Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.compute/alpha.ServiceAttachment

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create ServiceAttachment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ServiceAttachment(name: string, args: ServiceAttachmentArgs, opts?: CustomResourceOptions);

@overload
def ServiceAttachment(resource_name: str,
                      args: ServiceAttachmentArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def ServiceAttachment(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      region: Optional[str] = None,
                      domain_names: Optional[Sequence[str]] = None,
                      project: Optional[str] = None,
                      description: Optional[str] = None,
                      connection_preference: Optional[ServiceAttachmentConnectionPreference] = None,
                      enable_proxy_protocol: Optional[bool] = None,
                      name: Optional[str] = None,
                      consumer_reject_lists: Optional[Sequence[str]] = None,
                      producer_forwarding_rule: Optional[str] = None,
                      nat_subnets: Optional[Sequence[str]] = None,
                      propagated_connection_limit: Optional[int] = None,
                      reconcile_connections: Optional[bool] = None,
                      consumer_accept_lists: Optional[Sequence[ServiceAttachmentConsumerProjectLimitArgs]] = None,
                      request_id: Optional[str] = None,
                      target_service: Optional[str] = None,
                      tunneling_config: Optional[ServiceAttachmentTunnelingConfigArgs] = None)

func NewServiceAttachment(ctx *Context, name string, args ServiceAttachmentArgs, opts ...ResourceOption) (*ServiceAttachment, error)

public ServiceAttachment(string name, ServiceAttachmentArgs args, CustomResourceOptions? opts = null)

public ServiceAttachment(String name, ServiceAttachmentArgs args)
public ServiceAttachment(String name, ServiceAttachmentArgs args, CustomResourceOptions options)

type: google-native:compute/alpha:ServiceAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ServiceAttachmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServiceAttachmentArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServiceAttachmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServiceAttachmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServiceAttachmentArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var serviceAttachmentResource = new GoogleNative.Compute.Alpha.ServiceAttachment("serviceAttachmentResource", new()
{
    Region = "string",
    DomainNames = new[]
    {
        "string",
    },
    Project = "string",
    Description = "string",
    ConnectionPreference = GoogleNative.Compute.Alpha.ServiceAttachmentConnectionPreference.AcceptAutomatic,
    EnableProxyProtocol = false,
    Name = "string",
    ConsumerRejectLists = new[]
    {
        "string",
    },
    ProducerForwardingRule = "string",
    NatSubnets = new[]
    {
        "string",
    },
    PropagatedConnectionLimit = 0,
    ReconcileConnections = false,
    ConsumerAcceptLists = new[]
    {
        new GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentConsumerProjectLimitArgs
        {
            ConnectionLimit = 0,
            NetworkUrl = "string",
            ProjectIdOrNum = "string",
        },
    },
    RequestId = "string",
    TargetService = "string",
    TunnelingConfig = new GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentTunnelingConfigArgs
    {
        EncapsulationProfile = GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GeneveSecurityV1,
        RoutingMode = GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigRoutingMode.PacketInjection,
    },
});

example, err := compute.NewServiceAttachment(ctx, "serviceAttachmentResource", &compute.ServiceAttachmentArgs{
	Region: pulumi.String("string"),
	DomainNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	Project:              pulumi.String("string"),
	Description:          pulumi.String("string"),
	ConnectionPreference: compute.ServiceAttachmentConnectionPreferenceAcceptAutomatic,
	EnableProxyProtocol:  pulumi.Bool(false),
	Name:                 pulumi.String("string"),
	ConsumerRejectLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	ProducerForwardingRule: pulumi.String("string"),
	NatSubnets: pulumi.StringArray{
		pulumi.String("string"),
	},
	PropagatedConnectionLimit: pulumi.Int(0),
	ReconcileConnections:      pulumi.Bool(false),
	ConsumerAcceptLists: compute.ServiceAttachmentConsumerProjectLimitArray{
		&compute.ServiceAttachmentConsumerProjectLimitArgs{
			ConnectionLimit: pulumi.Int(0),
			NetworkUrl:      pulumi.String("string"),
			ProjectIdOrNum:  pulumi.String("string"),
		},
	},
	RequestId:     pulumi.String("string"),
	TargetService: pulumi.String("string"),
	TunnelingConfig: &compute.ServiceAttachmentTunnelingConfigArgs{
		EncapsulationProfile: compute.ServiceAttachmentTunnelingConfigEncapsulationProfileGeneveSecurityV1,
		RoutingMode:          compute.ServiceAttachmentTunnelingConfigRoutingModePacketInjection,
	},
})

