Class: Google::Cloud::Workstations::V1::WorkstationConfig

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/workstations/v1/workstations.rb

Overview

A workstation configuration resource in the Cloud Workstations API.

Workstation configurations act as templates for workstations. The workstation configuration defines details such as the workstation virtual machine (VM) instance type, persistent storage, container image defining environment, which IDE or Code Editor to use, and more. Administrators and platform teams can also use Identity and Access Management (IAM) rules to grant access to teams or to individual developers.

Defined Under Namespace

Classes: AnnotationsEntry, Container, CustomerEncryptionKey, Host, LabelsEntry, PersistentDirectory, ReadinessCheck

Instance Attribute Summary collapse

Instance Attribute Details

#annotations::Google::Protobuf::Map{::String => ::String}

Returns Optional. Client-specified annotations.

Returns:

  • (::Google::Protobuf::Map{::String => ::String})

    Optional. Client-specified annotations.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#conditions::Array<::Google::Rpc::Status> (readonly)

Returns Output only. Status conditions describing the current resource state.

Returns:

  • (::Array<::Google::Rpc::Status>)

    Output only. Status conditions describing the current resource state.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#container::Google::Cloud::Workstations::V1::WorkstationConfig::Container

Returns Optional. Container that runs upon startup for each workstation using this workstation configuration.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. Time when this workstation configuration was created.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#degraded::Boolean (readonly)

Returns Output only. Whether this resource is degraded, in which case it may require user action to restore full functionality. See also the conditions field.

Returns:

  • (::Boolean)

    Output only. Whether this resource is degraded, in which case it may require user action to restore full functionality. See also the conditions field.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#delete_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. Time when this workstation configuration was soft-deleted.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#display_name::String

Returns Optional. Human-readable name for this workstation configuration.

Returns:

  • (::String)

    Optional. Human-readable name for this workstation configuration.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#encryption_key::Google::Cloud::Workstations::V1::WorkstationConfig::CustomerEncryptionKey

Returns Immutable. Encrypts resources of this workstation configuration using a customer-managed encryption key (CMEK).

If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata.

If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk might be lost.

If the encryption key is revoked, the workstation session automatically stops within 7 hours.

Immutable after the workstation configuration is created.

Returns:

  • (::Google::Cloud::Workstations::V1::WorkstationConfig::CustomerEncryptionKey)

    Immutable. Encrypts resources of this workstation configuration using a customer-managed encryption key (CMEK).

    If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata.

    If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk might be lost.

    If the encryption key is revoked, the workstation session automatically stops within 7 hours.

    Immutable after the workstation configuration is created.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#etag::String

Returns Optional. Checksum computed by the server. May be sent on update and delete requests to make sure that the client has an up-to-date value before proceeding.

Returns:

  • (::String)

    Optional. Checksum computed by the server. May be sent on update and delete requests to make sure that the client has an up-to-date value before proceeding.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#host::Google::Cloud::Workstations::V1::WorkstationConfig::Host

Returns Optional. Runtime host for the workstation.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#idle_timeout::Google::Protobuf::Duration

Returns Optional. Number of seconds to wait before automatically stopping a workstation after it last received user traffic.

A value of "0s" indicates that Cloud Workstations VMs created with this configuration should never time out due to idleness. Provide duration terminated by s for seconds—for example, "7200s" (2 hours). The default is "1200s" (20 minutes).

Returns:

  • (::Google::Protobuf::Duration)

    Optional. Number of seconds to wait before automatically stopping a workstation after it last received user traffic.

    A value of "0s" indicates that Cloud Workstations VMs created with this configuration should never time out due to idleness. Provide duration terminated by s for seconds—for example, "7200s" (2 hours). The default is "1200s" (20 minutes).



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#labels::Google::Protobuf::Map{::String => ::String}

Returns Optional. Labels that are applied to the workstation configuration and that are also propagated to the underlying Compute Engine resources.

Returns:

  • (::Google::Protobuf::Map{::String => ::String})

    Optional. Labels that are applied to the workstation configuration and that are also propagated to the underlying Compute Engine resources.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#name::String

Returns Full name of this workstation configuration.

Returns:

  • (::String)

    Full name of this workstation configuration.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#persistent_directories::Array<::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory>

Returns Optional. Directories to persist across workstation sessions.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#readiness_checks::Array<::Google::Cloud::Workstations::V1::WorkstationConfig::ReadinessCheck>

Returns Optional. Readiness checks to perform when starting a workstation using this workstation configuration. Mark a workstation as running only after all specified readiness checks return 200 status codes.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#reconciling::Boolean (readonly)

Returns Output only. Indicates whether this workstation configuration is currently being updated to match its intended state.

