davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command Group for Remote Build Execution Instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.DefaultUniverseOnly
class Instances(base.Group):
"""Manage Remote Build Execution Instances.
Create, delete, list, and view instances for remote build execution. Also
manage per-instance feature policies and backend IAM bindings.
"""

0
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/__init__.yaml Normal file
View File

386
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/create.yaml Normal file
View File

@@ -0,0 +1,386 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Creates a Remote Build Execution instance.
description: |
Creates a Remote Build Execution instance, which contains a remote cache and can contain
worker pools for execution of build and test actions.
examples: |
The following creates an instance named 'new_instance':
$ {command} new_instance
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to create.
params:
- api_field: instance.location
arg_name: location
required: false
default: "us-central1"
help_text: |
The Cloud location to create the instance in.
- api_field: instance.featurePolicy.dockerPrivileged.policy
arg_name: docker-privileged
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerPrivileged can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerPrivileged cannot be used.
help_text: |
Whether dockerPrivileged can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerRunAsRoot.policy
arg_name: docker-run-as-root
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerRunAsRoot can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerRunAsRoot cannot be used.
help_text: |
Whether dockerRunAsRoot can be used. If unspecified, the default is equivalent to
"forbidden".
- group:
required: false
help_text: |
Flags for container image sources - either only container-image-sources or both flags may
be specified.
params:
- api_field: instance.featurePolicy.containerImageSources.policy
arg_name: container-image-sources
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
Images from any container image sources can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
No images from any container image sources can be used.
- arg_value: restricted
enum_value: restricted
help_text: |
Container images can be used, if and only if, they are stored in one of the allowed
container image sources.
help_text: |
Whether container image sources can be used. Note that all RBE actions require a
container image so if this is set to "forbidden", all tasks will fail. If unspecified,
the default is equivalent to "allowed".
- api_field: instance.featurePolicy.containerImageSources.allowedValues
arg_name: container-image-sources-allowlist
required: false
help_text: |
The list of allowed container image sources. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerAddCapabilities - either only docker-add-capabilities or both flags may be
specified.
params:
- api_field: instance.featurePolicy.dockerAddCapabilities.policy
arg_name: docker-add-capabilities
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerAddCapabilities can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerAddCapabilities.allowedValues
arg_name: docker-add-capabilities-allowlist
required: false
help_text: |
The list of allowed dockerAddCapabilities values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerChrootPath - either only docker-chroot-path or both flags may be
specified.
params:
- api_field: instance.featurePolicy.dockerChrootPath.policy
arg_name: docker-chroot-path
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerChrootPath can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerChrootPath.allowedValues
arg_name: docker-chroot-path-allowlist
required: false
help_text: |
The list of allowed dockerChrootPath values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerNetwork - either only docker-network or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerNetwork.policy
arg_name: docker-network
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerNetwork can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerNetwork.allowedValues
arg_name: docker-network-allowlist
required: false
help_text: |
The list of allowed dockerNetwork values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRunAsContainerProvidedUser - either only docker-run-as-container-provided-user
or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerRunAsContainerProvidedUser.policy
arg_name: docker-run-as-container-provided-user
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRunAsContainerProvidedUser can be used. If unspecified, the default is
equivalent to "forbidden".
