gcp.networkservices.Gateway
Explore with Pulumi AI
Gateway represents the configuration for a proxy, typically a load balancer. It captures the ip:port over which the services are exposed by the proxy, along with any policy configurations. Routes have reference to to Gateways to dictate how requests should be routed by this Gateway.
To get more information about Gateway, see:
Example Usage
Network Services Gateway Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networkservices.Gateway("default", {
name: "my-gateway",
scope: "default-scope-basic",
type: "OPEN_MESH",
ports: [443],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networkservices.Gateway("default",
name="my-gateway",
scope="default-scope-basic",
type="OPEN_MESH",
ports=[443])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkservices.NewGateway(ctx, "default", &networkservices.GatewayArgs{
Name: pulumi.String("my-gateway"),
Scope: pulumi.String("default-scope-basic"),
Type: pulumi.String("OPEN_MESH"),
Ports: pulumi.IntArray{
pulumi.Int(443),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkServices.Gateway("default", new()
{
Name = "my-gateway",
Scope = "default-scope-basic",
Type = "OPEN_MESH",
Ports = new[]
{
443,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Gateway("default", GatewayArgs.builder()
.name("my-gateway")
.scope("default-scope-basic")
.type("OPEN_MESH")
.ports(443)
.build());
}
}
resources:
default:
type: gcp:networkservices:Gateway
properties:
name: my-gateway
scope: default-scope-basic
type: OPEN_MESH
ports:
- 443
Network Services Gateway Advanced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.networkservices.Gateway("default", {
name: "my-gateway",
labels: {
foo: "bar",
},
description: "my description",
type: "OPEN_MESH",
ports: [443],
scope: "default-scope-advance",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.networkservices.Gateway("default",
name="my-gateway",
labels={
"foo": "bar",
},
description="my description",
type="OPEN_MESH",
ports=[443],
scope="default-scope-advance")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkservices.NewGateway(ctx, "default", &networkservices.GatewayArgs{
Name: pulumi.String("my-gateway"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Description: pulumi.String("my description"),
Type: pulumi.String("OPEN_MESH"),
Ports: pulumi.IntArray{
pulumi.Int(443),
},
Scope: pulumi.String("default-scope-advance"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.NetworkServices.Gateway("default", new()
{
Name = "my-gateway",
Labels =
{
{ "foo", "bar" },
},
Description = "my description",
Type = "OPEN_MESH",
Ports = new[]
{
443,
},
Scope = "default-scope-advance",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Gateway("default", GatewayArgs.builder()
.name("my-gateway")
.labels(Map.of("foo", "bar"))
.description("my description")
.type("OPEN_MESH")
.ports(443)
.scope("default-scope-advance")
.build());
}
}
resources:
default:
type: gcp:networkservices:Gateway
properties:
name: my-gateway
labels:
foo: bar
description: my description
type: OPEN_MESH
ports:
- 443
scope: default-scope-advance
Network Services Gateway Secure Web Proxy
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.certificatemanager.Certificate("default", {
name: "my-certificate",
location: "us-central1",
selfManaged: {
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
pemPrivateKey: std.file({
input: "test-fixtures/private-key.pem",
}).then(invoke => invoke.result),
},
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "my-network",
routingMode: "REGIONAL",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "my-subnetwork-name",
purpose: "PRIVATE",
ipCidrRange: "10.128.0.0/20",
region: "us-central1",
network: defaultNetwork.id,
role: "ACTIVE",
});
const proxyonlysubnet = new gcp.compute.Subnetwork("proxyonlysubnet", {
name: "my-proxy-only-subnetwork",
purpose: "REGIONAL_MANAGED_PROXY",
ipCidrRange: "192.168.0.0/23",
region: "us-central1",
network: defaultNetwork.id,
role: "ACTIVE",
});
const defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-policy-name",
location: "us-central1",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-policyrule-name",
location: "us-central1",
gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,
enabled: true,
priority: 1,
sessionMatcher: "host() == 'example.com'",
basicProfile: "ALLOW",
});
const defaultGateway = new gcp.networkservices.Gateway("default", {
name: "my-gateway1",
location: "us-central1",
addresses: ["10.128.0.99"],
type: "SECURE_WEB_GATEWAY",
ports: [443],
scope: "my-default-scope1",
certificateUrls: [_default.id],
gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
deleteSwgAutogenRouterOnDestroy: true,
}, {
dependsOn: [proxyonlysubnet],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.certificatemanager.Certificate("default",
name="my-certificate",
location="us-central1",
self_managed={
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
"pem_private_key": std.file(input="test-fixtures/private-key.pem").result,
})
default_network = gcp.compute.Network("default",
