v5.18.0/website/docs/r/network_services_endpoint_policy.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Network services"
 description: |-
   EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria.
 ---

 # google\_network\_services\_endpoint\_policy

 EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria.

 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

 To get more information about EndpointPolicy, see:

 * [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1beta1/projects.locations.endpointPolicies)

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_endpoint_policy_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Network Services Endpoint Policy Basic


 ```hcl
 resource "google_network_services_endpoint_policy" "default" {
   provider               = google-beta
   name                   = "my-endpoint-policy"
   labels                 = {
     foo = "bar"
   }
   description            = "my description"
   type                   = "SIDECAR_PROXY"
   traffic_port_selector {
     ports = ["8081"]
   }
   endpoint_matcher {
     metadata_label_matcher {
       metadata_label_match_criteria = "MATCH_ANY"
       metadata_labels {
         label_name = "foo"
         label_value = "bar"
       }
     }
   }
 }

 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_endpoint_policy_empty_match&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Network Services Endpoint Policy Empty Match


 ```hcl
 resource "google_network_services_endpoint_policy" "default" {
   provider               = google-beta
   name                   = "my-endpoint-policy"
   labels                 = {
     foo = "bar"
   }
   description            = "my description"
   type                   = "SIDECAR_PROXY"
   traffic_port_selector {
     ports = ["8081"]
   }
   endpoint_matcher {
     metadata_label_matcher {
       metadata_label_match_criteria = "MATCH_ANY"
     }
   }
 }

 ```

 ## Argument Reference

 The following arguments are supported:


 * `type` -
   (Required)
   The type of endpoint policy. This is primarily used to validate the configuration.
   Possible values are: `SIDECAR_PROXY`, `GRPC_SERVER`.

 * `endpoint_matcher` -
   (Required)
   Required. A matcher that selects endpoints to which the policies should be applied.
   Structure is [documented below](#nested_endpoint_matcher).

 * `name` -
   (Required)
   Name of the EndpointPolicy resource.


 <a name="nested_endpoint_matcher"></a>The `endpoint_matcher` block supports:

 * `metadata_label_matcher` -
   (Required)
   The matcher is based on node metadata presented by xDS clients.
   Structure is [documented below](#nested_metadata_label_matcher).


 <a name="nested_metadata_label_matcher"></a>The `metadata_label_matcher` block supports:

 * `metadata_label_match_criteria` -
   (Required)
   Specifies how matching should be done.
   Possible values are: `MATCH_ANY`, `MATCH_ALL`.

 * `metadata_labels` -
   (Optional)
   The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria
   Structure is [documented below](#nested_metadata_labels).


 <a name="nested_metadata_labels"></a>The `metadata_labels` block supports:

 * `label_name` -
   (Required)
   Required. Label name presented as key in xDS Node Metadata.

 * `label_value` -
   (Required)
   Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

 - - -


 * `labels` -
   (Optional)
   Set of label tags associated with the TcpRoute resource.
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `description` -
   (Optional)
   A free-text description of the resource. Max length 1024 characters.

 * `authorization_policy` -
   (Optional)
   This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.

 * `server_tls_policy` -
   (Optional)
   A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.

 * `client_tls_policy` -
   (Optional)
   A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.

 * `traffic_port_selector` -
   (Optional)
   Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
   Structure is [documented below](#nested_traffic_port_selector).

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 <a name="nested_traffic_port_selector"></a>The `traffic_port_selector` block supports:

 * `ports` -
   (Required)
   List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/locations/global/endpointPolicies/{{name}}`

 * `create_time` -
   Time the TcpRoute was created in UTC.

 * `update_time` -
   Time the TcpRoute was updated in UTC.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 30 minutes.
 - `update` - Default is 30 minutes.
 - `delete` - Default is 30 minutes.

 ## Import


 EndpointPolicy can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/global/endpointPolicies/{{name}}`
 * `{{project}}/{{name}}`
 * `{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import EndpointPolicy using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/global/endpointPolicies/{{name}}"
   to = google_network_services_endpoint_policy.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), EndpointPolicy can be imported using one of the formats above. For example:

 ```
 $ terraform import google_network_services_endpoint_policy.default projects/{{project}}/locations/global/endpointPolicies/{{name}}
 $ terraform import google_network_services_endpoint_policy.default {{project}}/{{name}}
 $ terraform import google_network_services_endpoint_policy.default {{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Network services"
	description: \|-
	EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria.
	---

	# google\_network\_services\_endpoint\_policy

	EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria.