var serviceAttachmentResource = new ServiceAttachment("serviceAttachmentResource", ServiceAttachmentArgs.builder()
    .region("string")
    .domainNames("string")
    .project("string")
    .description("string")
    .connectionPreference("ACCEPT_AUTOMATIC")
    .enableProxyProtocol(false)
    .name("string")
    .consumerRejectLists("string")
    .producerForwardingRule("string")
    .natSubnets("string")
    .propagatedConnectionLimit(0)
    .reconcileConnections(false)
    .consumerAcceptLists(ServiceAttachmentConsumerProjectLimitArgs.builder()
        .connectionLimit(0)
        .networkUrl("string")
        .projectIdOrNum("string")
        .build())
    .requestId("string")
    .targetService("string")
    .tunnelingConfig(ServiceAttachmentTunnelingConfigArgs.builder()
        .encapsulationProfile("GENEVE_SECURITY_V1")
        .routingMode("PACKET_INJECTION")
        .build())
    .build());

service_attachment_resource = google_native.compute.alpha.ServiceAttachment("serviceAttachmentResource",
    region="string",
    domain_names=["string"],
    project="string",
    description="string",
    connection_preference=google_native.compute.alpha.ServiceAttachmentConnectionPreference.ACCEPT_AUTOMATIC,
    enable_proxy_protocol=False,
    name="string",
    consumer_reject_lists=["string"],
    producer_forwarding_rule="string",
    nat_subnets=["string"],
    propagated_connection_limit=0,
    reconcile_connections=False,
    consumer_accept_lists=[{
        "connection_limit": 0,
        "network_url": "string",
        "project_id_or_num": "string",
    }],
    request_id="string",
    target_service="string",
    tunneling_config={
        "encapsulation_profile": google_native.compute.alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GENEVE_SECURITY_V1,
        "routing_mode": google_native.compute.alpha.ServiceAttachmentTunnelingConfigRoutingMode.PACKET_INJECTION,
    })

const serviceAttachmentResource = new google_native.compute.alpha.ServiceAttachment("serviceAttachmentResource", {
    region: "string",
    domainNames: ["string"],
    project: "string",
    description: "string",
    connectionPreference: google_native.compute.alpha.ServiceAttachmentConnectionPreference.AcceptAutomatic,
    enableProxyProtocol: false,
    name: "string",
    consumerRejectLists: ["string"],
    producerForwardingRule: "string",
    natSubnets: ["string"],
    propagatedConnectionLimit: 0,
    reconcileConnections: false,
    consumerAcceptLists: [{
        connectionLimit: 0,
        networkUrl: "string",
        projectIdOrNum: "string",
    }],
    requestId: "string",
    targetService: "string",
    tunnelingConfig: {
        encapsulationProfile: google_native.compute.alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile.GeneveSecurityV1,
        routingMode: google_native.compute.alpha.ServiceAttachmentTunnelingConfigRoutingMode.PacketInjection,
    },
});

type: google-native:compute/alpha:ServiceAttachment
properties:
    connectionPreference: ACCEPT_AUTOMATIC
    consumerAcceptLists:
        - connectionLimit: 0
          networkUrl: string
          projectIdOrNum: string
    consumerRejectLists:
        - string
    description: string
    domainNames:
        - string
    enableProxyProtocol: false
    name: string
    natSubnets:
        - string
    producerForwardingRule: string
    project: string
    propagatedConnectionLimit: 0
    reconcileConnections: false
    region: string
    requestId: string
    targetService: string
    tunnelingConfig:
        encapsulationProfile: GENEVE_SECURITY_V1
        routingMode: PACKET_INJECTION

