1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: core.cnrm.cloud.google.com/v1alpha1
16kind: ServiceMapping
17metadata:
18 name: compute.cnrm.cloud.google.com
19 namespace: cnrm-system
20spec:
21 name: Compute
22 version: v1beta1
23 serviceHostName: "compute.googleapis.com"
24 resources:
25 - name: google_compute_address
26 kind: ComputeAddress
27 metadataMapping:
28 name: name
29 labels: labels
30 resourceID:
31 targetField: name
32 idTemplate: "projects/{{project}}/regions/{{region}}/addresses/{{name}}"
33 idTemplateCanBeUsedToMatchResourceName: true
34 resourceAvailableInAssetInventory: true
35 locationality: regional
36 resourceReferences:
37 - key: networkRef
38 tfField: network
39 description: |-
40 The network in which to reserve the address. If global, the address
41 must be within the RFC1918 IP space. The network cannot be deleted
42 if there are any reserved IP ranges referring to it. This field can
43 only be used with INTERNAL type with the VPC_PEERING and
44 IPSEC_INTERCONNECT purposes.
45 gvk:
46 kind: ComputeNetwork
47 version: v1beta1
48 group: compute.cnrm.cloud.google.com
49 targetField: self_link
50 - key: subnetworkRef
51 tfField: subnetwork
52 description: |-
53 The subnetwork in which to reserve the address. If an IP address is
54 specified, it must be within the subnetwork's IP range. This field
55 can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER
56 purposes.
57 gvk:
58 kind: ComputeSubnetwork
59 version: v1beta1
60 group: compute.cnrm.cloud.google.com
61 targetField: self_link
62 containers:
63 - type: project
64 tfField: project
65 - name: google_compute_backend_bucket
66 kind: ComputeBackendBucket
67 metadataMapping:
68 name: name
69 resourceID:
70 targetField: name
71 idTemplate: "projects/{{project}}/global/backendBuckets/{{name}}"
72 idTemplateCanBeUsedToMatchResourceName: true
73 resourceAvailableInAssetInventory: true
74 resourceReferences:
75 - key: bucketRef
76 tfField: bucket_name
77 description: |-
78 Reference to the bucket.
79 gvk:
80 kind: StorageBucket
81 version: v1beta1
82 group: storage.cnrm.cloud.google.com
83 containers:
84 - type: project
85 tfField: project
86 iamConfig:
87 policyName: google_compute_backend_bucket_iam_policy
88 policyMemberName: google_compute_backend_bucket_iam_member
89 referenceField:
90 name: name
91 type: name
92 supportsConditions: false
93 - name: google_compute_backend_service
94 kind: ComputeBackendService
95 metadataMapping:
96 name: name
97 resourceID:
98 targetField: name
99 locationality: global
100 idTemplate: "projects/{{project}}/global/backendServices/{{name}}"
101 idTemplateCanBeUsedToMatchResourceName: true
102 resourceAvailableInAssetInventory: true
103 resourceReferences:
104 - tfField: health_checks
105 description: |-
106 The health check resources for health checking this
107 ComputeBackendService. Currently at most one health check can be
108 specified, and a health check is required.
109 types:
110 - key: healthCheckRef
111 gvk:
112 kind: ComputeHealthCheck
113 version: v1beta1
114 group: compute.cnrm.cloud.google.com
115 targetField: self_link
116 - key: httpHealthCheckRef
117 gvk:
118 kind: ComputeHTTPHealthCheck
119 version: v1beta1
120 group: compute.cnrm.cloud.google.com
121 targetField: self_link
122 - tfField: backend.group
123 description: |-
124 Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup
125 resource. In case of instance group this defines the list of
126 instances that serve traffic. Member virtual machine instances from
127 each instance group must live in the same zone as the instance
128 group itself. No two backends in a backend service are allowed to
129 use same Instance Group resource.
130
131 For Network Endpoint Groups this defines list of endpoints. All
132 endpoints of Network Endpoint Group must be hosted on instances
133 located in the same zone as the Network Endpoint Group.
134
135 Backend services cannot mix Instance Group and Network Endpoint
136 Group backends.
137
138 When the 'load_balancing_scheme' is INTERNAL, only instance groups
139 are supported.
140 types:
141 - key: instanceGroupRef
142 gvk:
143 kind: ComputeInstanceGroup
144 version: v1beta1
145 group: compute.cnrm.cloud.google.com
146 targetField: self_link
147 - key: networkEndpointGroupRef
148 gvk:
149 kind: ComputeNetworkEndpointGroup
150 version: v1beta1
151 group: compute.cnrm.cloud.google.com
152 targetField: self_link
153 - tfField: security_policy
154 description: |-
155 The security policy associated with this backend service.
156 key: securityPolicyRef
157 gvk:
158 kind: ComputeSecurityPolicy
159 version: v1beta1
160 group: compute.cnrm.cloud.google.com
161 targetField: self_link
162 - tfField: security_settings.client_tls_policy
163 description: |-
164 ClientTlsPolicy is a resource that specifies how a client should
165 authenticate connections to backends of a service. This resource itself
166 does not affect configuration unless it is attached to a backend
167 service resource.
168 key: clientTLSPolicyRef
169 gvk:
170 kind: NetworkSecurityClientTLSPolicy
171 version: v1beta1
172 group: networksecurity.cnrm.cloud.google.com
173 dclBasedResource: true
174 - tfField: iap.oauth2_client_id
175 description: OAuth2 Client ID for IAP.
176 key: oauth2ClientIdRef
177 gvk:
178 kind: IAPIdentityAwareProxyClient
179 version: v1beta1
180 group: iap.cnrm.cloud.google.com
181 dclBasedResource: true
182 - tfField: edge_security_policy
183 description: |-
184 The resource URL for the edge security policy associated with this
185 backend service.
186 key: edgeSecurityPolicyRef
187 gvk:
188 kind: ComputeSecurityPolicy
189 version: v1beta1
190 group: compute.cnrm.cloud.google.com
191 targetField: self_link
192 containers:
193 - type: project
194 tfField: project
195 mutableButUnreadableFields:
196 - iap.oauth2_client_secret
197 - name: google_compute_disk
198 kind: ComputeDisk
199 metadataMapping:
200 name: name
201 labels: labels
202 resourceID:
203 targetField: name
204 idTemplate: "projects/{{project}}/zones/{{zone}}/disks/{{name}}"
205 idTemplateCanBeUsedToMatchResourceName: true
206 resourceAvailableInAssetInventory: true
207 locationality: zonal
208 iamConfig:
209 policyName: google_compute_disk_iam_policy
210 policyMemberName: google_compute_disk_iam_member
211 referenceField:
212 name: name
213 type: name
214 supportsConditions: false
215 resourceReferences:
216 - tfField: project
217 key: projectRef
218 description: |-
219 The project that this resource belongs to.
220 gvk:
221 kind: Project
222 version: v1beta1
223 group: resourcemanager.cnrm.cloud.google.com
224 - tfField: image
225 description: |-
226 The image from which to initialize this disk.
227 key: imageRef
228 targetField: self_link
229 gvk:
230 kind: ComputeImage
231 version: v1beta1
232 group: compute.cnrm.cloud.google.com
233 - tfField: snapshot
234 description: |-
235 The source snapshot used to create this disk.
236 key: snapshotRef
237 targetField: self_link
238 gvk:
239 kind: ComputeSnapshot
240 version: v1beta1
241 group: compute.cnrm.cloud.google.com
242 - tfField: disk_encryption_key.kms_key_self_link
243 description: |-
244 The encryption key used to encrypt the disk. Your project's Compute
245 Engine System service account
246 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
247 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
248 feature. See
249 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
250 key: kmsKeyRef
251 targetField: self_link
252 gvk:
253 kind: KMSCryptoKey
254 version: v1beta1
255 group: kms.cnrm.cloud.google.com
256 - tfField: disk_encryption_key.kms_key_service_account
257 description: |-
258 The service account used for the encryption request for the given KMS key.
259 If absent, the Compute Engine Service Agent service account is used.
260 key: kmsKeyServiceAccountRef
261 gvk:
262 kind: IAMServiceAccount
263 version: v1beta1
264 group: iam.cnrm.cloud.google.com
265 targetField: email
266 - tfField: source_image_encryption_key.kms_key_self_link
267 description: |-
268 The encryption key used to encrypt the disk. Your project's Compute
269 Engine System service account
270 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
271 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
272 feature. See
273 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
274 key: kmsKeyRef
275 targetField: self_link
276 gvk:
277 kind: KMSCryptoKey
278 version: v1beta1
279 group: kms.cnrm.cloud.google.com
280 - tfField: source_image_encryption_key.kms_key_service_account
281 description: |-
282 The service account used for the encryption request for the given KMS key.
283 If absent, the Compute Engine Service Agent service account is used.
284 key: kmsKeyServiceAccountRef
285 targetField: email
286 gvk:
287 kind: IAMServiceAccount
288 version: v1beta1
289 group: iam.cnrm.cloud.google.com
290 - tfField: source_snapshot_encryption_key.kms_key_self_link
291 description: |-
292 The encryption key used to encrypt the disk. Your project's Compute
293 Engine System service account
294 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
295 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
296 feature. See
297 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
298 key: kmsKeyRef
299 targetField: self_link
300 gvk:
301 kind: KMSCryptoKey
302 version: v1beta1
303 group: kms.cnrm.cloud.google.com
304 - tfField: source_snapshot_encryption_key.kms_key_service_account
305 description: |-
306 The service account used for the encryption request for the given KMS key.
307 If absent, the Compute Engine Service Agent service account is used.
308 key: kmsKeyServiceAccountRef
309 targetField: email
310 gvk:
311 kind: IAMServiceAccount
312 version: v1beta1
313 group: iam.cnrm.cloud.google.com
314 - tfField: resource_policies
315 description: |-
316 Resource policies applied to this disk for automatic snapshot creations.
317 gvk:
318 kind: ComputeResourcePolicy
319 version: v1beta1
320 group: compute.cnrm.cloud.google.com
321 targetField: self_link
322 - tfField: source_disk
323 key: sourceDiskRef
324 description: |-
325 The source disk used to create this disk.
326 gvk:
327 kind: ComputeDisk
328 version: v1beta1
329 group: compute.cnrm.cloud.google.com
330 targetField: self_link
331 - key: diskRef
332 tfField: async_primary_disk.disk
333 description: |-
334 Immutable. Primary disk for asynchronous disk replication.
335 gvk:
336 kind: ComputeDisk
337 version: v1beta1
338 group: compute.cnrm.cloud.google.com
339 targetField: self_link
340 containers:
341 - type: project
342 tfField: project
343 hierarchicalReferences:
344 - type: project
345 key: projectRef
346 - name: google_compute_external_vpn_gateway
347 kind: ComputeExternalVPNGateway
348 metadataMapping:
349 name: name
350 resourceID:
351 targetField: name
352 idTemplate: "projects/{{project}}/global/externalVpnGateways/{{name}}"
353 idTemplateCanBeUsedToMatchResourceName: true
354 resourceAvailableInAssetInventory: true
355 containers:
356 - type: project
357 tfField: project
358 ignoredFields:
359 # TODO(b/269499072): Map it to `metadata.labels`.
360 - labels
361 - name: google_compute_firewall
362 kind: ComputeFirewall
363 metadataMapping:
364 name: name
365 resourceID:
366 targetField: name
367 idTemplate: "projects/{{project}}/global/firewalls/{{name}}"
368 idTemplateCanBeUsedToMatchResourceName: true
369 resourceAvailableInAssetInventory: true
370 resourceReferences:
371 - tfField: network
372 description: |-
373 The network to attach this firewall to.
374 key: networkRef
375 gvk:
376 kind: ComputeNetwork
377 version: v1beta1
378 group: compute.cnrm.cloud.google.com
379 targetField: self_link
380 - tfField: source_service_accounts
381 description: |-
382 If source service accounts are specified, the firewall will apply only
383 to traffic originating from an instance with a service account in this
384 list. Source service accounts cannot be used to control traffic to an
385 instance's external IP address because service accounts are associated
386 with an instance, not an IP address. sourceRanges can be set at the
387 same time as sourceServiceAccounts. If both are set, the firewall will
388 apply to traffic that has source IP address within sourceRanges OR the
389 source IP belongs to an instance with service account listed in
390 sourceServiceAccount. The connection does not need to match both
391 properties for the firewall to apply. sourceServiceAccounts cannot be
392 used at the same time as sourceTags or targetTags.
