Google Cloud v8.21.0, Mar 5 25

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

gcp.networkservices.EndpointPolicy

Explore with Pulumi AI

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Network Services Endpoint Policy Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.networkservices.EndpointPolicy("default", {
    name: "my-endpoint-policy",
    labels: {
        foo: "bar",
    },
    description: "my description",
    type: "SIDECAR_PROXY",
    trafficPortSelector: {
        ports: ["8081"],
    },
    endpointMatcher: {
        metadataLabelMatcher: {
            metadataLabelMatchCriteria: "MATCH_ANY",
            metadataLabels: [{
                labelName: "foo",
                labelValue: "bar",
            }],
        },
    },
});

import pulumi
import pulumi_gcp as gcp

default = gcp.networkservices.EndpointPolicy("default",
    name="my-endpoint-policy",
    labels={
        "foo": "bar",
    },
    description="my description",
    type="SIDECAR_PROXY",
    traffic_port_selector={
        "ports": ["8081"],
    },
    endpoint_matcher={
        "metadata_label_matcher": {
            "metadata_label_match_criteria": "MATCH_ANY",
            "metadata_labels": [{
                "label_name": "foo",
                "label_value": "bar",
            }],
        },
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkservices.NewEndpointPolicy(ctx, "default", &networkservices.EndpointPolicyArgs{
			Name: pulumi.String("my-endpoint-policy"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Description: pulumi.String("my description"),
			Type:        pulumi.String("SIDECAR_PROXY"),
			TrafficPortSelector: &networkservices.EndpointPolicyTrafficPortSelectorArgs{
				Ports: pulumi.StringArray{
					pulumi.String("8081"),
				},
			},
			EndpointMatcher: &networkservices.EndpointPolicyEndpointMatcherArgs{
				MetadataLabelMatcher: &networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs{
					MetadataLabelMatchCriteria: pulumi.String("MATCH_ANY"),
					MetadataLabels: networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArray{
						&networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs{
							LabelName:  pulumi.String("foo"),
							LabelValue: pulumi.String("bar"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.NetworkServices.EndpointPolicy("default", new()
    {
        Name = "my-endpoint-policy",
        Labels = 
        {
            { "foo", "bar" },
        },
        Description = "my description",
        Type = "SIDECAR_PROXY",
        TrafficPortSelector = new Gcp.NetworkServices.Inputs.EndpointPolicyTrafficPortSelectorArgs
        {
            Ports = new[]
            {
                "8081",
            },
        },
        EndpointMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherArgs
        {
            MetadataLabelMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs
            {
                MetadataLabelMatchCriteria = "MATCH_ANY",
                MetadataLabels = new[]
                {
                    new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs
                    {
                        LabelName = "foo",
                        LabelValue = "bar",
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.EndpointPolicy;
import com.pulumi.gcp.networkservices.EndpointPolicyArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyTrafficPortSelectorArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyEndpointMatcherArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new EndpointPolicy("default", EndpointPolicyArgs.builder()
            .name("my-endpoint-policy")
            .labels(Map.of("foo", "bar"))
            .description("my description")
            .type("SIDECAR_PROXY")
            .trafficPortSelector(EndpointPolicyTrafficPortSelectorArgs.builder()
                .ports("8081")
                .build())
            .endpointMatcher(EndpointPolicyEndpointMatcherArgs.builder()
                .metadataLabelMatcher(EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs.builder()
                    .metadataLabelMatchCriteria("MATCH_ANY")
                    .metadataLabels(EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs.builder()
                        .labelName("foo")
                        .labelValue("bar")
                        .build())
                    .build())
                .build())
            .build());

    }
}

resources:
  default:
    type: gcp:networkservices:EndpointPolicy
    properties:
      name: my-endpoint-policy
      labels:
        foo: bar
      description: my description
      type: SIDECAR_PROXY
      trafficPortSelector:
        ports:
          - '8081'
      endpointMatcher:
        metadataLabelMatcher:
          metadataLabelMatchCriteria: MATCH_ANY
          metadataLabels:
            - labelName: foo
              labelValue: bar