name="my-network",
routing_mode="REGIONAL",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="my-subnetwork-name",
purpose="PRIVATE",
ip_cidr_range="10.128.0.0/20",
region="us-central1",
network=default_network.id,
role="ACTIVE")
proxyonlysubnet = gcp.compute.Subnetwork("proxyonlysubnet",
name="my-proxy-only-subnetwork",
purpose="REGIONAL_MANAGED_PROXY",
ip_cidr_range="192.168.0.0/23",
region="us-central1",
network=default_network.id,
role="ACTIVE")
default_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-policy-name",
location="us-central1")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-policyrule-name",
location="us-central1",
gateway_security_policy=default_gateway_security_policy.name,
enabled=True,
priority=1,
session_matcher="host() == 'example.com'",
basic_profile="ALLOW")
default_gateway = gcp.networkservices.Gateway("default",
name="my-gateway1",
location="us-central1",
addresses=["10.128.0.99"],
type="SECURE_WEB_GATEWAY",
ports=[443],
scope="my-default-scope1",
certificate_urls=[default.id],
gateway_security_policy=default_gateway_security_policy.id,
network=default_network.id,
subnetwork=default_subnetwork.id,
delete_swg_autogen_router_on_destroy=True,
opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/private-key.pem",
}, nil)
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("my-certificate"),
Location: pulumi.String("us-central1"),
SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
PemCertificate: pulumi.String(invokeFile.Result),
PemPrivateKey: pulumi.String(invokeFile1.Result),
},
})
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
RoutingMode: pulumi.String("REGIONAL"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork-name"),
Purpose: pulumi.String("PRIVATE"),
IpCidrRange: pulumi.String("10.128.0.0/20"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
proxyonlysubnet, err := compute.NewSubnetwork(ctx, "proxyonlysubnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-proxy-only-subnetwork"),
Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
IpCidrRange: pulumi.String("192.168.0.0/23"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
defaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-policy-name"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-policyrule-name"),
Location: pulumi.String("us-central1"),
GatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
SessionMatcher: pulumi.String("host() == 'example.com'"),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
_, err = networkservices.NewGateway(ctx, "default", &networkservices.GatewayArgs{
Name: pulumi.String("my-gateway1"),
Location: pulumi.String("us-central1"),
Addresses: pulumi.StringArray{
pulumi.String("10.128.0.99"),
},
Type: pulumi.String("SECURE_WEB_GATEWAY"),
Ports: pulumi.IntArray{
pulumi.Int(443),
},
Scope: pulumi.String("my-default-scope1"),
CertificateUrls: pulumi.StringArray{
_default.ID(),
},
GatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
DeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
proxyonlysubnet,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "my-certificate",
Location = "us-central1",
SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
PemPrivateKey = Std.File.Invoke(new()
{
Input = "test-fixtures/private-key.pem",
}).Apply(invoke => invoke.Result),
},
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "my-network",
RoutingMode = "REGIONAL",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "my-subnetwork-name",
Purpose = "PRIVATE",
IpCidrRange = "10.128.0.0/20",
Region = "us-central1",
Network = defaultNetwork.Id,
Role = "ACTIVE",
});
var proxyonlysubnet = new Gcp.Compute.Subnetwork("proxyonlysubnet", new()
{
Name = "my-proxy-only-subnetwork",
Purpose = "REGIONAL_MANAGED_PROXY",
IpCidrRange = "192.168.0.0/23",
Region = "us-central1",
Network = defaultNetwork.Id,
Role = "ACTIVE",
});
var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-policy-name",
Location = "us-central1",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-policyrule-name",
Location = "us-central1",
GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,
Enabled = true,
Priority = 1,
SessionMatcher = "host() == 'example.com'",
BasicProfile = "ALLOW",
});
var defaultGateway = new Gcp.NetworkServices.Gateway("default", new()
{
Name = "my-gateway1",
Location = "us-central1",
Addresses = new[]
{
"10.128.0.99",
},
Type = "SECURE_WEB_GATEWAY",
Ports = new[]
{
443,
},
Scope = "my-default-scope1",
CertificateUrls = new[]
{
@default.Id,
},
GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
DeleteSwgAutogenRouterOnDestroy = true,
}, new CustomResourceOptions
{
DependsOn =
{
proxyonlysubnet,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Certificate("default", CertificateArgs.builder()
.name("my-certificate")
.location("us-central1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.pemPrivateKey(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/private-key.pem")
.build()).result())
.build())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("my-network")
