@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A VPC network is a virtual version of the traditional physical networks * that exist within and between physical data centers. A VPC network * provides connectivity for your Compute Engine virtual machine (VM) * instances, Container Engine containers, App Engine Flex services, and * other network-related resources. * * Each GCP project contains one or more VPC networks. Each VPC network is a * global entity spanning all GCP regions. This global VPC network allows VM * instances and other resources to communicate with each other via internal, * private IP addresses. * * Each VPC network is subdivided into subnets, and each subnet is contained * within a single region. You can have more than one subnet in a region for * a given VPC network. Each subnet has a contiguous private RFC1918 IP * space. You create instances, containers, and the like in these subnets. * When you create an instance, you must create it in a subnet, and the * instance draws its internal IP address from that subnet. * * Virtual machine (VM) instances in a VPC network can communicate with * instances in all other subnets of the same VPC network, regardless of * region, using their RFC1918 private IP addresses. You can isolate portions * of the network, even entire subnets, using firewall rules. * * To get more information about Subnetwork, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks) * * How-to Guides * * [Cloud Networking](https://cloud.google.com/vpc/docs/using-vpc) * * [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) * * ## Example Usage * * ### Subnetwork Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "test-network", * autoCreateSubnetworks: false, * }); * const network_with_private_secondary_ip_ranges = new gcp.compute.Subnetwork("network-with-private-secondary-ip-ranges", { * name: "test-subnetwork", * ipCidrRange: "10.2.0.0/16", * region: "us-central1", * network: custom_test.id, * secondaryIpRanges: [{ * rangeName: "tf-test-secondary-range-update1", * ipCidrRange: "192.168.10.0/24", * }], * }); * ``` * ### Subnetwork Logging Config * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "log-test-network", * autoCreateSubnetworks: false, * }); * const subnet_with_logging = new gcp.compute.Subnetwork("subnet-with-logging", { * name: "log-test-subnetwork", * ipCidrRange: "10.2.0.0/16", * region: "us-central1", * network: custom_test.id, * logConfig: { * aggregationInterval: "INTERVAL_10_MIN", * flowSampling: 0.5, * metadata: "INCLUDE_ALL_METADATA", * }, * }); * ``` * ### Subnetwork Internal L7lb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "l7lb-test-network", * autoCreateSubnetworks: false, * }); * const network_for_l7lb = new gcp.compute.Subnetwork("network-for-l7lb", { * name: "l7lb-test-subnetwork", * ipCidrRange: "10.0.0.0/22", * region: "us-central1", * purpose: "REGIONAL_MANAGED_PROXY", * role: "ACTIVE", * network: custom_test.id, * }); * ``` * ### Subnetwork Ipv6 * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "ipv6-test-network", * autoCreateSubnetworks: false, * }); * const subnetwork_ipv6 = new gcp.compute.Subnetwork("subnetwork-ipv6", { * name: "ipv6-test-subnetwork", * ipCidrRange: "10.0.0.0/22", * region: "us-west2", * stackType: "IPV4_IPV6", * ipv6AccessType: "EXTERNAL", * network: custom_test.id, * }); * ``` * ### Subnetwork Internal Ipv6 * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "internal-ipv6-test-network", * autoCreateSubnetworks: false, * enableUlaInternalIpv6: true, * }); * const subnetwork_internal_ipv6 = new gcp.compute.Subnetwork("subnetwork-internal-ipv6", { * name: "internal-ipv6-test-subnetwork", * ipCidrRange: "10.0.0.0/22", * region: "us-west2", * stackType: "IPV4_IPV6", * ipv6AccessType: "INTERNAL", * network: custom_test.id, * }); * ``` * ### Subnetwork Purpose Private Nat * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const custom_test = new gcp.compute.Network("custom-test", { * name: "subnet-purpose-test-network", * autoCreateSubnetworks: false, * }); * const subnetwork_purpose_private_nat = new gcp.compute.Subnetwork("subnetwork-purpose-private-nat", { * name: "subnet-purpose-test-subnetwork", * region: "us-west2", * ipCidrRange: "192.168.1.0/24", * purpose: "PRIVATE_NAT", * network: custom_test.id, * }); * ``` * ### Subnetwork Cidr Overlap * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const net_cidr_overlap = new gcp.compute.Network("net-cidr-overlap", { * name: "net-cidr-overlap", * autoCreateSubnetworks: false, * }); * const subnetwork_cidr_overlap = new gcp.compute.Subnetwork("subnetwork-cidr-overlap", { * name: "subnet-cidr-overlap", * region: "us-west2", * ipCidrRange: "192.168.1.0/24", * allowSubnetCidrRoutesOverlap: true, * network: net_cidr_overlap.id, * }); * ``` * ### Subnetwork Reserved Internal Range * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "network-reserved-internal-range", * autoCreateSubnetworks: false, * }); * const reserved = new gcp.networkconnectivity.InternalRange("reserved", { * name: "reserved", * network: _default.id, * usage: "FOR_VPC", * peering: "FOR_SELF", * prefixLength: 24, * targetCidrRanges: ["10.0.0.0/8"], * }); * const subnetwork_reserved_internal_range = new gcp.compute.Subnetwork("subnetwork-reserved-internal-range", { * name: "subnetwork-reserved-internal-range", * region: "us-central1", * network: _default.id, * reservedInternalRange: pulumi.interpolate`networkconnectivity.googleapis.com/${reserved.id}`, * }); * ``` * ### Subnetwork Reserved Secondary Range * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "network-reserved-secondary-range", * autoCreateSubnetworks: false, * }); * const reserved = new gcp.networkconnectivity.InternalRange("reserved", { * name: "reserved-primary", * network: _default.id, * usage: "FOR_VPC", * peering: "FOR_SELF", * prefixLength: 24, * targetCidrRanges: ["10.0.0.0/8"], * }); * const reservedSecondary = new gcp.networkconnectivity.InternalRange("reserved_secondary", { * name: "reserved-secondary", * network: _default.id, * usage: "FOR_VPC", * peering: "FOR_SELF", * prefixLength: 16, * targetCidrRanges: ["10.0.0.0/8"], * }); * const subnetwork_reserved_secondary_range = new gcp.compute.Subnetwork("subnetwork-reserved-secondary-range", { * name: "subnetwork-reserved-secondary-range", * region: "us-central1", * network: _default.id, * reservedInternalRange: pulumi.interpolate`networkconnectivity.googleapis.com/${reserved.id}`, * secondaryIpRanges: [{ * rangeName: "secondary", * reservedInternalRange: pulumi.interpolate`networkconnectivity.googleapis.com/${reservedSecondary.id}`, * }], * }); * ``` * * ## Import * * Subnetwork can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/subnetworks/{{name}}` * * * `{{project}}/{{region}}/{{name}}` * * * `{{region}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, Subnetwork can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/subnetwork:Subnetwork default projects/{{project}}/regions/{{region}}/subnetworks/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/subnetwork:Subnetwork default {{project}}/{{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/subnetwork:Subnetwork default {{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/subnetwork:Subnetwork default {{name}} * ``` */ export declare class Subnetwork extends pulumi.CustomResource { /** * Get an existing Subnetwork resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SubnetworkState, opts?: pulumi.CustomResourceOptions): Subnetwork; /** * Returns true if the given object is an instance of Subnetwork. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Subnetwork; /** * Typically packets destined to IPs within the subnetwork range that do not match * existing resources are dropped and prevented from leaving the VPC. * Setting this field to true will allow these packets to match dynamic routes injected * via BGP even if their destinations match existing subnet ranges. */ readonly allowSubnetCidrRoutesOverlap: pulumi.Output<boolean>; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output<string>; /** * An optional description of this resource. Provide this property when * you create the resource. This field can be set only at resource * creation time. */ readonly description: pulumi.Output<string | undefined>; /** * The range of external IPv6 addresses that are owned by this subnetwork. */ readonly externalIpv6Prefix: pulumi.Output<string>; /** * Fingerprint of this resource. This field is used internally during updates of this resource. * * @deprecated This field is not useful for users, and has been removed as an output. */ readonly fingerprint: pulumi.Output<string>; /** * The gateway address for default routes to reach destination addresses * outside this subnetwork. */ readonly gatewayAddress: pulumi.Output<string>; /** * The internal IPv6 address range that is assigned to this subnetwork. */ readonly internalIpv6Prefix: pulumi.Output<string>; /** * The range of internal addresses that are owned by this subnetwork. * Provide this property when you create the subnetwork. For example, * 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and * non-overlapping within a network. Only IPv4 is supported. * Field is optional when `reservedInternalRange` is defined, otherwise required. */ readonly ipCidrRange: pulumi.Output<string>; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_SUBNETWORK_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ readonly ipCollection: pulumi.Output<string | undefined>; /** * The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation * or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6Type is EXTERNAL then this subnet * cannot enable