--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # gcp_networkmanagement_connectivity_test{% #gcp_networkmanagement_connectivity_test %} ## `ancestors`{% #ancestors %} **Type**: `UNORDERED_LIST_STRING` ## `bypass_firewall_checks`{% #bypass_firewall_checks %} **Type**: `BOOLEAN`**Provider name**: `bypassFirewallChecks`**Description**: Whether the analysis should skip firewall checking. Default value is false. ## `create_time`{% #create_time %} **Type**: `TIMESTAMP`**Provider name**: `createTime`**Description**: Output only. The time the test was created. ## `description`{% #description %} **Type**: `STRING`**Provider name**: `description`**Description**: The user-supplied description of the Connectivity Test. Maximum of 512 characters. ## `destination`{% #destination %} **Type**: `STRUCT`**Provider name**: `destination`**Description**: Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, URI of a supported endpoint, project ID, or VPC network to identify the destination location. Reachability analysis proceeds even if the destination location is ambiguous. However, the test result might include endpoints or use a destination that you don't intend to test. - `app_engine_version`**Type**: `STRUCT`**Provider name**: `appEngineVersion`**Description**: An [App Engine](https://cloud.google.com/appengine) [service version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions). Applicable only to source endpoint. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: An [App Engine](https://cloud.google.com/appengine) [service version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions) name. - `cloud_function`**Type**: `STRUCT`**Provider name**: `cloudFunction`**Description**: A [Cloud Function](https://cloud.google.com/functions). Applicable only to source endpoint. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: A [Cloud Function](https://cloud.google.com/functions) name. - `cloud_run_revision`**Type**: `STRUCT`**Provider name**: `cloudRunRevision`**Description**: A [Cloud Run](https://cloud.google.com/run) [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) Applicable only to source endpoint. - `service_uri`**Type**: `STRING`**Provider name**: `serviceUri`**Description**: Output only. The URI of the Cloud Run service that the revision belongs to. The format is: projects/{project}/locations/{location}/services/{service} - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: A [Cloud Run](https://cloud.google.com/run) [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) URI. The format is: projects/{project}/locations/{location}/revisions/{revision} - `cloud_sql_instance`**Type**: `STRING`**Provider name**: `cloudSqlInstance`**Description**: A [Cloud SQL](https://cloud.google.com/sql) instance URI. - `forwarding_rule`**Type**: `STRING`**Provider name**: `forwardingRule`**Description**: A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. Forwarding rules are also used for protocol forwarding, Private Service Connect and other network services to provide forwarding information in the control plane. Applicable only to destination endpoint. Format: projects/{project}/global/forwardingRules/{id} or projects/{project}/regions/{region}/forwardingRules/{id} - `forwarding_rule_target`**Type**: `STRING`**Provider name**: `forwardingRuleTarget`**Description**: Output only. Specifies the type of the target of the forwarding rule.**Possible values**: - `FORWARDING_RULE_TARGET_UNSPECIFIED` - Forwarding rule target is unknown. - `INSTANCE` - Compute Engine instance for protocol forwarding. - `LOAD_BALANCER` - Load Balancer. The specific type can be found from load_balancer_type. - `VPN_GATEWAY` - Classic Cloud VPN Gateway. - `PSC` - Forwarding Rule is a Private Service Connect endpoint. - `fqdn`**Type**: `STRING`**Provider name**: `fqdn`**Description**: DNS endpoint of [Google Kubernetes Engine cluster control plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). Requires gke_master_cluster to be set, can't be used simultaneoulsly with ip_address or network. Applicable only to destination endpoint. - `gke_master_cluster`**Type**: `STRING`**Provider name**: `gkeMasterCluster`**Description**: A cluster URI for [Google Kubernetes Engine cluster control plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). - `instance`**Type**: `STRING`**Provider name**: `instance`**Description**: A Compute Engine instance URI. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: The IP address of the endpoint, which can be an external or internal IP. - `load_balancer_id`**Type**: `STRING`**Provider name**: `loadBalancerId`**Description**: Output only. ID of the load balancer the forwarding rule points to. Empty for forwarding rules not related to load balancers. - `load_balancer_type`**Type**: `STRING`**Provider name**: `loadBalancerType`**Description**: Output only. Type of the load balancer the forwarding rule points to.**Possible values**: - `LOAD_BALANCER_TYPE_UNSPECIFIED` - Forwarding rule points to a different target than a load balancer or a load balancer type is unknown. - `HTTPS_ADVANCED_LOAD_BALANCER` - Global external HTTP(S) load balancer. - `HTTPS_LOAD_BALANCER` - Global external HTTP(S) load balancer (classic) - `REGIONAL_HTTPS_LOAD_BALANCER` - Regional external HTTP(S) load balancer. - `INTERNAL_HTTPS_LOAD_BALANCER` - Internal HTTP(S) load balancer. - `SSL_PROXY_LOAD_BALANCER` - External SSL proxy load balancer. - `TCP_PROXY_LOAD_BALANCER` - External TCP proxy load balancer. - `INTERNAL_TCP_PROXY_LOAD_BALANCER` - Internal regional TCP proxy load balancer. - `NETWORK_LOAD_BALANCER` - External TCP/UDP Network load balancer. - `LEGACY_NETWORK_LOAD_BALANCER` - Target-pool based external TCP/UDP Network load balancer. - `TCP_UDP_INTERNAL_LOAD_BALANCER` - Internal TCP/UDP load balancer. - `network`**Type**: `STRING`**Provider name**: `network`**Description**: A VPC network URI. - `network_type`**Type**: `STRING`**Provider name**: `networkType`**Description**: Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source.**Possible values**: - `NETWORK_TYPE_UNSPECIFIED` - Default type if unspecified. - `GCP_NETWORK` - A network hosted within Google Cloud. To receive more detailed output, specify the URI for the source or destination network. - `NON_GCP_NETWORK` - A network hosted outside of Google Cloud. This can be an on-premises network, an internet resource or a network hosted by another cloud provider. - `port`**Type**: `INT32`**Provider name**: `port`**Description**: The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP. - `project_id`**Type**: `STRING`**Provider name**: `projectId`**Description**: Project ID where the endpoint is located. The project ID can be derived from the URI if you provide a endpoint or network URI. The following are two cases where you may need to provide the project ID: 1. Only the IP address is specified, and the IP address is within a Google Cloud project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project. - `redis_cluster`**Type**: `STRING`**Provider name**: `redisCluster`**Description**: A [Redis Cluster](https://cloud.google.com/memorystore/docs/cluster) URI. Applicable only to destination endpoint. - `redis_instance`**Type**: `STRING`**Provider name**: `redisInstance`**Description**: A [Redis Instance](https://cloud.google.com/memorystore/docs/redis) URI. Applicable only to destination endpoint. ## `gcp_display_name`{% #gcp_display_name %} **Type**: `STRING`**Provider name**: `displayName`**Description**: Output only. The display name of a Connectivity Test. ## `gcp_source`{% #gcp_source %} **Type**: `STRUCT`**Provider name**: `source`**Description**: Required. Source specification of the Connectivity Test. You can use a combination of source IP address, URI of a supported endpoint, project ID, or VPC network to identify the source location. Reachability analysis might proceed even if the source location is ambiguous. However, the test result might include endpoints or use a source that you don't intend to test. - `app_engine_version`**Type**: `STRUCT`**Provider name**: `appEngineVersion`**Description**: An [App Engine](https://cloud.google.com/appengine) [service version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions). Applicable only to source endpoint. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: An [App Engine](https://cloud.google.com/appengine) [service version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions) name. - `cloud_function`**Type**: `STRUCT`**Provider name**: `cloudFunction`**Description**: A [Cloud Function](https://cloud.google.com/functions). Applicable only to source endpoint. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: A [Cloud Function](https://cloud.google.com/functions) name. - `cloud_run_revision`**Type**: `STRUCT`**Provider name**: `cloudRunRevision`**Description**: A [Cloud Run](https://cloud.google.com/run) [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) Applicable only to source endpoint. - `service_uri`**Type**: `STRING`**Provider name**: `serviceUri`**Description**: Output only. The URI of the Cloud Run service that the revision belongs to. The format is: projects/{project}/locations/{location}/services/{service} - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: A [Cloud Run](https://cloud.google.com/run) [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) URI. The format is: projects/{project}/locations/{location}/revisions/{revision} - `cloud_sql_instance`**Type**: `STRING`**Provider name**: `cloudSqlInstance`**Description**: A [Cloud SQL](https://cloud.google.com/sql) instance URI. - `forwarding_rule`**Type**: `STRING`**Provider name**: `forwardingRule`**Description**: A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. Forwarding rules are also used for protocol forwarding, Private Service Connect and other network services to provide forwarding information in the control plane. Applicable only to destination endpoint. Format: projects/{project}/global/forwardingRules/{id} or projects/{project}/regions/{region}/forwardingRules/{id} - `forwarding_rule_target`**Type**: `STRING`**Provider name**: `forwardingRuleTarget`**Description**: Output only. Specifies the type of the target of the forwarding rule.**Possible values**: - `FORWARDING_RULE_TARGET_UNSPECIFIED` - Forwarding rule target is unknown. - `INSTANCE` - Compute Engine instance for protocol forwarding. - `LOAD_BALANCER` - Load Balancer. The specific type can be found from load_balancer_type. - `VPN_GATEWAY` - Classic Cloud VPN Gateway. - `PSC` - Forwarding Rule is a Private Service Connect endpoint. - `fqdn`**Type**: `STRING`**Provider name**: `fqdn`**Description**: DNS endpoint of [Google Kubernetes Engine cluster control plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). Requires gke_master_cluster to be set, can't be used simultaneoulsly with ip_address or network. Applicable only to destination endpoint. - `gke_master_cluster`**Type**: `STRING`**Provider name**: `gkeMasterCluster`**Description**: A cluster URI for [Google Kubernetes Engine cluster control plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). - `instance`**Type**: `STRING`**Provider name**: `instance`**Description**: A Compute Engine instance URI. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: The IP address of the endpoint, which can be an external or internal IP. - `load_balancer_id`**Type**: `STRING`**Provider name**: `loadBalancerId`**Description**: Output only. ID of the load balancer the forwarding rule points to. Empty for forwarding rules not related to load balancers. - `load_balancer_type`**Type**: `STRING`**Provider name**: `loadBalancerType`**Description**: Output only. Type of the load balancer the forwarding rule points to.