Returns:

  • (::Boolean)

    Output only. Indicates whether this workstation configuration is currently being updated to match its intended state.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#replica_zones::Array<::String>

Returns Optional. Immutable. Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, ['us-central1-a', 'us-central1-f']. If this field is empty, two default zones within the region are used.

Immutable after the workstation configuration is created.

Returns:

  • (::Array<::String>)

    Optional. Immutable. Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, ['us-central1-a', 'us-central1-f']. If this field is empty, two default zones within the region are used.

    Immutable after the workstation configuration is created.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#running_timeout::Google::Protobuf::Duration

Returns Optional. Number of seconds that a workstation can run until it is automatically shut down. We recommend that workstations be shut down daily to reduce costs and so that security updates can be applied upon restart. The idle_timeout and running_timeout fields are independent of each other. Note that the running_timeout field shuts down VMs after the specified time, regardless of whether or not the VMs are idle.

Provide duration terminated by s for seconds—for example, "54000s" (15 hours). Defaults to "43200s" (12 hours). A value of "0s" indicates that workstations using this configuration should never time out. If encryption_key is set, it must be greater than "0s" and less than "86400s" (24 hours).

Warning: A value of "0s" indicates that Cloud Workstations VMs created with this configuration have no maximum running time. This is strongly discouraged because you incur costs and will not pick up security updates.

Returns:

  • (::Google::Protobuf::Duration)

    Optional. Number of seconds that a workstation can run until it is automatically shut down. We recommend that workstations be shut down daily to reduce costs and so that security updates can be applied upon restart. The idle_timeout and running_timeout fields are independent of each other. Note that the running_timeout field shuts down VMs after the specified time, regardless of whether or not the VMs are idle.

    Provide duration terminated by s for seconds—for example, "54000s" (15 hours). Defaults to "43200s" (12 hours). A value of "0s" indicates that workstations using this configuration should never time out. If encryption_key is set, it must be greater than "0s" and less than "86400s" (24 hours).

    Warning: A value of "0s" indicates that Cloud Workstations VMs created with this configuration have no maximum running time. This is strongly discouraged because you incur costs and will not pick up security updates.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#uid::String (readonly)

Returns Output only. A system-assigned unique identifier for this workstation configuration.

Returns:

  • (::String)

    Output only. A system-assigned unique identifier for this workstation configuration.



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. Time when this workstation configuration was most recently updated.

Returns:



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
# File 'proto_docs/google/cloud/workstations/v1/workstations.rb', line 279

class WorkstationConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Runtime host for a workstation.
  # @!attribute [rw] gce_instance
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance]
  #     Specifies a Compute Engine instance as the host.
  class Host
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A runtime using a Compute Engine instance.
    # @!attribute [rw] machine_type
    #   @return [::String]
    #     Optional. The type of machine to use for VM instances—for example,
    #     `"e2-standard-4"`. For more information about machine types that
    #     Cloud Workstations supports, see the list of
    #     [available machine
    #     types](https://cloud.google.com/workstations/docs/available-machine-types).
    # @!attribute [rw] service_account
    #   @return [::String]
    #     Optional. The email address of the service account for Cloud
    #     Workstations VMs created with this configuration. When specified, be
    #     sure that the service account has `logginglogEntries.create` permission
    #     on the project so it can write logs out to Cloud Logging. If using a
    #     custom container image, the service account must have permissions to
    #     pull the specified image.
    #
    #     If you as the administrator want to be able to `ssh` into the
    #     underlying VM, you need to set this value to a service account
    #     for which you have the `iam.serviceAccounts.actAs` permission.
    #     Conversely, if you don't want anyone to be able to `ssh` into the
    #     underlying VM, use a service account where no one has that
    #     permission.
    #
    #     If not set, VMs run with a service account provided by the
    #     Cloud Workstations service, and the image must be publicly
    #     accessible.
    # @!attribute [rw] service_account_scopes
    #   @return [::Array<::String>]
    #     Optional. Scopes to grant to the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#service_account service_account}.
    #     Various scopes are automatically added based on feature usage. When
    #     specified, users of workstations under this configuration must have
    #     `iam.serviceAccounts.actAs` on the service account.
    # @!attribute [rw] tags
    #   @return [::Array<::String>]
    #     Optional. Network tags to add to the Compute Engine VMs backing the
    #     workstations. This option applies
    #     [network
    #     tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs
    #     created with this configuration. These network tags enable the creation
    #     of [firewall
    #     rules](https://cloud.google.com/workstations/docs/configure-firewall-rules).
    # @!attribute [rw] pool_size
    #   @return [::Integer]
    #     Optional. The number of VMs that the system should keep idle so that
    #     new workstations can be started quickly for new users. Defaults to `0`
    #     in the API.
    # @!attribute [r] pooled_instances
    #   @return [::Integer]
    #     Output only. Number of instances currently available in the pool for
    #     faster workstation startup.
    # @!attribute [rw] disable_public_ip_addresses
    #   @return [::Boolean]
    #     Optional. When set to true, disables public IP addresses for VMs. If
    #     you disable public IP addresses, you must set up Private Google Access
    #     or Cloud NAT on your network. If you use Private Google Access and you
    #     use `private.googleapis.com` or `restricted.googleapis.com` for
    #     Container Registry and Artifact Registry, make sure that you set
    #     up DNS records for domains `*.gcr.io` and `*.pkg.dev`.
    #     Defaults to false (VMs have public IP addresses).
    # @!attribute [rw] enable_nested_virtualization
    #   @return [::Boolean]
    #     Optional. Whether to enable nested virtualization on Cloud Workstations
    #     VMs created under this workstation configuration.
    #
    #     Nested virtualization lets you run virtual machine (VM) instances
    #     inside your workstation. Before enabling nested virtualization,
    #     consider the following important considerations. Cloud Workstations
    #     instances are subject to the [same restrictions as Compute Engine
    #     instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions):
    #
    #     * **Organization policy**: projects, folders, or
    #     organizations may be restricted from creating nested VMs if the
    #     **Disable VM nested virtualization** constraint is enforced in
    #     the organization policy. For more information, see the
    #     Compute Engine section,
    #     [Checking whether nested virtualization is
    #     allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed).
    #     * **Performance**: nested VMs might experience a 10% or greater
    #     decrease in performance for workloads that are CPU-bound and
    #     possibly greater than a 10% decrease for workloads that are
    #     input/output bound.
    #     * **Machine Type**: nested virtualization can only be enabled on
    #     workstation configurations that specify a
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance#machine_type machine_type}
    #     in the N1 or N2 machine series.
    #     * **GPUs**: nested virtualization may not be enabled on workstation
    #     configurations with accelerators.
    #     * **Operating System**: Because
    #     [Container-Optimized
    #     OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos)
    #     does not support nested virtualization, when nested virtualization is
    #     enabled, the underlying Compute Engine VM instances boot from an
    #     [Ubuntu
    #     LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts)
    #     image.
    # @!attribute [rw] shielded_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceShieldedInstanceConfig]
    #     Optional. A set of Compute Engine Shielded instance options.
    # @!attribute [rw] confidential_instance_config
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::Host::GceInstance::GceConfidentialInstanceConfig]
    #     Optional. A set of Compute Engine Confidential VM instance options.
    # @!attribute [rw] boot_disk_size_gb
    #   @return [::Integer]
    #     Optional. The size of the boot disk for the VM in gigabytes (GB).
    #     The minimum boot disk size is `30` GB. Defaults to `50` GB.
    class GceInstance
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # A set of Compute Engine Shielded instance options.
      # @!attribute [rw] enable_secure_boot
      #   @return [::Boolean]
      #     Optional. Whether the instance has Secure Boot enabled.
      # @!attribute [rw] enable_vtpm
      #   @return [::Boolean]
      #     Optional. Whether the instance has the vTPM enabled.
      # @!attribute [rw] enable_integrity_monitoring
      #   @return [::Boolean]
      #     Optional. Whether the instance has integrity monitoring enabled.
      class GceShieldedInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end

      # A set of Compute Engine Confidential VM instance options.
      # @!attribute [rw] enable_confidential_compute
      #   @return [::Boolean]
      #     Optional. Whether the instance has confidential compute enabled.
      class GceConfidentialInstanceConfig
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods
      end
    end
  end