	~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider.
	See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

	To get more information about EndpointPolicy, see:

	* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1beta1/projects.locations.endpointPolicies)

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_endpoint_policy_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Network Services Endpoint Policy Basic


	```hcl
	resource "google_network_services_endpoint_policy" "default" {
	provider = google-beta
	name = "my-endpoint-policy"
	labels = {
	foo = "bar"
	}
	description = "my description"
	type = "SIDECAR_PROXY"
	traffic_port_selector {
	ports = ["8081"]
	}
	endpoint_matcher {
	metadata_label_matcher {
	metadata_label_match_criteria = "MATCH_ANY"
	metadata_labels {
	label_name = "foo"
	label_value = "bar"
	}
	}
	}
	}

	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_endpoint_policy_empty_match&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Network Services Endpoint Policy Empty Match


	```hcl
	resource "google_network_services_endpoint_policy" "default" {
	provider = google-beta
	name = "my-endpoint-policy"
	labels = {
	foo = "bar"
	}
	description = "my description"
	type = "SIDECAR_PROXY"
	traffic_port_selector {
	ports = ["8081"]
	}
	endpoint_matcher {
	metadata_label_matcher {
	metadata_label_match_criteria = "MATCH_ANY"
	}
	}
	}

	```

	## Argument Reference

	The following arguments are supported:


	* `type` -
	(Required)
	The type of endpoint policy. This is primarily used to validate the configuration.
	Possible values are: `SIDECAR_PROXY`, `GRPC_SERVER`.

	* `endpoint_matcher` -
	(Required)
	Required. A matcher that selects endpoints to which the policies should be applied.
	Structure is [documented below](#nested_endpoint_matcher).

	* `name` -
	(Required)
	Name of the EndpointPolicy resource.


	<a name="nested_endpoint_matcher"></a>The `endpoint_matcher` block supports:

	* `metadata_label_matcher` -
	(Required)
	The matcher is based on node metadata presented by xDS clients.
	Structure is [documented below](#nested_metadata_label_matcher).


	<a name="nested_metadata_label_matcher"></a>The `metadata_label_matcher` block supports:

	* `metadata_label_match_criteria` -
	(Required)
	Specifies how matching should be done.
	Possible values are: `MATCH_ANY`, `MATCH_ALL`.

	* `metadata_labels` -
	(Optional)
	The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria
	Structure is [documented below](#nested_metadata_labels).


	<a name="nested_metadata_labels"></a>The `metadata_labels` block supports:

	* `label_name` -
	(Required)
	Required. Label name presented as key in xDS Node Metadata.

	* `label_value` -
	(Required)
	Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

	- - -


	* `labels` -
	(Optional)
	Set of label tags associated with the TcpRoute resource.
	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `description` -
	(Optional)
	A free-text description of the resource. Max length 1024 characters.

	* `authorization_policy` -
	(Optional)
	This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.

	* `server_tls_policy` -
	(Optional)
	A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.

	* `client_tls_policy` -
	(Optional)
	A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.

	* `traffic_port_selector` -
	(Optional)
	Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
	Structure is [documented below](#nested_traffic_port_selector).

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	<a name="nested_traffic_port_selector"></a>The `traffic_port_selector` block supports:

	* `ports` -
	(Required)
	List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/locations/global/endpointPolicies/{{name}}`

	* `create_time` -
	Time the TcpRoute was created in UTC.

	* `update_time` -
	Time the TcpRoute was updated in UTC.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 30 minutes.
	- `update` - Default is 30 minutes.
	- `delete` - Default is 30 minutes.

	## Import


	EndpointPolicy can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/global/endpointPolicies/{{name}}`
	* `{{project}}/{{name}}`
	* `{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import EndpointPolicy using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/global/endpointPolicies/{{name}}"
	to = google_network_services_endpoint_policy.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), EndpointPolicy can be imported using one of the formats above. For example:

	```
	$ terraform import google_network_services_endpoint_policy.default projects/{{project}}/locations/global/endpointPolicies/{{name}}
	$ terraform import google_network_services_endpoint_policy.default {{project}}/{{name}}
	$ terraform import google_network_services_endpoint_policy.default {{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).