393 gvk:
394 kind: IAMServiceAccount
395 version: v1beta1
396 group: iam.cnrm.cloud.google.com
397 targetField: email
398 - tfField: target_service_accounts
399 description: |-
400 A list of service accounts indicating sets of instances located in the
401 network that may make network connections as specified in allowed[].
402 targetServiceAccounts cannot be used at the same time as targetTags or
403 sourceTags. If neither targetServiceAccounts nor targetTags are
404 specified, the firewall rule applies to all instances on the specified
405 network.
406 gvk:
407 kind: IAMServiceAccount
408 version: v1beta1
409 group: iam.cnrm.cloud.google.com
410 targetField: email
411 containers:
412 - type: project
413 tfField: project
414 - name: google_compute_forwarding_rule
415 kind: ComputeForwardingRule
416 metadataMapping:
417 name: name
418 labels: labels
419 resourceID:
420 targetField: name
421 locationality: regional
422 idTemplate: "projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}"
423 idTemplateCanBeUsedToMatchResourceName: true
424 resourceAvailableInAssetInventory: true
425 resourceReferences:
426 - tfField: target
427 description: |-
428 The target resource to receive the matched traffic. The forwarded
429 traffic must be of a type appropriate to the target object. For
430 INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
431 are valid.
432 types:
433 - key: targetVPNGatewayRef
434 gvk:
435 kind: ComputeTargetVPNGateway
436 version: v1beta1
437 group: compute.cnrm.cloud.google.com
438 targetField: self_link
439 - key: targetHTTPProxyRef
440 gvk:
441 kind: ComputeTargetHTTPProxy
442 version: v1beta1
443 group: compute.cnrm.cloud.google.com
444 targetField: self_link
445 - key: targetHTTPSProxyRef
446 gvk:
447 kind: ComputeTargetHTTPSProxy
448 version: v1beta1
449 group: compute.cnrm.cloud.google.com
450 targetField: self_link
451 - key: targetTCPProxyRef
452 gvk:
453 kind: ComputeTargetTCPProxy
454 version: v1beta1
455 group: compute.cnrm.cloud.google.com
456 targetField: self_link
457 - key: targetSSLProxyRef
458 gvk:
459 kind: ComputeTargetSSLProxy
460 version: v1beta1
461 group: compute.cnrm.cloud.google.com
462 targetField: self_link
463 - key: targetGRPCProxyRef
464 gvk:
465 kind: ComputeTargetGRPCProxy
466 version: v1beta1
467 group: compute.cnrm.cloud.google.com
468 targetField: self_link
469 - tfField: ip_address
470 description: |-
471 The IP address that this forwarding rule is serving on behalf of.
472
473 Addresses are restricted based on the forwarding rule's load
474 balancing scheme (EXTERNAL or INTERNAL) and scope (global or
475 regional).
476
477 When the load balancing scheme is EXTERNAL, for global forwarding
478 rules, the address must be a global IP, and for regional forwarding
479 rules, the address must live in the same region as the forwarding
480 rule. If this field is empty, an ephemeral IPv4 address from the
481 same scope (global or regional) will be assigned. A regional
482 forwarding rule supports IPv4 only. A global forwarding rule
483 supports either IPv4 or IPv6.
484
485 When the load balancing scheme is INTERNAL, this can only be an RFC
486 1918 IP address belonging to the network/subnet configured for the
487 forwarding rule. By default, if this field is empty, an ephemeral
488 internal IP address will be automatically allocated from the IP
489 range of the subnet or network configured for this forwarding rule.
490 types:
491 - key: ip
492 jsonSchemaType: string
493 - key: addressRef
494 gvk:
495 kind: ComputeAddress
496 version: v1beta1
497 group: compute.cnrm.cloud.google.com
498 targetField: address
499 - key: networkRef
500 description: |-
501 This field is not used for external load balancing. For internal
502 load balancing, this field identifies the network that the load
503 balanced IP should belong to for this forwarding rule. If this
504 field is not specified, the default network will be used.
505 tfField: network
506 gvk:
507 kind: ComputeNetwork
508 version: v1beta1
509 group: compute.cnrm.cloud.google.com
510 targetField: self_link
511 - key: subnetworkRef
512 description: |-
513 The subnetwork that the load balanced IP should belong to for this
514 forwarding rule. This field is only used for internal load
515 balancing.
516
517 If the network specified is in auto subnet mode, this field is
518 optional. However, if the network is in custom subnet mode, a
519 subnetwork must be specified.
520 tfField: subnetwork
521 gvk:
522 kind: ComputeSubnetwork
523 version: v1beta1
524 group: compute.cnrm.cloud.google.com
525 - key: backendServiceRef
526 tfField: backend_service
527 description: |-
528 A ComputeBackendService to receive the matched traffic. This is
529 used only for internal load balancing.
530 gvk:
531 kind: ComputeBackendService
532 version: v1beta1
533 group: compute.cnrm.cloud.google.com
534 targetField: self_link
535 containers:
536 - type: project
537 tfField: project
538 - name: google_compute_global_address
539 kind: ComputeAddress
540 metadataMapping:
541 name: name
542 labels: labels
543 resourceID:
544 targetField: name
545 idTemplate: "projects/{{project}}/global/addresses/{{name}}"
546 idTemplateCanBeUsedToMatchResourceName: true
547 resourceAvailableInAssetInventory: true
548 locationality: global
549 resourceReferences:
550 - key: networkRef
551 tfField: network
552 description: |-
553 The network in which to reserve the address. If global, the address
554 must be within the RFC1918 IP space. The network cannot be deleted
555 if there are any reserved IP ranges referring to it. This field can
556 only be used with INTERNAL type with the VPC_PEERING and
557 IPSEC_INTERCONNECT purposes.
558 gvk:
559 kind: ComputeNetwork
560 version: v1beta1
561 group: compute.cnrm.cloud.google.com
562 targetField: self_link
563 containers:
564 - type: project
565 tfField: project
566 - name: google_compute_global_forwarding_rule
567 kind: ComputeForwardingRule
568 metadataMapping:
569 name: name
570 labels: labels
571 resourceID:
572 targetField: name
573 locationality: global
574 idTemplate: "projects/{{project}}/global/forwardingRules/{{name}}"
575 idTemplateCanBeUsedToMatchResourceName: true
576 resourceAvailableInAssetInventory: true
577 resourceReferences:
578 - tfField: ip_address
579 description: |-
580 The IP address that this forwarding rule is serving on behalf of.
581
582 Addresses are restricted based on the forwarding rule's load
583 balancing scheme (EXTERNAL or INTERNAL) and scope (global or
584 regional).
585
586 When the load balancing scheme is EXTERNAL, for global forwarding
587 rules, the address must be a global IP, and for regional forwarding
588 rules, the address must live in the same region as the forwarding
589 rule. If this field is empty, an ephemeral IPv4 address from the
590 same scope (global or regional) will be assigned. A regional
591 forwarding rule supports IPv4 only. A global forwarding rule
592 supports either IPv4 or IPv6.
593
594 When the load balancing scheme is INTERNAL, this can only be an RFC
595 1918 IP address belonging to the network/subnet configured for the
596 forwarding rule. By default, if this field is empty, an ephemeral
597 internal IP address will be automatically allocated from the IP
598 range of the subnet or network configured for this forwarding rule.
599 types:
600 - key: addressRef
601 gvk:
602 kind: ComputeAddress
603 version: v1beta1
604 group: compute.cnrm.cloud.google.com
605 targetField: address
606 - key: ip
607 jsonSchemaType: string
608 - tfField: target
609 description: |-
610 The target resource to receive the matched traffic. The forwarded
611 traffic must be of a type appropriate to the target object. For
612 INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
613 are valid.
614 types:
615 - key: targetHTTPProxyRef
616 gvk:
617 kind: ComputeTargetHTTPProxy
618 version: v1beta1
619 group: compute.cnrm.cloud.google.com
620 targetField: self_link
621 - key: targetHTTPSProxyRef
622 gvk:
623 kind: ComputeTargetHTTPSProxy
624 version: v1beta1
625 group: compute.cnrm.cloud.google.com
626 targetField: self_link
627 - key: targetTCPProxyRef
628 gvk:
629 kind: ComputeTargetTCPProxy
630 version: v1beta1
631 group: compute.cnrm.cloud.google.com
632 targetField: self_link
633 - key: targetSSLProxyRef
634 gvk:
635 kind: ComputeTargetSSLProxy
636 version: v1beta1
637 group: compute.cnrm.cloud.google.com
638 targetField: self_link
639 - key: targetGRPCProxyRef
640 gvk:
641 kind: ComputeTargetGRPCProxy
642 version: v1beta1
643 group: compute.cnrm.cloud.google.com
644 targetField: self_link
645 - key: networkRef
646 tfField: network
647 description: |-
648 This field is not used for external load balancing. For internal
649 load balancing, this field identifies the network that the load
650 balanced IP should belong to for this forwarding rule. If this
651 field is not specified, the default network will be used.
652 gvk:
653 kind: ComputeNetwork
654 version: v1beta1
655 group: compute.cnrm.cloud.google.com
656 targetField: self_link
657 containers:
658 - type: project
659 tfField: project
660 - name: google_compute_ha_vpn_gateway
661 kind: ComputeVPNGateway
662 metadataMapping:
663 name: name
664 resourceID:
665 targetField: name
666 idTemplate: "projects/{{project}}/regions/{{region}}/vpnGateways/{{name}}"
667 idTemplateCanBeUsedToMatchResourceName: true
668 resourceAvailableInAssetInventory: true
669 resourceReferences:
670 - key: networkRef
671 tfField: network
672 description: |-
673 The network this VPN gateway is accepting traffic for.
674 gvk:
675 kind: ComputeNetwork
676 version: v1beta1
677 group: compute.cnrm.cloud.google.com
678 targetField: self_link
679 - key: interconnectAttachmentRef
680 tfField: vpn_interfaces.interconnect_attachment
681 description: |-
682 Immutable. When this value is present, the VPN Gateway will be used
683 for IPsec-encrypted Cloud Interconnect; all Egress or Ingress
684 traffic for this VPN Gateway interface will go through the specified
685 interconnect attachment resource. Not currently available publicly.
686 gvk:
687 kind: ComputeInterconnectAttachment
688 version: v1beta1
689 group: compute.cnrm.cloud.google.com
690 targetField: self_link
691 containers:
692 - type: project
693 tfField: project
694 - name: google_compute_health_check
695 kind: ComputeHealthCheck
696 metadataMapping:
697 name: name
698 resourceID:
699 targetField: name
700 locationality: global
701 idTemplate: "projects/{{project}}/global/healthChecks/{{name}}"
702 idTemplateCanBeUsedToMatchResourceName: true
703 resourceAvailableInAssetInventory: true
704 containers:
705 - type: project
706 tfField: project
707 - name: google_compute_http_health_check
708 kind: ComputeHTTPHealthCheck
709 metadataMapping:
710 name: name
711 resourceID:
712 targetField: name
713 idTemplate: "projects/{{project}}/global/httpHealthChecks/{{name}}"
714 idTemplateCanBeUsedToMatchResourceName: true
715 resourceAvailableInAssetInventory: true
716 containers:
717 - type: project
718 tfField: project
719 - name: google_compute_https_health_check
720 kind: ComputeHTTPSHealthCheck
721 metadataMapping:
722 name: name
723 resourceID:
724 targetField: name
725 idTemplate: "projects/{{project}}/global/httpsHealthChecks/{{name}}"
726 idTemplateCanBeUsedToMatchResourceName: true
727 resourceAvailableInAssetInventory: true
728 containers:
729 - type: project
730 tfField: project
731 - name: google_compute_image
732 kind: ComputeImage
733 metadataMapping:
734 name: name
735 labels: labels
736 resourceID:
737 targetField: name
738 iamConfig:
739 policyName: google_compute_image_iam_policy
740 policyMemberName: google_compute_image_iam_member
741 referenceField:
742 name: image
743 type: name
744 supportsConditions: true
745 resourceReferences:
746 - key: diskRef
747 tfField: source_disk
748 description: |-
749 The source disk to create this image based on.
750 You must provide either this property or the
751 rawDisk.source property but not both to create an image.