- api_field: instance.featurePolicy.dockerRunAsContainerProvidedUser.allowedValues
arg_name: docker-run-as-container-provided-user-allowlist
required: false
help_text: |
The list of allowed dockerRunAsContainerProvidedUser values. Note: this will only be
used if the corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRuntime - either only docker-runtime or both flags may be specified.
params:
- api_field: instance.featurePolicy.dockerRuntime.policy
arg_name: docker-runtime
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRuntime can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.dockerRuntime.allowedValues
arg_name: docker-runtime-allowlist
required: false
help_text: |
The list of allowed dockerRuntime values. Note: this will only be used if the
corresponding policy is set to "restricted".
- api_field: instance.featurePolicy.dockerSiblingContainers.policy
arg_name: docker-sibling-containers
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerSiblingSontainers can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: instance.featurePolicy.linuxIsolation
arg_name: linux-isolation
required: false
choices:
- arg_value: gvisor
enum_value: gvisor
help_text: |
gVisor will be used as the isolation mechanism for all linux execution.
- arg_value: 'off'
enum_value: 'off'
help_text: |
No additional isolation mechanisms will be used beyond the default linux runtime.
help_text: |
Which Linux isolation mechanism should be used for execution. If unspecified, the default
Linux runtime will be used.
- api_field: instance.featurePolicy.linuxExecution
arg_name: linux-execution
required: false
choices:
- arg_value: forbidden
enum_value: LINUX_EXECUTION_FORBIDDEN
help_text: |
Forbid Linux actions and worker pools.
- arg_value: unrestricted
enum_value: LINUX_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Linux actions or worker pools by this policy.
- arg_value: hardened-gvisor
enum_value: LINUX_EXECUTION_HARDENED_GVISOR
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be rejected.
- arg_value: hardened-gvisor-or-terminal
enum_value: LINUX_EXECUTION_HARDENED_GVISOR_OR_TERMINAL
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be made terminal, i.e., the worker that ran the action will be terminated after the
action completes.
help_text: |
Defines whether Linux actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.windowsExecution
arg_name: windows-execution
required: false
choices:
- arg_value: forbidden
enum_value: WINDOWS_EXECUTION_FORBIDDEN
help_text: |
Forbid Windows actions and worker pools.
- arg_value: unrestricted
enum_value: WINDOWS_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Windows actions or worker pools by this policy.
- arg_value: terminal
enum_value: WINDOWS_EXECUTION_TERMINAL
help_text: |
Windows workers will be terminated after they finish running an action.
help_text: |
Defines whether Windows actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.macExecution
arg_name: mac-execution
required: false
choices:
- arg_value: forbidden
enum_value: MAC_EXECUTION_FORBIDDEN
help_text: |
Forbid Mac actions and worker pools.
- arg_value: unrestricted
enum_value: MAC_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Mac actions or worker pools by this policy.
help_text: |
Defines whether Mac actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: instance.featurePolicy.actionIsolation
arg_name: action-isolation
required: false
choices:
- arg_value: enforced
enum_value: ACTION_ISOLATION_ENFORCED
help_text: |
Isolation of actions is enforced.
- arg_value: 'off'
enum_value: ACTION_ISOLATION_OFF
help_text: |
No enforcement of isolation for actions.
help_text: |
Defines levels of isolation of actions executed on this instance by requiring other
isolation related feature policies like linux-execution, windows-execution, etc to be set
a certain way.
- api_field: instance.featurePolicy.actionHermeticity
arg_name: action-hermeticity
required: false
choices:
- arg_value: enforced
enum_value: ACTION_HERMETICITY_ENFORCED
help_text: |
Hermeticity of actions is enforced.
- arg_value: best-effort
enum_value: ACTION_HERMETICITY_BEST_EFFORT
help_text: |
Hermeticity of actions is best effort.
- arg_value: 'off'
enum_value: ACTION_HERMETICITY_OFF
help_text: |
No Hermeticity restrictions for actions.
help_text: |
Defines levels of hermeticity for actions executed on this instance by requiring other
isolation and hermeticity related feature policies like linux-execution, windows-execution,
etc to be set a certain way.
- api_field: instance.featurePolicy.dockerUlimits.policy
arg_name: docker-ulimits
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerUlimits can be used. If unspecified, the default is equivalent to "forbidden".