  # A directory to persist across workstation sessions.
  # @!attribute [rw] gce_pd
  #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk]
  #     A PersistentDirectory backed by a Compute Engine persistent disk.
  # @!attribute [rw] mount_path
  #   @return [::String]
  #     Optional. Location of this directory in the running workstation.
  class PersistentDirectory
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # A PersistentDirectory backed by a Compute Engine regional persistent
    # disk. The
    # {::Google::Cloud::Workstations::V1::WorkstationConfig#persistent_directories persistent_directories}
    # field is repeated, but it may contain only one entry. It creates a
    # [persistent
    # disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that
    # mounts to the workstation VM at `/home` when the session starts and
    # detaches when the session ends. If this field is empty, workstations
    # created with this configuration do not have a persistent home
    # directory.
    # @!attribute [rw] size_gb
    #   @return [::Integer]
    #     Optional. The GB capacity of a persistent home directory for each
    #     workstation created with this configuration. Must be empty if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set.
    #
    #     Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`.
    #     Defaults to `200`. If less than `200` GB, the
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#disk_type disk_type}
    #     must be
    #     `"pd-balanced"` or `"pd-ssd"`.
    # @!attribute [rw] fs_type
    #   @return [::String]
    #     Optional. Type of file system that the disk should be formatted with.
    #     The workstation image must support this file system type. Must be empty
    #     if
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#source_snapshot source_snapshot}
    #     is set. Defaults to `"ext4"`.
    # @!attribute [rw] disk_type
    #   @return [::String]
    #     Optional. The [type of the persistent
    #     disk](https://cloud.google.com/compute/docs/disks#disk-types) for the
    #     home directory. Defaults to `"pd-standard"`.
    # @!attribute [rw] source_snapshot
    #   @return [::String]
    #     Optional. Name of the snapshot to use as the source for the disk. If
    #     set,
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#size_gb size_gb}
    #     and
    #     {::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk#fs_type fs_type}
    #     must be empty.
    # @!attribute [rw] reclaim_policy
    #   @return [::Google::Cloud::Workstations::V1::WorkstationConfig::PersistentDirectory::GceRegionalPersistentDisk::ReclaimPolicy]
    #     Optional. Whether the persistent disk should be deleted when the
    #     workstation is deleted. Valid values are `DELETE` and `RETAIN`.
    #     Defaults to `DELETE`.
    class GceRegionalPersistentDisk
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # Value representing what should happen to the disk after the workstation
      # is deleted.
      module ReclaimPolicy
        # Do not use.
        RECLAIM_POLICY_UNSPECIFIED = 0

        # Delete the persistent disk when deleting the workstation.
        DELETE = 1

        # Keep the persistent disk when deleting the workstation.
        # An administrator must manually delete the disk.
        RETAIN = 2
      end
    end
  end

  # A Docker container.
  # @!attribute [rw] image
  #   @return [::String]
  #     Optional. A Docker container image that defines a custom environment.
  #
  #     Cloud Workstations provides a number of
  #     [preconfigured
  #     images](https://cloud.google.com/workstations/docs/preconfigured-base-images),
  #     but you can create your own
  #     [custom container
  #     images](https://cloud.google.com/workstations/docs/custom-container-images).
  #     If using a private image, the `host.gceInstance.serviceAccount` field
  #     must be specified in the workstation configuration and must have
  #     permission to pull the specified image. Otherwise, the image must be
  #     publicly accessible.
  # @!attribute [rw] command
  #   @return [::Array<::String>]
  #     Optional. If set, overrides the default ENTRYPOINT specified by the
  #     image.
  # @!attribute [rw] args
  #   @return [::Array<::String>]
  #     Optional. Arguments passed to the entrypoint.
  # @!attribute [rw] env
  #   @return [::Google::Protobuf::Map{::String => ::String}]
  #     Optional. Environment variables passed to the container's entrypoint.
  # @!attribute [rw] working_dir
  #   @return [::String]
  #     Optional. If set, overrides the default DIR specified by the image.
  # @!attribute [rw] run_as_user
  #   @return [::Integer]
  #     Optional. If set, overrides the USER specified in the image with the
  #     given uid.
  class Container
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] key
    #   @return [::String]
    # @!attribute [rw] value
    #   @return [::String]
    class EnvEntry
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A customer-managed encryption key (CMEK) for the Compute Engine
  # resources of the associated workstation configuration. Specify the name of
  # your Cloud KMS encryption key and the default service account.
  # We recommend that you use a separate service account and follow
  # [Cloud KMS best
  # practices](https://cloud.google.com/kms/docs/separation-of-duties).
  # @!attribute [rw] kms_key
  #   @return [::String]
  #     Immutable. The name of the Google Cloud KMS encryption key. For example,
  #     `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`.
  #     The key must be in the same region as the workstation configuration.
  # @!attribute [rw] kms_key_service_account
  #   @return [::String]
  #     Immutable. The service account to use with the specified
  #     KMS key. We recommend that you use a separate service account
  #     and follow KMS best practices. For more information, see
  #     [Separation of
  #     duties](https://cloud.google.com/kms/docs/separation-of-duties) and
  #     `gcloud kms keys add-iam-policy-binding`
  #     [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
  class CustomerEncryptionKey
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # A readiness check to be performed on a workstation.
  # @!attribute [rw] path
  #   @return [::String]
  #     Optional. Path to which the request should be sent.
  # @!attribute [rw] port
  #   @return [::Integer]
  #     Optional. Port to which the request should be sent.
  class ReadinessCheck
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end