Docs Home
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
google-native.compute/alpha.ServiceAttachment
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
Creates a ServiceAttachment in the specified project in the given scope using the parameters that are included in the request.
Create ServiceAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServiceAttachment(name: string, args: ServiceAttachmentArgs, opts?: CustomResourceOptions);@overload
def ServiceAttachment(resource_name: str,
args: ServiceAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServiceAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
region: Optional[str] = None,
domain_names: Optional[Sequence[str]] = None,
reconcile_connections: Optional[bool] = None,
description: Optional[str] = None,
connection_preference: Optional[ServiceAttachmentConnectionPreference] = None,
enable_proxy_protocol: Optional[bool] = None,
name: Optional[str] = None,
consumer_reject_lists: Optional[Sequence[str]] = None,
project: Optional[str] = None,
nat_subnets: Optional[Sequence[str]] = None,
propagated_connection_limit: Optional[int] = None,
producer_forwarding_rule: Optional[str] = None,
consumer_accept_lists: Optional[Sequence[ServiceAttachmentConsumerProjectLimitArgs]] = None,
request_id: Optional[str] = None,
target_service: Optional[str] = None,
tunneling_config: Optional[ServiceAttachmentTunnelingConfigArgs] = None)func NewServiceAttachment(ctx *Context, name string, args ServiceAttachmentArgs, opts ...ResourceOption) (*ServiceAttachment, error)public ServiceAttachment(string name, ServiceAttachmentArgs args, CustomResourceOptions? opts = null)public ServiceAttachment(String name, ServiceAttachmentArgs args)
public ServiceAttachment(String name, ServiceAttachmentArgs args, CustomResourceOptions options)
type: google-native:compute/alpha:ServiceAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceAttachmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ServiceAttachmentArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceAttachmentArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceAttachmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ServiceAttachmentArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serviceAttachmentResource = new GoogleNative.Compute.Alpha.ServiceAttachment("serviceAttachmentResource", new()
{
Region = "string",
DomainNames = new[]
{
"string",
},
ReconcileConnections = false,
Description = "string",
ConnectionPreference = GoogleNative.Compute.Alpha.ServiceAttachmentConnectionPreference.AcceptAutomatic,
EnableProxyProtocol = false,
Name = "string",
ConsumerRejectLists = new[]
{
"string",
},
Project = "string",
NatSubnets = new[]
{
"string",
},
PropagatedConnectionLimit = 0,
ProducerForwardingRule = "string",
ConsumerAcceptLists = new[]
{
new GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentConsumerProjectLimitArgs
{
ConnectionLimit = 0,
NetworkUrl = "string",
ProjectIdOrNum = "string",
},
},
RequestId = "string",
TargetService = "string",
TunnelingConfig = new GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentTunnelingConfigArgs
{
EncapsulationProfile = GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GeneveSecurityV1,
RoutingMode = GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigRoutingMode.PacketInjection,
},
});
example, err := compute.NewServiceAttachment(ctx, "serviceAttachmentResource", &compute.ServiceAttachmentArgs{
Region: pulumi.String("string"),
DomainNames: pulumi.StringArray{
pulumi.String("string"),
},
ReconcileConnections: pulumi.Bool(false),
Description: pulumi.String("string"),
ConnectionPreference: compute.ServiceAttachmentConnectionPreferenceAcceptAutomatic,
EnableProxyProtocol: pulumi.Bool(false),
Name: pulumi.String("string"),
ConsumerRejectLists: pulumi.StringArray{
pulumi.String("string"),
},
Project: pulumi.String("string"),
NatSubnets: pulumi.StringArray{
pulumi.String("string"),
},
PropagatedConnectionLimit: pulumi.Int(0),
ProducerForwardingRule: pulumi.String("string"),
ConsumerAcceptLists: compute.ServiceAttachmentConsumerProjectLimitArray{
&compute.ServiceAttachmentConsumerProjectLimitArgs{
ConnectionLimit: pulumi.Int(0),
NetworkUrl: pulumi.String("string"),
ProjectIdOrNum: pulumi.String("string"),
},
},
RequestId: pulumi.String("string"),
TargetService: pulumi.String("string"),
TunnelingConfig: &compute.ServiceAttachmentTunnelingConfigArgs{
EncapsulationProfile: compute.ServiceAttachmentTunnelingConfigEncapsulationProfileGeneveSecurityV1,
