import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * VPN tunnel resource. * * To get more information about VpnTunnel, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels) * * How-to Guides * * [Cloud VPN Overview](https://cloud.google.com/vpn/docs/concepts/overview) * * [Networks and Tunnel Routing](https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing) * * > **Note:** All arguments marked as write-only values will not be stored in the state: `sharedSecretWo`. * Read more about Write-only Attributes. * * ## Example Usage * * ### Vpn Tunnel Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const network1 = new gcp.compute.Network("network1", {name: "network-1"}); * const targetGateway = new gcp.compute.VPNGateway("target_gateway", { * name: "vpn-1", * network: network1.id, * }); * const vpnStaticIp = new gcp.compute.Address("vpn_static_ip", {name: "vpn-static-ip"}); * const frEsp = new gcp.compute.ForwardingRule("fr_esp", { * name: "fr-esp", * ipProtocol: "ESP", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const frUdp500 = new gcp.compute.ForwardingRule("fr_udp500", { * name: "fr-udp500", * ipProtocol: "UDP", * portRange: "500", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const frUdp4500 = new gcp.compute.ForwardingRule("fr_udp4500", { * name: "fr-udp4500", * ipProtocol: "UDP", * portRange: "4500", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const tunnel1 = new gcp.compute.VPNTunnel("tunnel1", { * name: "tunnel-1", * peerIp: "15.0.0.120", * sharedSecret: "a secret message", * targetVpnGateway: targetGateway.id, * labels: { * foo: "bar", * }, * }, { * dependsOn: [ * frEsp, * frUdp500, * frUdp4500, * ], * }); * const route1 = new gcp.compute.Route("route1", { * name: "route1", * network: network1.name, * destRange: "15.0.0.0/24", * priority: 1000, * nextHopVpnTunnel: tunnel1.id, * }); * ``` * ### Vpn Tunnel Cipher Suite * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const network1 = new gcp.compute.Network("network1", {name: "network-1"}); * const targetGateway = new gcp.compute.VPNGateway("target_gateway", { * name: "vpn-1", * network: network1.id, * }); * const vpnStaticIp = new gcp.compute.Address("vpn_static_ip", {name: "vpn-static-ip"}); * const frEsp = new gcp.compute.ForwardingRule("fr_esp", { * name: "fr-esp", * ipProtocol: "ESP", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const frUdp500 = new gcp.compute.ForwardingRule("fr_udp500", { * name: "fr-udp500", * ipProtocol: "UDP", * portRange: "500", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const frUdp4500 = new gcp.compute.ForwardingRule("fr_udp4500", { * name: "fr-udp4500", * ipProtocol: "UDP", * portRange: "4500", * ipAddress: vpnStaticIp.address, * target: targetGateway.id, * }); * const tunnel1 = new gcp.compute.VPNTunnel("tunnel1", { * name: "tunnel-cipher", * peerIp: "15.0.0.120", * sharedSecret: "a secret message", * targetVpnGateway: targetGateway.id, * cipherSuite: { * phase1: { * encryptions: ["AES-CBC-256"], * integrities: ["HMAC-SHA2-256-128"], * prves: ["PRF-HMAC-SHA2-256"], * dhs: ["Group-14"], * }, * phase2: { * encryptions: ["AES-CBC-128"], * integrities: ["HMAC-SHA2-256-128"], * pfs: ["Group-14"], * }, * }, * labels: { * foo: "bar", * }, * }, { * dependsOn: [ * frEsp, * frUdp500, * frUdp4500, * ], * }); * const route1 = new gcp.compute.Route("route1", { * name: "route1", * network: network1.name, * destRange: "15.0.0.0/24", * priority: 1000, * nextHopVpnTunnel: tunnel1.id, * }); * ``` * * ## Ephemeral Attributes Reference * * The following write-only attributes are supported: * * * `sharedSecretWo` - * (Optional) * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * Note: This property is write-only and will not be read from the API. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) * **Note**: This property is write-only and will not be read from the API. * * ## Import * * VpnTunnel can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}` * * * `{{project}}/{{region}}/{{name}}` * * * `{{region}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, VpnTunnel can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/vPNTunnel:VPNTunnel default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{project}}/{{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{name}} * ``` */ export declare class VPNTunnel extends pulumi.CustomResource { /** * Get an existing VPNTunnel resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: VPNTunnelState, opts?: pulumi.CustomResourceOptions): VPNTunnel; /** * Returns true if the given object is an instance of VPNTunnel. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is VPNTunnel; /** * User specified list of ciphers to use for the phase 1 and phase 2 of the IKE protocol. * Structure is documented below. */ readonly cipherSuite: pulumi.Output; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. */ readonly description: pulumi.Output; /** * Detailed status message for the VPN tunnel. */ readonly detailedStatus: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * IKE protocol version to use when establishing the VPN tunnel with * peer VPN gateway. * Acceptable IKE versions are 1 or 2. Default version is 2. */ readonly ikeVersion: pulumi.Output; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ readonly labelFingerprint: pulumi.Output; /** * Labels to apply to this VpnTunnel. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Local traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ readonly localTrafficSelectors: pulumi.Output; /** * Name of the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 * characters long and match the regular expression * `a-z?` which means the first character * must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ readonly name: pulumi.Output; /** * URL of the peer side external VPN gateway to which this VPN tunnel is connected. */ readonly peerExternalGateway: pulumi.Output; /** * The interface ID of the external VPN gateway to which this VPN tunnel is connected. */ readonly peerExternalGatewayInterface: pulumi.Output; /** * URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. * If provided, the VPN tunnel will automatically use the same vpnGatewayInterface * ID in the peer GCP VPN gateway. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ readonly peerGcpGateway: pulumi.Output; /** * IP address of the peer VPN gateway. Only IPv4 is supported. */ readonly peerIp: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * The region where the tunnel is located. If unset, is set to the region of `targetVpnGateway`. */ readonly region: pulumi.Output; /** * Remote traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ readonly remoteTrafficSelectors: pulumi.Output; /** * URL of router resource to be used for dynamic routing. */ readonly router: pulumi.Output; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * **Note**: This property is sensitive and will not be displayed in the plan. */ readonly sharedSecret: pulumi.Output; /** * Hash of the shared secret. */ readonly sharedSecretHash: pulumi.Output; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * Note: This property is write-only and will not be read from the API. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ readonly sharedSecretWo: pulumi.Output; /** * Triggers update of sharedSecretWo write-only. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ readonly sharedSecretWoVersion: pulumi.Output; /** * URL of the Target VPN gateway with which this VPN tunnel is * associated. */ readonly targetVpnGateway: pulumi.Output; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly tunnelId: pulumi.Output; /** * URL of the VPN gateway with which this VPN tunnel is associated. * This must be used if a High Availability VPN gateway resource is created. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ readonly vpnGateway: pulumi.Output; /** * The interface ID of the VPN gateway with which this VPN tunnel is associated. */ readonly vpnGatewayInterface: pulumi.Output; /** * Create a VPNTunnel resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: VPNTunnelArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering VPNTunnel resources. */ export interface VPNTunnelState { /** * User specified list of ciphers to use for the phase 1 and phase 2 of the IKE protocol. * Structure is documented below. */ cipherSuite?: pulumi.Input; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * Detailed status message for the VPN tunnel. */ detailedStatus?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * IKE protocol version to use when establishing the VPN tunnel with * peer VPN gateway. * Acceptable IKE versions are 1 or 2. Default version is 2. */ ikeVersion?: pulumi.Input; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ labelFingerprint?: pulumi.Input; /** * Labels to apply to this VpnTunnel. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Local traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ localTrafficSelectors?: pulumi.Input[]>; /** * Name of the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 * characters long and match the regular expression * `a-z?` which means the first character * must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ name?: pulumi.Input; /** * URL of the peer side external VPN gateway to which this VPN tunnel is connected. */ peerExternalGateway?: pulumi.Input; /** * The interface ID of the external VPN gateway to which this VPN tunnel is connected. */ peerExternalGatewayInterface?: pulumi.Input; /** * URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. * If provided, the VPN tunnel will automatically use the same vpnGatewayInterface * ID in the peer GCP VPN gateway. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ peerGcpGateway?: pulumi.Input; /** * IP address of the peer VPN gateway. Only IPv4 is supported. */ peerIp?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The region where the tunnel is located. If unset, is set to the region of `targetVpnGateway`. */ region?: pulumi.Input; /** * Remote traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ remoteTrafficSelectors?: pulumi.Input[]>; /** * URL of router resource to be used for dynamic routing. */ router?: pulumi.Input; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * **Note**: This property is sensitive and will not be displayed in the plan. */ sharedSecret?: pulumi.Input; /** * Hash of the shared secret. */ sharedSecretHash?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * Note: This property is write-only and will not be read from the API. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ sharedSecretWo?: pulumi.Input; /** * Triggers update of sharedSecretWo write-only. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ sharedSecretWoVersion?: pulumi.Input; /** * URL of the Target VPN gateway with which this VPN tunnel is * associated. */ targetVpnGateway?: pulumi.Input; /** * The unique identifier for the resource. This identifier is defined by the server. */ tunnelId?: pulumi.Input; /** * URL of the VPN gateway with which this VPN tunnel is associated. * This must be used if a High Availability VPN gateway resource is created. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ vpnGateway?: pulumi.Input; /** * The interface ID of the VPN gateway with which this VPN tunnel is associated. */ vpnGatewayInterface?: pulumi.Input; } /** * The set of arguments for constructing a VPNTunnel resource. */ export interface VPNTunnelArgs { /** * User specified list of ciphers to use for the phase 1 and phase 2 of the IKE protocol. * Structure is documented below. */ cipherSuite?: pulumi.Input; /** * An optional description of this resource. */ description?: pulumi.Input; /** * IKE protocol version to use when establishing the VPN tunnel with * peer VPN gateway. * Acceptable IKE versions are 1 or 2. Default version is 2. */ ikeVersion?: pulumi.Input; /** * Labels to apply to this VpnTunnel. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Local traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ localTrafficSelectors?: pulumi.Input[]>; /** * Name of the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 * characters long and match the regular expression * `a-z?` which means the first character * must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ name?: pulumi.Input; /** * URL of the peer side external VPN gateway to which this VPN tunnel is connected. */ peerExternalGateway?: pulumi.Input; /** * The interface ID of the external VPN gateway to which this VPN tunnel is connected. */ peerExternalGatewayInterface?: pulumi.Input; /** * URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. * If provided, the VPN tunnel will automatically use the same vpnGatewayInterface * ID in the peer GCP VPN gateway. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ peerGcpGateway?: pulumi.Input; /** * IP address of the peer VPN gateway. Only IPv4 is supported. */ peerIp?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The region where the tunnel is located. If unset, is set to the region of `targetVpnGateway`. */ region?: pulumi.Input; /** * Remote traffic selector to use when establishing the VPN tunnel with * peer VPN gateway. The value should be a CIDR formatted string, * for example `192.168.0.0/16`. The ranges should be disjoint. * Only IPv4 is supported. */ remoteTrafficSelectors?: pulumi.Input[]>; /** * URL of router resource to be used for dynamic routing. */ router?: pulumi.Input; /** * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * **Note**: This property is sensitive and will not be displayed in the plan. */ sharedSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Shared secret used to set the secure session between the Cloud VPN * gateway and the peer VPN gateway. * Note: This property is write-only and will not be read from the API. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ sharedSecretWo?: pulumi.Input; /** * Triggers update of sharedSecretWo write-only. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes) */ sharedSecretWoVersion?: pulumi.Input; /** * URL of the Target VPN gateway with which this VPN tunnel is * associated. */ targetVpnGateway?: pulumi.Input; /** * URL of the VPN gateway with which this VPN tunnel is associated. * This must be used if a High Availability VPN gateway resource is created. * This field must reference a `gcp.compute.HaVpnGateway` resource. */ vpnGateway?: pulumi.Input; /** * The interface ID of the VPN gateway with which this VPN tunnel is associated. */ vpnGatewayInterface?: pulumi.Input; }