.routingMode("REGIONAL")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("my-subnetwork-name")
.purpose("PRIVATE")
.ipCidrRange("10.128.0.0/20")
.region("us-central1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var proxyonlysubnet = new Subnetwork("proxyonlysubnet", SubnetworkArgs.builder()
.name("my-proxy-only-subnetwork")
.purpose("REGIONAL_MANAGED_PROXY")
.ipCidrRange("192.168.0.0/23")
.region("us-central1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.name("my-policy-name")
.location("us-central1")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-policyrule-name")
.location("us-central1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.priority(1)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
var defaultGateway = new Gateway("defaultGateway", GatewayArgs.builder()
.name("my-gateway1")
.location("us-central1")
.addresses("10.128.0.99")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope1")
.certificateUrls(default_.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
}
}
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: my-certificate
location: us-central1
selfManaged:
pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/cert.pem
Return: result
pemPrivateKey:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/private-key.pem
Return: result
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: my-network
routingMode: REGIONAL
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: my-subnetwork-name
purpose: PRIVATE
ipCidrRange: 10.128.0.0/20
region: us-central1
network: ${defaultNetwork.id}
role: ACTIVE
proxyonlysubnet:
type: gcp:compute:Subnetwork
properties:
name: my-proxy-only-subnetwork
purpose: REGIONAL_MANAGED_PROXY
ipCidrRange: 192.168.0.0/23
region: us-central1
network: ${defaultNetwork.id}
role: ACTIVE
defaultGatewaySecurityPolicy:
type: gcp:networksecurity:GatewaySecurityPolicy
name: default
properties:
name: my-policy-name
location: us-central1
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-policyrule-name
location: us-central1
gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}
enabled: true
priority: 1
sessionMatcher: host() == 'example.com'
basicProfile: ALLOW
defaultGateway:
type: gcp:networkservices:Gateway
name: default
properties:
name: my-gateway1
location: us-central1
addresses:
- 10.128.0.99
type: SECURE_WEB_GATEWAY
ports:
- 443
scope: my-default-scope1
certificateUrls:
- ${default.id}
gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
deleteSwgAutogenRouterOnDestroy: true
options:
dependson:
- ${proxyonlysubnet}
Network Services Gateway Multiple Swp Same Network
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.certificatemanager.Certificate("default", {
name: "my-certificate",
location: "us-south1",
selfManaged: {
pemCertificate: std.file({
input: "test-fixtures/cert.pem",
}).then(invoke => invoke.result),
pemPrivateKey: std.file({
input: "test-fixtures/private-key.pem",
}).then(invoke => invoke.result),
},
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "my-network",
routingMode: "REGIONAL",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "my-subnetwork-name",
purpose: "PRIVATE",
ipCidrRange: "10.128.0.0/20",
region: "us-south1",
network: defaultNetwork.id,
role: "ACTIVE",
});
const proxyonlysubnet = new gcp.compute.Subnetwork("proxyonlysubnet", {
name: "my-proxy-only-subnetwork",
purpose: "REGIONAL_MANAGED_PROXY",
ipCidrRange: "192.168.0.0/23",
region: "us-south1",
network: defaultNetwork.id,
role: "ACTIVE",
});
const defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy("default", {
name: "my-policy-name",
location: "us-south1",
});
const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", {
name: "my-policyrule-name",
location: "us-south1",
gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,
enabled: true,
priority: 1,
sessionMatcher: "host() == 'example.com'",
basicProfile: "ALLOW",
});
const defaultGateway = new gcp.networkservices.Gateway("default", {
name: "my-gateway1",
location: "us-south1",
addresses: ["10.128.0.99"],
type: "SECURE_WEB_GATEWAY",
ports: [443],
scope: "my-default-scope1",
certificateUrls: [_default.id],
gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
deleteSwgAutogenRouterOnDestroy: true,
}, {
dependsOn: [proxyonlysubnet],
});
const gateway2 = new gcp.networkservices.Gateway("gateway2", {
name: "my-gateway2",
location: "us-south1",
addresses: ["10.128.0.98"],
type: "SECURE_WEB_GATEWAY",
ports: [443],
scope: "my-default-scope2",
certificateUrls: [_default.id],
gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
deleteSwgAutogenRouterOnDestroy: true,
}, {
dependsOn: [proxyonlysubnet],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.certificatemanager.Certificate("default",
name="my-certificate",
location="us-south1",
self_managed={
"pem_certificate": std.file(input="test-fixtures/cert.pem").result,
"pem_private_key": std.file(input="test-fixtures/private-key.pem").result,
})
default_network = gcp.compute.Network("default",
name="my-network",
routing_mode="REGIONAL",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="my-subnetwork-name",
