig.diskType
arg_name: disk-type
required: false
default: pd-standard
choices:
- arg_value: pd-standard
enum_value: pd-standard
help_text: |
Standard persistent disk.
- arg_value: pd-ssd
enum_value: pd-ssd
help_text: |
SSD persistent disk.
help_text: |
Type of persistent disk the worker VMs will use. Default is pd-standard.
- api_field: workerPool.workerConfig.machineType
arg_name: machine-type
required: false
default: "e2-standard-2"
help_text: |
Type of VM to use for each worker. To get a list of valid machine types, use the
following command:
$ gcloud compute machine-types list
- api_field: workerPool.workerConfig.soleTenantNodeType
arg_name: sole-tenant-node-type
required: false
help_text: |
Type of sole-tenant node to be used for sole-tenancy.
- api_field: workerPool.workerConfig.minCpuPlatform
arg_name: min-cpu-platform
required: false
help_text: |
Minimum CPU platform for the workers. For more information see
https://cloud.google.com/compute/docs/cpu-platforms.
- api_field: workerPool.workerConfig.reserved
arg_name: reserved
required: false
default: false
help_text: |
Determines the type of VM to use. If set then reserved VMs are used, otherwise preemptable
VMs are used.
- group:
required: false
params:
- api_field: workerPool.workerConfig.attachedDisks.dockerRootDisk.sourceImage
arg_name: docker-root-disk-image
required: true
help_text: The source image to use for the user-provided docker root disk.
- api_field: workerPool.workerConfig.attachedDisks.dockerRootDisk.diskType
arg_name: docker-root-disk-type
required: true
choices:
- arg_value: pd-standard
enum_value: pd-standard
help_text: |
Standard persistent disk.
- arg_value: pd-ssd
enum_value: pd-ssd
help_text: |
SSD persistent disk.
help_text: |
The disk type to use for the user-provided docker root disk. Must be one of
pd-ssd and pd-standard.
- api_field: workerPool.workerConfig.attachedDisks.dockerRootDisk.diskSizeGb
arg_name: docker-root-disk-size
required: true
help_text: |
Size of the user-provided docker root disk, in Gb.
- group:
required: false
params:
- api_field: workerPool.workerConfig.accelerator.acceleratorCount
arg_name: accelerator-count
required: true
help_text: Number of the guest accelerator cards attached to each VM in the pool.
- api_field: workerPool.workerConfig.accelerator.acceleratorType
arg_name: accelerator-type
required: true
help_text: |
Type of accelerator to attach to each VM in the pool, e.g. 'nvidia-tesla-k80' for
nVidia Tesla K80. Run `gcloud compute accelerator-types list` to learn about all
available accelerator types.
- group:
mutex: true
required: true
params:
- arg_name: worker-count
api_field: workerPool.workerCount
help_text: |
Number of workers that should be in the worker pool.
- group:
help_text: |
Either both or none of autoscale-min-size and autoscale-max-size should be set.
params:
- api_field: workerPool.autoscale.minSize
arg_name: autoscale-min-size
required: true
help_text: The minimal number of autoscale workers. Must be greater than 0.
- api_field: workerPool.autoscale.maxSize
arg_name: autoscale-max-size
required: true
help_text: |
The maximal number of autoscale workers. Must be equal to or greater than
autoscale-min-size.
- api_field: workerPool.autoscale.minIdleWorkers
arg_name: autoscale-min-idle-workers
help_text: |
The minimum number of idle workers. Must be equal to or greater than 0.
- api_field: workerPool.workerConfig.networkAccess
arg_name: network-access
required: false
default: public
choices:
- arg_value: public
enum_value: public
help_text: |
Workers can connect to the public internet.
- arg_value: private
enum_value: private
help_text: |
Workers can only connect to Google APIs and services.
- arg_value: restricted-private
enum_value: restricted-private
help_text: |
Workers can only connect to Google APIs that are
reachable through `restricted.googleapis.com` (`199.36.153.4/30`).
help_text: |
Level of network access available to the pool.
- api_field: workerPool.workerConfig.maxConcurrentActions
arg_name: max-concurrent-actions
required: false
default: 1
help_text: |
Maximum actions each worker VM can run concurrently.
- api_field: workerPool.workerConfig.zones
arg_name: zones
required: false
help_text: |
List of zones where the workers should be located. If empty, workers
will be located in all zones in the region.
- api_field: workerPool.workerConfig.userServiceAccounts
arg_name: user-service-accounts
required: false
help_text: |
A chain of user service accounts, the last of which will be the service account that user
code running on workers will authenticate as. The VM's service account (typically
"service-<consumer-project-num>@remotebuildexecution.iam.gserviceaccount.com") should be
granted roles/iam.serviceAccountTokenCreator on the first user account in the chain, the
first user account in the chain should be granted roles/iam.serviceAccountTokenCreator on
the second user account in the chain, and so on. If user service account is empty then the
user code will use the VM's service account.
- api_field: workerPool.workerConfig.networkAllowlist
arg_name: network-allowlist
required: false
help_text: |
The network allowlist mode for the worker pool. If per_action, the network allowlist will be applied per action.
labels:
api_field: workerPool.workerConfig.labels