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/create_binding.yaml Normal file
View File

@@ -0,0 +1,37 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Create a backend IAM binding for an instance.
description: |
Creates a backend IAM binding on the backend project of a Remote Build Execution instance,
which will add the specified IAM role for the specified principal on the IAM policy of the
backend project in question.
examples: |
The following creates an example backend IAM binding:
$ {command} default_instance --principal=group:foo@twosync.google.com \
--role=roles/servicemanagement.quotaAdmin
request:
collection: remotebuildexecution.projects.instances
api_version: v1alpha
method: createBackendIAMBinding
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to update backend IAM bindings for.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaCreateBackendIAMBindingRequest.backendIamBinding.principal
arg_name: principal
required: true
help_text: |
The IAM binding principal formatted as <PRINCIPAL_TYPE_IDENTIFIER>:<PRINCIPAL>. For example,
`user:foo@google.com`.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaCreateBackendIAMBindingRequest.backendIamBinding.role
arg_name: role
required: true
help_text: |
The IAM binding role formatted as roles/<ROLE>. For example, `roles/editor`.

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete.yaml Normal file
View File

@@ -0,0 +1,27 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Delete a given instance and all contained worker pools.
description: |
Deletes the instance, as well as all worker pools, cached build inputs and cached build
artifacts contained within that instance.
examples: |
The following will delete the instance named 'instance_to_delete':
$ {command} instance_to_delete
You can also provide the fully qualified resource name for the instance like so:
$ {command} projects/my_project/instances/instance_to_delete
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments and flags specifying the instance you want to delete.

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_binding.yaml Normal file
View File

@@ -0,0 +1,37 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Delete a backend IAM binding for an instance.
description: |
Deletes a backend IAM binding on the backend project of a Remote Build Execution instance,
which will add the specified IAM role for the specified principal on the IAM policy of the
backend project in question.
examples: |
The following deletes an example backend IAM binding:
$ {command} default_instance --principal=group:foo@twosync.google.com \
--role=roles/servicemanagement.quotaAdmin
request:
collection: remotebuildexecution.projects.instances
api_version: v1alpha
method: deleteBackendIAMBinding
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to update backend IAM bindings for.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaDeleteBackendIAMBindingRequest.backendIamBinding.principal
arg_name: principal
required: true
help_text: |
The IAM binding principal formatted as <PRINCIPAL_TYPE_IDENTIFIER>:<PRINCIPAL>. For example,
`user:foo@google.com`.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaDeleteBackendIAMBindingRequest.backendIamBinding.role
arg_name: role
required: true
help_text: |
The IAM binding role formatted as roles/<ROLE>. For example, `roles/editor`.

25
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_drained_zones.yaml Normal file
View File

@@ -0,0 +1,25 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Deletes all drained zones for an instance.
description: |
Removes all existing drains for an instance.
examples: |
The following deletes the feature policy for an instance named 'default_instance':
$ {command} default_instance
request:
collection: remotebuildexecution.projects.instances
method: patch
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.instance_update_util:RemoveZoneDrains
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the instance to remove drains from.

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/delete_feature_policy.yaml Normal file
View File

@@ -0,0 +1,26 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Deletes the feature policy for an instance.
description: |
Deletes the feature policy for a Remote Build Execution instance, which will remove any
existing limitations on what features can be used during execution.
examples: |
The following deletes the feature policy for an instance named 'default_instance':
$ {command} default_instance
request:
collection: remotebuildexecution.projects.instances
method: patch
modify_request_hooks:
- googlecloudsdk.command_lib.remote_build_execution.instance_update_util:RemoveFeaturePolicy
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the feature policy to delete.

23
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/describe.yaml Normal file
View File

@@ -0,0 +1,23 @@
- release_tracks: [ALPHA]
help_text:
brief: |
Describe an instance.
description: |
Describes the given instance.
examples: |
The following will describe the instance named 'instance1' for the active project:
$ {command} instance1
You can also provide the fully qualified resource name for the instance like so:
$ {command} projects/my_project/instances/instance1
request:
collection: remotebuildexecution.projects.instances
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
The instance to describe.

23
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/list.yaml Normal file
View File

@@ -0,0 +1,23 @@
- release_tracks: [ALPHA]
help_text:
brief: |
List instances in given project.
description: |
Lists all the instances for a given project.
examples: |
The following will list all instances for the active project:
$ {command}
To list the instances for a specific project, use the following:
$ {command} --project=projectId
request:
collection: remotebuildexecution.projects.instances
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:project
help_text: |
The project to list the instances for.