Network Services Endpoint Policy Empty Match

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.networkservices.EndpointPolicy("default", {
    name: "my-endpoint-policy",
    labels: {
        foo: "bar",
    },
    description: "my description",
    type: "SIDECAR_PROXY",
    trafficPortSelector: {
        ports: ["8081"],
    },
    endpointMatcher: {
        metadataLabelMatcher: {
            metadataLabelMatchCriteria: "MATCH_ANY",
        },
    },
});

import pulumi
import pulumi_gcp as gcp

default = gcp.networkservices.EndpointPolicy("default",
    name="my-endpoint-policy",
    labels={
        "foo": "bar",
    },
    description="my description",
    type="SIDECAR_PROXY",
    traffic_port_selector={
        "ports": ["8081"],
    },
    endpoint_matcher={
        "metadata_label_matcher": {
            "metadata_label_match_criteria": "MATCH_ANY",
        },
    })

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkservices.NewEndpointPolicy(ctx, "default", &networkservices.EndpointPolicyArgs{
			Name: pulumi.String("my-endpoint-policy"),
			Labels: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Description: pulumi.String("my description"),
			Type:        pulumi.String("SIDECAR_PROXY"),
			TrafficPortSelector: &networkservices.EndpointPolicyTrafficPortSelectorArgs{
				Ports: pulumi.StringArray{
					pulumi.String("8081"),
				},
			},
			EndpointMatcher: &networkservices.EndpointPolicyEndpointMatcherArgs{
				MetadataLabelMatcher: &networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs{
					MetadataLabelMatchCriteria: pulumi.String("MATCH_ANY"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.NetworkServices.EndpointPolicy("default", new()
    {
        Name = "my-endpoint-policy",
        Labels = 
        {
            { "foo", "bar" },
        },
        Description = "my description",
        Type = "SIDECAR_PROXY",
        TrafficPortSelector = new Gcp.NetworkServices.Inputs.EndpointPolicyTrafficPortSelectorArgs
        {
            Ports = new[]
            {
                "8081",
            },
        },
        EndpointMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherArgs
        {
            MetadataLabelMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs
            {
                MetadataLabelMatchCriteria = "MATCH_ANY",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkservices.EndpointPolicy;
import com.pulumi.gcp.networkservices.EndpointPolicyArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyTrafficPortSelectorArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyEndpointMatcherArgs;
import com.pulumi.gcp.networkservices.inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new EndpointPolicy("default", EndpointPolicyArgs.builder()
            .name("my-endpoint-policy")
            .labels(Map.of("foo", "bar"))
            .description("my description")
            .type("SIDECAR_PROXY")
            .trafficPortSelector(EndpointPolicyTrafficPortSelectorArgs.builder()
                .ports("8081")
                .build())
            .endpointMatcher(EndpointPolicyEndpointMatcherArgs.builder()
                .metadataLabelMatcher(EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs.builder()
                    .metadataLabelMatchCriteria("MATCH_ANY")
                    .build())
                .build())
            .build());

    }
}

resources:
  default:
    type: gcp:networkservices:EndpointPolicy
    properties:
      name: my-endpoint-policy
      labels:
        foo: bar
      description: my description
      type: SIDECAR_PROXY
      trafficPortSelector:
        ports:
          - '8081'
      endpointMatcher:
        metadataLabelMatcher:
          metadataLabelMatchCriteria: MATCH_ANY

Create EndpointPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new EndpointPolicy(name: string, args: EndpointPolicyArgs, opts?: CustomResourceOptions);

@overload
def EndpointPolicy(resource_name: str,
                   args: EndpointPolicyArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def EndpointPolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   endpoint_matcher: Optional[EndpointPolicyEndpointMatcherArgs] = None,
                   type: Optional[str] = None,
                   authorization_policy: Optional[str] = None,
                   client_tls_policy: Optional[str] = None,
                   description: Optional[str] = None,
                   labels: Optional[Mapping[str, str]] = None,
                   name: Optional[str] = None,
                   project: Optional[str] = None,
                   server_tls_policy: Optional[str] = None,
                   traffic_port_selector: Optional[EndpointPolicyTrafficPortSelectorArgs] = None)

func NewEndpointPolicy(ctx *Context, name string, args EndpointPolicyArgs, opts ...ResourceOption) (*EndpointPolicy, error)

