1. Docs
2. Reference
3. API
4. @pulumi/openstack
5. vpnaas

Module vpnaas

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

Resources

• EndpointGroup
• IkePolicy
• IpSecPolicy
• Service
• SiteConnection

Others

• EndpointGroupArgs
• EndpointGroupState
• IkePolicyArgs
• IkePolicyState
• IpSecPolicyArgs
• IpSecPolicyState
• ServiceArgs
• ServiceState
• SiteConnectionArgs
• SiteConnectionState

Resources

Resource EndpointGroup

class EndpointGroup extends CustomResource

Manages a V2 Neutron Endpoint Group resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const group1 = new openstack.vpnaas.EndpointGroup("group1", {
    endpoints: [
        "10.2.0.0/24",
        "10.3.0.0/24",
    ],
    type: "cidr",
});

constructor

new EndpointGroup(name: string, args?: EndpointGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a EndpointGroup resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EndpointGroupState, opts?: pulumi.CustomResourceOptions): EndpointGroup

Get an existing EndpointGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is EndpointGroup

Returns true if the given object is an instance of EndpointGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The human-readable description for the group. Changing this updates the description of the existing group.

property endpoints

public endpoints: pulumi.Output<string[] | undefined>;

List of endpoints of the same type, for the endpoint group. The values will depend on the type. Changing this creates a new group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the group. Changing this updates the name of the existing group.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an endpoint group. If omitted, the region argument of the provider is used. Changing this creates a new group.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the group. Required if admin wants to create an endpoint group for another project. Changing this creates a new group.

property type

public type: pulumi.Output<string>;

The type of the endpoints in the group. A valid value is subnet, cidr, network, router, or vlan. Changing this creates a new group.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource IkePolicy

class IkePolicy extends CustomResource

Manages a V2 Neutron IKE policy resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const policy1 = new openstack.vpnaas.IkePolicy("policy1", {});

constructor

new IkePolicy(name: string, args?: IkePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IkePolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IkePolicyState, opts?: pulumi.CustomResourceOptions): IkePolicy

Get an existing IkePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IkePolicy

Returns true if the given object is an instance of IkePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property authAlgorithm

public authAlgorithm: pulumi.Output<string | undefined>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

public description: pulumi.Output<string | undefined>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encryptionAlgorithm

public encryptionAlgorithm: pulumi.Output<string | undefined>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ikeVersion

public ikeVersion: pulumi.Output<string | undefined>;

The IKE mode. A valid value is v1 or v2. Default is v1. Changing this updates the existing policy.

property lifetimes

public lifetimes: pulumi.Output<IkePolicyLifetime[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

public name: pulumi.Output<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

public pfs: pulumi.Output<string | undefined>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property phase1NegotiationMode

public phase1NegotiationMode: pulumi.Output<string | undefined>;

The IKE mode. A valid value is main, which is the default. Changing this updates the existing policy.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the policy. Required if admin wants to create a service for another policy. Changing this creates a new policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource IpSecPolicy

class IpSecPolicy extends CustomResource

Manages a V2 Neutron IPSec policy resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const policy1 = new openstack.vpnaas.IpSecPolicy("policy1", {});

constructor

new IpSecPolicy(name: string, args?: IpSecPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IpSecPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IpSecPolicyState, opts?: pulumi.CustomResourceOptions): IpSecPolicy

Get an existing IpSecPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IpSecPolicy

Returns true if the given object is an instance of IpSecPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property authAlgorithm

public authAlgorithm: pulumi.Output<string>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

public description: pulumi.Output<string | undefined>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encapsulationMode

public encapsulationMode: pulumi.Output<string>;

The encapsulation mode. Valid values are tunnel and transport. Default is tunnel. Changing this updates the existing policy.

property encryptionAlgorithm

public encryptionAlgorithm: pulumi.Output<string>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lifetimes

public lifetimes: pulumi.Output<IpSecPolicyLifetime[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

public name: pulumi.Output<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

public pfs: pulumi.Output<string>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec policy. If omitted, the region argument of the provider is used. Changing this creates a new policy.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the policy. Required if admin wants to create a policy for another project. Changing this creates a new policy.

property transformProtocol

public transformProtocol: pulumi.Output<string>;

The transform protocol. Valid values are ESP, AH and AH-ESP. Changing this updates the existing policy. Default is ESP.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource Service

class Service extends CustomResource

Manages a V2 Neutron VPN service resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const service1 = new openstack.vpnaas.Service("service1", {
    adminStateUp: true,
    routerId: "14a75700-fc03-4602-9294-26ee44f366b3",
});

constructor

new Service(name: string, args: ServiceArgs, opts?: pulumi.CustomResourceOptions)