40
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/set_drained_zones.yaml Normal file
View File

@@ -0,0 +1,40 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Sets the zone drains for an instance.
description: |
Sets a list of zones to drain for an instance. Draining a zone prevents tasks from being
scheduled there. Zone can be drained fully or partially, with higher drain percentage
preventing more tasks from being scheduled there.
examples: |
$ gcloud remote-build-execution instances set-drained-zones default_instance \
--drains zone=us-central1-a,percentage=100 \
--drains zone=us-central1-b,percentage=50
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the drains to set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.zoneDrains
arg_name: drains
required: true
help_text: |
A list of zone drains to set.
type:
arg_dict:
flatten: false
spec:
- api_field: zone
arg_name: zone
- api_field: percent
arg_name: percent
type: int

381
gcloud auth application-default login/google-cloud-sdk/lib/surface/remote_build_execution/instances/set_feature_policy.yaml Normal file
View File

@@ -0,0 +1,381 @@
- release_tracks: [ALPHA]
command_type: UPDATE
help_text:
brief: |
Sets the feature policy for an instance.
description: |
Sets the feature policy for a Remote Build Execution instance, which will control which RBE
execution features can be used with commands run against that instance.
examples: |
The following sets a simple feature policy for an instance called 'default_instance':
$ {command} default_instance --linux-isolation=gvisor --docker-privileged=forbidden --docker-runtime=restricted --docker-runtime-allowlist=runc,runsc
request:
collection: remotebuildexecution.projects.instances
async:
collection: remotebuildexecution.projects.operations
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.remote_build_execution.resources:instance
help_text: |
Arguments describing the feature policy to set.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerPrivileged.policy
arg_name: docker-privileged
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerPrivileged can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerPrivileged cannot be used.
help_text: |
Whether dockerPrivileged can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsRoot.policy
arg_name: docker-run-as-root
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
dockerRunAsRoot can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
dockerRunAsRoot cannot be used.
help_text: |
Whether dockerRunAsRoot can be used. If unspecified, the default is equivalent to
"forbidden".
- group:
required: false
help_text: |
Flags for container image sources - either only container-image-sources or both flags may
be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.containerImageSources.policy
arg_name: container-image-sources
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
Images from any container image sources can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
No images from any container image sources can be used.
- arg_value: restricted
enum_value: restricted
help_text: |
Container images can be used, if and only if, they are stored in one of the allowed
container image sources.
help_text: |
Whether container image sources can be used. Note that all RBE actions require a
container image so if this is set to "forbidden", all tasks will fail. If unspecified,
the default is equivalent to "allowed".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.containerImageSources.allowedValues
arg_name: container-image-sources-allowlist
required: false
help_text: |
The list of allowed container image sources. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerAddCapabilities - either only docker-add-capabilities or both flags may be
specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerAddCapabilities.policy
arg_name: docker-add-capabilities
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerAddCapabilities can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerAddCapabilities.allowedValues
arg_name: docker-add-capabilities-allowlist
required: false
help_text: |
The list of allowed dockerAddCapabilities values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerChrootPath - either only docker-chroot-path or both flags may be
specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerChrootPath.policy
arg_name: docker-chroot-path
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerChrootPath can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerChrootPath.allowedValues
arg_name: docker-chroot-path-allowlist
required: false
help_text: |
The list of allowed dockerChrootPath values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerNetwork - either only docker-network or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerNetwork.policy
arg_name: docker-network
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerNetwork can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerNetwork.allowedValues
arg_name: docker-network-allowlist
required: false
help_text: |
The list of allowed dockerNetwork values. Note: this will only be used if the
corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRunAsContainerProvidedUser - either only docker-run-as-container-provided-user
or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsContainerProvidedUser.policy
arg_name: docker-run-as-container-provided-user
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRunAsContainerProvidedUser can be used. If unspecified, the default is
