import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Represents a GlobalForwardingRule resource. Global forwarding rules are * used to forward traffic to the correct load balancer for HTTP load * balancing. Global forwarding rules can only be used for HTTP load * balancing. * * For more information, see https://cloud.google.com/compute/docs/load-balancing/http/ * * ## Example Usage * * ### Global Forwarding Rule Http * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "check-backend", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultHttpHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map-target-proxy", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", { * name: "target-proxy", * description: "a description", * urlMap: defaultURLMap.id, * }); * const _default = new gcp.compute.GlobalForwardingRule("default", { * name: "global-rule", * target: defaultTargetHttpProxy.id, * portRange: "80", * }); * ``` * ### Global Forwarding Rule Internal * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const debianImage = gcp.compute.getImage({ * family: "debian-11", * project: "debian-cloud", * }); * const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", { * name: "template-backend", * machineType: "e2-medium", * networkInterfaces: [{ * network: "default", * }], * disks: [{ * sourceImage: debianImage.then(debianImage => debianImage.selfLink), * autoDelete: true, * boot: true, * }], * }); * const igm = new gcp.compute.InstanceGroupManager("igm", { * name: "igm-internal", * versions: [{ * instanceTemplate: instanceTemplate.id, * name: "primary", * }], * baseInstanceName: "internal-glb", * zone: "us-central1-f", * targetSize: 1, * }); * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "check-backend", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * backends: [{ * group: igm.instanceGroup, * balancingMode: "RATE", * capacityScaler: 0.4, * maxRatePerInstance: 50, * }], * healthChecks: defaultHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map-target-proxy", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", { * name: "target-proxy", * description: "a description", * urlMap: defaultURLMap.id, * }); * const _default = new gcp.compute.GlobalForwardingRule("default", { * name: "global-rule", * target: defaultTargetHttpProxy.id, * portRange: "80", * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * ipAddress: "0.0.0.0", * metadataFilters: [{ * filterMatchCriteria: "MATCH_ANY", * filterLabels: [{ * name: "PLANET", * value: "MARS", * }], * }], * }); * ``` * ### Global Forwarding Rule External Managed * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * loadBalancingScheme: "EXTERNAL_MANAGED", * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map-target-proxy", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [{ * paths: ["/*"], * service: defaultBackendService.id, * }], * }], * }); * const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", { * name: "target-proxy", * description: "a description", * urlMap: defaultURLMap.id, * }); * const _default = new gcp.compute.GlobalForwardingRule("default", { * name: "global-rule", * target: defaultTargetHttpProxy.id, * portRange: "80", * loadBalancingScheme: "EXTERNAL_MANAGED", * networkTier: "PREMIUM", * }); * ``` * ### Global Forwarding Rule Hybrid * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const config = new pulumi.Config(); * const subnetworkCidr = config.get("subnetworkCidr") || "10.0.0.0/24"; * const _default = new gcp.compute.Network("default", {name: "my-network"}); * const internal = new gcp.compute.Network("internal", { * name: "my-internal-network", * autoCreateSubnetworks: false, * }); * const internalSubnetwork = new gcp.compute.Subnetwork("internal", { * name: "my-subnetwork", * network: internal.id, * ipCidrRange: subnetworkCidr, * region: "us-central1", * privateIpGoogleAccess: true, * }); * // Zonal NEG with GCE_VM_IP_PORT * const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", { * name: "default-neg", * network: _default.id, * defaultPort: 90, * zone: "us-central1-a", * networkEndpointType: "GCE_VM_IP_PORT", * }); * // Zonal NEG with GCE_VM_IP * const internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("internal", { * name: "internal-neg", * network: internal.id, * subnetwork: internalSubnetwork.id, * zone: "us-central1-a", * networkEndpointType: "GCE_VM_IP", * }); * // Hybrid connectivity NEG * const hybrid = new gcp.compute.NetworkEndpointGroup("hybrid", { * name: "hybrid-neg", * network: _default.id, * defaultPort: 90, * zone: "us-central1-a", * networkEndpointType: "NON_GCP_PRIVATE_IP_PORT", * }); * const hybrid_endpoint = new gcp.compute.NetworkEndpoint("hybrid-endpoint", { * networkEndpointGroup: hybrid.name, * port: hybrid.defaultPort, * ipAddress: "127.0.0.1", * }); * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "health-check", * timeoutSec: 1, * checkIntervalSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * // Backend service for Zonal NEG * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-default", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * backends: [{ * group: defaultNetworkEndpointGroup.id, * balancingMode: "RATE", * maxRatePerEndpoint: 10, * }], * healthChecks: defaultHealthCheck.id, * }); * // Backgend service for Hybrid NEG * const hybridBackendService = new gcp.compute.BackendService("hybrid", { * name: "backend-hybrid", * portName: "http", * protocol: "HTTP", * timeoutSec: 