Gateway
data class GatewayArgs(val addresses: Output<List<String>>? = null, val certificateUrls: Output<List<String>>? = null, val deleteSwgAutogenRouterOnDestroy: Output<Boolean>? = null, val description: Output<String>? = null, val gatewaySecurityPolicy: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val network: Output<String>? = null, val ports: Output<List<Int>>? = null, val project: Output<String>? = null, val scope: Output<String>? = null, val serverTlsPolicy: Output<String>? = null, val subnetwork: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<GatewayArgs>
Gateway represents the configuration for a proxy, typically a load balancer. It captures the ip:port over which the services are exposed by the proxy, along with any policy configurations. Routes have reference to to Gateways to dictate how requests should be routed by this Gateway. To get more information about Gateway, see:
Example Usage
Network Services Gateway Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Gateway("default", GatewayArgs.builder()
.ports(443)
.scope("default-scope-basic")
.type("OPEN_MESH")
.build());
}
}Content copied to clipboard
Network Services Gateway Advanced
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Gateway("default", GatewayArgs.builder()
.description("my description")
.labels(Map.of("foo", "bar"))
.ports(443)
.scope("default-scope-advance")
.type("OPEN_MESH")
.build());
}
}Content copied to clipboard
Network Services Gateway Secure Web Proxy
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
.location("us-central1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(Files.readString(Paths.get("test-fixtures/cert.pem")))
.pemPrivateKey(Files.readString(Paths.get("test-fixtures/private-key.pem")))
.build())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.routingMode("REGIONAL")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.purpose("PRIVATE")
.ipCidrRange("10.128.0.0/20")
.region("us-central1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var proxyonlysubnet = new Subnetwork("proxyonlysubnet", SubnetworkArgs.builder()
.purpose("REGIONAL_MANAGED_PROXY")
.ipCidrRange("192.168.0.0/23")
.region("us-central1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.location("us-central1")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.location("us-central1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.priority(1)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
var defaultGateway = new Gateway("defaultGateway", GatewayArgs.builder()
.location("us-central1")
.addresses("10.128.0.99")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope1")
.certificateUrls(defaultCertificate.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
}
}Content copied to clipboard
Network Services Gateway Multiple Swp Same Network
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;
import com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;
import com.pulumi.gcp.networkservices.Gateway;
import com.pulumi.gcp.networkservices.GatewayArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
.location("us-south1")
.selfManaged(CertificateSelfManagedArgs.builder()
.pemCertificate(Files.readString(Paths.get("test-fixtures/cert.pem")))
.pemPrivateKey(Files.readString(Paths.get("test-fixtures/private-key.pem")))
.build())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.routingMode("REGIONAL")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.purpose("PRIVATE")
.ipCidrRange("10.128.0.0/20")
.region("us-south1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var proxyonlysubnet = new Subnetwork("proxyonlysubnet", SubnetworkArgs.builder()
.purpose("REGIONAL_MANAGED_PROXY")
.ipCidrRange("192.168.0.0/23")
.region("us-south1")
.network(defaultNetwork.id())
.role("ACTIVE")
.build());
var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy("defaultGatewaySecurityPolicy", GatewaySecurityPolicyArgs.builder()
.location("us-south1")
.build());
var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule("defaultGatewaySecurityPolicyRule", GatewaySecurityPolicyRuleArgs.builder()
.location("us-south1")
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())
.enabled(true)
.priority(1)
.sessionMatcher("host() == 'example.com'")
.basicProfile("ALLOW")
.build());
var defaultGateway = new Gateway("defaultGateway", GatewayArgs.builder()
.location("us-south1")
.addresses("10.128.0.99")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope1")
.certificateUrls(defaultCertificate.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
var gateway2 = new Gateway("gateway2", GatewayArgs.builder()
.location("us-south1")
.addresses("10.128.0.98")
.type("SECURE_WEB_GATEWAY")
.ports(443)
.scope("my-default-scope2")
.certificateUrls(defaultCertificate.id())
.gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.deleteSwgAutogenRouterOnDestroy(true)
.build(), CustomResourceOptions.builder()
.dependsOn(proxyonlysubnet)
.build());
}
}Content copied to clipboard
Import
Gateway can be imported using any of these accepted formats
$ pulumi import gcp:networkservices/gateway:Gateway default projects/{{project}}/locations/{{location}}/gateways/{{name}}Content copied to clipboard
$ pulumi import gcp:networkservices/gateway:Gateway default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networkservices/gateway:Gateway default {{location}}/{{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(addresses: Output<List<String>>? = null, certificateUrls: Output<List<String>>? = null, deleteSwgAutogenRouterOnDestroy: Output<Boolean>? = null, description: Output<String>? = null, gatewaySecurityPolicy: Output<String>? = null, labels: Output<Map<String, String>>? = null, location: Output<String>? = null, name: Output<String>? = null, network: Output<String>? = null, ports: Output<List<Int>>? = null, project: Output<String>? = null, scope: Output<String>? = null, serverTlsPolicy: Output<String>? = null, subnetwork: Output<String>? = null, type: Output<String>? = null)
Properties
Link copied to clipboard
Link copied to clipboard
A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
Link copied to clipboard
When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation. If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
Link copied to clipboard
A free-text description of the resource. Max length 1024 characters.
Link copied to clipboard
A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. For example: projects/*/locations/*/gatewaySecurityPolicies/swg-policy. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
Link copied to clipboard
Link copied to clipboard
Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
Link copied to clipboard
A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
Link copied to clipboard
The relative resource name identifying the subnetwork in which this SWG is allocated. For example: projects/*/regions/us-central1/subnetworks/network-1. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.