Create a Service resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceState, opts?: pulumi.CustomResourceOptions): Service

Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Service

Returns true if the given object is an instance of Service. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminStateUp

public adminStateUp: pulumi.Output<boolean | undefined>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing service.

property description

public description: pulumi.Output<string | undefined>;

The human-readable description for the service. Changing this updates the description of the existing service.

property externalV4Ip

public externalV4Ip: pulumi.Output<string>;

The read-only external (public) IPv4 address that is used for the VPN service.

property externalV6Ip

public externalV6Ip: pulumi.Output<string>;

The read-only external (public) IPv6 address that is used for the VPN service.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the service. Changing this updates the name of the existing service.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property routerId

public routerId: pulumi.Output<string>;

The ID of the router. Changing this creates a new service.

property status

public status: pulumi.Output<string>;

Indicates whether IPsec VPN service is currently operational. Values are ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

property subnetId

public subnetId: pulumi.Output<string | undefined>;

SubnetID is the ID of the subnet. Default is null.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the service. Required if admin wants to create a service for another project. Changing this creates a new service.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

Resource SiteConnection

class SiteConnection extends CustomResource

Manages a V2 Neutron IPSec site connection resource within OpenStack.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const conn1 = new openstack.vpnaas.SiteConnection("conn1", {
    ikepolicyId: openstack_vpnaas_ike_policy_v2_policy_2.id,
    ipsecpolicyId: openstack_vpnaas_ipsec_policy_v2_policy_1.id,
    localEpGroupId: openstack_vpnaas_endpoint_group_v2_group_2.id,
    peerAddress: "192.168.10.1",
    peerEpGroupId: openstack_vpnaas_endpoint_group_v2_group_1.id,
    psk: "secret",
    vpnserviceId: openstack_vpnaas_service_v2_service_1.id,
});

constructor

new SiteConnection(name: string, args: SiteConnectionArgs, opts?: pulumi.CustomResourceOptions)

Create a SiteConnection resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SiteConnectionState, opts?: pulumi.CustomResourceOptions): SiteConnection

Get an existing SiteConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SiteConnection

Returns true if the given object is an instance of SiteConnection. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminStateUp

public adminStateUp: pulumi.Output<boolean | undefined>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing connection.

property description

public description: pulumi.Output<string | undefined>;

The human-readable description for the connection. Changing this updates the description of the existing connection.

property dpds

public dpds: pulumi.Output<SiteConnectionDpd[]>;

A dictionary with dead peer detection (DPD) protocol controls. - action - (Optional) The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ikepolicyId

public ikepolicyId: pulumi.Output<string>;

The ID of the IKE policy. Changing this creates a new connection.

property initiator

public initiator: pulumi.Output<string>;

A valid value is response-only or bi-directional. Default is bi-directional.

property ipsecpolicyId

public ipsecpolicyId: pulumi.Output<string>;

The ID of the IPsec policy. Changing this creates a new connection.

property localEpGroupId

public localEpGroupId: pulumi.Output<string | undefined>;

The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peerEpGroupId parameter unless in backward- compatible mode where peerCidrs is provided with a subnetId for the VPN service. Changing this updates the existing connection.

property localId

public localId: pulumi.Output<string | undefined>;

An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

property mtu

public mtu: pulumi.Output<number>;

The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.

property name

public name: pulumi.Output<string>;

The name of the connection. Changing this updates the name of the existing connection.

property peerAddress

public peerAddress: pulumi.Output<string>;

The peer gateway public IPv4 or IPv6 address or FQDN.

property peerCidrs

public peerCidrs: pulumi.Output<string[] | undefined>;

Unique list of valid peer private CIDRs in the form < netAddress > / < prefix > .

property peerEpGroupId

public peerEpGroupId: pulumi.Output<string | undefined>;

The ID for the endpoint group that contains private CIDRs in the form < netAddress > / < prefix > for the peer side of the connection. You must specify this parameter with the localEpGroupId parameter unless in backward-compatible mode where peerCidrs is provided with a subnetId for the VPN service.

property peerId

public peerId: pulumi.Output<string>;

The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peerAddress value. Changing this updates the existing policy.

property psk

public psk: pulumi.Output<string>;

The pre-shared key. A valid value is any string.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec site connection. If omitted, the region argument of the provider is used. Changing this creates a new site connection.

property tenantId

public tenantId: pulumi.Output<string>;

The owner of the connection. Required if admin wants to create a connection for another project. Changing this creates a new connection.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property valueSpecs

public valueSpecs: pulumi.Output<{[key: string]: any} | undefined>;

Map of additional options.

property vpnserviceId

public vpnserviceId: pulumi.Output<string>;

The ID of the VPN service. Changing this creates a new connection.