ServiceAttachment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ServiceAttachment resource accepts the following input properties:

Region string
ConnectionPreference Pulumi.GoogleNative.Compute.Alpha.ServiceAttachmentConnectionPreference: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
ConsumerAcceptLists List<Pulumi.GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentConsumerProjectLimit>: Projects that are allowed to connect to this service attachment.
ConsumerRejectLists List<string>: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
Description string: An optional description of this resource. Provide this property when you create the resource.
DomainNames List<string>: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
EnableProxyProtocol bool: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
Name string: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
NatSubnets List<string>: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
ProducerForwardingRule string: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
Project string
PropagatedConnectionLimit int: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
ReconcileConnections bool: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
RequestId string: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
TargetService string: The URL of a service serving the endpoint identified by this service attachment.
TunnelingConfig Pulumi.GoogleNative.Compute.Alpha.Inputs.ServiceAttachmentTunnelingConfig: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

Region string
ConnectionPreference ServiceAttachmentConnectionPreference: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
ConsumerAcceptLists []ServiceAttachmentConsumerProjectLimitArgs: Projects that are allowed to connect to this service attachment.
ConsumerRejectLists []string: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
Description string: An optional description of this resource. Provide this property when you create the resource.
DomainNames []string: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
EnableProxyProtocol bool: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
Name string: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
NatSubnets []string: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
ProducerForwardingRule string: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
Project string
PropagatedConnectionLimit int: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
ReconcileConnections bool: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
RequestId string: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
TargetService string: The URL of a service serving the endpoint identified by this service attachment.
TunnelingConfig ServiceAttachmentTunnelingConfigArgs: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

region String
connectionPreference ServiceAttachmentConnectionPreference: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
consumerAcceptLists List<ServiceAttachmentConsumerProjectLimit>: Projects that are allowed to connect to this service attachment.
consumerRejectLists List<String>: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
description String: An optional description of this resource. Provide this property when you create the resource.
domainNames List<String>: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
enableProxyProtocol Boolean: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
name String: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
natSubnets List<String>: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
producerForwardingRule String: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
project String
propagatedConnectionLimit Integer: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
reconcileConnections Boolean: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
requestId String: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
targetService String: The URL of a service serving the endpoint identified by this service attachment.
tunnelingConfig ServiceAttachmentTunnelingConfig: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

region string
connectionPreference ServiceAttachmentConnectionPreference: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
consumerAcceptLists ServiceAttachmentConsumerProjectLimit[]: Projects that are allowed to connect to this service attachment.
consumerRejectLists string[]: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
description string: An optional description of this resource. Provide this property when you create the resource.
domainNames string[]: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
enableProxyProtocol boolean: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
name string: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
natSubnets string[]: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
producerForwardingRule string: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
project string
propagatedConnectionLimit number: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
reconcileConnections boolean: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
requestId string: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
targetService string: The URL of a service serving the endpoint identified by this service attachment.
tunnelingConfig ServiceAttachmentTunnelingConfig: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

region str
connection_preference ServiceAttachmentConnectionPreference: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
consumer_accept_lists Sequence[ServiceAttachmentConsumerProjectLimitArgs]: Projects that are allowed to connect to this service attachment.
consumer_reject_lists Sequence[str]: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
description str: An optional description of this resource. Provide this property when you create the resource.
domain_names Sequence[str]: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
enable_proxy_protocol bool: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
name str: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
nat_subnets Sequence[str]: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
producer_forwarding_rule str: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
project str
propagated_connection_limit int: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
reconcile_connections bool: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
request_id str: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
target_service str: The URL of a service serving the endpoint identified by this service attachment.
tunneling_config ServiceAttachmentTunnelingConfigArgs: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