direct path. * Possible values are: `EXTERNAL`, `INTERNAL`. */ readonly ipv6AccessType: pulumi.Output<string | undefined>; /** * The range of internal IPv6 addresses that are owned by this subnetwork. */ readonly ipv6CidrRange: pulumi.Output<string>; /** * Possible endpoints of this subnetwork. It can be one of the following: * * VM_ONLY: The subnetwork can be used for creating instances and IPv6 addresses with VM endpoint type. Such a subnetwork * gets external IPv6 ranges from a public delegated prefix and cannot be used to create NetLb. * * VM_AND_FR: The subnetwork can be used for creating both VM instances and Forwarding Rules. It can also be used to reserve * IPv6 addresses with both VM and FR endpoint types. Such a subnetwork gets its IPv6 range from Google IP Pool directly. */ readonly ipv6GceEndpoint: pulumi.Output<string>; /** * This field denotes the VPC flow logging options for this subnetwork. If * logging is enabled, logs are exported to Cloud Logging. Flow logging * isn't supported if the subnet `purpose` field is set to subnetwork is * `REGIONAL_MANAGED_PROXY` or `GLOBAL_MANAGED_PROXY`. * Structure is documented below. */ readonly logConfig: pulumi.Output<outputs.compute.SubnetworkLogConfig | undefined>; /** * The name of the resource, provided by the client when initially * creating the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 characters * long and match the regular expression `a-z?` which * means the first character must be a lowercase letter, and all * following characters must be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ readonly name: pulumi.Output<string>; /** * The network this subnet belongs to. * Only networks that are in the distributed mode can have subnetworks. */ readonly network: pulumi.Output<string>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ readonly params: pulumi.Output<outputs.compute.SubnetworkParams | undefined>; /** * When enabled, VMs in this subnetwork without external IP addresses can * access Google APIs and services by using Private Google Access. */ readonly privateIpGoogleAccess: pulumi.Output<boolean>; /** * The private IPv6 google access type for the VMs in this subnet. */ readonly privateIpv6GoogleAccess: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The purpose of the resource. This field can be either `PRIVATE`, `REGIONAL_MANAGED_PROXY`, `GLOBAL_MANAGED_PROXY`, `PRIVATE_SERVICE_CONNECT`, `PEER_MIGRATION` or `PRIVATE_NAT`. * A subnet with purpose set to `REGIONAL_MANAGED_PROXY` is a user-created subnetwork that is reserved for regional Envoy-based load balancers. * A subnetwork in a given region with purpose set to `GLOBAL_MANAGED_PROXY` is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. * A subnetwork with purpose set to `PRIVATE_SERVICE_CONNECT` reserves the subnet for hosting a Private Service Connect published service. * A subnetwork with purpose set to `PEER_MIGRATION` is a user created subnetwork that is reserved for migrating resources from one peered network to another. * A subnetwork with purpose set to `PRIVATE_NAT` is used as source range for Private NAT gateways. * Note that `REGIONAL_MANAGED_PROXY` is the preferred setting for all regional Envoy load balancers. * If unspecified, the purpose defaults to `PRIVATE`. */ readonly purpose: pulumi.Output<string>; /** * The GCP region for this subnetwork. */ readonly region: pulumi.Output<string>; /** * The ID of the reserved internal range. Must be prefixed with `networkconnectivity.googleapis.com` * E.g. `networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}` */ readonly reservedInternalRange: pulumi.Output<string | undefined>; /** * The role of subnetwork. * Currently, this field is only used when `purpose` is `REGIONAL_MANAGED_PROXY`. * The value can be set to `ACTIVE` or `BACKUP`. * An `ACTIVE` subnetwork is one that is currently being used for Envoy-based load balancers in a region. * A `BACKUP` subnetwork is one that is ready to be promoted to `ACTIVE` or is currently draining. * Possible values are: `ACTIVE`, `BACKUP`. */ readonly role: pulumi.Output<string | undefined>; /** * An array of configurations for secondary IP ranges for VM instances * contained in this subnetwork. The primary IP of such VM must belong * to the primary ipCidrRange of the subnetwork. The alias IPs may belong * to either primary or secondary ranges. * Structure is documented below. */ readonly secondaryIpRanges: pulumi.Output<outputs.compute.SubnetworkSecondaryIpRange[]>; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output<string>; /** * Controls the removal behavior of secondary_ip_range. * When false, removing secondaryIpRange from config will not produce a diff as * the provider will default to the API's value. * When true, the provider will treat removing secondaryIpRange as sending an * empty list of