752 gvk:
753 kind: ComputeDisk
754 version: v1beta1
755 group: compute.cnrm.cloud.google.com
756 targetField: self_link
757 - tfField: source_image
758 key: sourceImageRef
759 description: |-
760 The source image used to create this image.
761 gvk:
762 kind: ComputeImage
763 version: v1beta1
764 group: compute.cnrm.cloud.google.com
765 targetField: self_link
766 - tfField: source_snapshot
767 key: sourceSnapshotRef
768 description: |-
769 The source snapshot used to create this image.
770 gvk:
771 kind: ComputeSnapshot
772 version: v1beta1
773 group: compute.cnrm.cloud.google.com
774 targetField: self_link
775 - tfField: image_encryption_key.kms_key_self_link
776 key: kmsKeySelfLinkRef
777 description: |-
778 The self link of the encryption key that is stored in Google Cloud
779 KMS.
780 gvk:
781 kind: KMSCryptoKey
782 version: v1beta1
783 group: kms.cnrm.cloud.google.com
784 targetField: self_link
785 - tfField: image_encryption_key.kms_key_service_account
786 key: kmsKeyServiceAccountRef
787 description: |-
788 The service account being used for the encryption request for the
789 given KMS key. If absent, the Compute Engine default service account
790 is used.
791 gvk:
792 kind: IAMServiceAccount
793 version: v1beta1
794 group: iam.cnrm.cloud.google.com
795 targetField: email
796 idTemplate: "projects/{{project}}/global/images/{{name}}"
797 idTemplateCanBeUsedToMatchResourceName: true
798 resourceAvailableInAssetInventory: true
799 containers:
800 - type: project
801 tfField: project
802 - name: google_compute_instance
803 kind: ComputeInstance
804 metadataMapping:
805 name: name
806 labels: labels
807 resourceID:
808 targetField: name
809 iamConfig:
810 policyName: google_compute_instance_iam_policy
811 policyMemberName: google_compute_instance_iam_member
812 referenceField:
813 name: instance_name
814 type: name
815 supportsConditions: true
816 resourceReferences:
817 - key: sourceDiskRef
818 tfField: attached_disk.source
819 gvk:
820 kind: ComputeDisk
821 version: v1beta1
822 group: compute.cnrm.cloud.google.com
823 targetField: self_link
824 - key: kmsKeyRef
825 tfField: attached_disk.kms_key_self_link
826 gvk:
827 kind: KMSCryptoKey
828 version: v1beta1
829 group: kms.cnrm.cloud.google.com
830 targetField: self_link
831 - key: sourceDiskRef
832 tfField: boot_disk.source
833 description: |-
834 Immutable. The source disk used to create this disk.
835 gvk:
836 kind: ComputeDisk
837 version: v1beta1
838 group: compute.cnrm.cloud.google.com
839 targetField: self_link
840 - key: sourceImageRef # prefix with "source" as that's how it is in the underlying API
841 tfField: boot_disk.initialize_params.image
842 description: |-
843 Immutable. The image from which to initialize this disk.
844 gvk:
845 kind: ComputeImage
846 version: v1beta1
847 group: compute.cnrm.cloud.google.com
848 targetField: self_link
849 - key: kmsKeyRef
850 tfField: boot_disk.kms_key_self_link
851 gvk:
852 kind: KMSCryptoKey
853 version: v1beta1
854 group: kms.cnrm.cloud.google.com
855 targetField: self_link
856 - key: networkRef
857 tfField: network_interface.network
858 gvk:
859 kind: ComputeNetwork
860 version: v1beta1
861 group: compute.cnrm.cloud.google.com
862 targetField: self_link
863 - key: subnetworkRef
864 tfField: network_interface.subnetwork
865 gvk:
866 kind: ComputeSubnetwork
867 version: v1beta1
868 group: compute.cnrm.cloud.google.com
869 targetField: self_link
870 - key: natIpRef
871 tfField: network_interface.access_config.nat_ip
872 gvk:
873 kind: ComputeAddress
874 version: v1beta1
875 group: compute.cnrm.cloud.google.com
876 targetField: address
877 - tfField: scheduling.node_affinities
878 types:
879 - key: value
880 jsonSchemaType: object
881 - key: serviceAccountRef
882 tfField: service_account.email
883 gvk:
884 kind: IAMServiceAccount
885 version: v1beta1
886 group: iam.cnrm.cloud.google.com
887 targetField: email
888 - tfField: resource_policies
889 gvk:
890 kind: ComputeResourcePolicy
891 version: v1beta1
892 group: compute.cnrm.cloud.google.com
893 targetField: self_link
894 - key: networkIpRef
895 tfField: network_interface.network_ip
896 gvk:
897 kind: ComputeAddress
898 version: v1beta1
899 group: compute.cnrm.cloud.google.com
900 targetField: address
901 idTemplate: "projects/{{project}}/zones/{{zone}}/instances/{{name}}"
902 idTemplateCanBeUsedToMatchResourceName: true
903 resourceAvailableInAssetInventory: true
904 directives:
905 - allow_stopping_for_update
906 containers:
907 - type: project
908 tfField: project
909 - name: google_compute_instance_from_template
910 kind: ComputeInstance
911 metadataMapping:
912 name: name
913 labels: labels
914 resourceID:
915 targetField: name
916 iamConfig:
917 policyName: google_compute_instance_iam_policy
918 policyMemberName: google_compute_instance_iam_member
919 referenceField:
920 name: instance_name
921 type: name
922 supportsConditions: true
923 resourceReferences:
924 - key: sourceDiskRef
925 tfField: attached_disk.source
926 gvk:
927 kind: ComputeDisk
928 version: v1beta1
929 group: compute.cnrm.cloud.google.com
930 targetField: self_link
931 - key: kmsKeyRef
932 tfField: attached_disk.kms_key_self_link
933 gvk:
934 kind: KMSCryptoKey
935 version: v1beta1
936 group: kms.cnrm.cloud.google.com
937 targetField: self_link
938 - key: sourceDiskRef
939 tfField: boot_disk.source
940 description: |-
941 Immutable. The source disk used to create this disk.
942 gvk:
943 kind: ComputeDisk
944 version: v1beta1
945 group: compute.cnrm.cloud.google.com
946 targetField: self_link
947 - key: sourceImageRef # prefix with "source" as that's how it is in the underlying API
948 tfField: boot_disk.initialize_params.image
949 description: |-
950 Immutable. The image from which to initialize this disk.
951 gvk:
952 kind: ComputeImage
953 version: v1beta1
954 group: compute.cnrm.cloud.google.com
955 targetField: self_link
956 - key: kmsKeyRef
957 tfField: boot_disk.kms_key_self_link
958 gvk:
959 kind: KMSCryptoKey
960 version: v1beta1
961 group: kms.cnrm.cloud.google.com
962 targetField: self_link
963 - key: instanceTemplateRef
964 tfField: source_instance_template
965 gvk:
966 kind: ComputeInstanceTemplate
967 version: v1beta1
968 group: compute.cnrm.cloud.google.com
969 targetField: self_link
970 - key: networkRef
971 tfField: network_interface.network
972 gvk:
973 kind: ComputeNetwork
974 version: v1beta1
975 group: compute.cnrm.cloud.google.com
976 targetField: self_link
977 - key: subnetworkRef
978 tfField: network_interface.subnetwork
979 gvk:
980 kind: ComputeSubnetwork
981 version: v1beta1
982 group: compute.cnrm.cloud.google.com
983 targetField: self_link
984 - key: natIpRef
985 tfField: network_interface.access_config.nat_ip
986 gvk:
987 kind: ComputeAddress
988 version: v1beta1
989 group: compute.cnrm.cloud.google.com
990 targetField: address
991 - tfField: scheduling.node_affinities
992 types:
993 - key: value
994 jsonSchemaType: object
995 - key: serviceAccountRef
996 tfField: service_account.email
997 gvk:
998 kind: IAMServiceAccount
999 version: v1beta1
1000 group: iam.cnrm.cloud.google.com
1001 targetField: email
1002 idTemplate: "projects/{{project}}/zones/{{zone}}/instances/{{name}}"
1003 # would never have a URL, not a valid test case
1004 idTemplateCanBeUsedToMatchResourceName: false
1005 resourceAvailableInAssetInventory: true
1006 directives:
1007 - allow_stopping_for_update
1008 containers:
1009 - type: project
1010 tfField: project
1011 - name: google_compute_instance_group
1012 kind: ComputeInstanceGroup
1013 metadataMapping:
1014 name: name
1015 resourceID:
1016 targetField: name
1017 resourceReferences:
1018 - key: networkRef
1019 tfField: network
1020 gvk:
1021 kind: ComputeNetwork
1022 version: v1beta1
1023 group: compute.cnrm.cloud.google.com
1024 targetField: self_link
1025 - tfField: instances
1026 gvk:
1027 kind: ComputeInstance
1028 version: v1beta1
1029 group: compute.cnrm.cloud.google.com
1030 targetField: self_link
1031 containers:
1032 - type: project
1033 tfField: project
1034 idTemplate: "projects/{{project}}/zones/{{zone}}/instanceGroups/{{name}}"
1035 idTemplateCanBeUsedToMatchResourceName: true
1036 resourceAvailableInAssetInventory: true
1037 - name: google_compute_instance_template
1038 kind: ComputeInstanceTemplate
1039 metadataMapping:
1040 name: name
1041 labels: labels
1042 resourceID:
1043 targetField: name
1044 resourceReferences:
1045 - key: sourceDiskRef
1046 tfField: disk.source
1047 gvk:
1048 kind: ComputeDisk
1049 version: v1beta1
1050 group: compute.cnrm.cloud.google.com
1051 - key: sourceImageRef
1052 tfField: disk.source_image
1053 gvk:
1054 kind: ComputeImage
1055 version: v1beta1
1056 group: compute.cnrm.cloud.google.com
1057 targetField: self_link
1058 - key: kmsKeyRef
1059 tfField: disk.disk_encryption_key.kms_key_self_link
1060 gvk:
1061 kind: KMSCryptoKey
1062 version: v1beta1
1063 group: kms.cnrm.cloud.google.com
1064 targetField: self_link
1065 - key: networkRef
1066 tfField: network_interface.network
1067 gvk:
1068 kind: ComputeNetwork
1069 version: v1beta1
1070 group: compute.cnrm.cloud.google.com
1071 targetField: self_link
1072 - key: subnetworkRef
1073 tfField: network_interface.subnetwork
1074 gvk:
1075 kind: ComputeSubnetwork
1076 version: v1beta1
1077 group: compute.cnrm.cloud.google.com
1078 targetField: self_link
1079 - key: natIpRef
1080 tfField: network_interface.access_config.nat_ip
1081 gvk:
1082 kind: ComputeAddress
1083 version: v1beta1
1084 group: compute.cnrm.cloud.google.com
1085 targetField: address
1086 - key: serviceAccountRef
1087 tfField: service_account.email
1088 gvk:
1089 kind: IAMServiceAccount
1090 version: v1beta1
1091 group: iam.cnrm.cloud.google.com
1092 targetField: email
1093 - tfField: scheduling.node_affinities
1094 types:
1095 - key: value
1096 jsonSchemaType: object
1097 - tfField: disk.resource_policies
1098 gvk:
1099 kind: ComputeResourcePolicy
1100 version: v1beta1
1101 group: compute.cnrm.cloud.google.com
1102 targetField: self_link
1103 - tfField: disk.source_image_encryption_key.kms_key_self_link
1104 key: kmsKeySelfLinkRef
1105 description: |-
1106 The self link of the encryption key that is stored in Google Cloud
1107 KMS.
1108 gvk:
1109 kind: KMSCryptoKey
1110 version: v1beta1
1111 group: kms.cnrm.cloud.google.com
1112 targetField: self_link
1113 - tfField: disk.source_image_encryption_key.kms_key_service_account
1114 key: kmsKeyServiceAccountRef
1115 description: |-
1116 The service account being used for the encryption request for the
1117 given KMS key. If absent, the Compute Engine default service account
1118 is used.
1119 gvk:
1120 kind: IAMServiceAccount
1121 version: v1beta1
1122 group: iam.cnrm.cloud.google.com
1123 targetField: email
1124 - tfField: disk.source_snapshot
1125 description: |-
1126 The source snapshot to create this disk. When creating a new
1127 instance, one of initializeParams.sourceSnapshot,
1128 initializeParams.sourceImage, or disks.source is required except for
1129 local SSD.
