Skip to content

Latest commit

 

History

History
102 lines (62 loc) · 4.65 KB

google_compute_vpn_tunnel.md

File metadata and controls

102 lines (62 loc) · 4.65 KB
Raw
title platform
About the google_compute_vpn_tunnel resource
gcp

Syntax

A google_compute_vpn_tunnel is used to test a Google VpnTunnel resource

Beta Resource

This resource has beta fields available. To retrieve these fields, include beta: true in the constructor for the resource

Examples

describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-vpn-tunnel') do
  it { should exist }
  its('peer_ip') { should eq '15.0.0.120' }
end

describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do
  it { should_not exist }
end

Test that a GCP compute vpn_tunnel exists

describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do
  it { should exist }
end

Test when a GCP compute vpn_tunnel was created

describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do
  its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
end

Test for an expected vpn_tunnel identifier

describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do
  its('id') { should eq 12345567789 }
end

Test that a vpn_tunnel peer address is as expected

describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do
  its('peer_ip') { should eq "123.123.123.123" }
end

Test that a vpn_tunnel status is as expected

describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn_tunnel') do
  its('status') { should eq "ESTABLISHED" }
end

Properties

Properties that can be accessed from the google_compute_vpn_tunnel resource:

  • id: The unique identifier for the resource. This identifier is defined by the server.

  • creation_timestamp: Creation timestamp in RFC3339 text format.

  • name: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

  • description: An optional description of this resource.

  • target_vpn_gateway: URL of the Target VPN gateway with which this VPN tunnel is associated.

  • vpn_gateway: URL of the VPN gateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created.

  • vpn_gateway_interface: The interface ID of the VPN gateway with which this VPN tunnel is associated.

  • peer_external_gateway: URL of the peer side external VPN gateway to which this VPN tunnel is connected.

  • peer_external_gateway_interface: The interface ID of the external VPN gateway to which this VPN tunnel is connected.

  • peer_gcp_gateway: URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same vpn_gateway_interface ID in the peer GCP VPN gateway.

  • router: URL of router resource to be used for dynamic routing.

  • peer_ip: IP address of the peer VPN gateway. Only IPv4 is supported.

  • shared_secret: Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

  • shared_secret_hash: Hash of the shared secret.

  • ike_version: IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.

  • local_traffic_selector: Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.

  • remote_traffic_selector: Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.

  • labels: (Beta only) Labels to apply to this VpnTunnel.

  • label_fingerprint: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.

  • region: The region where the tunnel is located.

GCP Permissions

Ensure the Compute Engine API is enabled for the current project.