Skip to main content

google_compute_router_nat resource

Syntax

A google_compute_router_nat is used to test a Google RouterNat resource

Beta Resource

This resource has beta fields available. To retrieve these fields, include beta: true in the constructor for the resource

Examples

describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do
  it { should exist }
  its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' }
  its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' }
  its('min_ports_per_vm') { should cmp '2' }
  its('log_config.enable') { should cmp 'true' }
  its('log_config.filter') { should cmp 'ERRORS_ONLY' }
end

describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do
  it { should_not exist }
end

Properties

Properties that can be accessed from the google_compute_router_nat resource:

name
Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
nat_ip_allocate_option
How external IPs should be allocated for this NAT. Valid values are AUTO_ONLY for only allowing NAT IPs allocated by Google Cloud Platform, or MANUAL_ONLY for only user-allocated NAT IP addresses.

Possible values:

  • MANUAL_ONLY
  • AUTO_ONLY
nat_ips
Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
drain_nat_ips
A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
source_subnetwork_ip_ranges_to_nat
How NAT should be configured per Subnetwork. If ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. If ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat. LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region.

Possible values:

  • ALL_SUBNETWORKS_ALL_IP_RANGES
  • ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES
  • LIST_OF_SUBNETWORKS
subnetwork
One or more subnetwork NAT configurations. Only used if source_subnetwork_ip_ranges_to_nat is set to LIST_OF_SUBNETWORKS
name
Self-link of subnetwork to NAT
source_ip_ranges_to_nat
List of options for which source IPs in the subnetwork should have NAT enabled.

Supported values include:

  • ALL_IP_RANGES
  • LIST_OF_SECONDARY_IP_RANGES
  • PRIMARY_IP_RANGE
secondary_ip_range_names
List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if LIST_OF_SECONDARY_IP_RANGES is one of the values in sourceIpRangesToNat
min_ports_per_vm
Minimum number of ports allocated to a VM from this NAT.
udp_idle_timeout_sec
Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
icmp_idle_timeout_sec
Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
tcp_established_idle_timeout_sec
Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
tcp_transitory_idle_timeout_sec
Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
log_config
Configuration for logging on NAT
enable
Indicates whether or not to export logs.
filter
Specifies the desired filtering of logs on this NAT.

Possible values:

  • ERRORS_ONLY
  • TRANSLATIONS_ONLY
  • ALL
router
The name of the Cloud Router in which this NAT will be configured.
region
Region where the router and NAT reside.

GCP Permissions

Ensure the Compute Engine API is enabled for the current project.