10, * backends: [{ * group: hybrid.id, * balancingMode: "RATE", * maxRatePerEndpoint: 10, * }], * healthChecks: defaultHealthCheck.id, * }); * const defaultURLMap = new gcp.compute.URLMap("default", { * name: "url-map-target-proxy", * description: "a description", * defaultService: defaultBackendService.id, * hostRules: [{ * hosts: ["mysite.com"], * pathMatcher: "allpaths", * }], * pathMatchers: [{ * name: "allpaths", * defaultService: defaultBackendService.id, * pathRules: [ * { * paths: ["/*"], * service: defaultBackendService.id, * }, * { * paths: ["/hybrid"], * service: hybridBackendService.id, * }, * ], * }], * }); * const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", { * name: "target-proxy", * description: "a description", * urlMap: defaultURLMap.id, * }); * const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", { * name: "global-rule", * target: defaultTargetHttpProxy.id, * portRange: "80", * }); * ``` * ### Private Service Connect Google Apis * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const network = new gcp.compute.Network("network", { * project: "my-project-name", * name: "my-network", * autoCreateSubnetworks: false, * }); * const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", { * project: network.project, * name: "my-subnetwork", * ipCidrRange: "10.2.0.0/16", * region: "us-central1", * network: network.id, * privateIpGoogleAccess: true, * }); * const _default = new gcp.compute.GlobalAddress("default", { * project: network.project, * name: "global-psconnect-ip", * addressType: "INTERNAL", * purpose: "PRIVATE_SERVICE_CONNECT", * network: network.id, * address: "100.100.100.106", * }); * const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", { * project: network.project, * name: "globalrule", * target: "all-apis", * network: network.id, * ipAddress: _default.id, * loadBalancingScheme: "", * serviceDirectoryRegistrations: { * namespace: "sd-namespace", * serviceDirectoryRegion: "europe-west3", * }, * }); * ``` * ### Private Service Connect Google Apis No Automate Dns * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const network = new gcp.compute.Network("network", { * project: "my-project-name", * name: "my-network", * autoCreateSubnetworks: false, * }); * const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", { * project: network.project, * name: "my-subnetwork", * ipCidrRange: "10.2.0.0/16", * region: "us-central1", * network: network.id, * privateIpGoogleAccess: true, * }); * const _default = new gcp.compute.GlobalAddress("default", { * project: network.project, * name: "global-psconnect-ip", * addressType: "INTERNAL", * purpose: "PRIVATE_SERVICE_CONNECT", * network: network.id, * address: "100.100.100.106", * }); * const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", { * project: network.project, * name: "globalrule", * target: "all-apis", * network: network.id, * ipAddress: _default.id, * loadBalancingScheme: "", * noAutomateDnsZone: false, * }); * ``` * * ## Import * * GlobalForwardingRule can be imported using any of these accepted formats: * * * `projects/{{project}}/global/forwardingRules/{{name}}` * * * `{{project}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, GlobalForwardingRule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}} * ``` */ export declare class GlobalForwardingRule extends pulumi.CustomResource { /** * Get an existing GlobalForwardingRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: GlobalForwardingRuleState, opts?: pulumi.CustomResourceOptions): GlobalForwardingRule; /** * Returns true if the given object is an instance of GlobalForwardingRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is GlobalForwardingRule; /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ readonly allowPscGlobalAccess: pulumi.Output; /** * [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified. */ readonly baseForwardingRule: pulumi.Output; /** * An optional description of this resource. Provide this property when * you create the resource. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Specifies the canary migration state for the backend buckets attached to this forwarding rule. * Possible values are PREPARE, TEST_BY_PERCENTAGE, and TEST_ALL_TRAFFIC. * To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to * PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be * changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate * traffic to backend buckets attached to this forwarding rule by percentage using * externalManagedBackendBucketMigrationTestingPercentage. * Rolling back a migration requires the states to be set in reverse order. So changing the * scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at * the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic * back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL. * Possible values are: `PREPARE`, `TEST_BY_PERCENTAGE`, `TEST_ALL_TRAFFIC`. */ readonly externalManagedBackendBucketMigrationState: pulumi.Output; /** * Determines the fraction of requests to backend buckets that should be processed by the Global * external Application Load Balancer. * The value of this field must be in the range [0, 100]. * This value can only be set if the loadBalancingScheme in the forwarding rule is set to * EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE. */ readonly externalManagedBackendBucketMigrationTestingPercentage: pulumi.Output; /** * The unique identifier number for the resource. This identifier is defined by the server. */ readonly forwardingRuleId: pulumi.Output; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ readonly ipAddress: pulumi.Output; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`. */ readonly ipProtocol: pulumi.Output; /** * The IP Version that will be used by this global forwarding rule. * Possible values are: `IPV4`, `IPV6`. */ readonly ipVersion: pulumi.Output; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ readonly labelFingerprint: pulumi.Output; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Specifies the forwarding rule type. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. */ readonly loadBalancingScheme: pulumi.Output; /** * Opaque filter criteria used by Loadbalancer to restrict routing * configuration to a limited set xDS compliant clients. In their xDS * requests to Loadbalancer, xDS clients present node metadata. If a * match takes place, the relevant routing configuration is made available * to those proxies. * For each metadataFilter in this list, if its filterMatchCriteria is set * to MATCH_ANY, at least one of the filterLabels must match the * corresponding label provided in the metadata. If its filterMatchCriteria * is set to MATCH_ALL, then all of its filterLabels must match with * corresponding labels in the provided metadata. * metadataFilters specified here can be overridden by those specified in * the UrlMap that this ForwardingRule references. * metadataFilters only applies to Loadbalancers that have their * loadBalancingScheme set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ readonly metadataFilters: pulumi.Output; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ readonly name: pulumi.Output; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ readonly network: pulumi.Output; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ readonly networkTier: pulumi.Output; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ readonly noAutomateDnsZone: pulumi.Output; /** * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ readonly portRange: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The PSC connection id of the PSC Forwarding Rule. */ readonly pscConnectionId: pulumi.Output; /** * The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED` */ readonly pscConnectionStatus: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ readonly serviceDirectoryRegistrations: pulumi.Output; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ readonly sourceIpRanges: pulumi.Output; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ readonly subnetwork: pulumi.Output; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: * * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ readonly target: pulumi.Output; /** * Create a GlobalForwardingRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: GlobalForwardingRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering GlobalForwardingRule resources. */ export interface GlobalForwardingRuleState { /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ allowPscGlobalAccess?: pulumi.Input; /** * [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified. */ baseForwardingRule?: pulumi.Input; /** * An optional description of this resource. Provide this property when * you create the resource. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the canary migration state for the backend buckets attached to this forwarding rule. * Possible values are PREPARE, TEST_BY_PERCENTAGE, and TEST_ALL_TRAFFIC. * To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to * PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be * changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate * traffic to backend buckets attached to this forwarding rule by percentage using * externalManagedBackendBucketMigrationTestingPercentage. * Rolling back a migration requires the states to be set in reverse order. So changing the * scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at * the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic * back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL. * Possible values are: `PREPARE`, `TEST_BY_PERCENTAGE`, `TEST_ALL_TRAFFIC`. */ externalManagedBackendBucketMigrationState?: pulumi.Input; /** * Determines the fraction of requests to backend buckets that should be processed by the Global * external Application Load Balancer. * The value of this field must be in the range [0, 100]. * This value can only be set if the loadBalancingScheme in the forwarding rule is set to * EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE. */ externalManagedBackendBucketMigrationTestingPercentage?: pulumi.Input; /** * The unique identifier number for the resource. This identifier is defined by the server. */ forwardingRuleId?: pulumi.Input; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ ipAddress?: pulumi.Input; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`. */ ipProtocol?: pulumi.Input; /** * The IP Version that will be used by this global forwarding rule. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ labelFingerprint?: pulumi.Input; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the forwarding rule type. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. */ loadBalancingScheme?: pulumi.Input; /** * Opaque filter criteria used by Loadbalancer to restrict routing * configuration to a limited set xDS compliant clients. In their xDS * requests to Loadbalancer, xDS clients present node metadata. If a * match takes place, the relevant routing configuration is made available * to those proxies. * For each metadataFilter in this list, if its filterMatchCriteria is set * to MATCH_ANY, at least one of the filterLabels must match the * corresponding label provided in the metadata. If its filterMatchCriteria * is set to MATCH_ALL, then all of its filterLabels must match with * corresponding labels in the provided metadata. * metadataFilters specified here can be overridden by those specified in * the UrlMap that this ForwardingRule references. * metadataFilters only applies to Loadbalancers that have their * loadBalancingScheme set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ metadataFilters?: pulumi.Input[]>; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ name?: pulumi.Input; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ network?: pulumi.Input; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ noAutomateDnsZone?: pulumi.Input; /** * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ portRange?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The PSC connection id of the PSC Forwarding Rule. */ pscConnectionId?: pulumi.Input; /** * The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED` */ pscConnectionStatus?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ serviceDirectoryRegistrations?: pulumi.Input; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ sourceIpRanges?: pulumi.Input[]>; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ subnetwork?: pulumi.Input; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: * * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ target?: pulumi.Input; } /** * The set of arguments for constructing a GlobalForwardingRule resource. */ export interface GlobalForwardingRuleArgs { /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ allowPscGlobalAccess?: pulumi.Input; /** * An optional description of this resource. Provide this property when * you create the resource. */ description?: pulumi.Input; /** * Specifies the canary migration state for the backend buckets attached to this forwarding rule. * Possible values are PREPARE, TEST_BY_PERCENTAGE, and TEST_ALL_TRAFFIC. * To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to * PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be * changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate * traffic to backend buckets attached to this forwarding rule by percentage using * externalManagedBackendBucketMigrationTestingPercentage. * Rolling back a migration requires the states to be set in reverse order. So changing the * scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at * the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic * back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL. * Possible values are: `PREPARE`, `TEST_BY_PERCENTAGE`, `TEST_ALL_TRAFFIC`. */ externalManagedBackendBucketMigrationState?: pulumi.Input; /** * Determines the fraction of requests to backend buckets that should be processed by the Global * external Application Load Balancer. * The value of this field must be in the range [0, 100]. * This value can only be set if the loadBalancingScheme in the forwarding rule is set to * EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE. */ externalManagedBackendBucketMigrationTestingPercentage?: pulumi.Input; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ ipAddress?: pulumi.Input; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`. */ ipProtocol?: pulumi.Input; /** * The IP Version that will be used by this global forwarding rule. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the forwarding rule type. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. */ loadBalancingScheme?: pulumi.Input; /** * Opaque filter criteria used by Loadbalancer to restrict routing * configuration to a limited set xDS compliant clients. In their xDS * requests to Loadbalancer, xDS clients present node metadata. If a * match takes place, the relevant routing configuration is made available * to those proxies. * For each metadataFilter in this list, if its filterMatchCriteria is set * to MATCH_ANY, at least one of the filterLabels must match the * corresponding label provided in the metadata. If its filterMatchCriteria * is set to MATCH_ALL, then all of its filterLabels must match with * corresponding labels in the provided metadata. * metadataFilters specified here can be overridden by those specified in * the UrlMap that this ForwardingRule references. * metadataFilters only applies to Loadbalancers that have their * loadBalancingScheme set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ metadataFilters?: pulumi.Input[]>; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ name?: pulumi.Input; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ network?: pulumi.Input; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ noAutomateDnsZone?: pulumi.Input; /** * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ portRange?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ serviceDirectoryRegistrations?: pulumi.Input; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ sourceIpRanges?: pulumi.Input[]>; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ subnetwork?: pulumi.Input; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: * * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ target: pulumi.Input; }