1130 key: sourceSnapshotRef
1131 gvk:
1132 kind: ComputeSnapshot
1133 version: v1beta1
1134 group: compute.cnrm.cloud.google.com
1135 targetField: self_link
1136 - tfField: disk.source_snapshot_encryption_key.kms_key_self_link
1137 key: kmsKeySelfLinkRef
1138 description: |-
1139 The self link of the encryption key that is stored in Google Cloud
1140 KMS.
1141 gvk:
1142 kind: KMSCryptoKey
1143 version: v1beta1
1144 group: kms.cnrm.cloud.google.com
1145 targetField: self_link
1146 - tfField: disk.source_snapshot_encryption_key.kms_key_service_account
1147 key: kmsKeyServiceAccountRef
1148 description: |-
1149 The service account being used for the encryption request for the
1150 given KMS key. If absent, the Compute Engine default service account
1151 is used.
1152 gvk:
1153 kind: IAMServiceAccount
1154 version: v1beta1
1155 group: iam.cnrm.cloud.google.com
1156 targetField: email
1157 - tfField: resource_policies
1158 gvk:
1159 kind: ComputeResourcePolicy
1160 version: v1beta1
1161 group: compute.cnrm.cloud.google.com
1162 targetField: self_link
1163 idTemplate: "projects/{{project}}/global/instanceTemplates/{{name}}"
1164 idTemplateCanBeUsedToMatchResourceName: true
1165 resourceAvailableInAssetInventory: true
1166 containers:
1167 - type: project
1168 tfField: project
1169 - name: google_compute_interconnect_attachment
1170 kind: ComputeInterconnectAttachment
1171 metadataMapping:
1172 name: name
1173 resourceID:
1174 targetField: name
1175 idTemplate: "projects/{{project}}/regions/{{region}}/interconnectAttachments/{{name}}"
1176 idTemplateCanBeUsedToMatchResourceName: true
1177 resourceAvailableInAssetInventory: true
1178 resourceReferences:
1179 - tfField: router
1180 description: |-
1181 The Cloud Router to be used for dynamic routing. This router must
1182 be in the same region as this ComputeInterconnectAttachment. The
1183 ComputeInterconnectAttachment will automatically connect the
1184 interconnect to the network & region within which the Cloud Router
1185 is configured.
1186 key: routerRef
1187 gvk:
1188 kind: ComputeRouter
1189 version: v1beta1
1190 group: compute.cnrm.cloud.google.com
1191 targetField: self_link
1192 - tfField: ipsec_internal_addresses
1193 description: |-
1194 Immutable. The addresses that have been reserved for the
1195 interconnect attachment. Used only for interconnect attachment that
1196 has the encryption option as IPSEC.
1197
1198 The addresses must be RFC 1918 IP address ranges. When creating HA
1199 VPN gateway over the interconnect attachment, if the attachment is
1200 configured to use an RFC 1918 IP address, then the VPN gateway's IP
1201 address will be allocated from the IP address range specified
1202 here.
1203
1204 For example, if the HA VPN gateway's interface 0 is paired to this
1205 interconnect attachment, then an RFC 1918 IP address for the VPN
1206 gateway interface 0 will be allocated from the IP address specified
1207 for this interconnect attachment.
1208
1209 If this field is not specified for interconnect attachment that has
1210 encryption option as IPSEC, later on when creating HA VPN gateway on
1211 this interconnect attachment, the HA VPN gateway's IP address will
1212 be allocated from regional external IP address pool.
1213 gvk:
1214 kind: ComputeAddress
1215 version: v1beta1
1216 group: compute.cnrm.cloud.google.com
1217 targetField: self_link
1218 containers:
1219 - type: project
1220 tfField: project
1221 - name: google_compute_network
1222 kind: ComputeNetwork
1223 metadataMapping:
1224 name: name
1225 resourceID:
1226 targetField: name
1227 idTemplate: "projects/{{project}}/global/networks/{{name}}"
1228 idTemplateCanBeUsedToMatchResourceName: true
1229 resourceAvailableInAssetInventory: true
1230 containers:
1231 - type: project
1232 tfField: project
1233 - name: google_compute_network_endpoint_group
1234 kind: ComputeNetworkEndpointGroup
1235 metadataMapping:
1236 name: name
1237 resourceID:
1238 targetField: name
1239 locationality: zonal
1240 idTemplate: "projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{name}}"
1241 idTemplateCanBeUsedToMatchResourceName: true
1242 resourceAvailableInAssetInventory: true
1243 resourceReferences:
1244 - tfField: network
1245 description: |-
1246 The network to which all network endpoints in the NEG belong. Uses
1247 "default" project network if unspecified.
1248 key: networkRef
1249 gvk:
1250 kind: ComputeNetwork
1251 version: v1beta1
1252 group: compute.cnrm.cloud.google.com
1253 targetField: self_link
1254 - tfField: subnetwork
1255 description: |-
1256 Optional subnetwork to which all network endpoints in the NEG belong.
1257 key: subnetworkRef
1258 gvk:
1259 kind: ComputeSubnetwork
1260 version: v1beta1
1261 group: compute.cnrm.cloud.google.com
1262 targetField: self_link
1263 containers:
1264 - type: project
1265 tfField: project
1266 - name: google_compute_network_peering
1267 kind: ComputeNetworkPeering
1268 metadataMapping:
1269 name: name
1270 resourceID:
1271 targetField: name
1272 idTemplate: "{{network}}/{{name}}"
1273 # sub-method of a network, doesn't have a URL
1274 idTemplateCanBeUsedToMatchResourceName: false
1275 resourceAvailableInAssetInventory: false
1276 resourceReferences:
1277 - tfField: network
1278 key: networkRef
1279 gvk:
1280 kind: ComputeNetwork
1281 version: v1beta1
1282 group: compute.cnrm.cloud.google.com
1283 targetField: self_link
1284 parent: true
1285 - tfField: peer_network
1286 key: peerNetworkRef
1287 gvk:
1288 kind: ComputeNetwork
1289 version: v1beta1
1290 group: compute.cnrm.cloud.google.com
1291 targetField: self_link
1292 skipImport: true
1293 - name: google_compute_node_group
1294 kind: ComputeNodeGroup
1295 metadataMapping:
1296 name: name
1297 resourceID:
1298 targetField: name
1299 resourceReferences:
1300 - key: nodeTemplateRef
1301 tfField: node_template
1302 description: |-
1303 The node template to which this node group belongs.
1304 targetField: self_link
1305 gvk:
1306 kind: ComputeNodeTemplate
1307 version: v1beta1
1308 group: compute.cnrm.cloud.google.com
1309 - tfField: share_settings.project_map.id
1310 key: idRef
1311 description: |-
1312 The key of this project config in the parent map.
1313 gvk:
1314 kind: Project
1315 version: v1beta1
1316 group: resourcemanager.cnrm.cloud.google.com
1317 - tfField: share_settings.project_map.project_id
1318 key: projectIdRef
1319 description: |-
1320 The project id/number should be the same as the key of this project
1321 config in the project map.
1322 gvk:
1323 kind: Project
1324 version: v1beta1
1325 group: resourcemanager.cnrm.cloud.google.com
1326 idTemplate: "projects/{{project}}/zones/{{zone}}/nodeGroups/{{name}}"
1327 idTemplateCanBeUsedToMatchResourceName: true
1328 resourceAvailableInAssetInventory: true
1329 containers:
1330 - type: project
1331 tfField: project
1332 - name: google_compute_node_template
1333 kind: ComputeNodeTemplate
1334 metadataMapping:
1335 name: name
1336 labels: node_affinity_labels
1337 resourceID:
1338 targetField: name
1339 idTemplate: "projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}"
1340 idTemplateCanBeUsedToMatchResourceName: true
1341 resourceAvailableInAssetInventory: true
1342 containers:
1343 - type: project
1344 tfField: project
1345 - name: google_compute_project_metadata
1346 kind: ComputeProjectMetadata
1347 idTemplate: "{{project}}"
1348 # too hard to reason about yet
1349 idTemplateCanBeUsedToMatchResourceName: false
1350 resourceAvailableInAssetInventory: false
1351 containers:
1352 - type: project
1353 tfField: project
1354 - name: google_compute_region_backend_service
1355 kind: ComputeBackendService
1356 metadataMapping:
1357 name: name
1358 resourceID:
1359 targetField: name
1360 locationality: regional
1361 idTemplate: "projects/{{project}}/regions/{{region}}/backendServices/{{name}}"
1362 idTemplateCanBeUsedToMatchResourceName: true
1363 resourceAvailableInAssetInventory: true
1364 resourceReferences:
1365 - tfField: health_checks
1366 description: |-
1367 The health check resources for health checking this
1368 ComputeBackendService. Currently at most one health check can be
1369 specified, and a health check is required.
1370 types:
1371 - key: healthCheckRef
1372 gvk:
1373 kind: ComputeHealthCheck
1374 version: v1beta1
1375 group: compute.cnrm.cloud.google.com
1376 targetField: self_link
1377 - tfField: network
1378 description: |-
1379 The network to which this backend service belongs. This field can
1380 only be specified when the load balancing scheme is set to
1381 INTERNAL.
1382 key: networkRef
1383 gvk:
1384 kind: ComputeNetwork
1385 version: v1beta1
1386 group: compute.cnrm.cloud.google.com
1387 targetField: self_link
1388 - tfField: backend.group
1389 description: |-
1390 Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup
1391 resource. In case of instance group this defines the list of
1392 instances that serve traffic. Member virtual machine instances from
1393 each instance group must live in the same zone as the instance
1394 group itself. No two backends in a backend service are allowed to
1395 use same Instance Group resource.
1396
1397 For Network Endpoint Groups this defines list of endpoints. All
1398 endpoints of Network Endpoint Group must be hosted on instances
1399 located in the same zone as the Network Endpoint Group.
1400
1401 Backend services cannot mix Instance Group and Network Endpoint
1402 Group backends.
1403
1404 When the 'load_balancing_scheme' is INTERNAL, only instance groups
1405 are supported.
1406 types:
1407 - key: instanceGroupRef
1408 gvk:
1409 kind: ComputeInstanceGroup
1410 version: v1beta1
1411 group: compute.cnrm.cloud.google.com
1412 targetField: self_link
1413 - key: networkEndpointGroupRef
1414 gvk:
1415 kind: ComputeNetworkEndpointGroup
1416 version: v1beta1
1417 group: compute.cnrm.cloud.google.com
1418 targetField: self_link
1419 - tfField: iap.oauth2_client_id
1420 description: OAuth2 Client ID for IAP.
1421 key: oauth2ClientIdRef
1422 gvk:
1423 kind: IAPIdentityAwareProxyClient
1424 version: v1beta1
1425 group: iap.cnrm.cloud.google.com
1426 dclBasedResource: true
1427 containers:
1428 - type: project
1429 tfField: project
1430 mutableButUnreadableFields:
1431 - iap.oauth2_client_secret
1432 - name: google_compute_region_disk
1433 kind: ComputeDisk
1434 metadataMapping:
1435 name: name
1436 labels: labels
1437 resourceID:
1438 targetField: name
1439 idTemplate: "projects/{{project}}/regions/{{region}}/disks/{{name}}"
1440 idTemplateCanBeUsedToMatchResourceName: true
1441 resourceAvailableInAssetInventory: true
1442 locationality: regional
1443 iamConfig:
1444 policyName: google_compute_region_disk_iam_policy
1445 policyMemberName: google_compute_region_disk_iam_member
1446 referenceField:
1447 name: name
1448 type: name
1449 resourceReferences:
1450 - tfField: project
1451 key: projectRef
1452 description: |-
1453 The project that this resource belongs to.
1454 gvk:
1455 kind: Project
1456 version: v1beta1
1457 group: resourcemanager.cnrm.cloud.google.com
1458 - tfField: snapshot
1459 description: |-
1460 The source snapshot used to create this disk.
1461 key: snapshotRef
1462 targetField: self_link
1463 gvk:
1464 kind: ComputeSnapshot
1465 version: v1beta1
1466 group: compute.cnrm.cloud.google.com
1467 - tfField: disk_encryption_key.kms_key_name
1468 description: |-
1469 The name of the encryption key that is stored in the Google Cloud KMS.
1470 key: kmsKeyRef
1471 gvk:
1472 kind: KMSCryptoKey
1473 version: v1beta1
1474 group: kms.cnrm.cloud.google.com
1475 - tfField: source_snapshot_encryption_key.kms_key_name
1476 description: |-
1477 The name of the encryption key that is stored in the Google Cloud KMS.
1478 key: kmsKeyRef
1479 gvk:
1480 kind: KMSCryptoKey
1481 version: v1beta1
1482 group: kms.cnrm.cloud.google.com
1483 - tfField: source_disk
1484 key: sourceDiskRef
1485 description: |-
1486 The source disk used to create this disk.
1487 gvk:
1488 kind: ComputeDisk
1489 version: v1beta1
1490 group: compute.cnrm.cloud.google.com
1491 targetField: self_link
1492 - key: diskRef
1493 tfField: async_primary_disk.disk
1494 description: |-
1495 Immutable. Primary disk for asynchronous disk replication.
1496 gvk:
1497 kind: ComputeDisk
1498 version: v1beta1
1499 group: compute.cnrm.cloud.google.com
1500 targetField: self_link
1501 containers:
1502 - type: project
1503 tfField: project
1504 hierarchicalReferences:
1505 - type: project
1506 key: projectRef
1507 - name: google_compute_region_health_check
1508 kind: ComputeHealthCheck
1509 metadataMapping:
1510 name: name
1511 resourceID:
1512 targetField: name
1513 locationality: regional
1514 idTemplate: "projects/{{project}}/regions/{{region}}/healthChecks/{{name}}"
1515 idTemplateCanBeUsedToMatchResourceName: true
1516 resourceAvailableInAssetInventory: true
1517 containers:
1518 - type: project
1519 tfField: project
1520 - name: google_compute_region_network_endpoint_group
1521 kind: ComputeRegionNetworkEndpointGroup
1522 metadataMapping:
1523 name: name
1524 resourceID:
1525 targetField: name
1526 idTemplate: "projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}}"
1527 idTemplateCanBeUsedToMatchResourceName: false
1528 # TODO: (b/233123518) Config Connector CLI can not currently support ComputeRegionNetworkEndpointGroup.
