mmv1/products/compute/GlobalForwardingRule.yaml

# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'GlobalForwardingRule' api_resource_type_kind: ForwardingRule api_variant_patterns: - 'projects/{project}/global/forwardingRules/{forwardingRule}' kind: 'compute#forwardingRule' description: | Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing. For more information, see https://cloud.google.com/compute/docs/load-balancing/http/ # Has a separate endpoint for labels exclude_attribution_label: true docs: base_url: 'projects/{{project}}/global/forwardingRules' has_self_link: true immutable: true timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: false collection_url_key: 'items' custom_code: pre_create: 'templates/terraform/pre_create/compute_global_forwarding_rule.go.tmpl' post_create: 'templates/terraform/post_create/labels.tmpl' legacy_long_form_project: true examples: - name: 'external_ssl_proxy_lb_mig_backend' primary_resource_id: 'default' vars: ssl_proxy_xlb_network: 'ssl-proxy-xlb-network' ssl_proxy_xlb_subnet: 'ssl-proxy-xlb-subnet' ssl_proxy_xlb_ip: 'ssl-proxy-xlb-ip' default_cert: 'default-cert' test_proxy: 'test-proxy' ssl_proxy_xlb_forwarding_rule: 'ssl-proxy-xlb-forwarding-rule' ssl_proxy_xlb_backend_service: 'ssl-proxy-xlb-backend-service' ssl_proxy_health_check: 'ssl-proxy-health-check' ssl_proxy_xlb_mig_template: 'ssl-proxy-xlb-mig-template' ssl_proxy_xlb_mig1: 'ssl-proxy-xlb-mig1' ssl_proxy_xlb_fw_allow_hc: 'ssl-proxy-xlb-fw-allow-hc' ignore_read_extra: - 'port_range' - 'target' - 'ip_address' exclude_test: true - name: 'external_tcp_proxy_lb_mig_backend' primary_resource_id: 'default' min_version: 'beta' vars: tcp_proxy_xlb_network: 'tcp-proxy-xlb-network' tcp_proxy_xlb_subnet: 'tcp-proxy-xlb-subnet' tcp_proxy_xlb_ip: 'tcp-proxy-xlb-ip' tcp_proxy_xlb_forwarding_rule: 'tcp-proxy-xlb-forwarding-rule' test_proxy_health_check: 'test-proxy-health-check' tcp_proxy_xlb_backend_service: 'tcp-proxy-xlb-backend-service' tcp_proxy_health_check: 'tcp-proxy-health-check' tcp_proxy_xlb_mig_template: 'tcp-proxy-xlb-mig-template' tcp_proxy_xlb_mig1: 'tcp-proxy-xlb-mig1' tcp_proxy_xlb_fw_allow_hc: 'tcp-proxy-xlb-fw-allow-hc' ignore_read_extra: - 'port_range' - 'target' - 'ip_address' - name: 'external_http_lb_mig_backend_custom_header' primary_resource_id: 'default' min_version: 'beta' vars: xlb_network_name: 'l7-xlb-network' backend_subnet_name: 'l7-xlb-subnet' address_name: 'l7-xlb-static-ip' forwarding_rule_name: 'l7-xlb-forwarding-rule' target_http_proxy_name: 'l7-xlb-target-http-proxy' url_map_name: 'l7-xlb-url-map' backend_service_name: 'l7-xlb-backend-service' mig_template_name: 'l7-xlb-mig-template' hc_name: 'l7-xlb-hc' mig_name: 'l7-xlb-mig1' fw_allow_hc_name: 'l7-xlb-fw-allow-hc' ignore_read_extra: - 'port_range' - 'target' - 'ip_address' - name: 'global_forwarding_rule_http' primary_resource_id: 'default' vars: forwarding_rule_name: 'global-rule' http_proxy_name: 'target-proxy' backend_service_name: 'backend' ignore_read_extra: - 'port_range' - 'target' - name: 'global_forwarding_rule_internal' primary_resource_id: 'default' min_version: 'beta' vars: forwarding_rule_name: 'global-rule' http_proxy_name: 'target-proxy' backend_service_name: 'backend' igm_name: 'igm-internal' ignore_read_extra: - 'port_range' - 'target' - name: 'global_forwarding_rule_external_managed' primary_resource_id: 'default' vars: forwarding_rule_name: 'global-rule' http_proxy_name: 'target-proxy' backend_service_name: 'backend' ignore_read_extra: - 'port_range' - 'target' - name: 'global_forwarding_rule_hybrid' primary_resource_id: 'default' vars: forwarding_rule_name: 'global-rule' http_proxy_name: 'target-proxy' network_name: 'my-network' internal_network_name: 'my-internal-network' subnetwork_name: 'my-subnetwork' default_backend_service_name: 'backend-default' hybrid_backend_service_name: 'backend-hybrid' internal_backend_service_name": 'backend-internal' default_neg_name: 'default-neg' hybrid_neg_name: 'hybrid-neg' internal_neg_name: 'internal-neg' health_check_name: 'health-check' ignore_read_extra: - 'port_range' - 'target' - name: 'global_internal_http_lb_with_mig_backend' primary_resource_id: 'google_compute_forwarding_rule' min_version: 'beta' vars: gilb_network_name: 'l7-gilb-network' proxy_subnet_name: 'l7-gilb-proxy-subnet' backend_subnet_name: 'l7-gilb-subnet' forwarding_rule_name: 