purpose="PRIVATE",
ip_cidr_range="10.128.0.0/20",
region="us-south1",
network=default_network.id,
role="ACTIVE")
proxyonlysubnet = gcp.compute.Subnetwork("proxyonlysubnet",
name="my-proxy-only-subnetwork",
purpose="REGIONAL_MANAGED_PROXY",
ip_cidr_range="192.168.0.0/23",
region="us-south1",
network=default_network.id,
role="ACTIVE")
default_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy("default",
name="my-policy-name",
location="us-south1")
default_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule("default",
name="my-policyrule-name",
location="us-south1",
gateway_security_policy=default_gateway_security_policy.name,
enabled=True,
priority=1,
session_matcher="host() == 'example.com'",
basic_profile="ALLOW")
default_gateway = gcp.networkservices.Gateway("default",
name="my-gateway1",
location="us-south1",
addresses=["10.128.0.99"],
type="SECURE_WEB_GATEWAY",
ports=[443],
scope="my-default-scope1",
certificate_urls=[default.id],
gateway_security_policy=default_gateway_security_policy.id,
network=default_network.id,
subnetwork=default_subnetwork.id,
delete_swg_autogen_router_on_destroy=True,
opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))
gateway2 = gcp.networkservices.Gateway("gateway2",
name="my-gateway2",
location="us-south1",
addresses=["10.128.0.98"],
type="SECURE_WEB_GATEWAY",
ports=[443],
scope="my-default-scope2",
certificate_urls=[default.id],
gateway_security_policy=default_gateway_security_policy.id,
network=default_network.id,
subnetwork=default_subnetwork.id,
delete_swg_autogen_router_on_destroy=True,
opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-fixtures/private-key.pem",
}, nil)
if err != nil {
return err
}
_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
Name: pulumi.String("my-certificate"),
Location: pulumi.String("us-south1"),
SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
PemCertificate: pulumi.String(invokeFile.Result),
PemPrivateKey: pulumi.String(invokeFile1.Result),
},
})
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
RoutingMode: pulumi.String("REGIONAL"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork-name"),
Purpose: pulumi.String("PRIVATE"),
IpCidrRange: pulumi.String("10.128.0.0/20"),
Region: pulumi.String("us-south1"),
Network: defaultNetwork.ID(),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
proxyonlysubnet, err := compute.NewSubnetwork(ctx, "proxyonlysubnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-proxy-only-subnetwork"),
Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
IpCidrRange: pulumi.String("192.168.0.0/23"),
Region: pulumi.String("us-south1"),
Network: defaultNetwork.ID(),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
defaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, "default", &networksecurity.GatewaySecurityPolicyArgs{
Name: pulumi.String("my-policy-name"),
Location: pulumi.String("us-south1"),
})
if err != nil {
return err
}
_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, "default", &networksecurity.GatewaySecurityPolicyRuleArgs{
Name: pulumi.String("my-policyrule-name"),
Location: pulumi.String("us-south1"),
GatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
SessionMatcher: pulumi.String("host() == 'example.com'"),
BasicProfile: pulumi.String("ALLOW"),
})
if err != nil {
return err
}
_, err = networkservices.NewGateway(ctx, "default", &networkservices.GatewayArgs{
Name: pulumi.String("my-gateway1"),
Location: pulumi.String("us-south1"),
Addresses: pulumi.StringArray{
pulumi.String("10.128.0.99"),
},
Type: pulumi.String("SECURE_WEB_GATEWAY"),
Ports: pulumi.IntArray{
pulumi.Int(443),
},
Scope: pulumi.String("my-default-scope1"),
CertificateUrls: pulumi.StringArray{
_default.ID(),
},
GatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
DeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
proxyonlysubnet,
}))
if err != nil {
return err
}
_, err = networkservices.NewGateway(ctx, "gateway2", &networkservices.GatewayArgs{
Name: pulumi.String("my-gateway2"),
Location: pulumi.String("us-south1"),
Addresses: pulumi.StringArray{
pulumi.String("10.128.0.98"),
},
Type: pulumi.String("SECURE_WEB_GATEWAY"),
Ports: pulumi.IntArray{
pulumi.Int(443),
},
Scope: pulumi.String("my-default-scope2"),
CertificateUrls: pulumi.StringArray{
_default.ID(),
},
GatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
DeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
proxyonlysubnet,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CertificateManager.Certificate("default", new()
{
Name = "my-certificate",
Location = "us-south1",
SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
{
PemCertificate = Std.File.Invoke(new()
{
Input = "test-fixtures/cert.pem",
}).Apply(invoke => invoke.Result),
PemPrivateKey = Std.File.Invoke(new()
{
Input = "test-fixtures/private-key.pem",
}).Apply(invoke => invoke.Result),
},
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "my-network",
RoutingMode = "REGIONAL",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "my-subnetwork-name",
Purpose = "PRIVATE",