**Possible values**: - `LOAD_BALANCER_TYPE_UNSPECIFIED` - Forwarding rule points to a different target than a load balancer or a load balancer type is unknown. - `HTTPS_ADVANCED_LOAD_BALANCER` - Global external HTTP(S) load balancer. - `HTTPS_LOAD_BALANCER` - Global external HTTP(S) load balancer (classic) - `REGIONAL_HTTPS_LOAD_BALANCER` - Regional external HTTP(S) load balancer. - `INTERNAL_HTTPS_LOAD_BALANCER` - Internal HTTP(S) load balancer. - `SSL_PROXY_LOAD_BALANCER` - External SSL proxy load balancer. - `TCP_PROXY_LOAD_BALANCER` - External TCP proxy load balancer. - `INTERNAL_TCP_PROXY_LOAD_BALANCER` - Internal regional TCP proxy load balancer. - `NETWORK_LOAD_BALANCER` - External TCP/UDP Network load balancer. - `LEGACY_NETWORK_LOAD_BALANCER` - Target-pool based external TCP/UDP Network load balancer. - `TCP_UDP_INTERNAL_LOAD_BALANCER` - Internal TCP/UDP load balancer. - `network`**Type**: `STRING`**Provider name**: `network`**Description**: A VPC network URI. - `network_type`**Type**: `STRING`**Provider name**: `networkType`**Description**: Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source.**Possible values**: - `NETWORK_TYPE_UNSPECIFIED` - Default type if unspecified. - `GCP_NETWORK` - A network hosted within Google Cloud. To receive more detailed output, specify the URI for the source or destination network. - `NON_GCP_NETWORK` - A network hosted outside of Google Cloud. This can be an on-premises network, an internet resource or a network hosted by another cloud provider. - `port`**Type**: `INT32`**Provider name**: `port`**Description**: The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP. - `project_id`**Type**: `STRING`**Provider name**: `projectId`**Description**: Project ID where the endpoint is located. The project ID can be derived from the URI if you provide a endpoint or network URI. The following are two cases where you may need to provide the project ID: 1. Only the IP address is specified, and the IP address is within a Google Cloud project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project. - `redis_cluster`**Type**: `STRING`**Provider name**: `redisCluster`**Description**: A [Redis Cluster](https://cloud.google.com/memorystore/docs/cluster) URI. Applicable only to destination endpoint. - `redis_instance`**Type**: `STRING`**Provider name**: `redisInstance`**Description**: A [Redis Instance](https://cloud.google.com/memorystore/docs/redis) URI. Applicable only to destination endpoint. ## `labels`{% #labels %} **Type**: `UNORDERED_LIST_STRING` ## `name`{% #name %} **Type**: `STRING`**Provider name**: `name`**Description**: Identifier. Unique name of the resource using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}` ## `organization_id`{% #organization_id %} **Type**: `STRING` ## `parent`{% #parent %} **Type**: `STRING` ## `probing_details`{% #probing_details %} **Type**: `STRUCT`**Provider name**: `probingDetails`**Description**: Output only. The probing details of this test from the latest run, present for applicable tests only. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test. - `abort_cause`**Type**: `STRING`**Provider name**: `abortCause`**Description**: The reason probing was aborted.**Possible values**: - `PROBING_ABORT_CAUSE_UNSPECIFIED` - No reason was specified. - `PERMISSION_DENIED` - The user lacks permission to access some of the network resources required to run the test. - `NO_SOURCE_LOCATION` - No valid source endpoint could be derived from the request. - `destination_egress_location`**Type**: `STRUCT`**Provider name**: `destinationEgressLocation`**Description**: The EdgeLocation from which a packet, destined to the internet, will egress the Google network. This will only be populated for a connectivity test which has an internet destination address. The absence of this field *must not* be used as an indication that the destination is part of the Google network. - `metropolitan_area`**Type**: `STRING`**Provider name**: `metropolitanArea`**Description**: Name of the metropolitan area. - `edge_responses`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `edgeResponses`**Description**: Probing results for all edge devices. - `destination_egress_location`**Type**: `STRUCT`**Provider name**: `destinationEgressLocation`**Description**: The EdgeLocation from which a packet, destined to the internet, will egress the Google network. This will only be populated for a connectivity test which has an internet destination address. The absence of this field *must not* be used as an indication that the destination is part of the Google network. - `metropolitan_area`**Type**: `STRING`**Provider name**: `metropolitanArea`**Description**: Name of the metropolitan area. - `destination_router`**Type**: `STRING`**Provider name**: `destinationRouter`**Description**: Router name in the format '{router}.{metroshard}'. For example: pf01.aaa01, pr02.aaa01. - `probing_latency`**Type**: `STRUCT`**Provider name**: `probingLatency`**Description**: Latency as measured by active probing in one direction: from the source to the destination endpoint. - `latency_percentiles`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `latencyPercentiles`**Description**: Representative latency percentiles. - `latency_micros`**Type**: `INT64`**Provider name**: `latencyMicros`**Description**: percent-th percentile of latency observed, in microseconds. Fraction of percent/100 of samples have latency lower or equal to the value of this field. - `percent`**Type**: `INT32`**Provider name**: `percent`**Description**: Percentage of samples this data point applies to. - `result`**Type**: `STRING`**Provider name**: `result`**Description**: The overall result of active probing for this egress device.**Possible values**: - `PROBING_RESULT_UNSPECIFIED` - No result was specified. - `REACHABLE` - At least 95% of packets reached the destination. - `UNREACHABLE` - No packets reached the destination. - `REACHABILITY_INCONSISTENT` - Less than 95% of packets reached the destination. - `UNDETERMINED` - Reachability could not be determined. Possible reasons are: * The user lacks permission to access some of the network resources required to run the test. * No valid source endpoint could be derived from the request. * An internal error occurred. - `sent_probe_count`**Type**: `INT32`**Provider name**: `sentProbeCount`**Description**: Number of probes sent. - `successful_probe_count`**Type**: `INT32`**Provider name**: `successfulProbeCount`**Description**: Number of probes that reached the destination. - `endpoint_info`**Type**: `STRUCT`**Provider name**: `endpointInfo`**Description**: The source and destination endpoints derived from the test input and used for active probing. - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address. - `destination_network_uri`**Type**: `STRING`**Provider name**: `destinationNetworkUri`**Description**: URI of the network where this packet is sent to. - `destination_port`**Type**: `INT32`**Provider name**: `destinationPort`**Description**: Destination port. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `source_agent_uri`**Type**: `STRING`**Provider name**: `sourceAgentUri`**Description**: URI of the source telemetry agent this packet originates from. - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `source_network_uri`**Type**: `STRING`**Provider name**: `sourceNetworkUri`**Description**: URI of the network where this packet originates from. - `source_port`**Type**: `INT32`**Provider name**: `sourcePort`**Description**: Source port. Only valid when protocol is TCP or UDP. - `error`**Type**: `STRUCT`**Provider name**: `error`**Description**: Details about an internal failure or the cancellation of active probing. - `code`**Type**: `INT32`**Provider name**: `code`**Description**: The status code, which should be an enum value of google.rpc.Code. - `message`**Type**: `STRING`**Provider name**: `message`**Description**: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. - `probed_all_devices`**Type**: `BOOLEAN`**Provider name**: `probedAllDevices`**Description**: Whether all relevant edge devices were probed. - `probing_latency`**Type**: `STRUCT`**Provider name**: `probingLatency`**Description**: Latency as measured by active probing in one direction: from the source to the destination endpoint. - `latency_percentiles`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `latencyPercentiles`**Description**: Representative latency percentiles. - `latency_micros`**Type**: `INT64`**Provider name**: `latencyMicros`**Description**: percent-th percentile of latency observed, in microseconds. Fraction of percent/100 of samples have latency lower or equal to the value of this field. - `percent`**Type**: `INT32`**Provider name**: `percent`**Description**: Percentage of samples this data point applies to. - `result`**Type**: `STRING`**Provider name**: `result`**Description**: The overall result of active probing.**Possible values**: - `PROBING_RESULT_UNSPECIFIED` - No result was specified. - `REACHABLE` - At least 95% of packets reached the destination. - `UNREACHABLE` - No packets reached the destination. - `REACHABILITY_INCONSISTENT` - Less than 95% of packets reached the destination. - `UNDETERMINED` - Reachability could not be determined. Possible reasons are: * The user lacks permission to access some of the network resources required to run the test. * No valid source endpoint could be derived from the request. * An internal error occurred. - `sent_probe_count`**Type**: `INT32`**Provider name**: `sentProbeCount`**Description**: Number of probes sent. - `successful_probe_count`**Type**: `INT32`**Provider name**: `successfulProbeCount`**Description**: Number of probes that reached the destination. - `verify_time`**Type**: `TIMESTAMP`**Provider name**: `verifyTime`**Description**: The time that reachability was assessed through active probing. ## `project_id`{% #project_id %} **Type**: `STRING` ## `project_number`{% #project_number %} **Type**: `STRING` ## `protocol`{% #protocol %} **Type**: `STRING`**Provider name**: `protocol`**Description**: IP Protocol of the test. When not provided, "TCP" is assumed. ## `reachability_details`{% #reachability_details %} **Type**: `STRUCT`**Provider name**: `reachabilityDetails`**Description**: Output only. The reachability details of this test from the latest run. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test. - `error`**Type**: `STRUCT`**Provider name**: `error`**Description**: The details of a failure or a cancellation of reachability analysis. - `code`**Type**: `INT32`**Provider name**: `code`**Description**: The status code, which should be an enum value of google.rpc.Code. - `message`**Type**: `STRING`**Provider name**: `message`**Description**: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. - `result`**Type**: `STRING`**Provider name**: `result`**Description**: The overall result of the test's configuration analysis.