Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / network_services_gateway.html.markdown
blob: f71e87a1d5c0b869a9c642555ce1b4cf9285ecba [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Network services"
description: |-
Gateway represents the configuration for a proxy, typically a load balancer.
---
# google\_network\_services\_gateway
Gateway represents the configuration for a proxy, typically a load balancer.
It captures the ip:port over which the services are exposed by the proxy,
along with any policy configurations. Routes have reference to to Gateways
to dictate how requests should be routed by this Gateway.
To get more information about Gateway, see:
* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1/projects.locations.gateways)
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_gateway_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Network Services Gateway Basic
```hcl
resource "google_network_services_gateway" "default" {
name = "my-gateway"
scope = "default-scope-basic"
type = "OPEN_MESH"
ports = [443]
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_gateway_advanced&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Network Services Gateway Advanced
```hcl
resource "google_network_services_gateway" "default" {
name = "my-gateway"
labels = {
foo = "bar"
}
description = "my description"
type = "OPEN_MESH"
ports = [443]
scope = "default-scope-advance"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_gateway_secure_web_proxy&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Network Services Gateway Secure Web Proxy
```hcl
resource "google_certificate_manager_certificate" "default" {
name = "my-certificate"
location = "us-central1"
self_managed {
pem_certificate = file("test-fixtures/cert.pem")
pem_private_key = file("test-fixtures/private-key.pem")
}
}
resource "google_compute_network" "default" {
name = "my-network"
routing_mode = "REGIONAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "default" {
name = "my-subnetwork-name"
purpose = "PRIVATE"
ip_cidr_range = "10.128.0.0/20"
region = "us-central1"
network = google_compute_network.default.id
role = "ACTIVE"
}
resource "google_compute_subnetwork" "proxyonlysubnet" {
name = "my-proxy-only-subnetwork"
purpose = "REGIONAL_MANAGED_PROXY"
ip_cidr_range = "192.168.0.0/23"
region = "us-central1"
network = google_compute_network.default.id
role = "ACTIVE"
}
resource "google_network_security_gateway_security_policy" "default" {
name = "my-policy-name"
location = "us-central1"
}
resource "google_network_security_gateway_security_policy_rule" "default" {
name = "my-policyrule-name"
location = "us-central1"
gateway_security_policy = google_network_security_gateway_security_policy.default.name
enabled = true
priority = 1
session_matcher = "host() == 'example.com'"
basic_profile = "ALLOW"
}
resource "google_network_services_gateway" "default" {
name = "my-gateway1"
location = "us-central1"
addresses = ["10.128.0.99"]
type = "SECURE_WEB_GATEWAY"
ports = [443]
scope = "my-default-scope1"
certificate_urls = [google_certificate_manager_certificate.default.id]
gateway_security_policy = google_network_security_gateway_security_policy.default.id
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
delete_swg_autogen_router_on_destroy = true
depends_on = [google_compute_subnetwork.proxyonlysubnet]
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_services_gateway_multiple_swp_same_network&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Network Services Gateway Multiple Swp Same Network
```hcl
resource "google_certificate_manager_certificate" "default" {
name = "my-certificate"
location = "us-south1"
self_managed {
pem_certificate = file("test-fixtures/cert.pem")
pem_private_key = file("test-fixtures/private-key.pem")
}
}
resource "google_compute_network" "default" {
name = "my-network"
routing_mode = "REGIONAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "default" {
name = "my-subnetwork-name"
purpose = "PRIVATE"
ip_cidr_range = "10.128.0.0/20"
region = "us-south1"
network = google_compute_network.default.id
role = "ACTIVE"
}
resource "google_compute_subnetwork" "proxyonlysubnet" {
name = "my-proxy-only-subnetwork"
purpose = "REGIONAL_MANAGED_PROXY"
ip_cidr_range = "192.168.0.0/23"
region = "us-south1"
network = google_compute_network.default.id
role = "ACTIVE"
}
resource "google_network_security_gateway_security_policy" "default" {
name = "my-policy-name"
location = "us-south1"
}
resource "google_network_security_gateway_security_policy_rule" "default" {
name = "my-policyrule-name"
location = "us-south1"
gateway_security_policy = google_network_security_gateway_security_policy.default.name
enabled = true
