# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'Network' kind: 'compute#network' description: | Manages a VPC network or legacy network resource on GCP. references: guides: 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc' api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks' docs: base_url: 'projects/{{project}}/global/networks' has_self_link: true immutable: true timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: false collection_url_key: 'items' sweeper: dependencies: # - "google_network_security_intercept_endpoint_group" (beta only) # - "google_network_security_intercept_deployment_group" (beta only) - "google_network_security_firewall_endpoint_association" custom_code: encoder: 'templates/terraform/encoders/compute_network.go.tmpl' update_encoder: 'templates/terraform/update_encoder/compute_network.go.tmpl' decoder: 'templates/terraform/decoders/compute_network.go.tmpl' post_create: 'templates/terraform/post_create/compute_network_delete_default_route.tmpl' examples: - name: 'network_basic' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' - name: 'network_custom_mtu' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' test_env_vars: project: 'PROJECT_NAME' - name: 'network_custom_firewall_enforcement_order' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' test_env_vars: project: 'PROJECT_NAME' - name: 'network_bgp_best_path_selection_mode' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' test_env_vars: project: 'PROJECT_NAME' - name: 'network_bgp_best_path_selection_mode_standard' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' test_env_vars: project: 'PROJECT_NAME' - name: 'network_bgp_best_path_selection_mode_standard_custom_fields' primary_resource_id: 'vpc_network' vars: network_name: 'vpc-network' test_env_vars: project: 'PROJECT_NAME' virtual_fields: - name: 'delete_default_routes_on_create' description: | If set to `true`, default routes (`0.0.0.0/0`) will be deleted immediately after network creation. Defaults to `false`. type: Boolean default_value: false parameters: properties: - name: 'description' type: String description: | An optional description of this resource. The resource must be recreated to modify this field. immutable: true - name: 'gateway_ipv4' type: String description: | The gateway address for default routing out of the network. This value is selected by GCP. # We override this here so that the name is more aesthetic api_name: gatewayIPv4 output: true - name: 'name' type: String description: | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. required: true immutable: true validation: function: 'verify.ValidateGCEName' - name: 'networkId' description: | The unique identifier for the resource. This identifier is defined by the server. api_name: id output: true - name: 'numericId' type: String description: | The unique identifier for the resource. This identifier is defined by the server. deprecation_message: '`numeric_id` is deprecated and will be removed in a future major release. Use `network_id` instead.' output: true - name: 'autoCreateSubnetworks' type: Boolean description: | When set to `true`, the network is created in "auto subnet mode" and it will create a subnet for each region automatically across the `10.128.0.0/9` address range. When set to `false`, the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources. immutable: true send_empty_value: true default_value: true - name: 'routingConfig' type: NestedObject description: | The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce. update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' flatten_object: true properties: - name: 'routingMode' type: Enum description: | The network-wide routing mode to use. If set to `REGIONAL`, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to `GLOBAL`, this network's cloud routers will advertise routes with all subnetworks of this network, across regions. required: false default_from_api: true update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' enum_values: - 'REGIONAL' - 'GLOBAL' - name: 'bgpBestPathSelectionMode' type: Enum description: | The BGP best selection algorithm to be employed. MODE can be LEGACY or STANDARD. default_from_api: true update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' enum_values: - 'LEGACY' - 'STANDARD' - name: 'bgpAlwaysCompareMed' type: Boolean description: | Enables/disables the comparison of MED across routes with different Neighbor ASNs. This value can only be set if the --bgp-best-path-selection-mode is STANDARD required: false default_from_api: true update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' - name: 'bgpInterRegionCost' type: Enum description: | Choice of the behavior of inter-regional cost and MED in the BPS algorithm. required: false default_from_api: true update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' enum_values: - 'DEFAULT' - 'ADD_COST_TO_MED' - name: 'mtu' type: Integer description: | Maximum Transmission Unit in bytes. The default value is 1460 bytes. The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped with an ICMP `Fragmentation-Needed` message if the packets are routed to the Internet or other VPCs with varying MTUs. immutable: true default_from_api: true - name: 'enableUlaInternalIpv6' type: Boolean description: | Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. immutable: true - name: 'internalIpv6Range' type: String description: | When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. immutable: true default_from_api: true - name: 'networkFirewallPolicyEnforcementOrder' type: Enum description: | Set the order that Firewall Rules and Firewall Policies are evaluated. update_url: 'projects/{{project}}/global/networks/{{name}}' update_verb: 'PATCH' default_value: "AFTER_CLASSIC_FIREWALL" enum_values: - 'BEFORE_CLASSIC_FIREWALL' - 'AFTER_CLASSIC_FIREWALL' - name: 'networkProfile' type: String immutable: true description: | A full or partial URL of the network profile to apply to this network. This field can be set only at resource creation time. For example, the following are valid URLs: * https://www.googleapis.com/compute/v1/projects/{projectId}/global/networkProfiles/{network_profile_name} * projects/{projectId}/global/networkProfiles/{network_profile_name}