Syntax
A google_compute_router_nat
is used to test a Google RouterNat resource
Beta Resource
This resource has beta fields available. To retrieve these fields, include beta: true
in the constructor for the resource
Examples
describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do
it { should exist }
its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' }
its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' }
its('min_ports_per_vm') { should cmp '2' }
its('log_config.enable') { should cmp 'true' }
its('log_config.filter') { should cmp 'ERRORS_ONLY' }
end
describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do
it { should_not exist }
end
Properties
Properties that can be accessed from the google_compute_router_nat
resource:
name
: Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.nat_ip_allocate_option
: How external IPs should be allocated for this NAT. Valid values areAUTO_ONLY
for only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLY
for only user-allocated NAT IP addresses. Possible values:- MANUAL_ONLY
- AUTO_ONLY
nat_ips
: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.drain_nat_ips
: A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.source_subnetwork_ip_ranges_to_nat
: How NAT should be configured per Subnetwork. IfALL_SUBNETWORKS_ALL_IP_RANGES
, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES
, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS
: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALLSUBNETWORKSALLIPRANGES or ALLSUBNETWORKSALLPRIMARYIP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values:- ALLSUBNETWORKSALLIPRANGES
- ALLSUBNETWORKSALLPRIMARYIP_RANGES
- LISTOFSUBNETWORKS
subnetwork
: One or more subnetwork NAT configurations. Only used ifsource_subnetwork_ip_ranges_to_nat
is set toLIST_OF_SUBNETWORKS
name
: Self-link of subnetwork to NATsource_ip_ranges_to_nat
: List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include:ALL_IP_RANGES
,LIST_OF_SECONDARY_IP_RANGES
,PRIMARY_IP_RANGE
.secondary_ip_range_names
: List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only ifLIST_OF_SECONDARY_IP_RANGES
is one of the values in sourceIpRangesToNat
min_ports_per_vm
: Minimum number of ports allocated to a VM from this NAT.udp_idle_timeout_sec
: Timeout (in seconds) for UDP connections. Defaults to 30s if not set.icmp_idle_timeout_sec
: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.tcp_established_idle_timeout_sec
: Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.tcp_transitory_idle_timeout_sec
: Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.log_config
: Configuration for logging on NATenable
: Indicates whether or not to export logs.filter
: Specifies the desired filtering of logs on this NAT. Possible values:- ERRORS_ONLY
- TRANSLATIONS_ONLY
- ALL
router
: The name of the Cloud Router in which this NAT will be configured.region
: Region where the router and NAT reside.
GCP Permissions
Ensure the Compute Engine API is enabled for the current project.