Others

interface EndpointGroupArgs

interface EndpointGroupArgs

The set of arguments for constructing a EndpointGroup resource.

property description

description?: pulumi.Input<string>;

The human-readable description for the group. Changing this updates the description of the existing group.

property endpoints

endpoints?: pulumi.Input<pulumi.Input<string>[]>;

List of endpoints of the same type, for the endpoint group. The values will depend on the type. Changing this creates a new group.

property name

name?: pulumi.Input<string>;

The name of the group. Changing this updates the name of the existing group.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an endpoint group. If omitted, the region argument of the provider is used. Changing this creates a new group.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the group. Required if admin wants to create an endpoint group for another project. Changing this creates a new group.

property type

type?: pulumi.Input<string>;

The type of the endpoints in the group. A valid value is subnet, cidr, network, router, or vlan. Changing this creates a new group.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface EndpointGroupState

interface EndpointGroupState

Input properties used for looking up and filtering EndpointGroup resources.

property description

description?: pulumi.Input<string>;

The human-readable description for the group. Changing this updates the description of the existing group.

property endpoints

endpoints?: pulumi.Input<pulumi.Input<string>[]>;

List of endpoints of the same type, for the endpoint group. The values will depend on the type. Changing this creates a new group.

property name

name?: pulumi.Input<string>;

The name of the group. Changing this updates the name of the existing group.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an endpoint group. If omitted, the region argument of the provider is used. Changing this creates a new group.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the group. Required if admin wants to create an endpoint group for another project. Changing this creates a new group.

property type

type?: pulumi.Input<string>;

The type of the endpoints in the group. A valid value is subnet, cidr, network, router, or vlan. Changing this creates a new group.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface IkePolicyArgs

interface IkePolicyArgs

The set of arguments for constructing a IkePolicy resource.

property authAlgorithm

authAlgorithm?: pulumi.Input<string>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

description?: pulumi.Input<string>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encryptionAlgorithm

encryptionAlgorithm?: pulumi.Input<string>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property ikeVersion

ikeVersion?: pulumi.Input<string>;

The IKE mode. A valid value is v1 or v2. Default is v1. Changing this updates the existing policy.

property lifetimes

lifetimes?: pulumi.Input<pulumi.Input<IkePolicyLifetime>[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

name?: pulumi.Input<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

pfs?: pulumi.Input<string>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property phase1NegotiationMode

phase1NegotiationMode?: pulumi.Input<string>;

The IKE mode. A valid value is main, which is the default. Changing this updates the existing policy.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the policy. Required if admin wants to create a service for another policy. Changing this creates a new policy.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface IkePolicyState

interface IkePolicyState

Input properties used for looking up and filtering IkePolicy resources.

property authAlgorithm

authAlgorithm?: pulumi.Input<string>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

description?: pulumi.Input<string>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encryptionAlgorithm

encryptionAlgorithm?: pulumi.Input<string>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property ikeVersion

ikeVersion?: pulumi.Input<string>;

The IKE mode. A valid value is v1 or v2. Default is v1. Changing this updates the existing policy.

property lifetimes

lifetimes?: pulumi.Input<pulumi.Input<IkePolicyLifetime>[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

name?: pulumi.Input<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

pfs?: pulumi.Input<string>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property phase1NegotiationMode

phase1NegotiationMode?: pulumi.Input<string>;

The IKE mode. A valid value is main, which is the default. Changing this updates the existing policy.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the policy. Required if admin wants to create a service for another policy. Changing this creates a new policy.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface IpSecPolicyArgs

interface IpSecPolicyArgs

The set of arguments for constructing a IpSecPolicy resource.

property authAlgorithm

authAlgorithm?: pulumi.Input<string>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

description?: pulumi.Input<string>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encapsulationMode

encapsulationMode?: pulumi.Input<string>;

The encapsulation mode. Valid values are tunnel and transport. Default is tunnel. Changing this updates the existing policy.

property encryptionAlgorithm

encryptionAlgorithm?: pulumi.Input<string>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property lifetimes

lifetimes?: pulumi.Input<pulumi.Input<IpSecPolicyLifetime>[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

name?: pulumi.Input<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

pfs?: pulumi.Input<string>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec policy. If omitted, the region argument of the provider is used. Changing this creates a new policy.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the policy. Required if admin wants to create a policy for another project. Changing this creates a new policy.

property transformProtocol

transformProtocol?: pulumi.Input<string>;

The transform protocol. Valid values are ESP, AH and AH-ESP. Changing this updates the existing policy. Default is ESP.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface IpSecPolicyState

interface IpSecPolicyState

Input properties used for looking up and filtering IpSecPolicy resources.

property authAlgorithm

authAlgorithm?: pulumi.Input<string>;

The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. Default is sha1. Changing this updates the algorithm of the existing policy.

property description

description?: pulumi.Input<string>;

The human-readable description for the policy. Changing this updates the description of the existing policy.

property encapsulationMode

encapsulationMode?: pulumi.Input<string>;

The encapsulation mode. Valid values are tunnel and transport. Default is tunnel. Changing this updates the existing policy.

property encryptionAlgorithm

encryptionAlgorithm?: pulumi.Input<string>;

The encryption algorithm. Valid values are 3des, aes-128, aes-192 and so on. The default value is aes-128. Changing this updates the existing policy.

property lifetimes

lifetimes?: pulumi.Input<pulumi.Input<IpSecPolicyLifetime>[]>;

The lifetime of the security association. Consists of Unit and Value. - unit - (Optional) The units for the lifetime of the security association. Can be either seconds or kilobytes. Default is seconds. - value - (Optional) The value for the lifetime of the security association. Must be a positive integer. Default is 3600.

property name

name?: pulumi.Input<string>;

The name of the policy. Changing this updates the name of the existing policy.

property pfs

pfs?: pulumi.Input<string>;

The perfect forward secrecy mode. Valid values are Group2, Group5 and Group14. Default is Group5. Changing this updates the existing policy.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec policy. If omitted, the region argument of the provider is used. Changing this creates a new policy.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the policy. Required if admin wants to create a policy for another project. Changing this creates a new policy.

property transformProtocol

transformProtocol?: pulumi.Input<string>;

The transform protocol. Valid values are ESP, AH and AH-ESP. Changing this updates the existing policy. Default is ESP.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface ServiceArgs

interface ServiceArgs

The set of arguments for constructing a Service resource.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing service.

property description

description?: pulumi.Input<string>;

The human-readable description for the service. Changing this updates the description of the existing service.

property name

name?: pulumi.Input<string>;

The name of the service. Changing this updates the name of the existing service.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property routerId

routerId: pulumi.Input<string>;

The ID of the router. Changing this creates a new service.

property subnetId

subnetId?: pulumi.Input<string>;

SubnetID is the ID of the subnet. Default is null.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the service. Required if admin wants to create a service for another project. Changing this creates a new service.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface ServiceState

interface ServiceState

Input properties used for looking up and filtering Service resources.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing service.

property description

description?: pulumi.Input<string>;

The human-readable description for the service. Changing this updates the description of the existing service.

property externalV4Ip

externalV4Ip?: pulumi.Input<string>;

The read-only external (public) IPv4 address that is used for the VPN service.

property externalV6Ip

externalV6Ip?: pulumi.Input<string>;

The read-only external (public) IPv6 address that is used for the VPN service.

property name

name?: pulumi.Input<string>;

The name of the service. Changing this updates the name of the existing service.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create a VPN service. If omitted, the region argument of the provider is used. Changing this creates a new service.

property routerId

routerId?: pulumi.Input<string>;

The ID of the router. Changing this creates a new service.

property status

status?: pulumi.Input<string>;

Indicates whether IPsec VPN service is currently operational. Values are ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE.

property subnetId

subnetId?: pulumi.Input<string>;

SubnetID is the ID of the subnet. Default is null.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the service. Required if admin wants to create a service for another project. Changing this creates a new service.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

interface SiteConnectionArgs

interface SiteConnectionArgs

The set of arguments for constructing a SiteConnection resource.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing connection.

property description

description?: pulumi.Input<string>;

The human-readable description for the connection. Changing this updates the description of the existing connection.

property dpds

dpds?: pulumi.Input<pulumi.Input<SiteConnectionDpd>[]>;

A dictionary with dead peer detection (DPD) protocol controls. - action - (Optional) The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.

property ikepolicyId

ikepolicyId: pulumi.Input<string>;

The ID of the IKE policy. Changing this creates a new connection.

property initiator

initiator?: pulumi.Input<string>;

A valid value is response-only or bi-directional. Default is bi-directional.

property ipsecpolicyId

ipsecpolicyId: pulumi.Input<string>;

The ID of the IPsec policy. Changing this creates a new connection.

