import * as pulumi from "@pulumi/pulumi"; /** * Gateway represents the configuration for a proxy, typically a load balancer. * It captures the ip:port over which the services are exposed by the proxy, * along with any policy configurations. Routes have reference to to Gateways * to dictate how requests should be routed by this Gateway. * * To get more information about Gateway, see: * * * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1/projects.locations.gateways) * * ## Example Usage * * ### Network Services Gateway Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networkservices.Gateway("default", { * name: "my-gateway", * scope: "default-scope-basic", * type: "OPEN_MESH", * ports: [443], * }); * ``` * ### Network Services Gateway Advanced * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.networkservices.Gateway("default", { * name: "my-gateway", * labels: { * foo: "bar", * }, * description: "my description", * type: "OPEN_MESH", * ports: [443], * scope: "default-scope-advance", * }); * ``` * ### Network Services Gateway Secure Web Proxy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificatemanager.Certificate("default", { * name: "my-certificate", * location: "us-central1", * selfManaged: { * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * pemPrivateKey: std.file({ * input: "test-fixtures/private-key.pem", * }).then(invoke => invoke.result), * }, * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "my-network", * routingMode: "REGIONAL", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "my-subnetwork-name", * purpose: "PRIVATE", * ipCidrRange: "10.128.0.0/20", * region: "us-central1", * network: defaultNetwork.id, * role: "ACTIVE", * }); * const proxyonlysubnet = new gcp.compute.Subnetwork("proxyonlysubnet", { * name: "my-proxy-only-subnetwork", * purpose: "REGIONAL_MANAGED_PROXY", * ipCidrRange: "192.168.0.0/23", * region: "us-central1", * network: defaultNetwork.id, * role: "ACTIVE", * }); * const defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-policy-name", * location: "us-central1", * }); * const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", { * name: "my-policyrule-name", * location: "us-central1", * gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name, * enabled: true, * priority: 1, * sessionMatcher: "host() == 'example.com'", * basicProfile: "ALLOW", * }); * const defaultGateway = new gcp.networkservices.Gateway("default", { * name: "my-gateway1", * location: "us-central1", * addresses: ["10.128.0.99"], * type: "SECURE_WEB_GATEWAY", * ports: [443], * scope: "my-default-scope1", * certificateUrls: [_default.id], * gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id, * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * deleteSwgAutogenRouterOnDestroy: true, * }, { * dependsOn: [proxyonlysubnet], * }); * ``` * ### Network Services Gateway Multiple Swp Same Network * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const _default = new gcp.certificatemanager.Certificate("default", { * name: "my-certificate", * location: "us-south1", * selfManaged: { * pemCertificate: std.file({ * input: "test-fixtures/cert.pem", * }).then(invoke => invoke.result), * pemPrivateKey: std.file({ * input: "test-fixtures/private-key.pem", * }).then(invoke => invoke.result), * }, * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "my-network", * routingMode: "REGIONAL", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "my-subnetwork-name", * purpose: "PRIVATE", * ipCidrRange: "10.128.0.0/20", * region: "us-south1", * network: defaultNetwork.id, * role: "ACTIVE", * }); * const proxyonlysubnet = new gcp.compute.Subnetwork("proxyonlysubnet", { * name: "my-proxy-only-subnetwork", * purpose: "REGIONAL_MANAGED_PROXY", * ipCidrRange: "192.168.0.0/23", * region: "us-south1", * network: defaultNetwork.id, * role: "ACTIVE", * }); * const defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy("default", { * name: "my-policy-name", * location: "us-south1", * }); * const defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule("default", { * name: "my-policyrule-name", * location: "us-south1", * gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name, * enabled: true, * priority: 1, * sessionMatcher: "host() == 'example.com'", * basicProfile: "ALLOW", * }); * const defaultGateway = new gcp.networkservices.Gateway("default", { * name: "my-gateway1", * location: "us-south1", * addresses: ["10.128.0.99"], * type: "SECURE_WEB_GATEWAY", * ports: [443], * scope: "my-default-scope1", * certificateUrls: [_default.id], * gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id, * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * deleteSwgAutogenRouterOnDestroy: true, * }, { * dependsOn: [proxyonlysubnet], * }); * const gateway2 = new gcp.networkservices.Gateway("gateway2", { * name: "my-gateway2", * location: "us-south1", * addresses: ["10.128.0.98"], * type: "SECURE_WEB_GATEWAY", * ports: [443], * scope: "my-default-scope2", * certificateUrls: [_default.id], * gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id, * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * deleteSwgAutogenRouterOnDestroy: true, * }, { * dependsOn: [proxyonlysubnet], * }); * ``` * * ## Import * * Gateway can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/gateways/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * * When using the `pulumi import` command, Gateway can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networkservices/gateway:Gateway default projects/{{project}}/locations/{{location}}/gateways/{{name}} * $ pulumi import gcp:networkservices/gateway:Gateway default {{project}}/{{location}}/{{name}} * $ pulumi import gcp:networkservices/gateway:Gateway default {{location}}/{{name}} * ``` */ export declare class Gateway extends pulumi.CustomResource { /** * Get an existing Gateway resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: GatewayState, opts?: pulumi.CustomResourceOptions): Gateway; /** * Returns true if the given object is an instance of Gateway. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Gateway; /** * Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. * When no address is provided, an IP from the subnetwork is allocated. * This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6. */ readonly addresses: pulumi.Output; /** * A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. * This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'. */ readonly certificateUrls: pulumi.Output; /** * The timestamp when the resource was created. */ readonly createTime: pulumi.Output; /** * When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. * If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted. */ readonly deleteSwgAutogenRouterOnDestroy: pulumi.Output; /** * A free-text description of the resource. Max length 1024 characters. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Determines if envoy will insert internal debug headers into upstream requests. * Other Envoy headers may still be injected. * By default, envoy will not insert any debug headers. * Possible values are: `NONE`, `DEBUG_HEADERS`. */ readonly envoyHeaders: pulumi.Output; /** * A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. * For example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'. * This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ readonly gatewaySecurityPolicy: pulumi.Output; /** * The IP Version that will be used by this gateway. * Possible values are: `IPV4`, `IPV6`. */ readonly ipVersion: pulumi.Output; /** * Set of label tags associated with the Gateway resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location of the gateway. * The default value is `global`. */ readonly location: pulumi.Output; /** * Name of the Gateway resource. */ readonly name: pulumi.Output; /** * The relative resource name identifying the VPC network that is using this configuration. * For example: 'projects/*/global/networks/network-1'. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ readonly network: pulumi.Output; /** * One or more port numbers (1-65535), on which the Gateway will receive traffic. * The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports. */ readonly ports: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. * Possible values are: `NEXT_HOP_ROUTING_MODE`, `EXPLICIT_ROUTING_MODE`. */ readonly routingMode: pulumi.Output; /** * Immutable. Scope determines how configuration across multiple Gateway instances are merged. * The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. * Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens. */ readonly scope: pulumi.Output; /** * Server-defined URL of this resource. */ readonly selfLink: pulumi.Output; /** * A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. */ readonly serverTlsPolicy: pulumi.Output; /** * The relative resource name identifying the subnetwork in which this SWG is allocated. * For example: projects/*/regions/us-central1/subnetworks/network-1. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ readonly subnetwork: pulumi.Output; /** * Immutable. The type of the customer managed gateway. * Possible values are: `OPEN_MESH`, `SECURE_WEB_GATEWAY`. */ readonly type: pulumi.Output; /** * The timestamp when the resource was updated. */ readonly updateTime: pulumi.Output; /** * Create a Gateway resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: GatewayArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Gateway resources. */ export interface GatewayState { /** * Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. * When no address is provided, an IP from the subnetwork is allocated. * This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6. */ addresses?: pulumi.Input[]>; /** * A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. * This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'. */ certificateUrls?: pulumi.Input[]>; /** * The timestamp when the resource was created. */ createTime?: pulumi.Input; /** * When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. * If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted. */ deleteSwgAutogenRouterOnDestroy?