IpCidrRange = "10.128.0.0/20",
Region = "us-south1",
Network = defaultNetwork.Id,
Role = "ACTIVE",
});
var proxyonlysubnet = new Gcp.Compute.Subnetwork("proxyonlysubnet", new()
{
Name = "my-proxy-only-subnetwork",
Purpose = "REGIONAL_MANAGED_PROXY",
IpCidrRange = "192.168.0.0/23",
Region = "us-south1",
Network = defaultNetwork.Id,
Role = "ACTIVE",
});
var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy("default", new()
{
Name = "my-policy-name",
Location = "us-south1",
});
var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule("default", new()
{
Name = "my-policyrule-name",
Location = "us-south1",
GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,
Enabled = true,
Priority = 1,
SessionMatcher = "host() == 'example.com'",
BasicProfile = "ALLOW",
});
var defaultGateway = new Gcp.NetworkServices.Gateway("default", new()
{
Name = "my-gateway1",
Location = "us-south1",
Addresses = new[]
{
"10.128.0.99",
},
Type = "SECURE_WEB_GATEWAY",
Ports = new[]
{
443,
},
Scope = "my-default-scope1",
CertificateUrls = new[]
{
@default.Id,
},
GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
DeleteSwgAutogenRouterOnDestroy = true,
}, new CustomResourceOptions
{
DependsOn =
{
proxyonlysubnet,
},
});
var gateway2 = new Gcp.NetworkServices.Gateway("gateway2", new()
{
Name = "my-gateway2",
Location = "us-south1",
Addresses = new[]
{
"10.128.0.98",
},
Type = "SECURE_WEB_GATEWAY",
Ports = new[]
{
443,
},
Scope = "my-default-scope2",
CertificateUrls = new[]
{
@default.Id,
},
GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
DeleteSwgAutogenRouterOnDestroy = true,
}, new CustomResourceOptions
{
DependsOn =
{
proxyonlysubnet,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Certificate("default", CertificateArgs.builder()
.name("my-certificate")
.location("us-south1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/cert.pem")
.build()).result())
.pemPrivateKey(StdFunctions.file(FileArgs.builder()
.input("test-fixtures/private-key.pem")
.build()).result())
.build())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("my-network")
.routingMode("REGIONAL")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("my-subnetwork-name")
.purpose("PRIVATE")
.ipCidrRange("10.128.0.0/20")
.region("us-south1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var proxyonlysubnet = new Subnetwork("proxyonlysubnet", SubnetworkArgs.builder()
.name("my-proxy-only-subnetwork")
.purpose("REGIONAL_MANAGED_PROXY")
.ipCidrRange("192.168.0.0/23")
.region("us-south1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.name("my-policy-name")
.location("us-south1")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.name("my-policyrule-name")
.location("us-south1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.priority(1)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
var defaultGateway = new Gateway("defaultGateway", GatewayArgs.builder()
.name("my-gateway1")
.location("us-south1")
.addresses("10.128.0.99")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope1")
.certificateUrls(default_.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
var gateway2 = new Gateway("gateway2", GatewayArgs.builder()
.name("my-gateway2")
.location("us-south1")
.addresses("10.128.0.98")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope2")
.certificateUrls(default_.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
}
}
resources:
default:
type: gcp:certificatemanager:Certificate
properties:
name: my-certificate
location: us-south1
selfManaged:
pemCertificate:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/cert.pem
Return: result
pemPrivateKey:
fn::invoke:
Function: std:file
Arguments:
input: test-fixtures/private-key.pem
Return: result
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: my-network
routingMode: REGIONAL
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: my-subnetwork-name
purpose: PRIVATE
ipCidrRange: 10.128.0.0/20
region: us-south1
network: ${defaultNetwork.id}
role: ACTIVE
proxyonlysubnet:
type: gcp:compute:Subnetwork
properties:
name: my-proxy-only-subnetwork
purpose: REGIONAL_MANAGED_PROXY
ipCidrRange: 192.168.0.0/23
region: us-south1
network: ${defaultNetwork.id}
role: ACTIVE
defaultGatewaySecurityPolicy:
type: gcp:networksecurity:GatewaySecurityPolicy
name: default
properties:
name: my-policy-name
location: us-south1
defaultGatewaySecurityPolicyRule:
type: gcp:networksecurity:GatewaySecurityPolicyRule
name: default
properties:
name: my-policyrule-name
location: us-south1
gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}
enabled: true
priority: 1
sessionMatcher: host() == 'example.com'
basicProfile: ALLOW
defaultGateway:
type: gcp:networkservices:Gateway
name: default
properties:
name: my-gateway1
location: us-south1
addresses:
- 10.128.0.99
type: SECURE_WEB_GATEWAY
ports:
- 443
scope: my-default-scope1
certificateUrls:
- ${default.id}
gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
deleteSwgAutogenRouterOnDestroy: true
options:
dependson:
- ${proxyonlysubnet}
gateway2:
type: gcp:networkservices:Gateway
properties:
name: my-gateway2