1529 resourceAvailableInAssetInventory: false
1530 resourceReferences:
1531 - key: serviceRef
1532 tfField: cloud_run.service
1533 description: |-
1534 Immutable. Cloud Run service is the main resource of Cloud Run.
1535 The service must be 1-63 characters long, and comply with RFC1035.
1536 Example value: "run-service".
1537 gvk:
1538 kind: RunService
1539 version: v1beta1
1540 group: run.cnrm.cloud.google.com
1541 dclBasedResource: true
1542 - key: functionRef
1543 tfField: cloud_function.function
1544 description: |-
1545 Immutable. A user-defined name of the Cloud Function.
1546 The function name is case-sensitive and must be 1-63 characters long.
1547 Example value: "func1".
1548 gvk:
1549 kind: CloudFunctionsFunction
1550 version: v1beta1
1551 group: cloudfunctions.cnrm.cloud.google.com
1552 dclBasedResource: true
1553 - key: networkRef
1554 tfField: network
1555 description: |-
1556 Immutable. This field is only used for PSC.
1557 The URL of the network to which all network endpoints in the NEG belong. Uses
1558 "default" project network if unspecified.
1559 gvk:
1560 kind: ComputeNetwork
1561 version: v1beta1
1562 group: compute.cnrm.cloud.google.com
1563 targetField: self_link
1564 - key: subnetworkRef
1565 tfField: subnetwork
1566 description: |-
1567 Immutable. This field is only used for PSC.
1568 Optional URL of the subnetwork to which all network endpoints in the NEG belong.
1569 gvk:
1570 kind: ComputeSubnetwork
1571 version: v1beta1
1572 group: compute.cnrm.cloud.google.com
1573 targetField: self_link
1574 ignoredFields:
1575 # As of 5/19/22 the only allowed value for serverlessDeployment.platform is `apigateway.googleapis.com`
1576 # This field is ignored because APIGateway is not a supported resource at this time
1577 - serverless_deployment
1578 # This field is ignored because AppEngine is not a supported resource at this time
1579 - app_engine
1580 containers:
1581 - type: project
1582 tfField: project
1583 - name: google_compute_region_ssl_certificate
1584 kind: ComputeSSLCertificate
1585 metadataMapping:
1586 name: name
1587 resourceID:
1588 targetField: name
1589 idTemplate: "projects/{{project}}/regions/{{region}}/sslCertificates/{{name}}"
1590 idTemplateCanBeUsedToMatchResourceName: true
1591 resourceAvailableInAssetInventory: true
1592 locationality: regional
1593 reconciliationIntervalInSeconds: 0
1594 ignoredFields:
1595 - name_prefix
1596 containers:
1597 - type: project
1598 tfField: project
1599 - name: google_compute_region_target_http_proxy
1600 kind: ComputeTargetHTTPProxy
1601 metadataMapping:
1602 name: name
1603 resourceID:
1604 targetField: name
1605 locationality: regional
1606 idTemplate: "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}"
1607 idTemplateCanBeUsedToMatchResourceName: true
1608 resourceAvailableInAssetInventory: true
1609 resourceReferences:
1610 - key: urlMapRef
1611 tfField: url_map
1612 description: |-
1613 A reference to the ComputeURLMap resource that defines the mapping
1614 from URL to the BackendService.
1615 gvk:
1616 kind: ComputeURLMap
1617 version: v1beta1
1618 group: compute.cnrm.cloud.google.com
1619 targetField: self_link
1620 containers:
1621 - type: project
1622 tfField: project
1623 - name: google_compute_region_target_https_proxy
1624 kind: ComputeTargetHTTPSProxy
1625 metadataMapping:
1626 name: name
1627 resourceID:
1628 targetField: name
1629 locationality: regional
1630 idTemplate: "projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}"
1631 idTemplateCanBeUsedToMatchResourceName: true
1632 resourceAvailableInAssetInventory: true
1633 resourceReferences:
1634 - key: urlMapRef
1635 tfField: url_map
1636 description: |-
1637 A reference to the ComputeURLMap resource that defines the mapping
1638 from URL to the BackendService.
1639 gvk:
1640 kind: ComputeURLMap
1641 version: v1beta1
1642 group: compute.cnrm.cloud.google.com
1643 targetField: self_link
1644 - tfField: ssl_certificates
1645 description: |-
1646 A list of ComputeSSLCertificate resources that are used to
1647 authenticate connections between users and the load balancer. At
1648 least one SSL certificate must be specified.
1649 gvk:
1650 kind: ComputeSSLCertificate
1651 version: v1beta1
1652 group: compute.cnrm.cloud.google.com
1653 targetField: self_link
1654 - key: sslPolicyRef
1655 tfField: ssl_policy
1656 description: |-
1657 A reference to the ComputeSSLPolicy resource that will be
1658 associated with the ComputeTargetHTTPSProxy resource. If not set,
1659 the ComputeTargetHTTPSProxy resource will not have any SSL policy
1660 configured.
1661 gvk:
1662 kind: ComputeSSLPolicy
1663 version: v1beta1
1664 group: compute.cnrm.cloud.google.com
1665 targetField: self_link
1666 containers:
1667 - type: project
1668 tfField: project
1669 - name: google_compute_region_url_map
1670 kind: ComputeURLMap
1671 metadataMapping:
1672 name: name
1673 resourceID:
1674 targetField: name
1675 locationality: regional
1676 idTemplate: "projects/{{project}}/regions/{{region}}/urlMaps/{{name}}"
1677 idTemplateCanBeUsedToMatchResourceName: true
1678 resourceAvailableInAssetInventory: true
1679 resourceReferences:
1680 - tfField: default_service
1681 description: |-
1682 The defaultService resource to which traffic is directed if none of
1683 the hostRules match.
1684 For the Global URL Map, it should be a reference to the backend
1685 service or backend bucket.
1686 For the Regional URL Map, it should be a reference to the backend
1687 service.
1688 If defaultRouteAction is additionally specified, advanced routing
1689 actions like URL Rewrites, etc. take effect prior to sending the
1690 request to the backend. However, if defaultService is specified,
1691 defaultRouteAction cannot contain any weightedBackendServices.
1692 Conversely, if routeAction specifies any weightedBackendServices,
1693 service must not be specified. Only one of defaultService,
1694 defaultUrlRedirect or defaultRouteAction.weightedBackendService
1695 must be set.
1696 # Use "types" to be better merged with the global URL map, which
1697 # supports more than one reference type in `default_service` field.
1698 types:
1699 - key: backendServiceRef
1700 gvk:
1701 kind: ComputeBackendService
1702 version: v1beta1
1703 group: compute.cnrm.cloud.google.com
1704 targetField: self_link
1705 - tfField: default_route_action.request_mirror_policy.backend_service
1706 key: backendServiceRef
1707 description: |-
1708 The backend service resource being mirrored to.
1709 The backend service configured for a mirroring policy must reference
1710 backends that are of the same type as the original backend service
1711 matched in the URL map.
1712 Serverless NEG backends are not currently supported as a mirrored
1713 backend service.
1714 gvk:
1715 group: compute.cnrm.cloud.google.com
1716 version: v1beta1
1717 kind: ComputeBackendService
1718 targetField: self_link
1719 - tfField: default_route_action.weighted_backend_services.backend_service
1720 key: backendServiceRef
1721 description: |-
1722 The default backend service resource.
1723 Before forwarding the request to backendService, the loadbalancer
1724 applies any relevant headerActions specified as part of this
1725 backendServiceWeight.
1726 gvk:
1727 group: compute.cnrm.cloud.google.com
1728 version: v1beta1
1729 kind: ComputeBackendService
1730 targetField: self_link
1731 - tfField: path_matcher.default_service
1732 description: |-
1733 The default service to use if none of the pathRules defined by this
1734 PathMatcher is matched by the URL's path portion.
1735 For the Global URL Map, it should be a reference to the backend
1736 service or backend bucket.
1737 For the Regional URL Map, it should be a reference to the backend
1738 service.
1739 # Use "types" to be better merged with the global URL map, which
1740 # supports more than one reference type in
1741 # `path_matcher.default_service` field.
1742 types:
1743 - key: backendServiceRef
1744 gvk:
1745 kind: ComputeBackendService
1746 version: v1beta1
1747 group: compute.cnrm.cloud.google.com
1748 targetField: self_link
1749 - tfField: path_matcher.path_rule.service
1750 description: |-
1751 The backend service to which traffic is directed if this rule is
1752 matched.
1753 For the Global URL Map, it should be a reference to the backend
1754 service or backend bucket.
1755 For the Regional URL Map, it should be a reference to the backend
1756 service.
1757 If routeAction is additionally specified, advanced routing actions
1758 like URL Rewrites, etc. take effect prior to sending the request to
1759 the backend. However, if service is specified, routeAction cannot
1760 contain any weightedBackendServices. Conversely, if routeAction
1761 specifies any weightedBackendServices, service must not be
1762 specified. Only one of urlRedirect, service or
1763 routeAction.weightedBackendService must be set.
1764 # Use "types" to be better merged with the global URL map, which
1765 # supports more than one reference type in
1766 # `path_matcher.path_rule.service` field.
1767 types:
1768 - key: backendServiceRef
1769 gvk:
1770 kind: ComputeBackendService
1771 version: v1beta1
1772 group: compute.cnrm.cloud.google.com
1773 targetField: self_link
1774 - tfField: path_matcher.path_rule.route_action.request_mirror_policy.backend_service
1775 description: |-
1776 Required. The backend service resource being mirrored to.
1777 key: backendServiceRef
1778 gvk:
1779 kind: ComputeBackendService
1780 version: v1beta1
1781 group: compute.cnrm.cloud.google.com
1782 targetField: self_link
1783 - tfField: path_matcher.path_rule.route_action.weighted_backend_services.backend_service
1784 description: |-
1785 Required. The default backend service resource. Before forwarding
1786 the request to backendService, the loadbalancer applies any relevant
1787 headerActions specified as part of this backendServiceWeight.
1788 key: backendServiceRef
1789 gvk:
1790 kind: ComputeBackendService
1791 version: v1beta1
1792 group: compute.cnrm.cloud.google.com
1793 targetField: self_link
1794 - tfField: path_matcher.route_rules.route_action.request_mirror_policy.backend_service
1795 description: |-
1796 Required. The backend service resource being mirrored to.
1797 key: backendServiceRef
1798 gvk:
1799 kind: ComputeBackendService
1800 version: v1beta1
1801 group: compute.cnrm.cloud.google.com
1802 targetField: self_link
1803 - tfField: path_matcher.route_rules.route_action.weighted_backend_services.backend_service
1804 description: |-
1805 Required. The default backend service resource. Before forwarding
1806 the request to backendService, the loadbalancer applies any relevant
1807 headerActions specified as part of this backendServiceWeight.