region String
connectionPreference "ACCEPT_AUTOMATIC" | "ACCEPT_MANUAL" | "CONNECTION_PREFERENCE_UNSPECIFIED": The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.
consumerAcceptLists List<Property Map>: Projects that are allowed to connect to this service attachment.
consumerRejectLists List<String>: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.
description String: An optional description of this resource. Provide this property when you create the resource.
domainNames List<String>: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1.
enableProxyProtocol Boolean: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
name String: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
natSubnets List<String>: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.
producerForwardingRule String: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.
project String
propagatedConnectionLimit Number: The number of VPCs to which this endpoint is allowed to be propagated per accept list resource (project or network). For ACCEPT_AUTOMATIC service attachment, this limit is default to per project.
reconcileConnections Boolean: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false.
requestId String: An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
targetService String: The URL of a service serving the endpoint identified by this service attachment.
tunnelingConfig Property Map: When a tunneling config is set on this service attachment it will encapsulate traffic between consumer and producer. When tunneling is enabled: - nat_subnets must be unset - enable_proxy_protocol must be false - producer_forwarding_rule must be a L4 ILB. -

Outputs

All input properties are implicitly available as output properties. Additionally, the ServiceAttachment resource produces the following output properties:

ConnectedEndpoints List<Pulumi.GoogleNative.Compute.Alpha.Outputs.ServiceAttachmentConnectedEndpointResponse>: An array of connections for all the consumers connected to this service attachment.
CreationTimestamp string: Creation timestamp in RFC3339 text format.
Fingerprint string: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
Id string: The provider-assigned unique ID for this managed resource.
Kind string: Type of the resource. Always compute#serviceAttachment for service attachments.
PscServiceAttachmentId Pulumi.GoogleNative.Compute.Alpha.Outputs.Uint128Response: An 128-bit global unique ID of the PSC service attachment.
SelfLink string: Server-defined URL for the resource.

ConnectedEndpoints []ServiceAttachmentConnectedEndpointResponse: An array of connections for all the consumers connected to this service attachment.
CreationTimestamp string: Creation timestamp in RFC3339 text format.
Fingerprint string: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
Id string: The provider-assigned unique ID for this managed resource.
Kind string: Type of the resource. Always compute#serviceAttachment for service attachments.
PscServiceAttachmentId Uint128Response: An 128-bit global unique ID of the PSC service attachment.
SelfLink string: Server-defined URL for the resource.

connectedEndpoints List<ServiceAttachmentConnectedEndpointResponse>: An array of connections for all the consumers connected to this service attachment.
creationTimestamp String: Creation timestamp in RFC3339 text format.
fingerprint String: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
id String: The provider-assigned unique ID for this managed resource.
kind String: Type of the resource. Always compute#serviceAttachment for service attachments.
pscServiceAttachmentId Uint128Response: An 128-bit global unique ID of the PSC service attachment.
selfLink String: Server-defined URL for the resource.

connectedEndpoints ServiceAttachmentConnectedEndpointResponse[]: An array of connections for all the consumers connected to this service attachment.
creationTimestamp string: Creation timestamp in RFC3339 text format.
fingerprint string: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
id string: The provider-assigned unique ID for this managed resource.
kind string: Type of the resource. Always compute#serviceAttachment for service attachments.
pscServiceAttachmentId Uint128Response: An 128-bit global unique ID of the PSC service attachment.
selfLink string: Server-defined URL for the resource.

connected_endpoints Sequence[ServiceAttachmentConnectedEndpointResponse]: An array of connections for all the consumers connected to this service attachment.
creation_timestamp str: Creation timestamp in RFC3339 text format.
fingerprint str: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
id str: The provider-assigned unique ID for this managed resource.
kind str: Type of the resource. Always compute#serviceAttachment for service attachments.
psc_service_attachment_id Uint128Response: An 128-bit global unique ID of the PSC service attachment.
self_link str: Server-defined URL for the resource.