property localEpGroupId

localEpGroupId?: pulumi.Input<string>;

The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peerEpGroupId parameter unless in backward- compatible mode where peerCidrs is provided with a subnetId for the VPN service. Changing this updates the existing connection.

property localId

localId?: pulumi.Input<string>;

An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

property mtu

mtu?: pulumi.Input<number>;

The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.

property name

name?: pulumi.Input<string>;

The name of the connection. Changing this updates the name of the existing connection.

property peerAddress

peerAddress: pulumi.Input<string>;

The peer gateway public IPv4 or IPv6 address or FQDN.

property peerCidrs

peerCidrs?: pulumi.Input<pulumi.Input<string>[]>;

Unique list of valid peer private CIDRs in the form < netAddress > / < prefix > .

property peerEpGroupId

peerEpGroupId?: pulumi.Input<string>;

The ID for the endpoint group that contains private CIDRs in the form < netAddress > / < prefix > for the peer side of the connection. You must specify this parameter with the localEpGroupId parameter unless in backward-compatible mode where peerCidrs is provided with a subnetId for the VPN service.

property peerId

peerId: pulumi.Input<string>;

The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peerAddress value. Changing this updates the existing policy.

property psk

psk: pulumi.Input<string>;

The pre-shared key. A valid value is any string.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec site connection. If omitted, the region argument of the provider is used. Changing this creates a new site connection.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the connection. Required if admin wants to create a connection for another project. Changing this creates a new connection.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

property vpnserviceId

vpnserviceId: pulumi.Input<string>;

The ID of the VPN service. Changing this creates a new connection.

interface SiteConnectionState

interface SiteConnectionState

Input properties used for looking up and filtering SiteConnection resources.

property adminStateUp

adminStateUp?: pulumi.Input<boolean>;

The administrative state of the resource. Can either be up(true) or down(false). Changing this updates the administrative state of the existing connection.

property description

description?: pulumi.Input<string>;

The human-readable description for the connection. Changing this updates the description of the existing connection.

property dpds

dpds?: pulumi.Input<pulumi.Input<SiteConnectionDpd>[]>;

A dictionary with dead peer detection (DPD) protocol controls. - action - (Optional) The dead peer detection (DPD) action. A valid value is clear, hold, restart, disabled, or restart-by-peer. Default value is hold.

property ikepolicyId

ikepolicyId?: pulumi.Input<string>;

The ID of the IKE policy. Changing this creates a new connection.

property initiator

initiator?: pulumi.Input<string>;

A valid value is response-only or bi-directional. Default is bi-directional.

property ipsecpolicyId

ipsecpolicyId?: pulumi.Input<string>;

The ID of the IPsec policy. Changing this creates a new connection.

property localEpGroupId

localEpGroupId?: pulumi.Input<string>;

The ID for the endpoint group that contains private subnets for the local side of the connection. You must specify this parameter with the peerEpGroupId parameter unless in backward- compatible mode where peerCidrs is provided with a subnetId for the VPN service. Changing this updates the existing connection.

property localId

localId?: pulumi.Input<string>;

An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

property mtu

mtu?: pulumi.Input<number>;

The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6.

property name

name?: pulumi.Input<string>;

The name of the connection. Changing this updates the name of the existing connection.

property peerAddress

peerAddress?: pulumi.Input<string>;

The peer gateway public IPv4 or IPv6 address or FQDN.

property peerCidrs

peerCidrs?: pulumi.Input<pulumi.Input<string>[]>;

Unique list of valid peer private CIDRs in the form < netAddress > / < prefix > .

property peerEpGroupId

peerEpGroupId?: pulumi.Input<string>;

The ID for the endpoint group that contains private CIDRs in the form < netAddress > / < prefix > for the peer side of the connection. You must specify this parameter with the localEpGroupId parameter unless in backward-compatible mode where peerCidrs is provided with a subnetId for the VPN service.

property peerId

peerId?: pulumi.Input<string>;

The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peerAddress value. Changing this updates the existing policy.

property psk

psk?: pulumi.Input<string>;

The pre-shared key. A valid value is any string.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V2 Networking client. A Networking client is needed to create an IPSec site connection. If omitted, the region argument of the provider is used. Changing this creates a new site connection.

property tenantId

tenantId?: pulumi.Input<string>;

The owner of the connection. Required if admin wants to create a connection for another project. Changing this creates a new connection.

property valueSpecs

valueSpecs?: pulumi.Input<{[key: string]: any}>;

Map of additional options.

property vpnserviceId

vpnserviceId?: pulumi.Input<string>;

The ID of the VPN service. Changing this creates a new connection.