1808 key: backendServiceRef
1809 gvk:
1810 kind: ComputeBackendService
1811 version: v1beta1
1812 group: compute.cnrm.cloud.google.com
1813 targetField: self_link
1814 - tfField: test.service
1815 description: |-
1816 The backend service resource that should be matched by this test.
1817 For the Global URL Map, it should be a reference to the backend
1818 service or backend bucket.
1819 For the Regional URL Map, it should be a reference to the backend
1820 service.
1821 # Use "types" to be better merged with the global URL map, which
1822 # supports more than one reference type in `test.service` field.
1823 types:
1824 - key: backendServiceRef
1825 gvk:
1826 kind: ComputeBackendService
1827 version: v1beta1
1828 group: compute.cnrm.cloud.google.com
1829 targetField: self_link
1830 containers:
1831 - type: project
1832 tfField: project
1833 - name: google_compute_reservation
1834 kind: ComputeReservation
1835 idTemplate: "projects/{{project}}/zones/{{zone}}/reservations/{{name}}"
1836 idTemplateCanBeUsedToMatchResourceName: true
1837 resourceAvailableInAssetInventory: true
1838 metadataMapping:
1839 name: name
1840 resourceID:
1841 targetField: name
1842 # TODO(b/217273773): Ignore shared_settings field for now until follow up
1843 # with service team is completed.
1844 ignoredFields:
1845 - share_settings
1846 containers:
1847 - type: project
1848 tfField: project
1849 - name: google_compute_resource_policy
1850 kind: ComputeResourcePolicy
1851 metadataMapping:
1852 name: name
1853 resourceID:
1854 targetField: name
1855 idTemplate: "projects/{{project}}/regions/{{region}}/resourcePolicies/{{name}}"
1856 idTemplateCanBeUsedToMatchResourceName: true
1857 resourceAvailableInAssetInventory: true
1858 containers:
1859 - type: project
1860 tfField: project
1861 - name: google_compute_route
1862 kind: ComputeRoute
1863 metadataMapping:
1864 name: name
1865 resourceID:
1866 targetField: name
1867 idTemplate: "projects/{{project}}/global/routes/{{name}}"
1868 idTemplateCanBeUsedToMatchResourceName: true
1869 resourceAvailableInAssetInventory: true
1870 resourceReferences:
1871 - tfField: network
1872 description: |-
1873 The network that this route applies to.
1874 key: networkRef
1875 gvk:
1876 kind: ComputeNetwork
1877 version: v1beta1
1878 group: compute.cnrm.cloud.google.com
1879 targetField: self_link
1880 - tfField: next_hop_instance
1881 description: |-
1882 Instance that should handle matching packets.
1883 key: nextHopInstanceRef
1884 gvk:
1885 kind: ComputeInstance
1886 version: v1beta1
1887 group: compute.cnrm.cloud.google.com
1888 targetField: self_link
1889 - tfField: next_hop_ilb
1890 description: |-
1891 A forwarding rule of type loadBalancingScheme=INTERNAL that should
1892 handle matching packets. Note that this can only be used when the
1893 destinationRange is a public (non-RFC 1918) IP CIDR range.
1894 key: nextHopILBRef
1895 gvk:
1896 kind: ComputeForwardingRule
1897 version: v1beta1
1898 group: compute.cnrm.cloud.google.com
1899 targetField: self_link
1900 - tfField: next_hop_vpn_tunnel
1901 description: |-
1902 The ComputeVPNTunnel that should handle matching packets
1903 key: nextHopVPNTunnelRef
1904 gvk:
1905 kind: ComputeVPNTunnel
1906 version: v1beta1
1907 group: compute.cnrm.cloud.google.com
1908 targetField: self_link
1909 ignoredFields:
1910 - next_hop_instance_zone
1911 containers:
1912 - type: project
1913 tfField: project
1914 - name: google_compute_router
1915 kind: ComputeRouter
1916 metadataMapping:
1917 name: name
1918 resourceID:
1919 targetField: name
1920 idTemplate: "projects/{{project}}/regions/{{region}}/routers/{{name}}"
1921 idTemplateCanBeUsedToMatchResourceName: true
1922 resourceAvailableInAssetInventory: true
1923 resourceReferences:
1924 - tfField: network
1925 description: |-
1926 A reference to the network to which this router belongs.
1927 key: networkRef
1928 gvk:
1929 kind: ComputeNetwork
1930 version: v1beta1
1931 group: compute.cnrm.cloud.google.com
1932 targetField: self_link
1933 containers:
1934 - type: project
1935 tfField: project
1936 - name: google_compute_router_interface
1937 kind: ComputeRouterInterface
1938 metadataMapping:
1939 name: name
1940 resourceID:
1941 targetField: name
1942 idTemplate: "{{region}}/{{router}}/{{name}}"
1943 # sub-fields of Router that don't actually have a URL
1944 idTemplateCanBeUsedToMatchResourceName: false
1945 resourceAvailableInAssetInventory: false
1946 resourceReferences:
1947 - tfField: router
1948 key: routerRef
1949 gvk:
1950 kind: ComputeRouter
1951 version: v1beta1
1952 group: compute.cnrm.cloud.google.com
1953 parent: true
1954 - tfField: vpn_tunnel
1955 key: vpnTunnelRef
1956 gvk:
1957 kind: ComputeVPNTunnel
1958 version: v1beta1
1959 group: compute.cnrm.cloud.google.com
1960 targetField: self_link
1961 - tfField: interconnect_attachment
1962 key: interconnectAttachmentRef
1963 gvk:
1964 kind: ComputeInterconnectAttachment
1965 version: v1beta1
1966 group: compute.cnrm.cloud.google.com
1967 - tfField: private_ip_address
1968 key: privateIpAddressRef
1969 gvk:
1970 kind: ComputeAddress
1971 version: v1beta1
1972 group: compute.cnrm.cloud.google.com
1973 targetField: address
1974 - tfField: redundant_interface
1975 description: |-
1976 The interface the BGP peer is associated with.
1977 key: redundantInterfaceRef
1978 gvk:
1979 kind: ComputeRouterInterface
1980 version: v1beta1
1981 group: compute.cnrm.cloud.google.com
1982 - tfField: subnetwork
1983 key: subnetworkRef
1984 gvk:
1985 kind: ComputeSubnetwork
1986 version: v1beta1
1987 group: compute.cnrm.cloud.google.com
1988 targetField: self_link
1989 containers:
1990 - type: project
1991 tfField: project
1992 - name: google_compute_router_nat
1993 kind: ComputeRouterNAT
1994 metadataMapping:
1995 name: name
1996 resourceID:
1997 targetField: name
1998 idTemplate: "projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}"
1999 # sub-fields of Router that don't actually have a URL
2000 idTemplateCanBeUsedToMatchResourceName: false
2001 resourceAvailableInAssetInventory: false
2002 resourceReferences:
2003 - tfField: router
2004 description: |-
2005 The Cloud Router in which this NAT will be configured.
2006 key: routerRef
2007 gvk:
2008 kind: ComputeRouter
2009 version: v1beta1
2010 group: compute.cnrm.cloud.google.com
2011 parent: true
2012 - tfField: subnetwork.name
2013 description: |-
2014 The subnetwork to NAT.
2015 key: subnetworkRef
2016 gvk:
2017 kind: ComputeSubnetwork
2018 version: v1beta1
2019 group: compute.cnrm.cloud.google.com
2020 targetField: self_link
2021 - tfField: nat_ips
2022 description: |-
2023 NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
2024 gvk:
2025 kind: ComputeAddress
2026 version: v1beta1
2027 group: compute.cnrm.cloud.google.com
2028 targetField: self_link
2029 - tfField: drain_nat_ips
2030 description: |-
2031 A list of IP resources to be drained. These IPs must be valid
2032 static external IPs that have been assigned to the NAT.
2033 gvk:
2034 kind: ComputeAddress
2035 version: v1beta1
2036 group: compute.cnrm.cloud.google.com
2037 targetField: self_link
2038 - tfField: rules.action.source_nat_active_ips
2039 key: sourceNatActiveIpsRefs
2040 description: |-
2041 A list of URLs of the IP resources used for this NAT rule. These IP
2042 addresses must be valid static external IP addresses assigned to the
2043 project. This field is used for public NAT.
2044 gvk:
2045 kind: ComputeAddress
2046 version: v1beta1
2047 group: compute.cnrm.cloud.google.com
2048 targetField: self_link
2049 - tfField: rules.action.source_nat_drain_ips
2050 key: sourceNatDrainIpsRefs
2051 description: |-
2052 A list of URLs of the IP resources to be drained. These IPs must be
2053 valid static external IPs that have been assigned to the NAT. These
2054 IPs should be used for updating/patching a NAT rule only. This field
2055 is used for public NAT.
2056 gvk:
2057 kind: ComputeAddress
2058 version: v1beta1
2059 group: compute.cnrm.cloud.google.com
2060 targetField: self_link
2061 containers:
2062 - type: project
2063 tfField: project
2064 - name: google_compute_router_peer
2065 kind: ComputeRouterPeer
2066 metadataMapping:
2067 name: name
2068 resourceID:
2069 targetField: name
2070 idTemplate: "projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}"
2071 # sub-fields of Router that don't actually have a URL
2072 idTemplateCanBeUsedToMatchResourceName: false
2073 resourceAvailableInAssetInventory: false
2074 resourceReferences:
2075 - tfField: router
2076 description: |-
2077 The Cloud Router in which this BGP peer will be configured.
2078 key: routerRef
2079 gvk:
2080 kind: ComputeRouter
2081 version: v1beta1
2082 group: compute.cnrm.cloud.google.com
2083 parent: true
2084 - tfField: interface
2085 description: |-
2086 The interface the BGP peer is associated with.
2087 key: routerInterfaceRef
2088 gvk:
2089 kind: ComputeRouterInterface
2090 version: v1beta1
2091 group: compute.cnrm.cloud.google.com
2092 # Preemptively converting to a resource reference despite the lack of a known type,
2093 # as IP addresses should eventually at minimum be able to reference a Kubernetes
2094 # Service or Endpoint.
2095 #
2096 # Note that references to ComputeAddress are invalid
2097 # due to ComputeRouterPeer only allowing
2098 # IPs in the 169.254.0.0/16 local-link range, which is an invalid
2099 # ComputeAddress and subnetwork range for GCP.
2100 - tfField: ip_address
2101 types:
2102 - key: external
2103 jsonSchemaType: string
2104 description: |-
2105 IP address of the interface inside Google Cloud Platform.
2106 Only IPv4 is supported.
2107 - key: routerApplianceInstanceRef
2108 tfField: router_appliance_instance
2109 description: |-
2110 The URI of the VM instance that is used as third-party router
2111 appliances such as Next Gen Firewalls, Virtual Routers, or Router
2112 Appliances. The VM instance must be located in zones contained in
2113 the same region as this Cloud Router. The VM instance is the peer
2114 side of the BGP session.
2115 gvk:
2116 kind: ComputeInstance
2117 version: v1beta1
2118 group: compute.cnrm.cloud.google.com
2119 targetField: self_link
2120 containers:
2121 - type: project
2122 tfField: project
2123 - name: google_compute_security_policy
2124 kind: ComputeSecurityPolicy
2125 idTemplate: "projects/{{project}}/global/securityPolicies/{{name}}"
2126 idTemplateCanBeUsedToMatchResourceName: true
2127 resourceAvailableInAssetInventory: true
2128 metadataMapping:
2129 name: name
2130 resourceID:
2131 targetField: name
2132 resourceReferences:
2133 - tfField: recaptcha_options_config.redirect_site_key
2134 description: |-
2135 A field to supply a reCAPTCHA site key to be used for all the rules
2136 using the redirect action with the type of GOOGLE_RECAPTCHA under
2137 the security policy. The specified site key needs to be created from
2138 the reCAPTCHA API. The user is responsible for the validity of the
2139 specified site key. If not specified, a Google-managed site key is
2140 used.