location: us-south1
addresses:
- 10.128.0.98
type: SECURE_WEB_GATEWAY
ports:
- 443
scope: my-default-scope2
certificateUrls:
- ${default.id}
gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
deleteSwgAutogenRouterOnDestroy: true
options:
dependson:
- ${proxyonlysubnet}
Create Gateway Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Gateway(name: string, args: GatewayArgs, opts?: CustomResourceOptions);
@overload
def Gateway(resource_name: str,
args: GatewayArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Gateway(resource_name: str,
opts: Optional[ResourceOptions] = None,
ports: Optional[Sequence[int]] = None,
type: Optional[str] = None,
network: Optional[str] = None,
delete_swg_autogen_router_on_destroy: Optional[bool] = None,
gateway_security_policy: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
addresses: Optional[Sequence[str]] = None,
description: Optional[str] = None,
project: Optional[str] = None,
routing_mode: Optional[str] = None,
scope: Optional[str] = None,
server_tls_policy: Optional[str] = None,
subnetwork: Optional[str] = None,
certificate_urls: Optional[Sequence[str]] = None)
func NewGateway(ctx *Context, name string, args GatewayArgs, opts ...ResourceOption) (*Gateway, error)
public Gateway(string name, GatewayArgs args, CustomResourceOptions? opts = null)
public Gateway(String name, GatewayArgs args)
public Gateway(String name, GatewayArgs args, CustomResourceOptions options)
type: gcp:networkservices:Gateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gcpGatewayResource = new Gcp.NetworkServices.Gateway("gcpGatewayResource", new()
{
Ports = new[]
{
0,
},
Type = "string",
Network = "string",
DeleteSwgAutogenRouterOnDestroy = false,
GatewaySecurityPolicy = "string",
Labels =
{
{ "string", "string" },
},
Location = "string",
Name = "string",
Addresses = new[]
{
"string",
},
Description = "string",
Project = "string",
RoutingMode = "string",
Scope = "string",
ServerTlsPolicy = "string",
Subnetwork = "string",
CertificateUrls = new[]
{
"string",
},
});
example, err := networkservices.NewGateway(ctx, "gcpGatewayResource", &networkservices.GatewayArgs{
Ports: pulumi.IntArray{
pulumi.Int(0),
},
Type: pulumi.String("string"),
Network: pulumi.String("string"),
DeleteSwgAutogenRouterOnDestroy: pulumi.Bool(false),
GatewaySecurityPolicy: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Location: pulumi.String("string"),
Name: pulumi.String("string"),
Addresses: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Project: pulumi.String("string"),
RoutingMode: pulumi.String("string"),
Scope: pulumi.String("string"),
ServerTlsPolicy: pulumi.String("string"),
Subnetwork: pulumi.String("string"),
CertificateUrls: pulumi.StringArray{
pulumi.String("string"),
},
})
var gcpGatewayResource = new Gateway("gcpGatewayResource", GatewayArgs.builder()
.ports(0)
.type("string")
.network("string")
.deleteSwgAutogenRouterOnDestroy(false)
.gatewaySecurityPolicy("string")
.labels(Map.of("string", "string"))
.location("string")
.name("string")
.addresses("string")
.description("string")
.project("string")
.routingMode("string")
.scope("string")
.serverTlsPolicy("string")
.subnetwork("string")
.certificateUrls("string")
.build());
gcp_gateway_resource = gcp.networkservices.Gateway("gcpGatewayResource",
ports=[0],
type="string",
network="string",
delete_swg_autogen_router_on_destroy=False,
gateway_security_policy="string",
labels={
"string": "string",
},
location="string",
name="string",
addresses=["string"],
description="string",
project="string",
routing_mode="string",
scope="string",
server_tls_policy="string",
subnetwork="string",
certificate_urls=["string"])
const gcpGatewayResource = new gcp.networkservices.Gateway("gcpGatewayResource", {
ports: [0],
type: "string",
network: "string",
deleteSwgAutogenRouterOnDestroy: false,
gatewaySecurityPolicy: "string",
labels: {
string: "string",
},
location: "string",
name: "string",
addresses: ["string"],
description: "string",
project: "string",
routingMode: "string",
scope: "string",
serverTlsPolicy: "string",
subnetwork: "string",
certificateUrls: ["string"],
});
type: gcp:networkservices:Gateway
properties:
addresses:
- string
certificateUrls:
- string
deleteSwgAutogenRouterOnDestroy: false
description: string
gatewaySecurityPolicy: string
labels:
string: string
location: string
name: string
network: string
ports:
- 0
project: string
routingMode: string
scope: string
serverTlsPolicy: string
subnetwork: string
type: string
Gateway Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Gateway resource accepts the following input properties:
- Ports List<int>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- Type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - Addresses List<string>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- Certificate
Urls List<string> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- Delete
Swg boolAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Labels Dictionary<string, string>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location of the gateway.