connectedEndpoints List<Property Map>: An array of connections for all the consumers connected to this service attachment.
creationTimestamp String: Creation timestamp in RFC3339 text format.
fingerprint String: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.
id String: The provider-assigned unique ID for this managed resource.
kind String: Type of the resource. Always compute#serviceAttachment for service attachments.
pscServiceAttachmentId Property Map: An 128-bit global unique ID of the PSC service attachment.
selfLink String: Server-defined URL for the resource.

Supporting Types

ServiceAttachmentConnectedEndpointResponse, ServiceAttachmentConnectedEndpointResponseArgs

ConsumerNetwork string: The url of the consumer network.
Endpoint string: The url of a connected endpoint.
PscConnectionId string: The PSC connection id of the connected endpoint.
Status string: The status of a connected endpoint to this service attachment.

ConsumerNetwork string: The url of the consumer network.
Endpoint string: The url of a connected endpoint.
PscConnectionId string: The PSC connection id of the connected endpoint.
Status string: The status of a connected endpoint to this service attachment.

consumerNetwork String: The url of the consumer network.
endpoint String: The url of a connected endpoint.
pscConnectionId String: The PSC connection id of the connected endpoint.
status String: The status of a connected endpoint to this service attachment.

consumerNetwork string: The url of the consumer network.
endpoint string: The url of a connected endpoint.
pscConnectionId string: The PSC connection id of the connected endpoint.
status string: The status of a connected endpoint to this service attachment.

consumer_network str: The url of the consumer network.
endpoint str: The url of a connected endpoint.
psc_connection_id str: The PSC connection id of the connected endpoint.
status str: The status of a connected endpoint to this service attachment.

consumerNetwork String: The url of the consumer network.
endpoint String: The url of a connected endpoint.
pscConnectionId String: The PSC connection id of the connected endpoint.
status String: The status of a connected endpoint to this service attachment.

ServiceAttachmentConnectionPreference, ServiceAttachmentConnectionPreferenceArgs

AcceptAutomatic: ACCEPT_AUTOMATIC
AcceptManual: ACCEPT_MANUAL
ConnectionPreferenceUnspecified: CONNECTION_PREFERENCE_UNSPECIFIED

ServiceAttachmentConnectionPreferenceAcceptAutomatic: ACCEPT_AUTOMATIC
ServiceAttachmentConnectionPreferenceAcceptManual: ACCEPT_MANUAL
ServiceAttachmentConnectionPreferenceConnectionPreferenceUnspecified: CONNECTION_PREFERENCE_UNSPECIFIED

AcceptAutomatic: ACCEPT_AUTOMATIC
AcceptManual: ACCEPT_MANUAL
ConnectionPreferenceUnspecified: CONNECTION_PREFERENCE_UNSPECIFIED

AcceptAutomatic: ACCEPT_AUTOMATIC
AcceptManual: ACCEPT_MANUAL
ConnectionPreferenceUnspecified: CONNECTION_PREFERENCE_UNSPECIFIED

ACCEPT_AUTOMATIC: ACCEPT_AUTOMATIC
ACCEPT_MANUAL: ACCEPT_MANUAL
CONNECTION_PREFERENCE_UNSPECIFIED: CONNECTION_PREFERENCE_UNSPECIFIED

"ACCEPT_AUTOMATIC": ACCEPT_AUTOMATIC
"ACCEPT_MANUAL": ACCEPT_MANUAL
"CONNECTION_PREFERENCE_UNSPECIFIED": CONNECTION_PREFERENCE_UNSPECIFIED

ServiceAttachmentConsumerProjectLimit, ServiceAttachmentConsumerProjectLimitArgs

ConnectionLimit int: The value of the limit to set.
NetworkUrl string: The network URL for the network to set the limit for.
ProjectIdOrNum string: The project id or number for the project to set the limit for.