**Possible values**: - `RESULT_UNSPECIFIED` - No result was specified. - `REACHABLE` - Possible scenarios are: * The configuration analysis determined that a packet originating from the source is expected to reach the destination. * The analysis didn't complete because the user lacks permission for some of the resources in the trace. However, at the time the user's permission became insufficient, the trace had been successful so far. - `UNREACHABLE` - A packet originating from the source is expected to be dropped before reaching the destination. - `AMBIGUOUS` - The source and destination endpoints do not uniquely identify the test location in the network, and the reachability result contains multiple traces. For some traces, a packet could be delivered, and for others, it would not be. This result is also assigned to configuration analysis of return path if on its own it should be REACHABLE, but configuration analysis of forward path is AMBIGUOUS. - `UNDETERMINED` - The configuration analysis did not complete. Possible reasons are: * A permissions error occurred–for example, the user might not have read permission for all of the resources named in the test. * An internal error occurred. * The analyzer received an invalid or unsupported argument or was unable to identify a known endpoint. - `traces`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `traces`**Description**: Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends. - `endpoint_info`**Type**: `STRUCT`**Provider name**: `endpointInfo`**Description**: Derived from the source and destination endpoints definition specified by user request, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpoint_info may be different between traces. - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address. - `destination_network_uri`**Type**: `STRING`**Provider name**: `destinationNetworkUri`**Description**: URI of the network where this packet is sent to. - `destination_port`**Type**: `INT32`**Provider name**: `destinationPort`**Description**: Destination port. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `source_agent_uri`**Type**: `STRING`**Provider name**: `sourceAgentUri`**Description**: URI of the source telemetry agent this packet originates from. - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `source_network_uri`**Type**: `STRING`**Provider name**: `sourceNetworkUri`**Description**: URI of the network where this packet originates from. - `source_port`**Type**: `INT32`**Provider name**: `sourcePort`**Description**: Source port. Only valid when protocol is TCP or UDP. - `forward_trace_id`**Type**: `INT32`**Provider name**: `forwardTraceId`**Description**: ID of trace. For forward traces, this ID is unique for each trace. For return traces, it matches ID of associated forward trace. A single forward trace can be associated with none, one or more than one return trace. - `steps`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `steps`**Description**: A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted). The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them. - `abort`**Type**: `STRUCT`**Provider name**: `abort`**Description**: Display information of the final state "abort" and reason. - `cause`**Type**: `STRING`**Provider name**: `cause`**Description**: Causes that the analysis is aborted.**Possible values**: - `CAUSE_UNSPECIFIED` - Cause is unspecified. - `UNKNOWN_NETWORK` - Aborted due to unknown network. Deprecated, not used in the new tests. - `UNKNOWN_PROJECT` - Aborted because no project information can be derived from the test input. Deprecated, not used in the new tests. - `NO_EXTERNAL_IP` - Aborted because traffic is sent from a public IP to an instance without an external IP. Deprecated, not used in the new tests. - `UNINTENDED_DESTINATION` - Aborted because none of the traces matches destination information specified in the input test request. Deprecated, not used in the new tests. - `SOURCE_ENDPOINT_NOT_FOUND` - Aborted because the source endpoint could not be found. Deprecated, not used in the new tests. - `MISMATCHED_SOURCE_NETWORK` - Aborted because the source network does not match the source endpoint. Deprecated, not used in the new tests. - `DESTINATION_ENDPOINT_NOT_FOUND` - Aborted because the destination endpoint could not be found. Deprecated, not used in the new tests. - `MISMATCHED_DESTINATION_NETWORK` - Aborted because the destination network does not match the destination endpoint. Deprecated, not used in the new tests. - `UNKNOWN_IP` - Aborted because no endpoint with the packet's destination IP address is found. - `GOOGLE_MANAGED_SERVICE_UNKNOWN_IP` - Aborted because no endpoint with the packet's destination IP is found in the Google-managed project. - `SOURCE_IP_ADDRESS_NOT_IN_SOURCE_NETWORK` - Aborted because the source IP address doesn't belong to any of the subnets of the source VPC network. - `PERMISSION_DENIED` - Aborted because user lacks permission to access all or part of the network configurations required to run the test. - `PERMISSION_DENIED_NO_CLOUD_NAT_CONFIGS` - Aborted because user lacks permission to access Cloud NAT configs required to run the test. - `PERMISSION_DENIED_NO_NEG_ENDPOINT_CONFIGS` - Aborted because user lacks permission to access Network endpoint group endpoint configs required to run the test. - `PERMISSION_DENIED_NO_CLOUD_ROUTER_CONFIGS` - Aborted because user lacks permission to access Cloud Router configs required to run the test. - `NO_SOURCE_LOCATION` - Aborted because no valid source or destination endpoint is derived from the input test request. - `INVALID_ARGUMENT` - Aborted because the source or destination endpoint specified in the request is invalid. Some examples: - The request might contain malformed resource URI, project ID, or IP address. - The request might contain inconsistent information (for example, the request might include both the instance and the network, but the instance might not have a NIC in that network). - `TRACE_TOO_LONG` - Aborted because the number of steps in the trace exceeds a certain limit. It might be caused by a routing loop. - `INTERNAL_ERROR` - Aborted due to internal server error. - `UNSUPPORTED` - Aborted because the test scenario is not supported. - `MISMATCHED_IP_VERSION` - Aborted because the source and destination resources have no common IP version. - `GKE_KONNECTIVITY_PROXY_UNSUPPORTED` - Aborted because the connection between the control plane and the node of the source cluster is initiated by the node and managed by the Konnectivity proxy. - `RESOURCE_CONFIG_NOT_FOUND` - Aborted because expected resource configuration was missing. - `VM_INSTANCE_CONFIG_NOT_FOUND` - Aborted because expected VM instance configuration was missing. - `NETWORK_CONFIG_NOT_FOUND` - Aborted because expected network configuration was missing. - `FIREWALL_CONFIG_NOT_FOUND` - Aborted because expected firewall configuration was missing. - `ROUTE_CONFIG_NOT_FOUND` - Aborted because expected route configuration was missing. - `GOOGLE_MANAGED_SERVICE_AMBIGUOUS_PSC_ENDPOINT` - Aborted because PSC endpoint selection for the Google-managed service is ambiguous (several PSC endpoints satisfy test input). - `GOOGLE_MANAGED_SERVICE_AMBIGUOUS_ENDPOINT` - Aborted because endpoint selection for the Google-managed service is ambiguous (several endpoints satisfy test input). - `SOURCE_PSC_CLOUD_SQL_UNSUPPORTED` - Aborted because tests with a PSC-based Cloud SQL instance as a source are not supported. - `SOURCE_REDIS_CLUSTER_UNSUPPORTED` - Aborted because tests with a Redis Cluster as a source are not supported. - `SOURCE_REDIS_INSTANCE_UNSUPPORTED` - Aborted because tests with a Redis Instance as a source are not supported. - `SOURCE_FORWARDING_RULE_UNSUPPORTED` - Aborted because tests with a forwarding rule as a source are not supported. - `NON_ROUTABLE_IP_ADDRESS` - Aborted because one of the endpoints is a non-routable IP address (loopback, link-local, etc). - `UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT` - Aborted due to an unknown issue in the Google-managed project. - `UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG` - Aborted due to an unsupported configuration of the Google-managed project. - `NO_SERVERLESS_IP_RANGES` - Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges. - `IP_VERSION_PROTOCOL_MISMATCH` - Aborted because the used protocol is not supported for the used IP version. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address that caused the abort. - `projects_missing_permission`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `projectsMissingPermission`**Description**: List of project IDs the user specified in the request but lacks access to. In this case, analysis is aborted with the PERMISSION_DENIED cause. - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that caused the abort. - `app_engine_version`**Type**: `STRUCT`**Provider name**: `appEngineVersion`**Description**: Display information of an App Engine service version. - `environment`**Type**: `STRING`**Provider name**: `environment`**Description**: App Engine execution environment for a version. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of an App Engine version. - `runtime`**Type**: `STRING`**Provider name**: `runtime`**Description**: Runtime of the App Engine version. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of an App Engine version. - `causes_drop`**Type**: `BOOLEAN`**Provider name**: `causesDrop`**Description**: This is a step that leads to the final state Drop. - `cloud_function`**Type**: `STRUCT`**Provider name**: `cloudFunction`**Description**: Display information of a Cloud Function. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Function. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which the Cloud Function is deployed. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Function. - `version_id`**Type**: `INT64`**Provider name**: `versionId`**Description**: Latest successfully deployed version id of the Cloud Function. - `cloud_run_revision`**Type**: `STRUCT`**Provider name**: `cloudRunRevision`**Description**: Display information of a Cloud Run revision. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Run revision. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which this revision is deployed. - `service_uri`**Type**: `STRING`**Provider name**: `serviceUri`**Description**: URI of Cloud Run service this revision belongs to. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Run revision. - `cloud_sql_instance`**Type**: `STRUCT`**Provider name**: `cloudSqlInstance`**Description**: Display information of a Cloud SQL instance. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of a Cloud SQL instance. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud SQL instance. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of a Cloud SQL instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Cloud SQL instance network or empty string if the instance does not have one. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Cloud SQL instance is running. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud SQL instance. - `deliver`**Type**: `STRUCT`**Provider name**: `deliver`**Description**: Display information of the final state "deliver" and reason. - `google_service_type`**Type**: `STRING`**Provider name**: `googleServiceType`**Description**: Recognized type of a Google Service the packet is delivered to (if applicable).**Possible values**: - `GOOGLE_SERVICE_TYPE_UNSPECIFIED` - Unspecified Google Service. - `IAP` - Identity aware proxy. [https://cloud.google.com/iap/docs/using-tcp-forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) - `GFE_PROXY_OR_HEALTH_CHECK_PROBER` - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules) - `CLOUD_DNS` - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. [https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules](https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules) [https://cloud.google.com/dns/docs/policies#firewall-rules](https://cloud.google.com/dns/docs/policies#firewall-rules) - `PRIVATE_GOOGLE_ACCESS` - private.googleapis.com and restricted.googleapis.com - `SERVERLESS_VPC_ACCESS` - Google API via Private Service Connect. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) Google API via Serverless VPC Access. [https://cloud.google.com/vpc/docs/serverless-vpc-access](https://cloud.google.com/vpc/docs/serverless-vpc-access) - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the target (if applicable). - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target the packet is delivered to (if applicable). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that the packet is delivered to. - `storage_bucket`**Type**: `STRING`**Provider name**: `storageBucket`**Description**: Name of the Cloud Storage Bucket the packet is delivered to (if applicable). - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type where the packet is delivered to.**Possible values**: - `TARGET_UNSPECIFIED` - Target not specified. - `INSTANCE` - Target is a Compute Engine instance. - `INTERNET` - Target is the internet. - `GOOGLE_API` - Target is a Google API. - `GKE_MASTER` - Target is a Google Kubernetes Engine cluster master. - `CLOUD_SQL_INSTANCE` - Target is a Cloud SQL instance. - `PSC_PUBLISHED_SERVICE` - Target is a published service that uses [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). - `PSC_GOOGLE_API` - Target is Google APIs that use [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis). - `PSC_VPC_SC` - Target is a VPC-SC that uses [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis). - `SERVERLESS_NEG` - Target is a serverless network endpoint group. - `STORAGE_BUCKET` - Target is a Cloud Storage bucket. - `PRIVATE_NETWORK` - Target is a private network. Used only for return traces. - `CLOUD_FUNCTION` - Target is a Cloud Function. Used only for return traces. - `APP_ENGINE_VERSION` - Target is a App Engine service version. Used only for return traces. - `CLOUD_RUN_REVISION` - Target is a Cloud Run revision. Used only for return traces. - `GOOGLE_MANAGED_SERVICE` - Target is a Google-managed service. Used only for return traces. - `REDIS_INSTANCE` - Target is a Redis Instance. - `REDIS_CLUSTER` - Target is a Redis Cluster. - `description`**Type**: `STRING`**Provider name**: `description`**Description**: A description of the step. Usually this is a summary of the state. - `direct_vpc_egress_connection`**Type**: `STRUCT`**Provider name**: `directVpcEgressConnection`**Description**: Display information of a serverless direct VPC egress connection. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of direct access network. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Direct VPC egress is deployed. - `selected_ip_address`**Type**: `STRING`**Provider name**: `selectedIpAddress`**Description**: Selected starting IP address, from the selected IP range. - `selected_ip_range`**Type**: `STRING`**Provider name**: `selectedIpRange`**Description**: Selected IP range. - `subnetwork_uri`**Type**: `STRING`**Provider name**: `subnetworkUri`**Description**: URI of direct access subnetwork. - `drop`**Type**: `STRUCT`**Provider name**: `drop`**Description**: Display information of the final state "drop" and reason. - `cause`**Type**: `STRING`**Provider name**: `cause`**Description**: Cause that the packet is dropped.**Possible values**: - `CAUSE_UNSPECIFIED` - Cause is unspecified. - `UNKNOWN_EXTERNAL_ADDRESS` - Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input. - `FOREIGN_IP_DISALLOWED` - A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled. - `FIREWALL_RULE` - Dropped due to a firewall rule, unless allowed due to connection tracking. - `NO_ROUTE` - Dropped due to no matching routes. - `ROUTE_BLACKHOLE` - Dropped due to invalid route. Route's next hop is a blackhole. - `ROUTE_WRONG_NETWORK` - Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3. - `ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED` - Route's next hop IP address cannot be resolved to a GCP resource. - `ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND` - Route's next hop resource is not found. - `ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK` - Route's next hop instance doesn't have a NIC in the route's network. - `ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP` - Route's next hop IP address is not a primary IP address of the next hop instance. - `ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH` - Route's next hop forwarding rule doesn't match next hop IP address. - `ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED` - Route's next hop VPN tunnel is down (does not have valid IKE SAs). - `ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID` - Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer). - `NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS` - Packet is sent from the Internet or Google service to the private IPv6 address. - `NO_ROUTE_FROM_EXTERNAL_IPV6_SOURCE_TO_PRIVATE_IPV6_ADDRESS` - Packet is sent from the external IPv6 source address of an instance to the private IPv6 address of an instance. - `VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH` - The packet does not match a policy-based VPN tunnel local selector. - `VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH` - The packet does not match a policy-based VPN tunnel remote selector. - `PRIVATE_TRAFFIC_TO_INTERNET` - Packet with internal destination address sent to the internet gateway. - `PRIVATE_GOOGLE_ACCESS_DISALLOWED` - Endpoint with only an internal IP address tries to access Google API and services, but Private Google Access is not enabled in the subnet or is not applicable. - `PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED` - Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network. - `NO_EXTERNAL_ADDRESS` - Endpoint with only an internal IP address tries to access external hosts, but there is no matching Cloud NAT gateway in the subnet. - `UNKNOWN_INTERNAL_ADDRESS` - Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project. - `FORWARDING_RULE_MISMATCH` - Forwarding rule's protocol and ports do not match the packet header. - `FORWARDING_RULE_NO_INSTANCES` - Forwarding rule does not have backends configured. - `FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK` - Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see [Health check firewall rules](https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules). - `INGRESS_FIREWALL_TAGS_UNSUPPORTED_BY_DIRECT_VPC_EGRESS` - Matching ingress firewall rules by network tags for packets sent via serverless VPC direct egress is unsupported. Behavior is undefined. [https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations) - `INSTANCE_NOT_RUNNING` - Packet is sent from or to a Compute Engine instance that is not in a running state. - `GKE_CLUSTER_NOT_RUNNING` - Packet sent from or to a GKE cluster that is not in running state. - `CLOUD_SQL_INSTANCE_NOT_RUNNING` - Packet sent from or to a Cloud SQL instance that is not in running state. - `REDIS_INSTANCE_NOT_RUNNING` - Packet sent from or to a Redis Instance that is not in running state. - `REDIS_CLUSTER_NOT_RUNNING` - Packet sent from or to a Redis Cluster that is not in running state. - `TRAFFIC_TYPE_BLOCKED` - The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See [Always blocked traffic](https://cloud.google.com/vpc/docs/firewalls#blockedtraffic) for more details. - `GKE_MASTER_UNAUTHORIZED_ACCESS` - Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See [Access to the cluster endpoints](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints) for more details. - `CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS` - Access to the Cloud SQL instance endpoint is not authorized. See [Authorizing with authorized networks](https://cloud.google.com/sql/docs/mysql/authorize-networks) for more details. - `DROPPED_INSIDE_GKE_SERVICE` - Packet was dropped inside Google Kubernetes Engine Service. - `DROPPED_INSIDE_CLOUD_SQL_SERVICE` - Packet was dropped inside Cloud SQL Service. - `GOOGLE_MANAGED_SERVICE_NO_PEERING` - Packet was dropped because there is no peering between the originating network and the Google Managed Services Network. - `GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT` - Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. - `GKE_PSC_ENDPOINT_MISSING` - Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. - `CLOUD_SQL_INSTANCE_NO_IP_ADDRESS` - Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address. - `GKE_CONTROL_PLANE_REGION_MISMATCH` - Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region. - `PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION` - Packet sent from a public GKE cluster control plane to a private IP address. - `GKE_CONTROL_PLANE_NO_ROUTE` - Packet was dropped because there is no route from a GKE cluster control plane to a destination network. - `CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC` - Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses. - `PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION` - Packet sent from a Cloud SQL instance with only a public IP address to a private IP address. - `CLOUD_SQL_INSTANCE_NO_ROUTE` - Packet was dropped because there is no route from a Cloud SQL instance to a destination network. - `CLOUD_SQL_CONNECTOR_REQUIRED` - Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307). - `CLOUD_FUNCTION_NOT_ACTIVE` - Packet could be dropped because the Cloud Function is not in an active status. - `VPC_CONNECTOR_NOT_SET` - Packet could be dropped because no VPC connector is set. - `VPC_CONNECTOR_NOT_RUNNING` - Packet could be dropped because the VPC connector is not in a running state. - `VPC_CONNECTOR_SERVERLESS_TRAFFIC_BLOCKED` - Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed. - `VPC_CONNECTOR_HEALTH_CHECK_TRAFFIC_BLOCKED` - Packet could be dropped because the health check traffic to the VPC connector is not allowed. - `FORWARDING_RULE_REGION_MISMATCH` - Packet could be dropped because it was sent from a different region to a regional forwarding without global access. - `PSC_CONNECTION_NOT_ACCEPTED` - The Private Service Connect endpoint is in a project that is not approved to connect to the service. - `PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK` - The packet is sent to the Private Service Connect endpoint over the peering, but [it's not supported](https://cloud.google.com/vpc/docs/configure-private-service-connect-services#on-premises). - `PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS` - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled. - `PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS` - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified. - `CLOUD_SQL_PSC_NEG_UNSUPPORTED` - The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported. - `NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT` - No NAT subnets are defined for the PSC service attachment. - `PSC_TRANSITIVITY_NOT_PROPAGATED` - PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated. - `HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED` - The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported. - `HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED` - The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported. - `CLOUD_RUN_REVISION_NOT_READY` - Packet sent from a Cloud Run revision that is not