equivalent to "forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRunAsContainerProvidedUser.allowedValues
arg_name: docker-run-as-container-provided-user-allowlist
required: false
help_text: |
The list of allowed dockerRunAsContainerProvidedUser values. Note: this will only be
used if the corresponding policy is set to "restricted".
- group:
required: false
help_text: |
Flags for dockerRuntime - either only docker-runtime or both flags may be specified.
params:
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRuntime.policy
arg_name: docker-runtime
required: true
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
- arg_value: restricted
enum_value: restricted
help_text: |
The feature can be used, if and only if, it is set to one of the allowed values.
help_text: |
Whether dockerRuntime can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerRuntime.allowedValues
arg_name: docker-runtime-allowlist
required: false
help_text: |
The list of allowed dockerRuntime values. Note: this will only be used if the
corresponding policy is set to "restricted".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerSiblingContainers.policy
arg_name: docker-sibling-containers
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerSiblingSontainers can be used. If unspecified, the default is equivalent to
"forbidden".
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.linuxIsolation
arg_name: linux-isolation
required: false
choices:
- arg_value: gvisor
enum_value: gvisor
help_text: |
gVisor will be used as the isolation mechanism for all linux execution.
- arg_value: 'off'
enum_value: 'off'
help_text: |
No additional isolation mechanisms will be used beyond the default linux runtime.
help_text: |
Which Linux isolation mechanism should be used for execution. If unspecified, the default
Linux runtime will be used.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.linuxExecution
arg_name: linux-execution
required: false
choices:
- arg_value: forbidden
enum_value: LINUX_EXECUTION_FORBIDDEN
help_text: |
Forbid Linux actions and worker pools.
- arg_value: unrestricted
enum_value: LINUX_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Linux actions or worker pools by this policy.
- arg_value: hardened-gvisor
enum_value: LINUX_EXECUTION_HARDENED_GVISOR
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be rejected.
- arg_value: hardened-gvisor-or-terminal
enum_value: LINUX_EXECUTION_HARDENED_GVISOR_OR_TERMINAL
help_text: |
Linux actions will be hardened with gVisor. Actions incompatible with gVisor hardening
will be made terminal, i.e., the worker that ran the action will be terminated after the
action completes.
help_text: |
Defines whether Linux actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.windowsExecution
arg_name: windows-execution
required: false
choices:
- arg_value: forbidden
enum_value: WINDOWS_EXECUTION_FORBIDDEN
help_text: |
Forbid Windows actions and worker pools.
- arg_value: unrestricted
enum_value: WINDOWS_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Windows actions or worker pools by this policy.
- arg_value: terminal
enum_value: WINDOWS_EXECUTION_TERMINAL
help_text: |
Windows workers will be terminated after they finish running an action.
help_text: |
Defines whether Windows actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.macExecution
arg_name: mac-execution
required: false
choices:
- arg_value: forbidden
enum_value: MAC_EXECUTION_FORBIDDEN
help_text: |
Forbid Mac actions and worker pools.
- arg_value: unrestricted
enum_value: Mac_EXECUTION_UNRESTRICTED
help_text: |
No additional restrictions imposed on Mac actions or worker pools by this policy.
help_text: |
Defines whether Mac actions and worker pools are allowed and how they can be configured
to support various levels of isolation.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.actionIsolation
arg_name: action-isolation
required: false
choices:
- arg_value: enforced
enum_value: ACTION_ISOLATION_ENFORCED
help_text: |
Isolation of actions is enforced.
- arg_value: 'off'
enum_value: ACTION_ISOLATION_OFF
help_text: |
No enforcement of isolation for actions.
help_text: |
Defines levels of isolation of actions executed on this instance by requiring other
isolation related feature policies like linux-execution, windows-execution, etc to be set
a certain way.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.actionHermeticity
arg_name: action-hermeticity
required: false
choices:
- arg_value: enforced
enum_value: ACTION_HERMETICITY_ENFORCED
help_text: |
Hermeticity of actions is enforced.
- arg_value: best-effort
enum_value: ACTION_HERMETICITY_BEST_EFFORT
help_text: |
Hermeticity of actions is best effort.
- arg_value: 'off'
enum_value: ACTION_HERMETICITY_OFF
help_text: |
No Hermeticity restrictions for actions.
help_text: |
Defines levels of hermeticity for actions executed on this instance by requiring other
isolation and hermeticity related feature policies like linux-execution, windows-execution,
etc to be set a certain way.
- api_field: googleDevtoolsRemotebuildexecutionAdminV1alphaInstance.featurePolicy.dockerUlimits.policy
arg_name: docker-ulimits
required: false
choices:
- arg_value: allowed
enum_value: allowed
help_text: |
The feature can be used.
- arg_value: forbidden
enum_value: forbidden
help_text: |
The feature cannot be used.
help_text: |
Whether dockerUlimits can be used. If unspecified, the default is equivalent to "forbidden".