RoutingMode: compute.ServiceAttachmentTunnelingConfigRoutingModePacketInjection,
},
})
var serviceAttachmentResource = new ServiceAttachment("serviceAttachmentResource", ServiceAttachmentArgs.builder()
.region("string")
.domainNames("string")
.reconcileConnections(false)
.description("string")
.connectionPreference("ACCEPT_AUTOMATIC")
.enableProxyProtocol(false)
.name("string")
.consumerRejectLists("string")
.project("string")
.natSubnets("string")
.propagatedConnectionLimit(0)
.producerForwardingRule("string")
.consumerAcceptLists(ServiceAttachmentConsumerProjectLimitArgs.builder()
.connectionLimit(0)
.networkUrl("string")
.projectIdOrNum("string")
.build())
.requestId("string")
.targetService("string")
.tunnelingConfig(ServiceAttachmentTunnelingConfigArgs.builder()
.encapsulationProfile("GENEVE_SECURITY_V1")
.routingMode("PACKET_INJECTION")
.build())
.build());
service_attachment_resource = google_native.compute.alpha.ServiceAttachment("serviceAttachmentResource",
region="string",
domain_names=["string"],
reconcile_connections=False,
description="string",
connection_preference=google_native.compute.alpha.ServiceAttachmentConnectionPreference.ACCEPT_AUTOMATIC,
enable_proxy_protocol=False,
name="string",
consumer_reject_lists=["string"],
project="string",
nat_subnets=["string"],
propagated_connection_limit=0,
producer_forwarding_rule="string",
consumer_accept_lists=[{
"connection_limit": 0,
"network_url": "string",
"project_id_or_num": "string",
}],
request_id="string",
target_service="string",
tunneling_config={
"encapsulation_profile": google_native.compute.alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GENEVE_SECURITY_V1,
"routing_mode": google_native.compute.alpha.ServiceAttachmentTunnelingConfigRoutingMode.PACKET_INJECTION,
})
const serviceAttachmentResource = new google_native.compute.alpha.ServiceAttachment("serviceAttachmentResource", {
region: "string",
domainNames: ["string"],
reconcileConnections: false,
description: "string",
connectionPreference: google_native.compute.alpha.ServiceAttachmentConnectionPreference.AcceptAutomatic,
enableProxyProtocol: false,
name: "string",
consumerRejectLists: ["string"],
project: "string",
natSubnets: ["string"],
propagatedConnectionLimit: 0,
producerForwardingRule: "string",
consumerAcceptLists: [{
connectionLimit: 0,
networkUrl: "string",
projectIdOrNum: "string",
}],
requestId: "string",
targetService: "string",
tunnelingConfig: {
encapsulationProfile: google_native.compute.alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GeneveSecurityV1,
routingMode: google_native.compute.alpha.ServiceAttachmentTunnelingConfigRoutingMode.PacketInjection,
},
});
type: google-native:compute/alpha:ServiceAttachment
properties:
connectionPreference: ACCEPT_AUTOMATIC
consumerAcceptLists:
- connectionLimit: 0
networkUrl: string
projectIdOrNum: string
consumerRejectLists:
- string
description: string
domainNames:
- string
enableProxyProtocol: false
name: string
natSubnets:
- string
producerForwardingRule: string
project: string
propagatedConnectionLimit: 0
reconcileConnections: false
region: string
requestId: string
targetService: string
tunnelingConfig:
encapsulationProfile: GENEVE_SECURITY_V1
routingMode: PACKET_INJECTION
ServiceAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServiceAttachment resource accepts the following input properties:
- Region
string
This property is required. 
Changes to this property will trigger replacement. - Connection
Preference Pulumi.Google Native. Compute. Alpha. Service Attachment Connection Preference - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- Consumer
Accept List<Pulumi.Lists Google Native. Compute. Alpha. Inputs. Service Attachment Consumer Project Limit> - Projects that are allowed to connect to this service attachment.
- Consumer
Reject List<string>Lists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Domain
Names List<string> - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- Enable
Proxy boolProtocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- Name string
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Nat
Subnets List<string> - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- Producer
Forwarding stringRule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- Project
- Propagated
Connection intLimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- Reconcile
Connections bool - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Target
Service string - The URL of a service serving the endpoint identified by this service attachment.