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/delete.yaml Normal file
View File

@@ -0,0 +1,30 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Delete a worker pool from a specified instance.
description: |
Delete a worker pool from a specified instance.
examples: |
The following command deletes the workerpool called 'pool' from the instance called
'default_instance':
$ {command} pool --instance=default_instance
Rather than passing the worker pool and instance as separate parameters, you can pass the
worker pool as a resource, like so:
$ {command} projects/{projectId}/instance/default_instance/workerpools/pool
where {projectId} is the ID of the Cloud Platform project that contains the instance.
request:
collection: remotebuildexecution.projects.instances.workerpools
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:workerpool
help_text: |
Arguments and parameters that specify the worker pool to delete.

29
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/describe.yaml Normal file
View File

@@ -0,0 +1,29 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Describe a worker pool.
description: |
Display the configuration of the specified worker pool. Shows the current state of the
worker pool, how many workers are in the pool, as well as the machine configuration for
those workers (the Compute Engine machine-type as well as disk size).
examples: |
The following command describes the worker pool called 'pool' from the instance called
'default_instance':
$ {command} pool --instance=default_instance
Rather than passing the worker pool and instance as separate parameters you can pass the
worker pool as a resource, like so:
$ {command} projects/{projectId}/instance/default_instance/workerpools/pool
where {projectId} is the ID of the Cloud Platform project that contains the instance.
request:
collection: remotebuildexecution.projects.instances.workerpools
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:workerpool
help_text: |
Arguments and parameters that specify the worker pool to describe.

19
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/list.yaml Normal file
View File

@@ -0,0 +1,19 @@
- release_tracks: [ALPHA]
help_text:
brief: |
List worker pools in a project for a specified instance.
description: |
Lists all worker pools currently in a specified instance in a project.
examples: |
The following command lists all the worker pools in the instance 'default_instance':
$ {command} --instance=default_instance
request:
collection: remotebuildexecution.projects.instances.workerpools
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Instance from which the worker pool list should be retrieved from.

243
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/worker_pools/update.yaml Normal file
View File