The default value is
global
. - Name string
- Short name of the Gateway resource to be created.
- Network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - Scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- Server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- Subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
- Ports []int
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- Type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - Addresses []string
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- Certificate
Urls []string - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- Delete
Swg boolAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Labels map[string]string
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location of the gateway.
The default value is
global
. - Name string
- Short name of the Gateway resource to be created.
- Network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - Scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- Server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- Subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
- ports List<Integer>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- type String
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - addresses List<String>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls List<String> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- delete
Swg BooleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description String
- A free-text description of the resource. Max length 1024 characters.
- gateway
Security StringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Map<String,String>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location of the gateway.
The default value is
global
. - name String
- Short name of the Gateway resource to be created.
- network String
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- routing
Mode String - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope String
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- server
Tls StringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork String
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
- ports number[]
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - addresses string[]
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls string[] - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- delete
Swg booleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description string
- A free-text description of the resource. Max length 1024 characters.
- gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels {[key: string]: string}
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location string
- The location of the gateway.
The default value is
global
. - name string
- Short name of the Gateway resource to be created.
- network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
- ports Sequence[int]
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- type str
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - addresses Sequence[str]
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate_
urls Sequence[str] - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- delete_
swg_ boolautogen_ router_ on_ destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description str
- A free-text description of the resource. Max length 1024 characters.
- gateway_
security_ strpolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Mapping[str, str]
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location str
- The location of the gateway.
The default value is
global
. - name str
- Short name of the Gateway resource to be created.
- network str
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- routing_
mode str - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope str
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- server_
tls_ strpolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork str
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
- ports List<Number>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- type String
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - addresses List<String>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls List<String> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- delete
Swg BooleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description String
- A free-text description of the resource. Max length 1024 characters.
- gateway
Security StringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Map<String>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location of the gateway.
The default value is
global
. - name String
- Short name of the Gateway resource to be created.
- network String
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- routing
Mode String - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope String
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- server
Tls StringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork String
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
Outputs
All input properties are implicitly available as output properties. Additionally, the Gateway resource produces the following output properties:
- Create
Time string - Time the AccessPolicy was created in UTC.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - Server-defined URL of this resource.
- Update
Time string - Time the AccessPolicy was updated in UTC.
- Create
Time string - Time the AccessPolicy was created in UTC.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - Server-defined URL of this resource.
- Update
Time string - Time the AccessPolicy was updated in UTC.
- create
Time String - Time the AccessPolicy was created in UTC.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - Server-defined URL of this resource.
- update
Time String - Time the AccessPolicy was updated in UTC.
- create
Time string - Time the AccessPolicy was created in UTC.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - Server-defined URL of this resource.
- update
Time string - Time the AccessPolicy was updated in UTC.
- create_
time str - Time the AccessPolicy was created in UTC.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - Server-defined URL of this resource.
- update_
time str - Time the AccessPolicy was updated in UTC.
- create
Time String - Time the AccessPolicy was created in UTC.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - Server-defined URL of this resource.
- update
Time String - Time the AccessPolicy was updated in UTC.
Look up Existing Gateway Resource
Get an existing Gateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayState, opts?: CustomResourceOptions): Gateway
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addresses: Optional[Sequence[str]] = None,
certificate_urls: Optional[Sequence[str]] = None,
create_time: Optional[str] = None,
delete_swg_autogen_router_on_destroy: Optional[bool] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
gateway_security_policy: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
ports: Optional[Sequence[int]] = None,
project: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
routing_mode: Optional[str] = None,
scope: Optional[str] = None,
self_link: Optional[str] = None,
server_tls_policy: Optional[str] = None,
subnetwork: Optional[str] = None,
type: Optional[str] = None,
update_time: Optional[str] = None) -> Gateway
func GetGateway(ctx *Context, name string, id IDInput, state *GatewayState, opts ...ResourceOption) (*Gateway, error)
public static Gateway Get(string name, Input<string> id, GatewayState? state, CustomResourceOptions? opts = null)
public static Gateway get(String name, Output<String> id, GatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addresses List<string>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- Certificate
Urls List<string> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- Create
Time string - Time the AccessPolicy was created in UTC.