- Tunneling
Config Pulumi.Google Native. Compute. Alpha. Inputs. Service Attachment Tunneling Config - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
- Region
string
This property is required. Changes to this property will trigger replacement. - Connection
Preference ServiceAttachment Connection Preference - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- Consumer
Accept []ServiceLists Attachment Consumer Project Limit Args - Projects that are allowed to connect to this service attachment.
- Consumer
Reject []stringLists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Domain
Names []string - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- Enable
Proxy boolProtocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- Name string
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Nat
Subnets []string - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- Producer
Forwarding stringRule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- Project
- Propagated
Connection intLimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- Reconcile
Connections bool - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Target
Service string - The URL of a service serving the endpoint identified by this service attachment.
- Tunneling
Config ServiceAttachment Tunneling Config Args - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
- region
String
This property is required. Changes to this property will trigger replacement. - connection
Preference ServiceAttachment Connection Preference - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- consumer
Accept List<ServiceLists Attachment Consumer Project Limit> - Projects that are allowed to connect to this service attachment.
- consumer
Reject List<String>Lists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- domain
Names List<String> - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- enable
Proxy BooleanProtocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- name String
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - nat
Subnets List<String> - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- producer
Forwarding StringRule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- project
- propagated
Connection IntegerLimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- reconcile
Connections Boolean - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- target
Service String - The URL of a service serving the endpoint identified by this service attachment.
- tunneling
Config ServiceAttachment Tunneling Config - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
- region
string
This property is required. Changes to this property will trigger replacement. - connection
Preference ServiceAttachment Connection Preference - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- consumer
Accept ServiceLists Attachment Consumer Project Limit[] - Projects that are allowed to connect to this service attachment.
- consumer
Reject string[]Lists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- domain
Names string[] - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- enable
Proxy booleanProtocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- name string
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - nat
Subnets string[] - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- producer
Forwarding stringRule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- project
- propagated
Connection numberLimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- reconcile
Connections boolean - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- target
Service string - The URL of a service serving the endpoint identified by this service attachment.
- tunneling
Config ServiceAttachment Tunneling Config - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
- region
str
This property is required. Changes to this property will trigger replacement. - connection_
preference ServiceAttachment Connection Preference - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- consumer_
accept_ Sequence[Servicelists Attachment Consumer Project Limit Args] - Projects that are allowed to connect to this service attachment.
- consumer_
reject_ Sequence[str]lists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- domain_
names Sequence[str] - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- enable_
proxy_ boolprotocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- name str
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - nat_
subnets Sequence[str] - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- producer_
forwarding_ strrule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- project
- propagated_
connection_ intlimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- reconcile_
connections bool - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- request_
id str - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- target_
service str - The URL of a service serving the endpoint identified by this service attachment.
- tunneling_
config ServiceAttachment Tunneling Config Args - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
- region
String
This property is required. Changes to this property will trigger replacement. - connection
Preference "ACCEPT_AUTOMATIC" | "ACCEPT_MANUAL" | "CONNECTION_PREFERENCE_UNSPECIFIED" - The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
- consumer
Accept List<Property Map>Lists - Projects that are allowed to connect to this service attachment.
- consumer
Reject List<String>Lists - Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- domain
Names List<String> - If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
- enable
Proxy BooleanProtocol - If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
- name String
- Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - nat
Subnets List<String> - An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
- producer
Forwarding StringRule - The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
- project
- propagated
Connection NumberLimit - The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
- reconcile
Connections Boolean - This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- target
Service String - The URL of a service serving the endpoint identified by this service attachment.
- tunneling
Config Property Map - When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -
Outputs
All input properties are implicitly available as output properties. Additionally, the ServiceAttachment resource produces the following output properties:
- Connected
Endpoints List<Pulumi.Google Native. Compute. Alpha. Outputs. Service Attachment Connected Endpoint Response> - An array of connections for all the consumers connected to this service attachment.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- Type of the resource. Always compute#serviceAttachment for service attachments.
- Psc
Service Pulumi.Attachment Id Google Native. Compute. Alpha. Outputs. Uint128Response - An 128-bit global unique ID of the PSC service attachment.