ConnectionLimit int: The value of the limit to set.
NetworkUrl string: The network URL for the network to set the limit for.
ProjectIdOrNum string: The project id or number for the project to set the limit for.

connectionLimit Integer: The value of the limit to set.
networkUrl String: The network URL for the network to set the limit for.
projectIdOrNum String: The project id or number for the project to set the limit for.

connectionLimit number: The value of the limit to set.
networkUrl string: The network URL for the network to set the limit for.
projectIdOrNum string: The project id or number for the project to set the limit for.

connection_limit int: The value of the limit to set.
network_url str: The network URL for the network to set the limit for.
project_id_or_num str: The project id or number for the project to set the limit for.

connectionLimit Number: The value of the limit to set.
networkUrl String: The network URL for the network to set the limit for.
projectIdOrNum String: The project id or number for the project to set the limit for.

ServiceAttachmentConsumerProjectLimitResponse, ServiceAttachmentConsumerProjectLimitResponseArgs

ConnectionLimit int: The value of the limit to set.
NetworkUrl string: The network URL for the network to set the limit for.
ProjectIdOrNum string: The project id or number for the project to set the limit for.

ConnectionLimit int: The value of the limit to set.
NetworkUrl string: The network URL for the network to set the limit for.
ProjectIdOrNum string: The project id or number for the project to set the limit for.

connectionLimit Integer: The value of the limit to set.
networkUrl String: The network URL for the network to set the limit for.
projectIdOrNum String: The project id or number for the project to set the limit for.

connectionLimit number: The value of the limit to set.
networkUrl string: The network URL for the network to set the limit for.
projectIdOrNum string: The project id or number for the project to set the limit for.

connection_limit int: The value of the limit to set.
network_url str: The network URL for the network to set the limit for.
project_id_or_num str: The project id or number for the project to set the limit for.

connectionLimit Number: The value of the limit to set.
networkUrl String: The network URL for the network to set the limit for.
projectIdOrNum String: The project id or number for the project to set the limit for.

ServiceAttachmentTunnelingConfig, ServiceAttachmentTunnelingConfigArgs

EncapsulationProfile Pulumi.GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigEncapsulationProfile: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
RoutingMode Pulumi.GoogleNative.Compute.Alpha.ServiceAttachmentTunnelingConfigRoutingMode: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

EncapsulationProfile ServiceAttachmentTunnelingConfigEncapsulationProfile: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
RoutingMode ServiceAttachmentTunnelingConfigRoutingMode: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile ServiceAttachmentTunnelingConfigEncapsulationProfile: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode ServiceAttachmentTunnelingConfigRoutingMode: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile ServiceAttachmentTunnelingConfigEncapsulationProfile: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode ServiceAttachmentTunnelingConfigRoutingMode: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulation_profile ServiceAttachmentTunnelingConfigEncapsulationProfile: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routing_mode ServiceAttachmentTunnelingConfigRoutingMode: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile "GENEVE_SECURITY_V1" | "UNSPECIFIED_ENCAPSULATION_PROFILE": Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode "PACKET_INJECTION" | "STANDARD_ROUTING" | "UNSPECIFIED_ROUTING_MODE": How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

ServiceAttachmentTunnelingConfigEncapsulationProfile, ServiceAttachmentTunnelingConfigEncapsulationProfileArgs

GeneveSecurityV1: GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
UnspecifiedEncapsulationProfile: UNSPECIFIED_ENCAPSULATION_PROFILE

ServiceAttachmentTunnelingConfigEncapsulationProfileGeneveSecurityV1: GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
ServiceAttachmentTunnelingConfigEncapsulationProfileUnspecifiedEncapsulationProfile: UNSPECIFIED_ENCAPSULATION_PROFILE

GeneveSecurityV1: GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
UnspecifiedEncapsulationProfile: UNSPECIFIED_ENCAPSULATION_PROFILE