2141 key: redirectSiteKeyRef
2142 gvk:
2143 kind: RecaptchaEnterpriseKey
2144 version: v1beta1
2145 group: recaptchaenterprise.cnrm.cloud.google.com
2146 targetField: name
2147 dclBasedResource: true
2148 containers:
2149 - type: project
2150 tfField: project
2151 - name: google_compute_shared_vpc_host_project
2152 kind: ComputeSharedVPCHostProject
2153 idTemplate: "{{project}}"
2154 # resource is a compute API request, doesn't have a URL
2155 idTemplateCanBeUsedToMatchResourceName: false
2156 resourceAvailableInAssetInventory: false
2157 containers:
2158 - type: project
2159 tfField: project
2160 - name: google_compute_shared_vpc_service_project
2161 kind: ComputeSharedVPCServiceProject
2162 idTemplate: "{{host_project}}/{{service_project}}"
2163 # resource is a compute API request, doesn't have a URL
2164 idTemplateCanBeUsedToMatchResourceName: false
2165 resourceAvailableInAssetInventory: false
2166 resourceReferences:
2167 - tfField: service_project
2168 key: projectRef
2169 gvk:
2170 kind: Project
2171 version: v1beta1
2172 group: resourcemanager.cnrm.cloud.google.com
2173 containers:
2174 - type: project
2175 tfField: host_project
2176 - name: google_compute_snapshot
2177 kind: ComputeSnapshot
2178 metadataMapping:
2179 name: name
2180 labels: labels
2181 resourceID:
2182 targetField: name
2183 idTemplate: "projects/{{project}}/global/snapshots/{{name}}"
2184 idTemplateCanBeUsedToMatchResourceName: true
2185 resourceAvailableInAssetInventory: true
2186 resourceReferences:
2187 - key: sourceDiskRef
2188 tfField: source_disk
2189 description: |-
2190 A reference to the disk used to create this snapshot.
2191 gvk:
2192 kind: ComputeDisk
2193 version: v1beta1
2194 group: compute.cnrm.cloud.google.com
2195 - key: kmsKeyRef
2196 tfField: snapshot_encryption_key.kms_key_self_link
2197 description: |-
2198 The encryption key that is stored in Google Cloud KMS.
2199 targetField: self_link
2200 gvk:
2201 kind: KMSCryptoKey
2202 version: v1beta1
2203 group: kms.cnrm.cloud.google.com
2204 - tfField: snapshot_encryption_key.kms_key_service_account
2205 description: |-
2206 The service account used for the encryption request for the given KMS key.
2207 If absent, the Compute Engine Service Agent service account is used.
2208 key: kmsKeyServiceAccountRef
2209 gvk:
2210 kind: IAMServiceAccount
2211 version: v1beta1
2212 group: iam.cnrm.cloud.google.com
2213 targetField: email
2214 - tfField: source_disk_encryption_key.kms_key_service_account
2215 description: |-
2216 The service account used for the encryption request for the given KMS key.
2217 If absent, the Compute Engine Service Agent service account is used.
2218 key: kmsKeyServiceAccountRef
2219 gvk:
2220 kind: IAMServiceAccount
2221 version: v1beta1
2222 group: iam.cnrm.cloud.google.com
2223 targetField: email
2224 containers:
2225 - type: project
2226 tfField: project
2227 iamConfig:
2228 policyName: google_compute_snapshot_iam_policy
2229 policyMemberName: google_compute_snapshot_iam_member
2230 referenceField:
2231 name: name
2232 type: name
2233 supportsConditions: false
2234 - name: google_compute_ssl_certificate
2235 kind: ComputeSSLCertificate
2236 metadataMapping:
2237 name: name
2238 resourceID:
2239 targetField: name
2240 idTemplate: "projects/{{project}}/global/sslCertificates/{{name}}"
2241 idTemplateCanBeUsedToMatchResourceName: true
2242 resourceAvailableInAssetInventory: true
2243 locationality: global
2244 reconciliationIntervalInSeconds: 0
2245 ignoredFields:
2246 - name_prefix
2247 containers:
2248 - type: project
2249 tfField: project
2250 - name: google_compute_ssl_policy
2251 kind: ComputeSSLPolicy
2252 metadataMapping:
2253 name: name
2254 resourceID:
2255 targetField: name
2256 idTemplate: "projects/{{project}}/global/sslPolicies/{{name}}"
2257 idTemplateCanBeUsedToMatchResourceName: true
2258 resourceAvailableInAssetInventory: true
2259 containers:
2260 - type: project
2261 tfField: project
2262 - name: google_compute_subnetwork
2263 kind: ComputeSubnetwork
2264 metadataMapping:
2265 name: name
2266 resourceID:
2267 targetField: name
2268 iamConfig:
2269 policyName: google_compute_subnetwork_iam_policy
2270 policyMemberName: google_compute_subnetwork_iam_member
2271 referenceField:
2272 name: subnetwork
2273 type: name
2274 supportsConditions: true
2275 idTemplate: "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}"
2276 idTemplateCanBeUsedToMatchResourceName: true
2277 resourceAvailableInAssetInventory: true
2278 resourceReferences:
2279 - key: networkRef
2280 description: |-
2281 The network this subnet belongs to. Only networks that are in the
2282 distributed mode can have subnetworks.
2283 tfField: network
2284 gvk:
2285 kind: ComputeNetwork
2286 version: v1beta1
2287 group: compute.cnrm.cloud.google.com
2288 targetField: self_link
2289 containers:
2290 - type: project
2291 tfField: project
2292 - name: google_compute_target_grpc_proxy
2293 kind: ComputeTargetGRPCProxy
2294 metadataMapping:
2295 name: name
2296 resourceID:
2297 targetField: name
2298 idTemplate: "projects/{{project}}/global/targetGrpcProxies/{{name}}"
2299 idTemplateCanBeUsedToMatchResourceName: true
2300 resourceAvailableInAssetInventory: false
2301 resourceReferences:
2302 - key: urlMapRef
2303 description: |-
2304 The UrlMap resource that defines the mapping from URL to the BackendService.
2305 The protocol field in the BackendService must be set to GRPC.
2306 tfField: url_map
2307 gvk:
2308 kind: ComputeURLMap
2309 version: v1beta1
2310 group: compute.cnrm.cloud.google.com
2311 targetField: self_link
2312 containers:
2313 - type: project
2314 tfField: project
2315 - name: google_compute_target_http_proxy
2316 kind: ComputeTargetHTTPProxy
2317 metadataMapping:
2318 name: name
2319 resourceID:
2320 targetField: name
2321 locationality: global
2322 idTemplate: "projects/{{project}}/global/targetHttpProxies/{{name}}"
2323 idTemplateCanBeUsedToMatchResourceName: true
2324 resourceAvailableInAssetInventory: true
2325 resourceReferences:
2326 - key: urlMapRef
2327 tfField: url_map
2328 description: |-
2329 A reference to the ComputeURLMap resource that defines the mapping
2330 from URL to the BackendService.
2331 gvk:
2332 kind: ComputeURLMap
2333 version: v1beta1
2334 group: compute.cnrm.cloud.google.com
2335 targetField: self_link
2336 containers:
2337 - type: project
2338 tfField: project
2339 - name: google_compute_target_https_proxy
2340 kind: ComputeTargetHTTPSProxy
2341 metadataMapping:
2342 name: name
2343 resourceID:
2344 targetField: name
2345 locationality: global
2346 idTemplate: "projects/{{project}}/global/targetHttpsProxies/{{name}}"
2347 idTemplateCanBeUsedToMatchResourceName: true
2348 resourceAvailableInAssetInventory: true
2349 resourceReferences:
2350 - key: urlMapRef
2351 tfField: url_map
2352 description: |-
2353 A reference to the ComputeURLMap resource that defines the mapping
2354 from URL to the BackendService.
2355 gvk:
2356 kind: ComputeURLMap
2357 version: v1beta1
2358 group: compute.cnrm.cloud.google.com
2359 targetField: self_link
2360 - tfField: ssl_certificates
2361 description: |-
2362 A list of ComputeSSLCertificate resources that are used to
2363 authenticate connections between users and the load balancer. At
2364 least one SSL certificate must be specified.
2365 gvk:
2366 kind: ComputeSSLCertificate
2367 version: v1beta1
2368 group: compute.cnrm.cloud.google.com
2369 targetField: self_link
2370 - key: sslPolicyRef
2371 tfField: ssl_policy
2372 description: |-
2373 A reference to the ComputeSSLPolicy resource that will be
2374 associated with the ComputeTargetHTTPSProxy resource. If not set,
2375 the ComputeTargetHTTPSProxy resource will not have any SSL policy
2376 configured.
2377 gvk:
2378 kind: ComputeSSLPolicy
2379 version: v1beta1
2380 group: compute.cnrm.cloud.google.com
2381 targetField: self_link
2382 - key: certificateMapRef
2383 tfField: certificate_map
2384 # TODO (b/203667132): Fix the reference config after CertificateManagerCertificateMap is supported.
2385 description: |-
2386 Only the `external` field is supported to configure the reference.
2387
2388 A reference to the CertificateMap resource uri that identifies a
2389 certificate map associated with the given target proxy. This field
2390 can only be set for global target proxies.
2391 gvk:
2392 kind: CertificateManagerCertificateMap
2393 version: v1beta1
2394 group: certificatemanager.cnrm.cloud.google.com
2395 valueTemplate: "//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}"
2396 containers:
2397 - type: project
2398 tfField: project
2399 - name: google_compute_target_instance
2400 kind: ComputeTargetInstance
2401 metadataMapping:
2402 name: name
2403 resourceID:
2404 targetField: name
2405 idTemplate: "projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}"
2406 idTemplateCanBeUsedToMatchResourceName: true
2407 resourceAvailableInAssetInventory: true
2408 resourceReferences:
2409 - key: instanceRef
2410 tfField: instance
2411 description: |-
2412 The ComputeInstance handling traffic for this target instance.
2413 gvk:
2414 kind: ComputeInstance
2415 version: v1beta1
2416 group: compute.cnrm.cloud.google.com
2417 targetField: self_link
2418 - key: networkRef
2419 tfField: network
2420 description: |-
2421 The network this target instance uses to forward
2422 traffic. If not specified, the traffic will be forwarded to the network
2423 that the default network interface belongs to.
2424 gvk:
2425 kind: ComputeNetwork
2426 version: v1beta1
2427 group: compute.cnrm.cloud.google.com
2428 targetField: self_link
2429 containers:
2430 - type: project
2431 tfField: project
2432 - name: google_compute_target_pool
2433 kind: ComputeTargetPool
2434 metadataMapping:
2435 name: name
2436 resourceID:
2437 targetField: name
2438 idTemplate: "projects/{{project}}/regions/{{region}}/targetPools/{{name}}"
2439 idTemplateCanBeUsedToMatchResourceName: true
2440 resourceAvailableInAssetInventory: true
2441 resourceReferences:
2442 - key: backupTargetPoolRef
2443 tfField: backup_pool
2444 targetField: self_link
2445 gvk:
2446 kind: ComputeTargetPool
2447 version: v1beta1
2448 group: compute.cnrm.cloud.google.com
2449 - tfField: instances
2450 gvk:
2451 kind: ComputeInstance
2452 version: v1beta1
2453 group: compute.cnrm.cloud.google.com
2454 targetField: self_link
2455 - tfField: health_checks
2456 types:
2457 - key: httpHealthCheckRef
2458 gvk:
2459 kind: ComputeHTTPHealthCheck
2460 version: v1beta1
2461 group: compute.cnrm.cloud.google.com
2462 targetField: self_link
2463 containers:
2464 - type: project
2465 tfField: project
2466 - name: google_compute_target_ssl_proxy
2467 kind: ComputeTargetSSLProxy
2468 metadataMapping:
2469 name: name
2470 resourceID:
2471 targetField: name
2472 idTemplate: "projects/{{project}}/global/targetSslProxies/{{name}}"
2473 idTemplateCanBeUsedToMatchResourceName: true
2474 resourceReferences:
2475 - key: backendServiceRef
2476 tfField: backend_service
2477 description: |-
2478 A reference to the ComputeBackendService resource.
2479 gvk:
2480 kind: ComputeBackendService
2481 version: v1beta1
2482 group: compute.cnrm.cloud.google.com
2483 targetField: self_link
2484 - tfField: ssl_certificates
2485 description: |-
2486 A list of ComputeSSLCertificate resources that are used to
2487 authenticate connections between users and the load balancer.
2488 Currently, exactly one SSL certificate must be specified.
2489 gvk:
2490 kind: ComputeSSLCertificate
2491 version: v1beta1
2492 group: compute.cnrm.cloud.google.com
2493 targetField: self_link
2494 - key: sslPolicyRef
2495 tfField: ssl_policy
2496 description: |-
2497 A reference to the ComputeSSLPolicy resource that will be
2498 associated with the TargetSslProxy resource. If not set, the
2499 ComputeTargetSSLProxy resource will not have any SSL policy
2500 configured.
2501 gvk:
2502 kind: ComputeSSLPolicy
2503 version: v1beta1
2504 group: compute.cnrm.cloud.google.com
2505 targetField: self_link
2506 - tfField: certificate_map
2507 description: |-
2508 Only `external` field is supported to configure the reference.
2509
2510 A reference to the CertificateMap resource uri that identifies a
2511 certificate map associated with the given target proxy. This
2512 field can only be set for global target proxies. Accepted format is
2513 '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.
2514 gvk:
2515 kind: CertificateManagerCertificateMap
2516 version: v1beta1
2517 group: certificatemanager.cnrm.cloud.google.com
2518 key: certificateMapRef
2519 containers:
2520 - type: project
2521 tfField: project
2522 - name: google_compute_target_tcp_proxy
2523 kind: ComputeTargetTCPProxy
2524 metadataMapping:
2525 name: name
2526 resourceID:
2527 targetField: name
2528 idTemplate: "projects/{{project}}/global/targetTcpProxies/{{name}}"
2529 idTemplateCanBeUsedToMatchResourceName: true
2530 resourceAvailableInAssetInventory: true
2531 resourceReferences:
2532 - key: backendServiceRef
2533 description: |-
2534 A reference to the ComputeBackendService resource.
2535 tfField: backend_service
2536 gvk:
2537 kind: ComputeBackendService
2538 version: v1beta1
2539 group: compute.cnrm.cloud.google.com
2540 targetField: self_link
2541 containers:
2542 - type: project
2543 tfField: project
2544 - name: google_compute_url_map
2545 kind: ComputeURLMap
2546 metadataMapping:
2547 name: name
2548 resourceID:
2549 targetField: name
2550 locationality: global
2551 idTemplate: "projects/{{project}}/global/urlMaps/{{name}}"
2552 idTemplateCanBeUsedToMatchResourceName: true
2553 resourceAvailableInAssetInventory: true
2554 resourceReferences:
2555 - tfField: default_service
2556 description: |-
2557 The defaultService resource to which traffic is directed if none of
2558 the hostRules match.
2559 For the Global URL Map, it should be a reference to the backend
2560 service or backend bucket.
2561 For the Regional URL Map, it should be a reference to the backend
2562 service.
2563 If defaultRouteAction is additionally specified, advanced routing
2564 actions like URL Rewrites, etc. take effect prior to sending the
2565 request to the backend. However, if defaultService is specified,
2566 defaultRouteAction cannot contain any weightedBackendServices.
2567 Conversely, if routeAction specifies any weightedBackendServices,
2568 service must not be specified. Only one of defaultService,
2569 defaultUrlRedirect or defaultRouteAction.weightedBackendService
2570 must be set.
2571 types:
2572 - key: backendServiceRef
2573 gvk:
2574 kind: ComputeBackendService
2575 version: v1beta1
2576 group: compute.cnrm.cloud.google.com
2577 targetField: self_link
2578 - key: backendBucketRef
2579 gvk:
2580 kind: ComputeBackendBucket
2581 version: v1beta1
2582 group: compute.cnrm.cloud.google.com
2583 targetField: self_link
2584 - tfField: default_route_action.request_mirror_policy.backend_service
2585 key: backendServiceRef
2586 description: |-
2587 The backend service resource being mirrored to.
2588 The backend service configured for a mirroring policy must reference
2589 backends that are of the same type as the original backend service
2590 matched in the URL map.
2591 Serverless NEG backends are not currently supported as a mirrored
2592 backend service.
2593 gvk:
2594 group: compute.cnrm.cloud.google.com
2595 version: v1beta1
2596 kind: ComputeBackendService
2597 targetField: self_link
2598 - tfField: default_route_action.weighted_backend_services.backend_service
2599 key: backendServiceRef
2600 description: |-
2601 The default backend service resource.
2602 Before forwarding the request to backendService, the loadbalancer
2603 applies any relevant headerActions specified as part of this
2604 backendServiceWeight.
2605 gvk:
2606 group: compute.cnrm.cloud.google.com
2607 version: v1beta1
2608 kind: ComputeBackendService
2609 targetField: self_link
2610 - tfField: path_matcher.default_service
2611 description: |-
2612 The default service to use if none of the pathRules defined by this
2613 PathMatcher is matched by the URL's path portion.
2614 For the Global URL Map, it should be a reference to the backend
2615 service or backend bucket.
2616 For the Regional URL Map, it should be a reference to the backend
2617 service.
2618 types:
2619 - key: backendServiceRef
2620 gvk:
2621 kind: ComputeBackendService
2622 version: v1beta1
2623 group: compute.cnrm.cloud.google.com
2624 targetField: self_link
2625 - key: backendBucketRef
2626 gvk:
2627 kind: ComputeBackendBucket
2628 version: v1beta1
2629 group: compute.cnrm.cloud.google.com
2630 targetField: self_link
2631 - tfField: path_matcher.default_route_action.request_mirror_policy.backend_service
2632 key: backendServiceRef
2633 description: |-
2634 Required. The backend service resource being mirrored to.
2635 gvk:
2636 group: compute.cnrm.cloud.google.com
2637 version: v1beta1
2638 kind: ComputeBackendService
2639 targetField: self_link
2640 - tfField: path_matcher.default_route_action.weighted_backend_services.backend_service
2641 key: backendServiceRef
2642 description: |-
2643 The default backend service resource.
2644 Before forwarding the request to backendService, the loadbalancer
2645 applies any relevant headerActions specified as part of this
2646 backendServiceWeight.
2647 gvk:
2648 group: compute.cnrm.cloud.google.com
2649 version: v1beta1
2650 kind: ComputeBackendService
2651 targetField: self_link
2652 - tfField: path_matcher.path_rule.service
2653 description: |-
2654 The backend service to which traffic is directed if this rule is
2655 matched.
2656 For the Global URL Map, it should be a reference to the backend
2657 service or backend bucket.
2658 For the Regional URL Map, it should be a reference to the backend
2659 service.
2660 If routeAction is additionally specified, advanced routing actions
2661 like URL Rewrites, etc. take effect prior to sending the request to
2662 the backend. However, if service is specified, routeAction cannot
2663 contain any weightedBackendServices. Conversely, if routeAction
2664 specifies any weightedBackendServices, service must not be
2665 specified. Only one of urlRedirect, service or
2666 routeAction.weightedBackendService must be set.
2667 types:
2668 - key: backendServiceRef
2669 gvk:
2670 kind: ComputeBackendService
2671 version: v1beta1
2672 group: compute.cnrm.cloud.google.com
2673 targetField: self_link
2674 - key: backendBucketRef
2675 gvk:
2676 kind: ComputeBackendBucket
2677 version: v1beta1
2678 group: compute.cnrm.cloud.google.com
2679 targetField: self_link
2680 - tfField: path_matcher.path_rule.route_action.request_mirror_policy.backend_service
2681 key: backendServiceRef
2682 description: |-
2683 Required. The backend service resource being mirrored to.
2684 gvk:
2685 group: compute.cnrm.cloud.google.com
2686 version: v1beta1
2687 kind: ComputeBackendService
2688 targetField: self_link
2689 - tfField: path_matcher.path_rule.route_action.weighted_backend_services.backend_service
2690 description: |-
2691 Required. The default backend service resource. Before forwarding
2692 the request to backendService, the loadbalancer applies any relevant
2693 headerActions specified as part of this backendServiceWeight.
2694 key: backendServiceRef
2695 gvk:
2696 kind: ComputeBackendService
2697 version: v1beta1
2698 group: compute.cnrm.cloud.google.com
2699 targetField: self_link
2700 - tfField: path_matcher.route_rules.route_action.request_mirror_policy.backend_service
2701 key: backendServiceRef
2702 description: |-
2703 Required. The backend service resource being mirrored to.
2704 gvk:
2705 group: compute.cnrm.cloud.google.com
2706 version: v1beta1
2707 kind: ComputeBackendService
2708 targetField: self_link
2709 - tfField: path_matcher.route_rules.route_action.weighted_backend_services.backend_service
2710 description: |-
2711 Required. The default backend service resource. Before forwarding
2712 the request to backendService, the loadbalancer applies any relevant
2713 headerActions specified as part of this backendServiceWeight.
2714 key: backendServiceRef
2715 gvk:
2716 kind: ComputeBackendService
2717 version: v1beta1
2718 group: compute.cnrm.cloud.google.com
2719 targetField: self_link
2720 - tfField: test.service
2721 description: |-
2722 The backend service resource that should be matched by this test.
2723 For the Global URL Map, it should be a reference to the backend
2724 service or backend bucket.
2725 For the Regional URL Map, it should be a reference to the backend
2726 service.
2727 types:
2728 - key: backendServiceRef
2729 gvk:
2730 kind: ComputeBackendService
2731 version: v1beta1
2732 group: compute.cnrm.cloud.google.com
2733 targetField: self_link
2734 - key: backendBucketRef
2735 gvk:
2736 kind: ComputeBackendBucket
2737 version: v1beta1
2738 group: compute.cnrm.cloud.google.com
2739 targetField: self_link
2740 containers:
2741 - type: project
2742 tfField: project
2743 - name: google_compute_vpn_gateway
2744 kind: ComputeTargetVPNGateway
2745 metadataMapping:
2746 name: name
2747 resourceID:
2748 targetField: name
2749 idTemplate: "projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}"
2750 idTemplateCanBeUsedToMatchResourceName: true
2751 resourceAvailableInAssetInventory: true
2752 resourceReferences:
2753 - key: networkRef
2754 tfField: network
2755 description: |-
2756 The network this VPN gateway is accepting traffic for.
2757 gvk:
2758 kind: ComputeNetwork
2759 version: v1beta1
2760 group: compute.cnrm.cloud.google.com
2761 targetField: self_link
2762 containers:
2763 - type: project
2764 tfField: project
2765 - name: google_compute_vpn_tunnel
2766 kind: ComputeVPNTunnel
2767 idTemplate: "projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}"
2768 idTemplateCanBeUsedToMatchResourceName: true
2769 resourceAvailableInAssetInventory: true
2770 metadataMapping:
2771 name: name
2772 labels: labels
2773 resourceID:
2774 targetField: name
2775 resourceReferences:
2776 - tfField: target_vpn_gateway
2777 description: |-
2778 The ComputeTargetVPNGateway with which this VPN tunnel is
2779 associated.
2780 key: targetVPNGatewayRef
2781 gvk:
2782 kind: ComputeTargetVPNGateway
2783 version: v1beta1
2784 group: compute.cnrm.cloud.google.com
2785 targetField: self_link
2786 - tfField: vpn_gateway
2787 description: |-
2788 The ComputeVPNGateway with which this VPN tunnel is associated.
2789 This must be used if a High Availability VPN gateway resource is
2790 created.
2791 key: vpnGatewayRef
2792 gvk:
2793 kind: ComputeVPNGateway
2794 version: v1beta1
2795 group: compute.cnrm.cloud.google.com
2796 targetField: self_link
2797 - tfField: peer_external_gateway
2798 description: |-
2799 The peer side external VPN gateway to which this VPN tunnel
2800 is connected.
2801 key: peerExternalGatewayRef
2802 gvk:
2803 kind: ComputeExternalVPNGateway
2804 version: v1beta1
2805 group: compute.cnrm.cloud.google.com
2806 targetField: self_link
2807 - tfField: peer_gcp_gateway
2808 description: |-
2809 The peer side HA GCP VPN gateway to which this VPN tunnel is
2810 connected. If provided, the VPN tunnel will automatically use the
2811 same VPN gateway interface ID in the peer GCP VPN gateway.
2812 key: peerGCPGatewayRef
2813 gvk:
2814 kind: ComputeVPNGateway
2815 version: v1beta1
2816 group: compute.cnrm.cloud.google.com
2817 targetField: self_link
2818 - tfField: router
2819 description: |-
2820 The router to be used for dynamic routing.
2821 key: routerRef
2822 gvk:
2823 kind: ComputeRouter
2824 version: v1beta1
2825 group: compute.cnrm.cloud.google.com
2826 targetField: self_link
2827 containers:
2828 - type: project
2829 tfField: project
View as plain text