- Self
Link string - Server-defined URL for the resource.
- Connected
Endpoints []ServiceAttachment Connected Endpoint Response - An array of connections for all the consumers connected to this service attachment.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- Type of the resource. Always compute#serviceAttachment for service attachments.
- Psc
Service Uint128ResponseAttachment Id - An 128-bit global unique ID of the PSC service attachment.
- Self
Link string - Server-defined URL for the resource.
- connected
Endpoints List<ServiceAttachment Connected Endpoint Response> - An array of connections for all the consumers connected to this service attachment.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- Type of the resource. Always compute#serviceAttachment for service attachments.
- psc
Service Uint128ResponseAttachment Id - An 128-bit global unique ID of the PSC service attachment.
- self
Link String - Server-defined URL for the resource.
- connected
Endpoints ServiceAttachment Connected Endpoint Response[] - An array of connections for all the consumers connected to this service attachment.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- id string
- The provider-assigned unique ID for this managed resource.
- kind string
- Type of the resource. Always compute#serviceAttachment for service attachments.
- psc
Service Uint128ResponseAttachment Id - An 128-bit global unique ID of the PSC service attachment.
- self
Link string - Server-defined URL for the resource.
- connected_
endpoints Sequence[ServiceAttachment Connected Endpoint Response] - An array of connections for all the consumers connected to this service attachment.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- fingerprint str
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- id str
- The provider-assigned unique ID for this managed resource.
- kind str
- Type of the resource. Always compute#serviceAttachment for service attachments.
- psc_
service_ Uint128Responseattachment_ id - An 128-bit global unique ID of the PSC service attachment.
- self_
link str - Server-defined URL for the resource.
- connected
Endpoints List<Property Map> - An array of connections for all the consumers connected to this service attachment.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- Type of the resource. Always compute#serviceAttachment for service attachments.
- psc
Service Property MapAttachment Id - An 128-bit global unique ID of the PSC service attachment.
- self
Link String - Server-defined URL for the resource.
Supporting Types
ServiceAttachmentConnectedEndpointResponse, ServiceAttachmentConnectedEndpointResponseArgs
, ServiceAttachmentConnectedEndpointResponseArgs
- Consumer
Network This property is required. string - The url of the consumer network.
- Endpoint
This property is required. string - The url of a connected endpoint.
- Psc
Connection Id This property is required. string - The PSC connection id of the connected endpoint.
- Status
This property is required. string - The status of a connected endpoint to this service attachment.
- Consumer
Network This property is required. string - The url of the consumer network.
- Endpoint
This property is required. string - The url of a connected endpoint.
- Psc
Connection Id This property is required. string - The PSC connection id of the connected endpoint.
- Status
This property is required. string - The status of a connected endpoint to this service attachment.
- consumer
Network This property is required. String - The url of the consumer network.
- endpoint
This property is required. String - The url of a connected endpoint.
- psc
Connection Id This property is required. String - The PSC connection id of the connected endpoint.
- status
This property is required. String - The status of a connected endpoint to this service attachment.
- consumer
Network This property is required. string - The url of the consumer network.
- endpoint
This property is required. string - The url of a connected endpoint.
- psc
Connection Id This property is required. string - The PSC connection id of the connected endpoint.
- status
This property is required. string - The status of a connected endpoint to this service attachment.
- consumer_
network This property is required. str - The url of the consumer network.
- endpoint
This property is required. str - The url of a connected endpoint.
- psc_
connection_ id This property is required. str - The PSC connection id of the connected endpoint.
- status
This property is required. str - The status of a connected endpoint to this service attachment.
- consumer
Network This property is required. String - The url of the consumer network.
- endpoint
This property is required. String - The url of a connected endpoint.
- psc
Connection Id This property is required. String - The PSC connection id of the connected endpoint.
- status
This property is required. String - The status of a connected endpoint to this service attachment.