GeneveSecurityV1: GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
UnspecifiedEncapsulationProfile: UNSPECIFIED_ENCAPSULATION_PROFILE

GENEVE_SECURITY_V1: GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
UNSPECIFIED_ENCAPSULATION_PROFILE: UNSPECIFIED_ENCAPSULATION_PROFILE

"GENEVE_SECURITY_V1": GENEVE_SECURITY_V1Use GENEVE encapsulation protocol and include the SECURITY_V1 set of GENEVE headers.
"UNSPECIFIED_ENCAPSULATION_PROFILE": UNSPECIFIED_ENCAPSULATION_PROFILE

ServiceAttachmentTunnelingConfigResponse, ServiceAttachmentTunnelingConfigResponseArgs

EncapsulationProfile string: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
RoutingMode string: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

EncapsulationProfile string: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
RoutingMode string: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile String: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode String: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile string: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode string: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulation_profile str: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routing_mode str: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

encapsulationProfile String: Specify the encapsulation protocol and what metadata to include in incoming encapsulated packet headers.
routingMode String: How this Service Attachment will treat traffic sent to the tunnel_ip, destined for the consumer network.

ServiceAttachmentTunnelingConfigRoutingMode, ServiceAttachmentTunnelingConfigRoutingModeArgs

PacketInjection: PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
StandardRouting: STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
UnspecifiedRoutingMode: UNSPECIFIED_ROUTING_MODE

ServiceAttachmentTunnelingConfigRoutingModePacketInjection: PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
ServiceAttachmentTunnelingConfigRoutingModeStandardRouting: STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
ServiceAttachmentTunnelingConfigRoutingModeUnspecifiedRoutingMode: UNSPECIFIED_ROUTING_MODE

PacketInjection: PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
StandardRouting: STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
UnspecifiedRoutingMode: UNSPECIFIED_ROUTING_MODE

PacketInjection: PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
StandardRouting: STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
UnspecifiedRoutingMode: UNSPECIFIED_ROUTING_MODE

PACKET_INJECTION: PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
STANDARD_ROUTING: STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
UNSPECIFIED_ROUTING_MODE: UNSPECIFIED_ROUTING_MODE

"PACKET_INJECTION": PACKET_INJECTIONTraffic sent to this service attachment will be reinjected into the consumer network.
"STANDARD_ROUTING": STANDARD_ROUTINGResponse traffic, after de-encapsulation, will be returned to the client.
"UNSPECIFIED_ROUTING_MODE": UNSPECIFIED_ROUTING_MODE

Uint128Response, Uint128ResponseArgs

High string
Low string

High string
Low string

high String
low String

high string
low string

high str
low str

high String
low String

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.compute/alpha.ServiceAttachment

On this page

On this page

Create ServiceAttachment Resource

Constructor syntax

Parameters

Constructor example

ServiceAttachment Resource Properties

Inputs

Outputs

Supporting Types

ServiceAttachmentConnectedEndpointResponse, ServiceAttachmentConnectedEndpointResponseArgs

ServiceAttachmentConnectionPreference, ServiceAttachmentConnectionPreferenceArgs

ServiceAttachmentConsumerProjectLimit, ServiceAttachmentConsumerProjectLimitArgs

ServiceAttachmentConsumerProjectLimitResponse, ServiceAttachmentConsumerProjectLimitResponseArgs

ServiceAttachmentTunnelingConfig, ServiceAttachmentTunnelingConfigArgs

ServiceAttachmentTunnelingConfigEncapsulationProfile, ServiceAttachmentTunnelingConfigEncapsulationProfileArgs

ServiceAttachmentTunnelingConfigResponse, ServiceAttachmentTunnelingConfigResponseArgs

ServiceAttachmentTunnelingConfigRoutingMode, ServiceAttachmentTunnelingConfigRoutingModeArgs

Uint128Response, Uint128ResponseArgs

Package Details

On this page

On this page