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Determines if envoy will insert internal debug headers into upstream requests. * Other Envoy headers may still be injected. * By default, envoy will not insert any debug headers. * Possible values are: `NONE`, `DEBUG_HEADERS`. */ envoyHeaders?: pulumi.Input; /** * A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. * For example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'. * This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ gatewaySecurityPolicy?: pulumi.Input; /** * The IP Version that will be used by this gateway. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * Set of label tags associated with the Gateway resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the gateway. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the Gateway resource. */ name?: pulumi.Input; /** * The relative resource name identifying the VPC network that is using this configuration. * For example: 'projects/*/global/networks/network-1'. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ network?: pulumi.Input; /** * One or more port numbers (1-65535), on which the Gateway will receive traffic. * The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports. */ ports?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. * Possible values are: `NEXT_HOP_ROUTING_MODE`, `EXPLICIT_ROUTING_MODE`. */ routingMode?: pulumi.Input; /** * Immutable. Scope determines how configuration across multiple Gateway instances are merged. * The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. * Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens. */ scope?: pulumi.Input; /** * Server-defined URL of this resource. */ selfLink?: pulumi.Input; /** * A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. */ serverTlsPolicy?: pulumi.Input; /** * The relative resource name identifying the subnetwork in which this SWG is allocated. * For example: projects/*/regions/us-central1/subnetworks/network-1. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ subnetwork?: pulumi.Input; /** * Immutable. The type of the customer managed gateway. * Possible values are: `OPEN_MESH`, `SECURE_WEB_GATEWAY`. */ type?: pulumi.Input; /** * The timestamp when the resource was updated. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a Gateway resource. */ export interface GatewayArgs { /** * Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. * When no address is provided, an IP from the subnetwork is allocated. * This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6. */ addresses?: pulumi.Input[]>; /** * A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. * This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'. */ certificateUrls?: pulumi.Input[]>; /** * When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. * If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted. */ deleteSwgAutogenRouterOnDestroy?: pulumi.Input; /** * A free-text description of the resource. Max length 1024 characters. */ description?: pulumi.Input; /** * Determines if envoy will insert internal debug headers into upstream requests. * Other Envoy headers may still be injected. * By default, envoy will not insert any debug headers. * Possible values are: `NONE`, `DEBUG_HEADERS`. */ envoyHeaders?: pulumi.Input; /** * A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. * For example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'. * This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ gatewaySecurityPolicy?: pulumi.Input; /** * The IP Version that will be used by this gateway. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * Set of label tags associated with the Gateway resource. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of the gateway. * The default value is `global`. */ location?: pulumi.Input; /** * Name of the Gateway resource. */ name?: pulumi.Input; /** * The relative resource name identifying the VPC network that is using this configuration. * For example: 'projects/*/global/networks/network-1'. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ network?: pulumi.Input; /** * One or more port numbers (1-65535), on which the Gateway will receive traffic. * The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. * Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports. */ ports: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. * Possible values are: `NEXT_HOP_ROUTING_MODE`, `EXPLICIT_ROUTING_MODE`. */ routingMode?: pulumi.Input; /** * Immutable. Scope determines how configuration across multiple Gateway instances are merged. * The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. * Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens. */ scope?: pulumi.Input; /** * A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. */ serverTlsPolicy?: pulumi.Input; /** * The relative resource name identifying the subnetwork in which this SWG is allocated. * For example: projects/*/regions/us-central1/subnetworks/network-1. * Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ subnetwork?: pulumi.Input; /** * Immutable. The type of the customer managed gateway. * Possible values are: `OPEN_MESH`, `SECURE_WEB_GATEWAY`. */ type: pulumi.Input; }