secondary IP ranges to the API. * Defaults to false. */ readonly sendSecondaryIpRangeIfEmpty: pulumi.Output<boolean | undefined>; /** * The stack type for this subnet to identify whether the IPv6 feature is enabled or not. * If not specified IPV4_ONLY will be used. * Possible values are: `IPV4_ONLY`, `IPV4_IPV6`, `IPV6_ONLY`. */ readonly stackType: pulumi.Output<string>; /** * 'The state of the subnetwork, which can be one of the following values: * READY: Subnetwork is created and ready to use DRAINING: only applicable to subnetworks that have the purpose * set to INTERNAL_HTTPS_LOAD_BALANCER and indicates that connections to the load balancer are being drained. * A subnetwork that is draining cannot be used or modified until it reaches a status of READY' */ readonly state: pulumi.Output<string>; /** * The unique identifier number for the resource. This identifier is defined by the server. */ readonly subnetworkId: pulumi.Output<number>; /** * Create a Subnetwork resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SubnetworkArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Subnetwork resources. */ export interface SubnetworkState { /** * Typically packets destined to IPs within the subnetwork range that do not match * existing resources are dropped and prevented from leaving the VPC. * Setting this field to true will allow these packets to match dynamic routes injected * via BGP even if their destinations match existing subnet ranges. */ allowSubnetCidrRoutesOverlap?: pulumi.Input<boolean>; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input<string>; /** * An optional description of this resource. Provide this property when * you create the resource. This field can be set only at resource * creation time. */ description?: pulumi.Input<string>; /** * The range of external IPv6 addresses that are owned by this subnetwork. */ externalIpv6Prefix?: pulumi.Input<string>; /** * Fingerprint of this resource. This field is used internally during updates of this resource. * * @deprecated This field is not useful for users, and has been removed as an output. */ fingerprint?: pulumi.Input<string>; /** * The gateway address for default routes to reach destination addresses * outside this subnetwork. */ gatewayAddress?: pulumi.Input<string>; /** * The internal IPv6 address range that is assigned to this subnetwork. */ internalIpv6Prefix?: pulumi.Input<string>; /** * The range of internal addresses that are owned by this subnetwork. * Provide this property when you create the subnetwork. For example, * 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and * non-overlapping within a network. Only IPv4 is supported. * Field is optional when `reservedInternalRange` is defined, otherwise required. */ ipCidrRange?: pulumi.Input<string>; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_SUBNETWORK_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ ipCollection?: pulumi.Input<string>; /** * The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation * or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6Type is EXTERNAL then this subnet * cannot enable direct path. * Possible values are: `EXTERNAL`, `INTERNAL`. */ ipv6AccessType?: pulumi.Input<string>; /** * The range of internal IPv6 addresses that are owned by this subnetwork. */ ipv6CidrRange?: pulumi.Input<string>; /** * Possible endpoints of this subnetwork. It can be one of the following: * * VM_ONLY: The subnetwork can be used for creating instances and IPv6 addresses with VM endpoint type. Such a subnetwork * gets external IPv6 ranges from a public delegated prefix and cannot be used to create NetLb. * * VM_AND_FR: The subnetwork can be used for creating both VM instances and Forwarding Rules. It can also be used to reserve * IPv6 addresses with both VM and FR endpoint types. Such a subnetwork gets its IPv6 range from Google IP Pool directly. */ ipv6GceEndpoint?: pulumi.Input<string>; /** * This field denotes the VPC flow logging options for this subnetwork. If * logging is enabled, logs are exported to Cloud Logging. Flow logging * isn't supported if the subnet `purpose` field is set to subnetwork is * `REGIONAL_MANAGED_PROXY` or `GLOBAL_MANAGED_PROXY`. * Structure is documented below. */ logConfig?: pulumi.Input<inputs.compute.SubnetworkLogConfig>; /** * The name of the resource, provided by the client when initially * creating the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 characters * long and match the regular expression `a-z?