ServiceAttachmentConnectionPreference, ServiceAttachmentConnectionPreferenceArgs
, ServiceAttachmentConnectionPreferenceArgs
- Accept
Automatic - ACCEPT_AUTOMATIC
- Accept
Manual - ACCEPT_MANUAL
- Connection
Preference Unspecified - CONNECTION_PREFERENCE_UNSPECIFIED
- Service
Attachment Connection Preference Accept Automatic - ACCEPT_AUTOMATIC
- Service
Attachment Connection Preference Accept Manual - ACCEPT_MANUAL
- Service
Attachment Connection Preference Connection Preference Unspecified - CONNECTION_PREFERENCE_UNSPECIFIED
- Accept
Automatic - ACCEPT_AUTOMATIC
- Accept
Manual - ACCEPT_MANUAL
- Connection
Preference Unspecified - CONNECTION_PREFERENCE_UNSPECIFIED
- Accept
Automatic - ACCEPT_AUTOMATIC
- Accept
Manual - ACCEPT_MANUAL
- Connection
Preference Unspecified - CONNECTION_PREFERENCE_UNSPECIFIED
- ACCEPT_AUTOMATIC
- ACCEPT_AUTOMATIC
- ACCEPT_MANUAL
- ACCEPT_MANUAL
- CONNECTION_PREFERENCE_UNSPECIFIED
- CONNECTION_PREFERENCE_UNSPECIFIED
- "ACCEPT_AUTOMATIC"
- ACCEPT_AUTOMATIC
- "ACCEPT_MANUAL"
- ACCEPT_MANUAL
- "CONNECTION_PREFERENCE_UNSPECIFIED"
- CONNECTION_PREFERENCE_UNSPECIFIED
ServiceAttachmentConsumerProjectLimit, ServiceAttachmentConsumerProjectLimitArgs
, ServiceAttachmentConsumerProjectLimitArgs
- Connection
Limit int - The value of the limit to set.
- Network
Url string - The network URL for the network to set the limit for.
- Project
Id stringOr Num - The project id or number for the project to set the limit for.
- Connection
Limit int - The value of the limit to set.
- Network
Url string - The network URL for the network to set the limit for.
- Project
Id stringOr Num - The project id or number for the project to set the limit for.
- connection
Limit Integer - The value of the limit to set.
- network
Url String - The network URL for the network to set the limit for.
- project
Id StringOr Num - The project id or number for the project to set the limit for.
- connection
Limit number - The value of the limit to set.
- network
Url string - The network URL for the network to set the limit for.
- project
Id stringOr Num - The project id or number for the project to set the limit for.
- connection_
limit int - The value of the limit to set.
- network_
url str - The network URL for the network to set the limit for.
- project_
id_ stror_ num - The project id or number for the project to set the limit for.
- connection
Limit Number - The value of the limit to set.
- network
Url String - The network URL for the network to set the limit for.
- project
Id StringOr Num - The project id or number for the project to set the limit for.
ServiceAttachmentConsumerProjectLimitResponse, ServiceAttachmentConsumerProjectLimitResponseArgs
, ServiceAttachmentConsumerProjectLimitResponseArgs
- Connection
Limit This property is required. int - The value of the limit to set.
- Network
Url This property is required. string - The network URL for the network to set the limit for.
- Project
Id Or Num This property is required. string - The project id or number for the project to set the limit for.
- Connection
Limit This property is required. int - The value of the limit to set.
- Network
Url This property is required. string - The network URL for the network to set the limit for.
- Project
Id Or Num This property is required. string - The project id or number for the project to set the limit for.
- connection
Limit This property is required. Integer - The value of the limit to set.
- network
Url This property is required. String - The network URL for the network to set the limit for.
- project
Id Or Num This property is required. String - The project id or number for the project to set the limit for.
- connection
Limit This property is required. number - The value of the limit to set.
- network
Url This property is required. string - The network URL for the network to set the limit for.
- project
Id Or Num This property is required. string - The project id or number for the project to set the limit for.
- connection_
limit This property is required. int - The value of the limit to set.
- network_
url This property is required. str - The network URL for the network to set the limit for.
- project_
id_ or_ num This property is required. str - The project id or number for the project to set the limit for.
- connection
Limit This property is required. Number - The value of the limit to set.
- network
Url This property is required. String - The network URL for the network to set the limit for.
- project
Id Or Num This property is required. String - The project id or number for the project to set the limit for.