- Delete
Swg boolAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Labels Dictionary<string, string>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location of the gateway.
The default value is
global
. - Name string
- Short name of the Gateway resource to be created.
- Network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Ports List<int>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - Scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- Self
Link string - Server-defined URL of this resource.
- Server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- Subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - Type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - Update
Time string - Time the AccessPolicy was updated in UTC.
- Addresses []string
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- Certificate
Urls []string - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- Create
Time string - Time the AccessPolicy was created in UTC.
- Delete
Swg boolAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- Description string
- A free-text description of the resource. Max length 1024 characters.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Labels map[string]string
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - Location string
- The location of the gateway.
The default value is
global
. - Name string
- Short name of the Gateway resource to be created.
- Network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - Ports []int
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - Scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- Self
Link string - Server-defined URL of this resource.
- Server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- Subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - Type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - Update
Time string - Time the AccessPolicy was updated in UTC.
- addresses List<String>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls List<String> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- create
Time String - Time the AccessPolicy was created in UTC.
- delete
Swg BooleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- gateway
Security StringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Map<String,String>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location of the gateway.
The default value is
global
. - name String
- Short name of the Gateway resource to be created.
- network String
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - ports List<Integer>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- routing
Mode String - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope String
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- self
Link String - Server-defined URL of this resource.
- server
Tls StringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork String
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - type String
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - update
Time String - Time the AccessPolicy was updated in UTC.
- addresses string[]
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls string[] - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- create
Time string - Time the AccessPolicy was created in UTC.
- delete
Swg booleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description string
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- gateway
Security stringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels {[key: string]: string}
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location string
- The location of the gateway.
The default value is
global
. - name string
- Short name of the Gateway resource to be created.
- network string
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - ports number[]
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- routing
Mode string - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope string
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- self
Link string - Server-defined URL of this resource.
- server
Tls stringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork string
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - type string
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - update
Time string - Time the AccessPolicy was updated in UTC.
- addresses Sequence[str]
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate_
urls Sequence[str] - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- create_
time str - Time the AccessPolicy was created in UTC.
- delete_
swg_ boolautogen_ router_ on_ destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description str
- A free-text description of the resource. Max length 1024 characters.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- gateway_
security_ strpolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Mapping[str, str]
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location str
- The location of the gateway.
The default value is
global
. - name str
- Short name of the Gateway resource to be created.
- network str
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - ports Sequence[int]
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- routing_
mode str - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope str
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- self_
link str - Server-defined URL of this resource.
- server_
tls_ strpolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork str
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - type str
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - update_
time str - Time the AccessPolicy was updated in UTC.
- addresses List<String>
- Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
- certificate
Urls List<String> - A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
- create
Time String - Time the AccessPolicy was created in UTC.
- delete
Swg BooleanAutogen Router On Destroy - When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
- description String
- A free-text description of the resource. Max length 1024 characters.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- gateway
Security StringPolicy - A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example:
projects/*/locations/*/gatewaySecurityPolicies/swg-policy
. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. - labels Map<String>
- Set of label tags associated with the Gateway resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field
effective_labels
for all of the labels present on the resource. - location String
- The location of the gateway.
The default value is
global
. - name String
- Short name of the Gateway resource to be created.
- network String
- The relative resource name identifying the VPC network that is using this configuration.
For example:
projects/*/global/networks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. - ports List<Number>
- One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- routing
Mode String - The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
Possible values are:
NEXT_HOP_ROUTING_MODE
. - scope String
- Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
- self
Link String - Server-defined URL of this resource.
- server
Tls StringPolicy - A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
- subnetwork String
- The relative resource name identifying the subnetwork in which this SWG is allocated.
For example:
projects/*/regions/us-central1/subnetworks/network-1
. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY. - type String
- Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are:
TYPE_UNSPECIFIED
,OPEN_MESH
,SECURE_WEB_GATEWAY
. - update
Time String - Time the AccessPolicy was updated in UTC.
Import
Gateway can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/gateways/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
When using the pulumi import
command, Gateway can be imported using one of the formats above. For example:
$ pulumi import gcp:networkservices/gateway:Gateway default projects/{{project}}/locations/{{location}}/gateways/{{name}}
$ pulumi import gcp:networkservices/gateway:Gateway default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:networkservices/gateway:Gateway default {{location}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.