priority = 1
session_matcher = "host() == 'example.com'"
basic_profile = "ALLOW"
}
resource "google_network_services_gateway" "default" {
name = "my-gateway1"
location = "us-south1"
addresses = ["10.128.0.99"]
type = "SECURE_WEB_GATEWAY"
ports = [443]
scope = "my-default-scope1"
certificate_urls = [google_certificate_manager_certificate.default.id]
gateway_security_policy = google_network_security_gateway_security_policy.default.id
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
delete_swg_autogen_router_on_destroy = true
depends_on = [google_compute_subnetwork.proxyonlysubnet]
}
resource "google_network_services_gateway" "gateway2" {
name = "my-gateway2"
location = "us-south1"
addresses = ["10.128.0.98"]
type = "SECURE_WEB_GATEWAY"
ports = [443]
scope = "my-default-scope2"
certificate_urls = [google_certificate_manager_certificate.default.id]
gateway_security_policy = google_network_security_gateway_security_policy.default.id
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
delete_swg_autogen_router_on_destroy = true
depends_on = [google_compute_subnetwork.proxyonlysubnet]
}
```
## Argument Reference
The following arguments are supported:
* `type` -
(Required)
Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY.
Possible values are: `TYPE_UNSPECIFIED`, `OPEN_MESH`, `SECURE_WEB_GATEWAY`.
* `ports` -
(Required)
One or more port numbers (1-65535), on which the Gateway will receive traffic.
The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are
limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
* `name` -
(Required)
Short name of the Gateway resource to be created.
- - -
* `labels` -
(Optional)
Set of label tags associated with the Gateway resource.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `description` -
(Optional)
A free-text description of the resource. Max length 1024 characters.
* `scope` -
(Optional)
Immutable. Scope determines how configuration across multiple Gateway instances are merged.
The configuration for multiple Gateway instances with the same scope will be merged as presented as
a single coniguration to the proxy/load balancer.
Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
* `server_tls_policy` -
(Optional)
A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.
If empty, TLS termination is disabled.
* `addresses` -
(Optional)
Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,
an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.
Gateways of type 'OPEN_MESH' listen on 0.0.0.0.
* `subnetwork` -
(Optional)
The relative resource name identifying the subnetwork in which this SWG is allocated.
For example: `projects/*/regions/us-central1/subnetworks/network-1`.
Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.
* `network` -
(Optional)
The relative resource name identifying the VPC network that is using this configuration.
For example: `projects/*/global/networks/network-1`.
Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.
* `gateway_security_policy` -
(Optional)
A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
For example: `projects/*/locations/*/gatewaySecurityPolicies/swg-policy`.
This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
* `certificate_urls` -
(Optional)
A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.
This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
* `location` -
(Optional)
The location of the gateway.
The default value is `global`.
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
* `delete_swg_autogen_router_on_destroy` - (Optional) When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.
If there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/gateways/{{name}}`
* `self_link` -
Server-defined URL of this resource.
* `create_time` -
Time the AccessPolicy was created in UTC.
* `update_time` -
Time the AccessPolicy was updated in UTC.
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 30 minutes.
- `update` - Default is 30 minutes.
- `delete` - Default is 30 minutes.
## Import
Gateway can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/gateways/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Gateway using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/gateways/{{name}}"
to = google_network_services_gateway.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Gateway can be imported using one of the formats above. For example:
```
$ terraform import google_network_services_gateway.default projects/{{project}}/locations/{{location}}/gateways/{{name}}
$ terraform import google_network_services_gateway.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_services_gateway.default {{location}}/{{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).