public EndpointPolicy(string name, EndpointPolicyArgs args, CustomResourceOptions? opts = null)

public EndpointPolicy(String name, EndpointPolicyArgs args)
public EndpointPolicy(String name, EndpointPolicyArgs args, CustomResourceOptions options)

type: gcp:networkservices:EndpointPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args EndpointPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args EndpointPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args EndpointPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args EndpointPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args EndpointPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var endpointPolicyResource = new Gcp.NetworkServices.EndpointPolicy("endpointPolicyResource", new()
{
    EndpointMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherArgs
    {
        MetadataLabelMatcher = new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs
        {
            MetadataLabelMatchCriteria = "string",
            MetadataLabels = new[]
            {
                new Gcp.NetworkServices.Inputs.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs
                {
                    LabelName = "string",
                    LabelValue = "string",
                },
            },
        },
    },
    Type = "string",
    AuthorizationPolicy = "string",
    ClientTlsPolicy = "string",
    Description = "string",
    Labels = 
    {
        { "string", "string" },
    },
    Name = "string",
    Project = "string",
    ServerTlsPolicy = "string",
    TrafficPortSelector = new Gcp.NetworkServices.Inputs.EndpointPolicyTrafficPortSelectorArgs
    {
        Ports = new[]
        {
            "string",
        },
    },
});

example, err := networkservices.NewEndpointPolicy(ctx, "endpointPolicyResource", &networkservices.EndpointPolicyArgs{
	EndpointMatcher: &networkservices.EndpointPolicyEndpointMatcherArgs{
		MetadataLabelMatcher: &networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs{
			MetadataLabelMatchCriteria: pulumi.String("string"),
			MetadataLabels: networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArray{
				&networkservices.EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs{
					LabelName:  pulumi.String("string"),
					LabelValue: pulumi.String("string"),
				},
			},
		},
	},
	Type:                pulumi.String("string"),
	AuthorizationPolicy: pulumi.String("string"),
	ClientTlsPolicy:     pulumi.String("string"),
	Description:         pulumi.String("string"),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Name:            pulumi.String("string"),
	Project:         pulumi.String("string"),
	ServerTlsPolicy: pulumi.String("string"),
	TrafficPortSelector: &networkservices.EndpointPolicyTrafficPortSelectorArgs{
		Ports: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})

var endpointPolicyResource = new EndpointPolicy("endpointPolicyResource", EndpointPolicyArgs.builder()
    .endpointMatcher(EndpointPolicyEndpointMatcherArgs.builder()
        .metadataLabelMatcher(EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs.builder()
            .metadataLabelMatchCriteria("string")
            .metadataLabels(EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs.builder()
                .labelName("string")
                .labelValue("string")
                .build())
            .build())
        .build())
    .type("string")
    .authorizationPolicy("string")
    .clientTlsPolicy("string")
    .description("string")
    .labels(Map.of("string", "string"))
    .name("string")
    .project("string")
    .serverTlsPolicy("string")
    .trafficPortSelector(EndpointPolicyTrafficPortSelectorArgs.builder()
        .ports("string")
        .build())
    .build());

endpoint_policy_resource = gcp.networkservices.EndpointPolicy("endpointPolicyResource",
    endpoint_matcher={
        "metadata_label_matcher": {
            "metadata_label_match_criteria": "string",
            "metadata_labels": [{
                "label_name": "string",
                "label_value": "string",
            }],
        },
    },
    type="string",
    authorization_policy="string",
    client_tls_policy="string",
    description="string",
    labels={
        "string": "string",
    },
    name="string",
    project="string",
    server_tls_policy="string",
    traffic_port_selector={
        "ports": ["string"],
    })

const endpointPolicyResource = new gcp.networkservices.EndpointPolicy("endpointPolicyResource", {
    endpointMatcher: {
        metadataLabelMatcher: {
            metadataLabelMatchCriteria: "string",
            metadataLabels: [{
                labelName: "string",
                labelValue: "string",
            }],
        },
    },
    type: "string",
    authorizationPolicy: "string",
    clientTlsPolicy: "string",
    description: "string",
    labels: {
        string: "string",
    },
    name: "string",
    project: "string",
    serverTlsPolicy: "string",
    trafficPortSelector: {
        ports: ["string"],
    },
});

type: gcp:networkservices:EndpointPolicy
properties:
    authorizationPolicy: string
    clientTlsPolicy: string
    description: string
    endpointMatcher:
        metadataLabelMatcher:
            metadataLabelMatchCriteria: string
            metadataLabels:
                - labelName: string
                  labelValue: string
    labels:
        string: string
    name: string
    project: string
    serverTlsPolicy: string
    trafficPortSelector:
        ports:
            - string
    type: string

EndpointPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The EndpointPolicy resource accepts the following input properties:

EndpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
Type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
AuthorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
ClientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
Description string: A free-text description of the resource. Max length 1024 characters.
Labels Dictionary<string, string>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
Name string: Name of the EndpointPolicy resource.
Project string
ServerTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
TrafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

EndpointMatcher EndpointPolicyEndpointMatcherArgs: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
Type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
AuthorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
ClientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
Description string: A free-text description of the resource. Max length 1024 characters.
Labels map[string]string: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
Name string: Name of the EndpointPolicy resource.
Project string
ServerTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
TrafficPortSelector EndpointPolicyTrafficPortSelectorArgs: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

endpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
type String: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
authorizationPolicy String: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy String: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
description String: A free-text description of the resource. Max length 1024 characters.
labels Map<String,String>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name String: Name of the EndpointPolicy resource.
project String
serverTlsPolicy String: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

endpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
authorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
description string: A free-text description of the resource. Max length 1024 characters.
labels {[key: string]: string}: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name string: Name of the EndpointPolicy resource.
project string
serverTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

endpoint_matcher EndpointPolicyEndpointMatcherArgs: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
type str: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
authorization_policy str: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
client_tls_policy str: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
description str: A free-text description of the resource. Max length 1024 characters.
labels Mapping[str, str]: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name str: Name of the EndpointPolicy resource.
project str
server_tls_policy str: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
traffic_port_selector EndpointPolicyTrafficPortSelectorArgs: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

endpointMatcher Property Map: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
type String: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
authorizationPolicy String: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy String: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
description String: A free-text description of the resource. Max length 1024 characters.
labels Map<String>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name String: Name of the EndpointPolicy resource.
project String
serverTlsPolicy String: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector Property Map: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.

Outputs

All input properties are implicitly available as output properties. Additionally, the EndpointPolicy resource produces the following output properties:

CreateTime string: Time the TcpRoute was created in UTC.
EffectiveLabels Dictionary<string, string>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels Dictionary<string, string>: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: Time the TcpRoute was updated in UTC.

CreateTime string: Time the TcpRoute was created in UTC.
EffectiveLabels map[string]string: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string: The provider-assigned unique ID for this managed resource.
PulumiLabels map[string]string: The combination of labels configured directly on the resource and default labels configured on the provider.
UpdateTime string: Time the TcpRoute was updated in UTC.

createTime String: Time the TcpRoute was created in UTC.
effectiveLabels Map<String,String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String,String>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: Time the TcpRoute was updated in UTC.

createTime string: Time the TcpRoute was created in UTC.
effectiveLabels {[key: string]: string}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id string: The provider-assigned unique ID for this managed resource.
pulumiLabels {[key: string]: string}: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime string: Time the TcpRoute was updated in UTC.

create_time str: Time the TcpRoute was created in UTC.
effective_labels Mapping[str, str]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id str: The provider-assigned unique ID for this managed resource.
pulumi_labels Mapping[str, str]: The combination of labels configured directly on the resource and default labels configured on the provider.
update_time str: Time the TcpRoute was updated in UTC.

createTime String: Time the TcpRoute was created in UTC.
effectiveLabels Map<String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String: The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String>: The combination of labels configured directly on the resource and default labels configured on the provider.
updateTime String: Time the TcpRoute was updated in UTC.