ServiceAttachmentTunnelingConfig, ServiceAttachmentTunnelingConfigArgs
, ServiceAttachmentTunnelingConfigArgs
- Encapsulation
Profile Pulumi.Google Native. Compute. Alpha. Service Attachment Tunneling Config Encapsulation Profile - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- Routing
Mode Pulumi.Google Native. Compute. Alpha. Service Attachment Tunneling Config Routing Mode - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- Encapsulation
Profile ServiceAttachment Tunneling Config Encapsulation Profile - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- Routing
Mode ServiceAttachment Tunneling Config Routing Mode - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile ServiceAttachment Tunneling Config Encapsulation Profile - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode ServiceAttachment Tunneling Config Routing Mode - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile ServiceAttachment Tunneling Config Encapsulation Profile - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode ServiceAttachment Tunneling Config Routing Mode - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation_
profile ServiceAttachment Tunneling Config Encapsulation Profile - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing_
mode ServiceAttachment Tunneling Config Routing Mode - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile "GENEVE_SECURITY_V1" | "UNSPECIFIED_ENCAPSULATION_PROFILE" - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode "PACKET_INJECTION" | "STANDARD_ROUTING" | "UNSPECIFIED_ROUTING_MODE" - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
ServiceAttachmentTunnelingConfigEncapsulationProfile, ServiceAttachmentTunnelingConfigEncapsulationProfileArgs
, ServiceAttachmentTunnelingConfigEncapsulationProfileArgs
- Geneve
Security V1 - GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- Unspecified
Encapsulation Profile - UNSPECIFIED_ENCAPSULATION_PROFILE
- Service
Attachment Tunneling Config Encapsulation Profile Geneve Security V1 - GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- Service
Attachment Tunneling Config Encapsulation Profile Unspecified Encapsulation Profile - UNSPECIFIED_ENCAPSULATION_PROFILE
- Geneve
Security V1 - GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- Unspecified
Encapsulation Profile - UNSPECIFIED_ENCAPSULATION_PROFILE
- Geneve
Security V1 - GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- Unspecified
Encapsulation Profile - UNSPECIFIED_ENCAPSULATION_PROFILE
- GENEVE_SECURITY_V1
- GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- UNSPECIFIED_ENCAPSULATION_PROFILE
- UNSPECIFIED_ENCAPSULATION_PROFILE
- "GENEVE_SECURITY_V1"
- GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
- "UNSPECIFIED_ENCAPSULATION_PROFILE"
- UNSPECIFIED_ENCAPSULATION_PROFILE
ServiceAttachmentTunnelingConfigResponse, ServiceAttachmentTunnelingConfigResponseArgs
, ServiceAttachmentTunnelingConfigResponseArgs
- Encapsulation
Profile This property is required. string - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- Routing
Mode This property is required. string - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- Encapsulation
Profile This property is required. string - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- Routing
Mode This property is required. string - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile This property is required. String - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode This property is required. String - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile This property is required. string - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode This property is required. string - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation_
profile This property is required. str - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing_
mode This property is required. str - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
- encapsulation
Profile This property is required. String - Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
- routing
Mode This property is required. String - How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.
ServiceAttachmentTunnelingConfigRoutingMode, ServiceAttachmentTunnelingConfigRoutingModeArgs
, ServiceAttachmentTunnelingConfigRoutingModeArgs
- Packet
Injection - PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- Standard
Routing - STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- Unspecified
Routing Mode - UNSPECIFIED_ROUTING_MODE
- Service
Attachment Tunneling Config Routing Mode Packet Injection - PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- Service
Attachment Tunneling Config Routing Mode Standard Routing - STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- Service
Attachment Tunneling Config Routing Mode Unspecified Routing Mode - UNSPECIFIED_ROUTING_MODE
- Packet
Injection - PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- Standard
Routing - STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- Unspecified
Routing Mode - UNSPECIFIED_ROUTING_MODE
- Packet
Injection - PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- Standard
Routing - STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- Unspecified
Routing Mode - UNSPECIFIED_ROUTING_MODE
- PACKET_INJECTION
- PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- STANDARD_ROUTING
- STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- UNSPECIFIED_ROUTING_MODE
- UNSPECIFIED_ROUTING_MODE
- "PACKET_INJECTION"
- PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
- "STANDARD_ROUTING"
- STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
- "UNSPECIFIED_ROUTING_MODE"
- UNSPECIFIED_ROUTING_MODE
Uint128Response, Uint128ResponseArgs
, Uint128ResponseArgs
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi