Skip to content

googleNetworkManagementConnectivityTest

A connectivity test are a static analysis of your resource configurations that enables you to evaluate connectivity to and from Google Cloud resources in your Virtual Private Cloud (VPC) network.

To get more information about ConnectivityTest, see:

Open in Cloud Shell

Example Usage - Network Management Connectivity Test Instances

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkVpc = new google.computeNetwork.ComputeNetwork(
  this,
  "vpc",
  {
    name: "conn-test-net",
  }
);
const dataGoogleComputeImageDebian9 =
  new google.dataGoogleComputeImage.DataGoogleComputeImage(this, "debian_9", {
    family: "debian-11",
    project: "debian-cloud",
  });
const googleComputeInstanceDestination =
  new google.computeInstance.ComputeInstance(this, "destination", {
    boot_disk: [
      {
        initialize_params: [
          {
            image: dataGoogleComputeImageDebian9.id,
          },
        ],
      },
    ],
    machine_type: "e2-medium",
    name: "dest-vm",
    network_interface: [
      {
        access_config: [{}],
        network: googleComputeNetworkVpc.id,
      },
    ],
  });
const googleComputeInstanceSource = new google.computeInstance.ComputeInstance(
  this,
  "source",
  {
    boot_disk: [
      {
        initialize_params: [
          {
            image: dataGoogleComputeImageDebian9.id,
          },
        ],
      },
    ],
    machine_type: "e2-medium",
    name: "source-vm",
    network_interface: [
      {
        access_config: [{}],
        network: googleComputeNetworkVpc.id,
      },
    ],
  }
);
new google.networkManagementConnectivityTest.NetworkManagementConnectivityTest(
  this,
  "instance-test",
  {
    destination: [
      {
        instance: googleComputeInstanceDestination.id,
      },
    ],
    name: "conn-test-instances",
    protocol: "TCP",
    source: [
      {
        instance: googleComputeInstanceSource.id,
      },
    ],
  }
);
Open in Cloud Shell

Example Usage - Network Management Connectivity Test Addresses

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkVpc = new google.computeNetwork.ComputeNetwork(
  this,
  "vpc",
  {
    name: "connectivity-vpc",
  }
);
const googleComputeSubnetworkSubnet =
  new google.computeSubnetwork.ComputeSubnetwork(this, "subnet", {
    ip_cidr_range: "10.0.0.0/16",
    name: "connectivity-vpc-subnet",
    network: googleComputeNetworkVpc.id,
    region: "us-central1",
  });
const googleComputeAddressDestAddr = new google.computeAddress.ComputeAddress(
  this,
  "dest-addr",
  {
    address: "10.0.43.43",
    address_type: "INTERNAL",
    name: "dest-addr",
    region: "us-central1",
    subnetwork: googleComputeSubnetworkSubnet.id,
  }
);
const googleComputeAddressSourceAddr = new google.computeAddress.ComputeAddress(
  this,
  "source-addr",
  {
    address: "10.0.42.42",
    address_type: "INTERNAL",
    name: "src-addr",
    region: "us-central1",
    subnetwork: googleComputeSubnetworkSubnet.id,
  }
);
new google.networkManagementConnectivityTest.NetworkManagementConnectivityTest(
  this,
  "address-test",
  {
    destination: [
      {
        ip_address: googleComputeAddressDestAddr.address,
        network: googleComputeNetworkVpc.id,
        project_id: googleComputeAddressDestAddr.project,
      },
    ],
    name: "conn-test-addr",
    protocol: "UDP",
    source: [
      {
        ip_address: googleComputeAddressSourceAddr.address,
        network: googleComputeNetworkVpc.id,
        network_type: "GCP_NETWORK",
        project_id: googleComputeAddressSourceAddr.project,
      },
    ],
  }
);

Argument Reference

The following arguments are supported:

  • name - (Required) Unique name for the connectivity test.

  • source - (Required) Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test. Structure is documented below.

  • destination - (Required) Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test. Structure is documented below.

The source block supports:

  • ipAddress - (Optional) The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a global load balancer VIP.

  • port - (Optional) The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.

  • instance - (Optional) A Compute Engine instance URI.

  • network - (Optional) A Compute Engine network URI.

  • networkType - (Optional) Type of the network where the endpoint is located. Possible values are gcpNetwork and nonGcpNetwork.

  • projectId - (Optional) Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID:

    1. Only the IP address is specified, and the IP address is within a GCP project.
    2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.

The destination block supports:

  • ipAddress - (Optional) The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a global load balancer VIP.

  • port - (Optional) The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.

  • instance - (Optional) A Compute Engine instance URI.

  • network - (Optional) A Compute Engine network URI.

  • projectId - (Optional) Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID:

    1. Only the IP address is specified, and the IP address is within a GCP project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.

  • description - (Optional) The user-supplied description of the Connectivity Test. Maximum of 512 characters.

  • protocol - (Optional) IP Protocol of the test. When not provided, "TCP" is assumed.

  • relatedProjects - (Optional) Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries.

  • labels - (Optional) Resource labels to represent user-provided metadata.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/global/connectivityTests/{{name}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

ConnectivityTest can be imported using any of these accepted formats:

$ terraform import google_network_management_connectivity_test.default projects/{{project}}/locations/global/connectivityTests/{{name}}
$ terraform import google_network_management_connectivity_test.default {{project}}/{{name}}
$ terraform import google_network_management_connectivity_test.default {{name}}

User Project Overrides

This resource supports User Project Overrides.