Look up Existing EndpointPolicy Resource

Get an existing EndpointPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EndpointPolicyState, opts?: CustomResourceOptions): EndpointPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorization_policy: Optional[str] = None,
        client_tls_policy: Optional[str] = None,
        create_time: Optional[str] = None,
        description: Optional[str] = None,
        effective_labels: Optional[Mapping[str, str]] = None,
        endpoint_matcher: Optional[EndpointPolicyEndpointMatcherArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, str]] = None,
        server_tls_policy: Optional[str] = None,
        traffic_port_selector: Optional[EndpointPolicyTrafficPortSelectorArgs] = None,
        type: Optional[str] = None,
        update_time: Optional[str] = None) -> EndpointPolicy

func GetEndpointPolicy(ctx *Context, name string, id IDInput, state *EndpointPolicyState, opts ...ResourceOption) (*EndpointPolicy, error)

public static EndpointPolicy Get(string name, Input<string> id, EndpointPolicyState? state, CustomResourceOptions? opts = null)

public static EndpointPolicy get(String name, Output<String> id, EndpointPolicyState state, CustomResourceOptions options)

resources:  _:    type: gcp:networkservices:EndpointPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
ClientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
CreateTime string: Time the TcpRoute was created in UTC.
Description string: A free-text description of the resource. Max length 1024 characters.
EffectiveLabels Dictionary<string, string>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EndpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
Labels Dictionary<string, string>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
Name string: Name of the EndpointPolicy resource.
Project string
PulumiLabels Dictionary<string, string>: The combination of labels configured directly on the resource and default labels configured on the provider.
ServerTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
TrafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
Type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
UpdateTime string: Time the TcpRoute was updated in UTC.

AuthorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
ClientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
CreateTime string: Time the TcpRoute was created in UTC.
Description string: A free-text description of the resource. Max length 1024 characters.
EffectiveLabels map[string]string: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EndpointMatcher EndpointPolicyEndpointMatcherArgs: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
Labels map[string]string: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
Name string: Name of the EndpointPolicy resource.
Project string
PulumiLabels map[string]string: The combination of labels configured directly on the resource and default labels configured on the provider.
ServerTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
TrafficPortSelector EndpointPolicyTrafficPortSelectorArgs: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
Type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
UpdateTime string: Time the TcpRoute was updated in UTC.

authorizationPolicy String: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy String: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
createTime String: Time the TcpRoute was created in UTC.
description String: A free-text description of the resource. Max length 1024 characters.
effectiveLabels Map<String,String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
endpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
labels Map<String,String>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name String: Name of the EndpointPolicy resource.
project String
pulumiLabels Map<String,String>: The combination of labels configured directly on the resource and default labels configured on the provider.
serverTlsPolicy String: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
type String: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
updateTime String: Time the TcpRoute was updated in UTC.

authorizationPolicy string: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy string: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
createTime string: Time the TcpRoute was created in UTC.
description string: A free-text description of the resource. Max length 1024 characters.
effectiveLabels {[key: string]: string}: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
endpointMatcher EndpointPolicyEndpointMatcher: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
labels {[key: string]: string}: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name string: Name of the EndpointPolicy resource.
project string
pulumiLabels {[key: string]: string}: The combination of labels configured directly on the resource and default labels configured on the provider.
serverTlsPolicy string: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector EndpointPolicyTrafficPortSelector: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
type string: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
updateTime string: Time the TcpRoute was updated in UTC.

authorization_policy str: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
client_tls_policy str: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
create_time str: Time the TcpRoute was created in UTC.
description str: A free-text description of the resource. Max length 1024 characters.
effective_labels Mapping[str, str]: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
endpoint_matcher EndpointPolicyEndpointMatcherArgs: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
labels Mapping[str, str]: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name str: Name of the EndpointPolicy resource.
project str
pulumi_labels Mapping[str, str]: The combination of labels configured directly on the resource and default labels configured on the provider.
server_tls_policy str: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
traffic_port_selector EndpointPolicyTrafficPortSelectorArgs: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
type str: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
update_time str: Time the TcpRoute was updated in UTC.

authorizationPolicy String: This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
clientTlsPolicy String: A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
createTime String: Time the TcpRoute was created in UTC.
description String: A free-text description of the resource. Max length 1024 characters.
effectiveLabels Map<String>: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
endpointMatcher Property Map: Required. A matcher that selects endpoints to which the policies should be applied. Structure is documented below.
labels Map<String>: Set of label tags associated with the TcpRoute resource. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
name String: Name of the EndpointPolicy resource.
project String
pulumiLabels Map<String>: The combination of labels configured directly on the resource and default labels configured on the provider.
serverTlsPolicy String: A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
trafficPortSelector Property Map: Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
type String: The type of endpoint policy. This is primarily used to validate the configuration. Possible values are: SIDECAR_PROXY, GRPC_SERVER.
updateTime String: Time the TcpRoute was updated in UTC.