@@ -0,0 +1,243 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Update a Remote Build Execution worker pool.
description: |
Updates the configuration of a Remote Build Execution worker pool. This can be used to
change the size of the worker pool, change the type of machine, or adjust the disk size of the
worker VMs.
examples: |
The following command adjusts the nubmer of workers to 50 in a pool called 'pool1' contained
in the instance 'default_instance':
$ {command} pool1 --instance=default_instance --worker-count=50
The following command adjusts the configuration of the workers within the pool, changing the
machine type to standard 4 core machines with 500 GB disks.
$ {command} pool1 --instance=default_instance --disk-size=500 --machine-type=n1-standard-4
request:
collection: remotebuildexecution.projects.instances.workerpools
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:RemoveDockerRootDiskConfig
- googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:RemoveAcceleratorConfig
- googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:RemoveAutoscale
- googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:RemoveNetworkAllowlist
- googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:UpdateLabels
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:workerpool
help_text: |
Arguments and flags specifying the worker pool to update.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.hostOs
arg_name: host-os
required: false
default: ubuntu
help_text: |
OS type of the worker pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.channel
arg_name: channel
required: false
default: current
help_text: |
The release channel of the worker pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.vmImage
arg_name: vm-image
required: false
help_text: |
The VM image used by RBE workers. This field should only be set when channel is set to manual.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerCount
arg_name: worker-count
required: false
help_text: |
Number of workers that should be in the worker pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.diskSizeGb
arg_name: disk-size
required: false
help_text: |
Size of the disk, in Gb, for each worker. Defaults to 200Gb.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.diskType
arg_name: disk-type
required: false
choices:
- arg_value: pd-standard
enum_value: pd-standard
help_text: |
Standard persistent disk.
- arg_value: pd-ssd
enum_value: pd-ssd
help_text: |
SSD persistent disk.
help_text: |
Type of persistent disk the worker VMs will use. Default is pd-standard.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.machineType
arg_name: machine-type
required: false
help_text: |
The type of VM to use for each worker. To get a list of valid machine types, use the
following command:
$ gcloud compute machine-types list
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.soleTenantNodeType
arg_name: sole-tenant-node-type
required: false
help_text: |
Type of sole-tenant node to be used for sole-tenancy.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.minCpuPlatform
arg_name: min-cpu-platform
required: false
help_text: |
Minimum CPU platform for the workers. For more information see
https://cloud.google.com/compute/docs/cpu-platforms.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.reserved
arg_name: reserved
required: false
help_text: |
Determines the type of VM to use. If set then reserved VMs are used, otherwise preemptable
VMs are used.
- group:
mutex: true
params:
- group:
help_text: |
Either all or none of docker-root-disk-image, docker-root-disk-type,
and docker-root-disk-size should be set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.attachedDisks.dockerRootDisk.sourceImage
arg_name: docker-root-disk-image
required: true
help_text: The source image to use for the user-provided docker root disk.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.attachedDisks.dockerRootDisk.diskType
arg_name: docker-root-disk-type
required: true
choices:
- arg_value: pd-standard
enum_value: pd-standard
help_text: |
Standard persistent disk.
- arg_value: pd-ssd
enum_value: pd-ssd
help_text: |
SSD persistent disk.
help_text: |
The disk type to use for the user-provided docker root disk. Must be one of
pd-ssd and pd-standard.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.attachedDisks.dockerRootDisk.diskSizeGb
arg_name: docker-root-disk-size
required: true
help_text: Size of the user-provided docker root disk, in Gb.
- arg_name: clear-docker-root-disk-config
action: store_true
processor: googlecloudsdk.command_lib.scheduler.util:ClearFlag
help_text: |
Remove the user-provided disk for docker root from the VMs in the worker pool and
use the boot disk instead.
- group:
mutex: true
params:
- group:
help_text: Either both or none of accelerator-count and accelerator-type should be set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.accelerator.acceleratorCount
arg_name: accelerator-count
required: true
help_text: Number of the guest accelerator cards attached to each VM in the pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.accelerator.acceleratorType
arg_name: accelerator-type
required: true
help_text: |
Type of accelerator to attach to each VM in the pool, e.g.
'nvidia-tesla-k80' for nVidia Tesla K80. Run `gcloud compute accelerator-types list`
to learn about all available accelerator types.
- arg_name: clear-accelerator-config
action: store_true
processor: googlecloudsdk.command_lib.scheduler.util:ClearFlag
help_text: |
Remove all accelerators from the VMs in the worker pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.networkAccess
arg_name: network-access
required: false
choices:
- arg_value: public
enum_value: public
help_text: |
Workers can connect to the public internet.
- arg_value: private
enum_value: private
help_text: |
Workers can only connect to Google APIs and services.
- arg_value: restricted-private
enum_value: restricted-private
help_text: |
Workers can only connect to Google APIs that are
reachable through `restricted.googleapis.com` (`199.36.153.4/30`).
help_text: |
Level of network access available to the pool.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.maxConcurrentActions
arg_name: max-concurrent-actions
required: false
help_text: |
Maximum actions each worker VM can run concurrently.
- group:
mutex: true
params:
- group:
help_text: |
Either both or none of autoscale-min-size and autoscale-max-size should be set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.autoscale.minSize
arg_name: autoscale-min-size
required: true
help_text: The minimal number of autoscale workers. Must be greater than 0.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.autoscale.maxSize
arg_name: autoscale-max-size
required: true
help_text: |
The maximal number of autoscale workers. Must be equal to or greater than
autoscale-min-size.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.autoscale.minIdleWorkers
arg_name: autoscale-min-idle-workers
help_text: |
The minimum number of idle workers. Must be equal to or greater than 0.
- arg_name: clear-autoscale
action: store_true
processor: googlecloudsdk.command_lib.scheduler.util:ClearFlag
help_text: |
Remove the autoscale settings.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.zones
arg_name: zones
required: false
help_text: |
List of zones where the workers should be located. If empty, workers
will be located in all zones in the region.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.userServiceAccounts
arg_name: user-service-accounts
required: false
help_text: |
A chain of user service accounts, the last of which will be the service account that user
code running on workers will authenticate as. The VM's service account (typically
"service-<consumer-project-num>@remotebuildexecution.iam.gserviceaccount.com") should be
granted roles/iam.serviceAccountTokenCreator on the first user account in the chain, the
first user account in the chain should be granted roles/iam.serviceAccountTokenCreator on
the second user account in the chain, and so on. If user service account is empty then the
user code will use the VM's service account.
- group:
mutex: true
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaUpdateWorkerPoolRequest.workerPool.workerConfig.networkAllowlist
arg_name: network-allowlist
required: false
help_text: |
The network allowlist mode for the worker pool. If per_action, the network allowlist will be applied per action.
- arg_name: clear-network-allowlist
action: store_true
processor: googlecloudsdk.command_lib.scheduler.util:ClearFlag
help_text: |
Clear the network allowlist mode.
additional_arguments_hook: googlecloudsdk.command_lib.remote_build_execution.workerpool_update_util:AddLabelsFlags