'l7-gilb-forwarding-rule' target_http_proxy_name: 'l7-gilb-target-http-proxy' url_map_name: 'l7-gilb-url-map' backend_service_name: 'l7-gilb-backend-subnet' mig_template_name: 'l7-gilb-mig-template' hc_name: 'l7-gilb-hc' mig_name: 'l7-gilb-mig1' fw_allow_iap_hc_name: 'l7-gilb-fw-allow-iap-hc' fw_allow_gilb_to_backends_name: 'l7-gilb-fw-allow-gilb-to-backends' vm_test_name: 'l7-gilb-test-vm' ignore_read_extra: - 'port_range' - 'target' - name: 'private_service_connect_google_apis' primary_resource_id: 'default' min_version: 'beta' vars: network_name: 'my-network' subnetwork_name: 'my-subnetwork' global_address_name: 'global-psconnect-ip' forwarding_rule_name: 'globalrule' test_env_vars: project: 'PROJECT_NAME' ignore_read_extra: - 'ip_address' - name: 'private_service_connect_google_apis_no_automate_dns' primary_resource_id: 'default' min_version: 'beta' vars: network_name: 'my-network' subnetwork_name: 'my-subnetwork' global_address_name: 'global-psconnect-ip' forwarding_rule_name: 'globalrule' test_env_vars: project: 'PROJECT_NAME' ignore_read_extra: - 'ip_address' parameters: properties: - name: 'pscConnectionId' type: String description: 'The PSC connection id of the PSC Forwarding Rule.' output: true - name: 'pscConnectionStatus' type: String description: 'The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED`' output: true - name: 'description' type: String description: | An optional description of this resource. Provide this property when you create the resource. - name: 'forwardingRuleId' type: Integer description: | The unique identifier number for the resource. This identifier is defined by the server. api_name: id output: true # This is a multi-resource resource reference (Address, GlobalAddress) - name: 'IPAddress' type: String description: | IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced `target`. While creating a forwarding rule, specifying an `IPAddress` is required under the following circumstances: * When the `target` is set to `targetGrpcProxy` and `validateForProxyless` is set to `true`, the `IPAddress` should be set to `0.0.0.0`. * When the `target` is a Private Service Connect Google APIs bundle, you must specify an `IPAddress`. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: * IP address number, as in `100.1.2.3` * IPv6 address range, as in `2600:1234::/96` * Full resource URL, as in `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * Partial URL or by name, as in: * `projects/project_id/regions/region/addresses/address-name` * `regions/region/addresses/address-name` * `global/addresses/address-name` * `address-name` The forwarding rule's `target`, and in most cases, also the `loadBalancingScheme`, determine the type of IP address that you can use. For detailed information, see [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). When reading an `IPAddress`, the API always returns the IP address number. default_from_api: true diff_suppress_func: 'InternalIpDiffSuppress' - name: 'IPProtocol' type: Enum description: | The IP protocol to which this rule applies. For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP` and `L3_DEFAULT`. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). default_from_api: true diff_suppress_func: 'tpgresource.CaseDiffSuppress' enum_values: - 'TCP' - 'UDP' - 'ESP' - 'AH' - 'SCTP' - 'ICMP' - name: 'ipVersion' type: Enum description: | The IP Version that will be used by this global forwarding rule. enum_values: - 'IPV4' - 'IPV6' - name: 'labels' type: KeyValueLabels description: | Labels to apply to this forwarding rule. A list of key->value pairs. update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' update_verb: 'POST' - name: 'labelFingerprint' type: Fingerprint description: | The fingerprint used for optimistic locking of this resource. Used internally during updates. output: true update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' update_verb: 'POST' key_expander: '' - name: 'loadBalancingScheme' type: Enum description: | Specifies the forwarding rule type. For more information about forwarding rules, refer to [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). default_value: "EXTERNAL" enum_values: - 'EXTERNAL' - 'EXTERNAL_MANAGED' - 'INTERNAL_MANAGED' - 'INTERNAL_SELF_MANAGED' - name: 'metadataFilters' type: Array description: | Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. item_type: type: NestedObject properties: - name: 'filterMatchCriteria' type: Enum description: | Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. required: true enum_values: - 'MATCH_ANY' - 'MATCH_ALL' - name: 'filterLabels' type: Array description: | The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. required: true item_type: type: NestedObject properties: - name: 'name' type: String description: | Name of the metadata label. The length must be between 1 and 1024 characters, inclusive. required: true - name: 'value' type: String description: | The value that the label must match. The value has a maximum length of 1024 characters. required: true min_size: 1 max_size: 64 - name: 'name' type: String description: | Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. required: true - name: 'network' type: ResourceRef description: | This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. default_from_api: true # TODO(nelsonjr): When implementing new types enable converting the # manifest input from a single value to a range of form NN-NN. The API # accepts a single value, e.g. '80', but the API stores and returns # '80-80'. This causes idempotency false positive. custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'Network' imports: 'selfLink' - name: 'portRange' type: String description: | The `portRange` field has the following limitations: * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, and * It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN. * Some products have restrictions on what ports can be used. See [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) for details. For external forwarding rules, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot have overlapping `portRange`s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot have overlapping `portRange`s. @pattern: \d+(?:-\d+)? diff_suppress_func: 'PortRangeDiffSuppress' # This is a multi-resource resource reference (TargetHttp(s)Proxy, # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, # TargetInstance) - name: 'subnetwork' type: ResourceRef description: | This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6. # This is a multi-resource resource reference (TargetHttp(s)Proxy, # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, # TargetInstance) default_from_api: true custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'Subnetwork' imports: 'selfLink' - name: 'target' type: String description: | The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. required: true update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setTarget' update_verb: 'POST' diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' - name: 'networkTier' type: Enum description: | This signifies the networking tier used for configuring this load balancer and can only take the following values: `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid value is `PREMIUM`. If this field is not specified, it is assumed to be `PREMIUM`. If `IPAddress` is specified, this value must be equal to the networkTier of the Address. immutable: true default_from_api: true enum_values: - 'PREMIUM' - 'STANDARD' - name: 'serviceDirectoryRegistrations' type: Array description: | Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. immutable: true default_from_api: true item_type: type: NestedObject properties: - name: 'namespace' type: String description: | Service Directory namespace to register the forwarding rule under. immutable: true default_from_api: true - name: 'serviceDirectoryRegion' type: String description: | [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region. immutable: true min_size: 0 max_size: 1 - name: 'sourceIpRanges' type: Array description: If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). immutable: true item_type: type: String - name: 'baseForwardingRule' type: String description: '[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.' output: true - name: 'allowPscGlobalAccess' type: Boolean description: This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. min_version: 'beta' - name: 'noAutomateDnsZone' type: Boolean description: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. immutable: true ignore_read: true send_empty_value: true

mmv1/products/compute/GlobalForwardingRule.yaml (481 lines of code) (raw):