Supporting Types

EndpointPolicyEndpointMatcher, EndpointPolicyEndpointMatcherArgs

MetadataLabelMatcher EndpointPolicyEndpointMatcherMetadataLabelMatcher: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

MetadataLabelMatcher EndpointPolicyEndpointMatcherMetadataLabelMatcher: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

metadataLabelMatcher EndpointPolicyEndpointMatcherMetadataLabelMatcher: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

metadataLabelMatcher EndpointPolicyEndpointMatcherMetadataLabelMatcher: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

metadata_label_matcher EndpointPolicyEndpointMatcherMetadataLabelMatcher: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

metadataLabelMatcher Property Map: The matcher is based on node metadata presented by xDS clients. Structure is documented below.

EndpointPolicyEndpointMatcherMetadataLabelMatcher, EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs

MetadataLabelMatchCriteria string: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
MetadataLabels List<EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel>: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

MetadataLabelMatchCriteria string: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
MetadataLabels []EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

metadataLabelMatchCriteria String: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
metadataLabels List<EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel>: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

metadataLabelMatchCriteria string: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
metadataLabels EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel[]: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

metadata_label_match_criteria str: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
metadata_labels Sequence[EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel]: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

metadataLabelMatchCriteria String: Specifies how matching should be done. Possible values are: MATCH_ANY, MATCH_ALL.
metadataLabels List<Property Map>: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria Structure is documented below.

EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel, EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs

LabelName string: Required. Label name presented as key in xDS Node Metadata.
LabelValue string: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

LabelName string: Required. Label name presented as key in xDS Node Metadata.
LabelValue string: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

labelName String: Required. Label name presented as key in xDS Node Metadata.
labelValue String: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

labelName string: Required. Label name presented as key in xDS Node Metadata.
labelValue string: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

label_name str: Required. Label name presented as key in xDS Node Metadata.
label_value str: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

labelName String: Required. Label name presented as key in xDS Node Metadata.
labelValue String: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.

EndpointPolicyTrafficPortSelector, EndpointPolicyTrafficPortSelectorArgs

Ports List<string>: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

Ports []string: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

ports List<String>: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

ports string[]: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

ports Sequence[str]: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

ports List<String>: List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.

Import

EndpointPolicy can be imported using any of these accepted formats:

projects/{{project}}/locations/global/endpointPolicies/{{name}}
{{project}}/{{name}}
{{name}}

When using the pulumi import command, EndpointPolicy can be imported using one of the formats above. For example:

$ pulumi import gcp:networkservices/endpointPolicy:EndpointPolicy default projects/{{project}}/locations/global/endpointPolicies/{{name}}

$ pulumi import gcp:networkservices/endpointPolicy:EndpointPolicy default {{project}}/{{name}}

$ pulumi import gcp:networkservices/endpointPolicy:EndpointPolicy default {{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.networkservices.EndpointPolicy

On this page

On this page

Example Usage

Network Services Endpoint Policy Basic

Network Services Endpoint Policy Empty Match

Create EndpointPolicy Resource

Constructor syntax

Parameters

Constructor example

EndpointPolicy Resource Properties

Inputs

Outputs

Look up Existing EndpointPolicy Resource

Supporting Types

EndpointPolicyEndpointMatcher, EndpointPolicyEndpointMatcherArgs

EndpointPolicyEndpointMatcherMetadataLabelMatcher, EndpointPolicyEndpointMatcherMetadataLabelMatcherArgs

EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabel, EndpointPolicyEndpointMatcherMetadataLabelMatcherMetadataLabelArgs

EndpointPolicyTrafficPortSelector, EndpointPolicyTrafficPortSelectorArgs

Import

Package Details

On this page

On this page