` which * means the first character must be a lowercase letter, and all * following characters must be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ name?: pulumi.Input<string>; /** * The network this subnet belongs to. * Only networks that are in the distributed mode can have subnetworks. */ network?: pulumi.Input<string>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ params?: pulumi.Input<inputs.compute.SubnetworkParams>; /** * When enabled, VMs in this subnetwork without external IP addresses can * access Google APIs and services by using Private Google Access. */ privateIpGoogleAccess?: pulumi.Input<boolean>; /** * The private IPv6 google access type for the VMs in this subnet. */ privateIpv6GoogleAccess?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The purpose of the resource. This field can be either `PRIVATE`, `REGIONAL_MANAGED_PROXY`, `GLOBAL_MANAGED_PROXY`, `PRIVATE_SERVICE_CONNECT`, `PEER_MIGRATION` or `PRIVATE_NAT`. * A subnet with purpose set to `REGIONAL_MANAGED_PROXY` is a user-created subnetwork that is reserved for regional Envoy-based load balancers. * A subnetwork in a given region with purpose set to `GLOBAL_MANAGED_PROXY` is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. * A subnetwork with purpose set to `PRIVATE_SERVICE_CONNECT` reserves the subnet for hosting a Private Service Connect published service. * A subnetwork with purpose set to `PEER_MIGRATION` is a user created subnetwork that is reserved for migrating resources from one peered network to another. * A subnetwork with purpose set to `PRIVATE_NAT` is used as source range for Private NAT gateways. * Note that `REGIONAL_MANAGED_PROXY` is the preferred setting for all regional Envoy load balancers. * If unspecified, the purpose defaults to `PRIVATE`. */ purpose?: pulumi.Input<string>; /** * The GCP region for this subnetwork. */ region?: pulumi.Input<string>; /** * The ID of the reserved internal range. Must be prefixed with `networkconnectivity.googleapis.com` * E.g. `networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}` */ reservedInternalRange?: pulumi.Input<string>; /** * The role of subnetwork. * Currently, this field is only used when `purpose` is `REGIONAL_MANAGED_PROXY`. * The value can be set to `ACTIVE` or `BACKUP`. * An `ACTIVE` subnetwork is one that is currently being used for Envoy-based load balancers in a region. * A `BACKUP` subnetwork is one that is ready to be promoted to `ACTIVE` or is currently draining. * Possible values are: `ACTIVE`, `BACKUP`. */ role?: pulumi.Input<string>; /** * An array of configurations for secondary IP ranges for VM instances * contained in this subnetwork. The primary IP of such VM must belong * to the primary ipCidrRange of the subnetwork. The alias IPs may belong * to either primary or secondary ranges. * Structure is documented below. */ secondaryIpRanges?: pulumi.Input<pulumi.Input<inputs.compute.SubnetworkSecondaryIpRange>[]>; /** * The URI of the created resource. */ selfLink?: pulumi.Input<string>; /** * Controls the removal behavior of secondary_ip_range. * When false, removing secondaryIpRange from config will not produce a diff as * the provider will default to the API's value. * When true, the provider will treat removing secondaryIpRange as sending an * empty list of secondary IP ranges to the API. * Defaults to false. */ sendSecondaryIpRangeIfEmpty?: pulumi.Input<boolean>; /** * The stack type for this subnet to identify whether the IPv6 feature is enabled or not. * If not specified IPV4_ONLY will be used. * Possible values are: `IPV4_ONLY`, `IPV4_IPV6`, `IPV6_ONLY`. */ stackType?: pulumi.Input<string>; /** * 'The state of the subnetwork, which can be one of the following values: * READY: Subnetwork is created and ready to use DRAINING: only applicable to subnetworks that have the purpose * set to INTERNAL_HTTPS_LOAD_BALANCER and indicates that connections to the load balancer are being drained. * A subnetwork that is draining cannot be used or modified until it reaches a status of READY' */ state?: pulumi.Input<string>; /** * The unique identifier number for the resource. This identifier is defined by the server. */ subnetworkId?: pulumi.Input<number>; } /** * The set of arguments for constructing a Subnetwork resource. */ export interface SubnetworkArgs { /** * Typically packets destined to IPs within the subnetwork range that do not match * existing resources are dropped and prevented from leaving the VPC. * Setting this field to true will allow these packets to match dynamic routes injected * via BGP even if their destinations match existing subnet ranges. */ allowSubnetCidrRoutesOverlap?: pulumi.Input<boolean>; /** * An optional description of this resource. Provide this property when * you create the resource. This field can be set only at resource * creation time. */ description?: pulumi.Input<string>; /** * The range of external IPv6 addresses that are owned by this subnetwork. */ externalIpv6Prefix?: pulumi.Input<string>; /** * The range of internal addresses that are owned by this subnetwork. * Provide this property when you create the subnetwork. For example, * 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and * non-overlapping within a network. Only IPv4 is supported. * Field is optional when `reservedInternalRange` is defined, otherwise required. */ ipCidrRange?: pulumi.Input<string>; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_SUBNETWORK_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ ipCollection?: pulumi.Input<string>; /** * The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation * or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6Type is EXTERNAL then this subnet * cannot enable direct path. * Possible values are: `EXTERNAL`, `INTERNAL`. */ ipv6AccessType?: pulumi.Input<string>; /** * This field denotes the VPC flow logging options for this subnetwork. If * logging is enabled, logs are exported to Cloud Logging. Flow logging * isn't supported if the subnet `purpose` field is set to subnetwork is * `REGIONAL_MANAGED_PROXY` or `GLOBAL_MANAGED_PROXY`. * Structure is documented below. */ logConfig?: pulumi.Input<inputs.compute.SubnetworkLogConfig>; /** * The name of the resource, provided by the client when initially * creating the resource. The name must be 1-63 characters long, and * comply with RFC1035. Specifically, the name must be 1-63 characters * long and match the regular expression `a-z?` which * means the first character must be a lowercase letter, and all * following characters must be a dash, lowercase letter, or digit, * except the last character, which cannot be a dash. */ name?: pulumi.Input<string>; /** * The network this subnet belongs to. * Only networks that are in the distributed mode can have subnetworks. */ network: pulumi.Input<string>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ params?: pulumi.Input<inputs.compute.SubnetworkParams>; /** * When enabled, VMs in this subnetwork without external IP addresses can * access Google APIs and services by using Private Google Access. */ privateIpGoogleAccess?: pulumi.Input<boolean>; /** * The private IPv6 google access type for the VMs in this subnet. */ privateIpv6GoogleAccess?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The purpose of the resource. This field can be either `PRIVATE`, `REGIONAL_MANAGED_PROXY`, `GLOBAL_MANAGED_PROXY`, `PRIVATE_SERVICE_CONNECT`, `PEER_MIGRATION` or `PRIVATE_NAT`. * A subnet with purpose set to `REGIONAL_MANAGED_PROXY` is a user-created subnetwork that is reserved for regional Envoy-based load balancers. * A subnetwork in a given region with purpose set to `GLOBAL_MANAGED_PROXY` is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. * A subnetwork with purpose set to `PRIVATE_SERVICE_CONNECT` reserves the subnet for hosting a Private Service Connect published service. * A subnetwork with purpose set to `PEER_MIGRATION` is a user created subnetwork that is reserved for migrating resources from one peered network to another. * A subnetwork with purpose set to `PRIVATE_NAT` is used as source range for Private NAT gateways. * Note that `REGIONAL_MANAGED_PROXY` is the preferred setting for all regional Envoy load balancers. * If unspecified, the purpose defaults to `PRIVATE`. */ purpose?: pulumi.Input<string>; /** * The GCP region for this subnetwork. */ region?: pulumi.Input<string>; /** * The ID of the reserved internal range. Must be prefixed with `networkconnectivity.googleapis.com` * E.g. `networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}` */ reservedInternalRange?: pulumi.Input<string>; /** * The role of subnetwork. * Currently, this field is only used when `purpose` is `REGIONAL_MANAGED_PROXY`. * The value can be set to `ACTIVE` or `BACKUP`. * An `ACTIVE` subnetwork is one that is currently being used for Envoy-based load balancers in a region. * A `BACKUP` subnetwork is one that is ready to be promoted to `ACTIVE` or is currently draining. * Possible values are: `ACTIVE`, `BACKUP`. */ role?: pulumi.Input<string>; /** * An array of configurations for secondary IP ranges for VM instances * contained in this subnetwork. The primary IP of such VM must belong * to the primary ipCidrRange of the subnetwork. The alias IPs may belong * to either primary or secondary ranges. * Structure is documented below. */ secondaryIpRanges?: pulumi.Input<pulumi.Input<inputs.compute.SubnetworkSecondaryIpRange>[]>; /** * Controls the removal behavior of secondary_ip_range. * When false, removing secondaryIpRange from config will not produce a diff as * the provider will default to the API's value. * When true, the provider will treat removing secondaryIpRange as sending an * empty list of secondary IP ranges to the API. * Defaults to false. */ sendSecondaryIpRangeIfEmpty?: pulumi.Input<boolean>; /** * The stack type for this subnet to identify whether the IPv6 feature is enabled or not. * If not specified IPV4_ONLY will be used. * Possible values are: `IPV4_ONLY`, `IPV4_IPV6`, `IPV6_ONLY`. */ stackType?: pulumi.Input<string>; }