ready. - `DROPPED_INSIDE_PSC_SERVICE_PRODUCER` - Packet was dropped inside Private Service Connect service producer. - `LOAD_BALANCER_HAS_NO_PROXY_SUBNET` - Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found. - `CLOUD_NAT_NO_ADDRESSES` - Packet sent to Cloud Nat without active NAT IPs. - `ROUTING_LOOP` - Packet is stuck in a routing loop. - `DROPPED_INSIDE_GOOGLE_MANAGED_SERVICE` - Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn't match the endpoint the packet was sent from in forward trace. Used only for return traces. - `LOAD_BALANCER_BACKEND_INVALID_NETWORK` - Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer. - `BACKEND_SERVICE_NAMED_PORT_NOT_DEFINED` - Packet is dropped due to a backend service named port not being defined on the instance group level. - `DESTINATION_IS_PRIVATE_NAT_IP_RANGE` - Packet is dropped due to a destination IP range being part of a Private NAT IP range. - `DROPPED_INSIDE_REDIS_INSTANCE_SERVICE` - Generic drop cause for a packet being dropped inside a Redis Instance service project. - `REDIS_INSTANCE_UNSUPPORTED_PORT` - Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance. - `REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS` - Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance. - `REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK` - Packet is dropped due to no route to the destination network. - `REDIS_INSTANCE_NO_EXTERNAL_IP` - Redis Instance does not have an external IP address. - `REDIS_INSTANCE_UNSUPPORTED_PROTOCOL` - Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance. - `DROPPED_INSIDE_REDIS_CLUSTER_SERVICE` - Generic drop cause for a packet being dropped inside a Redis Cluster service project. - `REDIS_CLUSTER_UNSUPPORTED_PORT` - Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster. - `REDIS_CLUSTER_NO_EXTERNAL_IP` - Redis Cluster does not have an external IP address. - `REDIS_CLUSTER_UNSUPPORTED_PROTOCOL` - Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster. - `NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION` - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router. - `NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION` - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel. - `NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION` - Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address. - `PRIVATE_NAT_TO_PSC_ENDPOINT_UNSUPPORTED` - Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported. - `PSC_PORT_MAPPING_PORT_MISMATCH` - Packet is sent to the PSC port mapping service, but its destination port does not match any port mapping rules. - `PSC_PORT_MAPPING_WITHOUT_PSC_CONNECTION_UNSUPPORTED` - Sending packets directly to the PSC port mapping service without going through the PSC connection is not supported. - `UNSUPPORTED_ROUTE_MATCHED_FOR_NAT64_DESTINATION` - Packet with destination IP address within the reserved NAT64 range is dropped due to matching a route of an unsupported type. - `TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED` - Packet could be dropped because hybrid endpoint like a VPN gateway or Interconnect is not allowed to send traffic to the Internet. - `NO_MATCHING_NAT64_GATEWAY` - Packet with destination IP address within the reserved NAT64 range is dropped due to no matching NAT gateway in the subnet. - `LOAD_BALANCER_BACKEND_IP_VERSION_MISMATCH` - Packet is dropped due to being sent to a backend of a passthrough load balancer that doesn't use the same IP version as the frontend. - `NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION` - Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address. - `CLOUD_NAT_PROTOCOL_UNSUPPORTED` - Packet is dropped by Cloud NAT due to using an unsupported protocol. - `destination_geolocation_code`**Type**: `STRING`**Provider name**: `destinationGeolocationCode`**Description**: Geolocation (region code) of the destination IP address (if relevant). - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address of the dropped packet (if relevant). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the dropped packet (if relevant). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that caused the drop. - `source_geolocation_code`**Type**: `STRING`**Provider name**: `sourceGeolocationCode`**Description**: Geolocation (region code) of the source IP address (if relevant). - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address of the dropped packet (if relevant). - `endpoint`**Type**: `STRUCT`**Provider name**: `endpoint`**Description**: Display information of the source and destination under analysis. The endpoint information in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy. - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address. - `destination_network_uri`**Type**: `STRING`**Provider name**: `destinationNetworkUri`**Description**: URI of the network where this packet is sent to. - `destination_port`**Type**: `INT32`**Provider name**: `destinationPort`**Description**: Destination port. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `source_agent_uri`**Type**: `STRING`**Provider name**: `sourceAgentUri`**Description**: URI of the source telemetry agent this packet originates from. - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `source_network_uri`**Type**: `STRING`**Provider name**: `sourceNetworkUri`**Description**: URI of the network where this packet originates from. - `source_port`**Type**: `INT32`**Provider name**: `sourcePort`**Description**: Source port. Only valid when protocol is TCP or UDP. - `firewall`**Type**: `STRUCT`**Provider name**: `firewall`**Description**: Display information of a Compute Engine firewall rule. - `action`**Type**: `STRING`**Provider name**: `action`**Description**: Possible values: ALLOW, DENY, APPLY_SECURITY_PROFILE_GROUP - `direction`**Type**: `STRING`**Provider name**: `direction`**Description**: Possible values: INGRESS, EGRESS - `firewall_rule_type`**Type**: `STRING`**Provider name**: `firewallRuleType`**Description**: The firewall rule's type.**Possible values**: - `FIREWALL_RULE_TYPE_UNSPECIFIED` - Unspecified type. - `HIERARCHICAL_FIREWALL_POLICY_RULE` - Hierarchical firewall policy rule. For details, see [Hierarchical firewall policies overview](https://cloud.google.com/vpc/docs/firewall-policies). - `VPC_FIREWALL_RULE` - VPC firewall rule. For details, see [VPC firewall rules overview](https://cloud.google.com/vpc/docs/firewalls). - `IMPLIED_VPC_FIREWALL_RULE` - Implied VPC firewall rule. For details, see [Implied rules](https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules). - `SERVERLESS_VPC_ACCESS_MANAGED_FIREWALL_RULE` - Implicit firewall rules that are managed by serverless VPC access to allow ingress access. They are not visible in the Google Cloud console. For details, see [VPC connector's implicit rules](https://cloud.google.com/functions/docs/networking/connecting-vpc#restrict-access). - `NETWORK_FIREWALL_POLICY_RULE` - Global network firewall policy rule. For details, see [Network firewall policies](https://cloud.google.com/vpc/docs/network-firewall-policies). - `NETWORK_REGIONAL_FIREWALL_POLICY_RULE` - Regional network firewall policy rule. For details, see [Regional network firewall policies](https://cloud.google.com/firewall/docs/regional-firewall-policies). - `UNSUPPORTED_FIREWALL_POLICY_RULE` - Firewall policy rule containing attributes not yet supported in Connectivity tests. Firewall analysis is skipped if such a rule can potentially be matched. Please see the [list of unsupported configurations](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs). - `TRACKING_STATE` - Tracking state for response traffic created when request traffic goes through allow firewall rule. For details, see [firewall rules specifications](https://cloud.google.com/firewall/docs/firewalls#specifications) - `ANALYSIS_SKIPPED` - Firewall analysis was skipped due to executing Connectivity Test in the BypassFirewallChecks mode - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: The display name of the firewall rule. This field might be empty for firewall policy rules. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: The URI of the VPC network that the firewall rule is associated with. This field is not applicable to hierarchical firewall policy rules. - `policy`**Type**: `STRING`**Provider name**: `policy`**Description**: The name of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `policy_priority`**Type**: `INT32`**Provider name**: `policyPriority`**Description**: The priority of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `policy_uri`**Type**: `STRING`**Provider name**: `policyUri`**Description**: The URI of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `priority`**Type**: `INT32`**Provider name**: `priority`**Description**: The priority of the firewall rule. - `target_service_accounts`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `targetServiceAccounts`**Description**: The target service accounts specified by the firewall rule. - `target_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `targetTags`**Description**: The target tags defined by the VPC firewall rule. This field is not applicable to firewall policy rules. - `target_type`**Type**: `STRING`**Provider name**: `targetType`**Description**: Target type of the firewall rule.**Possible values**: - `TARGET_TYPE_UNSPECIFIED` - Target type is not specified. In this case we treat the rule as applying to INSTANCES target type. - `INSTANCES` - Firewall rule applies to instances. - `INTERNAL_MANAGED_LB` - Firewall rule applies to internal managed load balancers. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: The URI of the firewall rule. This field is not applicable to implied VPC firewall rules. - `forward`**Type**: `STRUCT`**Provider name**: `forward`**Description**: Display information of the final state "forward" and reason. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the target (if applicable). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that the packet is forwarded to. - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type where this packet is forwarded to.**Possible values**: - `TARGET_UNSPECIFIED` - Target not specified. - `PEERING_VPC` - Forwarded to a VPC peering network. - `VPN_GATEWAY` - Forwarded to a Cloud VPN gateway. - `INTERCONNECT` - Forwarded to a Cloud Interconnect connection. - `GKE_MASTER` - Forwarded to a Google Kubernetes Engine Container cluster master. - `IMPORTED_CUSTOM_ROUTE_NEXT_HOP` - Forwarded to the next hop of a custom route imported from a peering VPC. - `CLOUD_SQL_INSTANCE` - Forwarded to a Cloud SQL instance. - `ANOTHER_PROJECT` - Forwarded to a VPC network in another project. - `NCC_HUB` - Forwarded to an NCC Hub. - `ROUTER_APPLIANCE` - Forwarded to a router appliance. - `SECURE_WEB_PROXY_GATEWAY` - Forwarded to a Secure Web Proxy Gateway. - `forwarding_rule`**Type**: `STRUCT`**Provider name**: `forwardingRule`**Description**: Display information of a Compute Engine forwarding rule. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of the forwarding rule. - `load_balancer_name`**Type**: `STRING`**Provider name**: `loadBalancerName`**Description**: Name of the load balancer the forwarding rule belongs to. Empty for forwarding rules not related to load balancers (like PSC forwarding rules). - `matched_port_range`**Type**: `STRING`**Provider name**: `matchedPortRange`**Description**: Port range defined in the forwarding rule that matches the packet. - `matched_protocol`**Type**: `STRING`**Provider name**: `matchedProtocol`**Description**: Protocol defined in the forwarding rule that matches the packet. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: Network URI. - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target this forwarding rule targets (if applicable). - `psc_service_attachment_uri`**Type**: `STRING`**Provider name**: `pscServiceAttachmentUri`**Description**: URI of the PSC service attachment this forwarding rule targets (if applicable). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the forwarding rule. Set only for regional forwarding rules. - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type of the forwarding rule. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of the forwarding rule. - `vip`**Type**: `STRING`**Provider name**: `vip`**Description**: VIP of the forwarding rule. - `gke_master`**Type**: `STRUCT`**Provider name**: `gkeMaster`**Description**: Display information of a Google Kubernetes Engine cluster master. - `cluster_network_uri`**Type**: `STRING`**Provider name**: `clusterNetworkUri`**Description**: URI of a GKE cluster network. - `cluster_uri`**Type**: `STRING`**Provider name**: `clusterUri`**Description**: URI of a GKE cluster. - `dns_endpoint`**Type**: `STRING`**Provider name**: `dnsEndpoint`**Description**: DNS endpoint of a GKE cluster control plane. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of a GKE cluster control plane. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of a GKE cluster control plane. - `google_service`**Type**: `STRUCT`**Provider name**: `googleService`**Description**: Display information of a Google service - `google_service_type`**Type**: `STRING`**Provider name**: `googleServiceType`**Description**: Recognized type of a Google Service.**Possible values**: - `GOOGLE_SERVICE_TYPE_UNSPECIFIED` - Unspecified Google Service. - `IAP` - Identity aware proxy. [https://cloud.google.com/iap/docs/using-tcp-forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) - `GFE_PROXY_OR_HEALTH_CHECK_PROBER` - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules) - `CLOUD_DNS` - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. [https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules](https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules) [https://cloud.google.com/dns/docs/policies#firewall-rules](https://cloud.google.com/dns/docs/policies#firewall-rules) - `GOOGLE_API` - private.googleapis.com and restricted.googleapis.com - `GOOGLE_API_PSC` - Google API via Private Service Connect. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) - `GOOGLE_API_VPC_SC` - Google API via VPC Service Controls. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) - `SERVERLESS_VPC_ACCESS` - Google API via Serverless VPC Access. [https://cloud.google.com/vpc/docs/serverless-vpc-access](https://cloud.google.com/vpc/docs/serverless-vpc-access) - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `instance`**Type**: `STRUCT`**Provider name**: `instance`**Description**: Display information of a Compute Engine instance. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of the network interface. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine instance. - `gcp_status`**Type**: `STRING`**Provider name**: `status`**Description**: The status of the instance.**Possible values**: - `STATUS_UNSPECIFIED` - Default unspecified value. - `RUNNING` - The instance is running. - `NOT_RUNNING` - The instance has any status other than 'RUNNING'. - `interface`**Type**: `STRING`**Provider name**: `interface`**Description**: Name of the network interface of a Compute Engine instance. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of the network interface. - `network_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `networkTags`**Description**: Network tags configured on the instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network. - `psc_network_attachment_uri`**Type**: `STRING`**Provider name**: `pscNetworkAttachmentUri`**Description**: URI of the PSC network attachment the NIC is attached to (if relevant). - `running`**Type**: `BOOLEAN`**Provider name**: `running`**Description**: Indicates whether the Compute Engine instance is running. Deprecated: use the `status` field instead. - `service_account`**Type**: `STRING`**Provider name**: `serviceAccount`**Description**: Service account authorized for the instance. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine instance. - `interconnect_attachment`**Type**: `STRUCT`**Provider name**: `interconnectAttachment`**Description**: Display information of an interconnect attachment. - `cloud_router_uri`**Type**: `STRING`**Provider name**: `cloudRouterUri`**Description**: URI of the Cloud Router to be used for dynamic routing. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of an Interconnect attachment. - `interconnect_uri`**Type**: `STRING`**Provider name**: `interconnectUri`**Description**: URI of the Interconnect where the Interconnect attachment is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where the Interconnect attachment is configured. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of an Interconnect attachment. - `load_balancer`**Type**: `STRUCT`**Provider name**: `loadBalancer`**Description**: Display information of the load balancers. Deprecated in favor of the `load_balancer_backend_info` field, not used in new tests. - `backend_type`**Type**: `STRING`**Provider name**: `backendType`**Description**: Type of load balancer's backend configuration.**Possible values**: - `BACKEND_TYPE_UNSPECIFIED` - Type is unspecified. - `BACKEND_SERVICE` - Backend Service as the load balancer's backend. - `TARGET_POOL` - Target Pool as the load balancer's backend. - `TARGET_INSTANCE` - Target Instance as the load balancer's backend. - `backend_uri`**Type**: `STRING`**Provider name**: `backendUri`**Description**: Backend configuration URI. - `backends`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `backends`**Description**: Information for the loadbalancer backends. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine instance or network endpoint. - `health_check_allowing_firewall_rules`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `healthCheckAllowingFirewallRules`**Description**: A list of firewall rule URIs allowing probes from health check IP ranges. - `health_check_blocking_firewall_rules`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `healthCheckBlockingFirewallRules`**Description**: A list of firewall rule URIs blocking probes from health check IP ranges. - `health_check_firewall_state`**Type**: `STRING`**Provider name**: `healthCheckFirewallState`**Description**: State of the health check firewall configuration.**Possible values**: - `HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED` - State is unspecified. Default state if not populated. - `CONFIGURED` - There are configured firewall rules to allow health check probes to the backend. - `MISCONFIGURED` - There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine instance or network endpoint. - `health_check_uri`**Type**: `STRING`**Provider name**: `healthCheckUri`**Description**: URI of the health check for the load balancer. Deprecated and no longer populated as different load balancer backends might have different health checks. - `load_balancer_type`**Type**: `STRING`**Provider name**: `loadBalancerType`**Description**: Type of the load balancer.**Possible values**: - `LOAD_BALANCER_TYPE_UNSPECIFIED` - Type is unspecified. - `INTERNAL_TCP_UDP` - Internal TCP/UDP load balancer. - `NETWORK_TCP_UDP` - Network TCP/UDP load balancer. - `HTTP_PROXY` - HTTP(S) proxy load balancer. - `TCP_PROXY` - TCP proxy load balancer. - `SSL_PROXY` - SSL proxy load balancer. - `load_balancer_backend_info`**Type**: `STRUCT`**Provider name**: `loadBalancerBackendInfo`**Description**: Display information of a specific load balancer backend. - `backend_bucket_uri`**Type**: `STRING`**Provider name**: `backendBucketUri`**Description**: URI of the backend bucket this backend targets (if applicable). - `backend_service_uri`**Type**: `STRING`**Provider name**: `backendServiceUri`**Description**: URI of the backend service this backend belongs to (if applicable). - `health_check_firewalls_config_state`**Type**: `STRING`**Provider name**: `healthCheckFirewallsConfigState`**Description**: Output only. Health check firewalls configuration state for the backend. This is a result of the static firewall analysis (verifying that health check traffic from required IP ranges to the backend is allowed or not). The backend might still be unhealthy even if these firewalls are configured. Please refer to the documentation for more information: [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules)**Possible values**: - `HEALTH_CHECK_FIREWALLS_CONFIG_STATE_UNSPECIFIED` - Configuration state unspecified. It usually means that the backend has no health check attached, or there was an unexpected configuration error preventing Connectivity tests from verifying health check configuration. - `FIREWALLS_CONFIGURED` - Firewall rules (policies) allowing health check traffic from all required IP ranges to the backend are configured. - `FIREWALLS_PARTIALLY_CONFIGURED` - Firewall rules (policies) allow health check traffic only from a part of required IP ranges. - `FIREWALLS_NOT_CONFIGURED` - Firewall rules (policies) deny health check traffic from all required IP ranges to the backend. - `FIREWALLS_UNSUPPORTED` - The network contains firewall rules of unsupported types, so Connectivity tests were not able to verify health check configuration status. Please refer to the documentation for the list of unsupported configurations: [https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs) - `health_check_uri`**Type**: `STRING`**Provider name**: `healthCheckUri`**Description**: URI of the health check attached to this backend (if applicable). - `instance_group_uri`**Type**: `STRING`**Provider name**: `instanceGroupUri`**Description**: URI of the instance group this backend belongs to (if applicable). - `instance_uri`**Type**: `STRING`**Provider name**: `instanceUri`**Description**: URI of the backend instance (if applicable). Populated for instance group backends, and zonal NEG backends. - `name`**Type**: `STRING`**Provider name**: `name`**Description**: Display name of the backend. For example, it might be an instance name for the instance group backends, or an IP address and port for zonal network endpoint group backends. - `network_endpoint_group_uri`**Type**: `STRING`**Provider name**: `networkEndpointGroupUri`**Description**: URI of the network endpoint group this backend belongs to (if applicable). - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target this PSC NEG backend targets (if applicable). - `psc_service_attachment_uri`**Type**: `STRING`**Provider name**: `pscServiceAttachmentUri`**Description**: URI of the PSC service attachment this PSC NEG backend targets (if applicable). - `nat`**Type**: `STRUCT`**Provider name**: `nat`**Description**: Display information of a NAT. - `nat_gateway_name`**Type**: `STRING`**Provider name**: `natGatewayName`**Description**: The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network where NAT translation takes place. - `new_destination_ip`**Type**: `STRING`**Provider name**: `newDestinationIp`**Description**: Destination IP address after NAT translation. - `new_destination_port`**Type**: `INT32`**Provider name**: `newDestinationPort`**Description**: Destination port after NAT translation. Only valid when protocol is TCP or UDP. - `new_source_ip`**Type**: `STRING`**Provider name**: `newSourceIp`**Description**: Source IP address after NAT translation. - `new_source_port`**Type**: `INT32`**Provider name**: `newSourcePort`**Description**: Source port after NAT translation. Only valid when protocol is TCP or UDP. - `old_destination_ip`**Type**: `STRING`**Provider name**: `oldDestinationIp`**Description**: Destination IP address before NAT translation. - `old_destination_port`**Type**: `INT32`**Provider name**: `oldDestinationPort`**Description**: Destination port before NAT translation. Only valid when protocol is TCP or UDP. - `old_source_ip`**Type**: `STRING`**Provider name**: `oldSourceIp`**Description**: Source IP address before NAT translation. - `old_source_port`**Type**: `INT32`**Provider name**: `oldSourcePort`**Description**: Source port before NAT translation. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `router_uri`**Type**: `STRING`**Provider name**: `routerUri`**Description**: Uri of the Cloud Router. Only valid when type is CLOUD_NAT. - `type`**Type**: `STRING`**Provider name**: `type`**Description**: Type of NAT.**Possible values**: - `TYPE_UNSPECIFIED` - Type is unspecified. - `INTERNAL_TO_EXTERNAL` - From Compute Engine instance's internal address to external address. - `EXTERNAL_TO_INTERNAL` - From Compute Engine instance's external address to internal address. - `CLOUD_NAT` - Cloud NAT Gateway. - `PRIVATE_SERVICE_CONNECT` - Private service connect NAT. - `network`**Type**: `STRUCT`**Provider name**: `network`**Description**: Display information of a Google Cloud network. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine network. - `matched_ip_range`**Type**: `STRING`**Provider name**: `matchedIpRange`**Description**: The IP range of the subnet matching the source IP address of the test. - `matched_subnet_uri`**Type**: `STRING`**Provider name**: `matchedSubnetUri`**Description**: URI of the subnet matching the source IP address of the test. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: The region of the subnet matching the source IP address of the test. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine network. - `project_id`**Type**: `STRING`**Provider name**: `projectId`**Description**: Project ID that contains the configuration this step is validating. - `proxy_connection`**Type**: `STRUCT`**Provider name**: `proxyConnection`**Description**: Display information of a ProxyConnection. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network where connection is proxied. - `new_destination_ip`**Type**: `STRING`**Provider name**: `newDestinationIp`**Description**: Destination IP address of a new connection. - `new_destination_port`**Type**: `INT32`**Provider name**: `newDestinationPort`**Description**: Destination port of a new connection. Only valid when protocol is TCP or UDP. - `new_source_ip`**Type**: `STRING`**Provider name**: `newSourceIp`**Description**: Source IP address of a new connection. - `new_source_port`**Type**: `INT32`**Provider name**: `newSourcePort`**Description**: Source port of a new connection. Only valid when protocol is TCP or UDP. - `old_destination_ip`**Type**: `STRING`**Provider name**: `oldDestinationIp`**Description**: Destination IP address of an original connection - `old_destination_port`**Type**: `INT32`**Provider name**: `oldDestinationPort`**Description**: Destination port of an original connection. Only valid when protocol is TCP or UDP. - `old_source_ip`**Type**: `STRING`**Provider name**: `oldSourceIp`**Description**: Source IP address of an original connection. - `old_source_port`**Type**: `INT32`**Provider name**: `oldSourcePort`**Description**: Source port of an original connection. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `subnet_uri`**Type**: `STRING`**Provider name**: `subnetUri`**Description**: Uri of proxy subnet. - `redis_cluster`**Type**: `STRUCT`**Provider name**: `redisCluster`**Description**: Display information of a Redis Cluster. - `discovery_endpoint_ip_address`**Type**: `STRING`**Provider name**: `discoveryEndpointIpAddress`**Description**: Discovery endpoint IP address of a Redis Cluster. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Redis Cluster. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Name of the region in which the Redis Cluster is defined. For example, "us-central1". - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network containing the Redis Cluster endpoints in format "projects/{project_id}/global/networks/{network_id}". - `secondary_endpoint_ip_address`**Type**: `STRING`**Provider name**: `secondaryEndpointIpAddress`**Description**: Secondary endpoint IP address of a Redis Cluster. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Redis Cluster in format "projects/{project_id}/locations/{location}/clusters/{cluster_id}" - `redis_instance`**Type**: `STRUCT`**Provider name**: `redisInstance`**Description**: Display information of a Redis Instance. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Redis Instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Cloud Redis Instance network. - `primary_endpoint_ip`**Type**: `STRING`**Provider name**: `primaryEndpointIp`**Description**: Primary endpoint IP address of a Cloud Redis Instance. - `read_endpoint_ip`**Type**: `STRING`**Provider name**: `readEndpointIp`**Description**: Read endpoint IP address of a Cloud Redis Instance (if applicable). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Cloud Redis Instance is defined. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Redis Instance. - `route`**Type**: `STRUCT`**Provider name**: `route`**Description**: Display information of a Compute Engine route. - `advertised_route_next_hop_uri`**Type**: `STRING`**Provider name**: `advertisedRouteNextHopUri`**Description**: For ADVERTISED routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network. Deprecated in favor of the next_hop_uri field, not used in new tests. - `advertised_route_source_router_uri`**Type**: `STRING`**Provider name**: `advertisedRouteSourceRouterUri`**Description**: For ADVERTISED dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix. - `dest_ip_range`**Type**: `STRING`**Provider name**: `destIpRange`**Description**: Destination IP range of the route. - `dest_port_ranges`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `destPortRanges`**Description**: Destination port ranges of the route. POLICY_BASED routes only. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a route. - `instance_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `instanceTags`**Description**: Instance tags of the route. - `ncc_hub_route_uri`**Type**: `STRING`**Provider name**: `nccHubRouteUri`**Description**: For PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub, the URI of the corresponding route in NCC Hub's routing table. - `ncc_hub_uri`**Type**: `STRING`**Provider name**: `nccHubUri`**Description**: URI of the NCC Hub the route is advertised by. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only. - `ncc_spoke_uri`**Type**: `STRING`**Provider name**: `nccSpokeUri`**Description**: URI of the destination NCC Spoke. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a VPC network where route is located. - `next_hop`**Type**: `STRING`**Provider name**: `nextHop`**Description**: String type of the next hop of the route (for example, "VPN tunnel"). Deprecated in favor of the next_hop_type and next_hop_uri fields, not used in new tests. - `next_hop_network_uri`**Type**: `STRING`**Provider name**: `nextHopNetworkUri`**Description**: URI of a VPC network where the next hop resource is located. - `next_hop_type`**Type**: `STRING`**Provider name**: `nextHopType`**Description**: Type of next hop.**Possible values**: - `NEXT_HOP_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `NEXT_HOP_IP` - Next hop is an IP address. - `NEXT_HOP_INSTANCE` - Next hop is a Compute Engine instance. - `NEXT_HOP_NETWORK` - Next hop is a VPC network gateway. - `NEXT_HOP_PEERING` - Next hop is a peering VPC. This scenario only happens when the user doesn't have permissions to the project where the next hop resource is located. - `NEXT_HOP_INTERCONNECT` - Next hop is an interconnect. - `NEXT_HOP_VPN_TUNNEL` - Next hop is a VPN tunnel. - `NEXT_HOP_VPN_GATEWAY` - Next hop is a VPN gateway. This scenario only happens when tracing connectivity from an on-premises network to Google Cloud through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arriving at a Cloud VPN gateway. - `NEXT_HOP_INTERNET_GATEWAY` - Next hop is an internet gateway. - `NEXT_HOP_BLACKHOLE` - Next hop is blackhole; that is, the next hop either does not exist or is unusable. - `NEXT_HOP_ILB` - Next hop is the forwarding rule of an Internal Load Balancer. - `NEXT_HOP_ROUTER_APPLIANCE` - Next hop is a [router appliance instance](https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/ra-overview). - `NEXT_HOP_NCC_HUB` - Next hop is an NCC hub. This scenario only happens when the user doesn't have permissions to the project where the next hop resource is located. - `SECURE_WEB_PROXY_GATEWAY` - Next hop is Secure Web Proxy Gateway. - `next_hop_uri`**Type**: `STRING`**Provider name**: `nextHopUri`**Description**: URI of the next hop resource. - `originating_route_display_name`**Type**: `STRING`**Provider name**: `originatingRouteDisplayName`**Description**: For PEERING_SUBNET, PEERING_STATIC and PEERING_DYNAMIC routes, the name of the originating SUBNET/STATIC/DYNAMIC route. - `originating_route_uri`**Type**: `STRING`**Provider name**: `originatingRouteUri`**Description**: For PEERING_SUBNET and PEERING_STATIC routes, the URI of the originating SUBNET/STATIC route. - `priority`**Type**: `INT32`**Provider name**: `priority`**Description**: Priority of the route. - `protocols`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `protocols`**Description**: Protocols of the route. POLICY_BASED routes only. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the route. DYNAMIC, PEERING_DYNAMIC, POLICY_BASED and ADVERTISED routes only. If set for POLICY_BASED route, this is a region of VLAN attachments for Cloud Interconnect the route applies to. - `route_scope`**Type**: `STRING`**Provider name**: `routeScope`**Description**: Indicates where route is applicable. Deprecated, routes with NCC_HUB scope are not included in the trace in new tests.**Possible values**: - `ROUTE_SCOPE_UNSPECIFIED` - Unspecified scope. Default value. - `NETWORK` - Route is applicable to packets in Network. - `NCC_HUB` - Route is applicable to packets using NCC Hub's routing table. - `route_type`**Type**: `STRING`**Provider name**: `routeType`**Description**: Type of route.**Possible values**: - `ROUTE_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `SUBNET` - Route is a subnet route automatically created by the system. - `STATIC` - Static route created by the user, including the default route to the internet. - `DYNAMIC` - Dynamic route exchanged between BGP peers. - `PEERING_SUBNET` - A subnet route received from peering network or NCC Hub. - `PEERING_STATIC` - A static route received from peering network. - `PEERING_DYNAMIC` - A dynamic route received from peering network or NCC Hub. - `POLICY_BASED` - Policy based route. - `ADVERTISED` - Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests. - `src_ip_range`**Type**: `STRING`**Provider name**: `srcIpRange`**Description**: Source IP address range of the route. POLICY_BASED routes only. - `src_port_ranges`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `srcPortRanges`**Description**: Source port ranges of the route. POLICY_BASED routes only. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a route. SUBNET, STATIC, PEERING_SUBNET (only for peering network) and POLICY_BASED routes only. - `serverless_external_connection`**Type**: `STRUCT`**Provider name**: `serverlessExternalConnection`**Description**: Display information of a serverless public (external) connection. - `selected_ip_address`**Type**: `STRING`**Provider name**: `selectedIpAddress`**Description**: Selected starting IP address, from the Google dynamic address pool. - `serverless_neg`**Type**: `STRUCT`**Provider name**: `serverlessNeg`**Description**: Display information of a Serverless network endpoint group backend. Used only for return traces. - `neg_uri`**Type**: `STRING`**Provider name**: `negUri`**Description**: URI of the serverless network endpoint group. - `state`**Type**: `STRING`**Provider name**: `state`**Description**: Each step is in one of the pre-defined states.**Possible values**: - `STATE_UNSPECIFIED` - Unspecified state. - `START_FROM_INSTANCE` - Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information. - `START_FROM_INTERNET` - Initial state: packet originating from the internet. The endpoint information is populated. - `START_FROM_GOOGLE_SERVICE` - Initial state: packet originating from a Google service. The google_service information is populated. - `START_FROM_PRIVATE_NETWORK` - Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network. - `START_FROM_GKE_MASTER` - Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information. - `START_FROM_CLOUD_SQL_INSTANCE` - Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information. - `START_FROM_REDIS_INSTANCE` - Initial state: packet originating from a Redis instance. A RedisInstanceInfo is populated with starting instance information. - `START_FROM_REDIS_CLUSTER` - Initial state: packet originating from a Redis Cluster. A RedisClusterInfo is populated with starting Cluster information. - `START_FROM_CLOUD_FUNCTION` - Initial state: packet originating from a Cloud Function. A CloudFunctionInfo is populated with starting function information. - `START_FROM_APP_ENGINE_VERSION` - Initial state: packet originating from an App Engine service version. An AppEngineVersionInfo is populated with starting version information. - `START_FROM_CLOUD_RUN_REVISION` - Initial state: packet originating from a Cloud Run revision. A CloudRunRevisionInfo is populated with starting revision information. - `START_FROM_STORAGE_BUCKET` - Initial state: packet originating from a Storage Bucket. Used only for return traces. The storage_bucket information is populated. - `START_FROM_PSC_PUBLISHED_SERVICE` - Initial state: packet originating from a published service that uses Private Service Connect. Used only for return traces. - `START_FROM_SERVERLESS_NEG` - Initial state: packet originating from a serverless network endpoint group backend. Used only for return traces. The serverless_neg information is populated. - `APPLY_INGRESS_FIREWALL_RULE` - Config checking state: verify ingress firewall rule. - `APPLY_EGRESS_FIREWALL_RULE` - Config checking state: verify egress firewall rule. - `APPLY_ROUTE` - Config checking state: verify route. - `APPLY_FORWARDING_RULE` - Config checking state: match forwarding rule. - `ANALYZE_LOAD_BALANCER_BACKEND` - Config checking state: verify load balancer backend configuration. - `SPOOFING_APPROVED` - Config checking state: packet sent or received under foreign IP address and allowed. - `ARRIVE_AT_INSTANCE` - Forwarding state: arriving at a Compute Engine instance. - `ARRIVE_AT_INTERNAL_LOAD_BALANCER` - Forwarding state: arriving at a Compute Engine internal load balancer. - `ARRIVE_AT_EXTERNAL_LOAD_BALANCER` - Forwarding state: arriving at a Compute Engine external load balancer. - `ARRIVE_AT_VPN_GATEWAY` - Forwarding state: arriving at a Cloud VPN gateway. - `ARRIVE_AT_VPN_TUNNEL` - Forwarding state: arriving at a Cloud VPN tunnel. - `ARRIVE_AT_INTERCONNECT_ATTACHMENT` - Forwarding state: arriving at an interconnect attachment. - `ARRIVE_AT_VPC_CONNECTOR` - Forwarding state: arriving at a VPC connector. - `DIRECT_VPC_EGRESS_CONNECTION` - Forwarding state: for packets originating from a serverless endpoint forwarded through Direct VPC egress. - `SERVERLESS_EXTERNAL_CONNECTION` - Forwarding state: for packets originating from a serverless endpoint forwarded through public (external) connectivity. - `NAT` - Transition state: packet header translated. - `PROXY_CONNECTION` - Transition state: original connection is terminated and a new proxied connection is initiated. - `DELIVER` - Final state: packet could be delivered. - `DROP` - Final state: packet could be dropped. - `FORWARD` - Final state: packet could be forwarded to a network with an unknown configuration. - `ABORT` - Final state: analysis is aborted. - `VIEWER_PERMISSION_MISSING` - Special state: viewer of the test result does not have permission to see the configuration in this step. - `storage_bucket`**Type**: `STRUCT`**Provider name**: `storageBucket`**Description**: Display information of a Storage Bucket. Used only for return traces. - `bucket`**Type**: `STRING`**Provider name**: `bucket`**Description**: Cloud Storage Bucket name. - `vpc_connector`**Type**: `STRUCT`**Provider name**: `vpcConnector`**Description**: Display information of a VPC connector. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPC connector. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which the VPC connector is deployed. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPC connector. - `vpn_gateway`**Type**: `STRUCT`**Provider name**: `vpnGateway`**Description**: Display information of a Compute Engine VPN gateway. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPN gateway. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the VPN gateway. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network where the VPN gateway is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where this VPN gateway is configured. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPN gateway. - `vpn_tunnel_uri`**Type**: `STRING`**Provider name**: `vpnTunnelUri`**Description**: A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed. - `vpn_tunnel`**Type**: `STRUCT`**Provider name**: `vpnTunnel`**Description**: Display information of a Compute Engine VPN tunnel. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPN tunnel. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network where the VPN tunnel is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where this VPN tunnel is configured. - `remote_gateway`**Type**: `STRING`**Provider name**: `remoteGateway`**Description**: URI of a VPN gateway at remote end of the tunnel. - `remote_gateway_ip`**Type**: `STRING`**Provider name**: `remoteGatewayIp`**Description**: Remote VPN gateway's IP address. - `routing_type`**Type**: `STRING`**Provider name**: `routingType`**Description**: Type of the routing policy.**Possible values**: - `ROUTING_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `ROUTE_BASED` - Route based VPN. - `POLICY_BASED` - Policy based routing. - `DYNAMIC` - Dynamic (BGP) routing. - `source_gateway`**Type**: `STRING`**Provider name**: `sourceGateway`**Description**: URI of the VPN gateway at local end of the tunnel. - `source_gateway_ip`**Type**: `STRING`**Provider name**: `sourceGatewayIp`**Description**: Local VPN gateway's IP address. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPN tunnel. - `verify_time`**Type**: `TIMESTAMP`**Provider name**: `verifyTime`**Description**: The time of the configuration analysis. ## `region_id`{% #region_id %} **Type**: `STRING` ## `related_projects`{% #related_projects %} **Type**: `UNORDERED_LIST_STRING`**Provider name**: `relatedProjects`**Description**: Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries. ## `resource_name`{% #resource_name %} **Type**: `STRING` ## `return_reachability_details`{% #return_reachability_details %} **Type**: `STRUCT`**Provider name**: `returnReachabilityDetails`**Description**: Output only. The reachability details of this test from the latest run for the return path. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test. - `error`**Type**: `STRUCT`**Provider name**: `error`**Description**: The details of a failure or a cancellation of reachability analysis. - `code`**Type**: `INT32`**Provider name**: `code`**Description**: The status code, which should be an enum value of google.rpc.Code. - `message`**Type**: `STRING`**Provider name**: `message`**Description**: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. - `result`**Type**: `STRING`**Provider name**: `result`**Description**: The overall result of the test's configuration analysis.**Possible values**: - `RESULT_UNSPECIFIED` - No result was specified. - `REACHABLE` - Possible scenarios are: * The configuration analysis determined that a packet originating from the source is expected to reach the destination. * The analysis didn't complete because the user lacks permission for some of the resources in the trace. However, at the time the user's permission became insufficient, the trace had been successful so far. - `UNREACHABLE` - A packet originating from the source is expected to be dropped before reaching the destination. - `AMBIGUOUS` - The source and destination endpoints do not uniquely identify the test location in the network, and the reachability result contains multiple traces. For some traces, a packet could be delivered, and for others, it would not be. This result is also assigned to configuration analysis of return path if on its own it should be REACHABLE, but configuration analysis of forward path is AMBIGUOUS. - `UNDETERMINED` - The configuration analysis did not complete. Possible reasons are: * A permissions error occurred–for example, the user might not have read permission for all of the resources named in the test. * An internal error occurred. * The analyzer received an invalid or unsupported argument or was unable to identify a known endpoint. - `traces`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `traces`**Description**: Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends. - `endpoint_info`**Type**: `STRUCT`**Provider name**: `endpointInfo`**Description**: Derived from the source and destination endpoints definition specified by user request, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpoint_info may be different between traces. - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address. - `destination_network_uri`**Type**: `STRING`**Provider name**: `destinationNetworkUri`**Description**: URI of the network where this packet is sent to. - `destination_port`**Type**: `INT32`**Provider name**: `destinationPort`**Description**: Destination port. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `source_agent_uri`**Type**: `STRING`**Provider name**: `sourceAgentUri`**Description**: URI of the source telemetry agent this packet originates from. - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `source_network_uri`**Type**: `STRING`**Provider name**: `sourceNetworkUri`**Description**: URI of the network where this packet originates from. - `source_port`**Type**: `INT32`**Provider name**: `sourcePort`**Description**: Source port. Only valid when protocol is TCP or UDP. - `forward_trace_id`**Type**: `INT32`**Provider name**: `forwardTraceId`**Description**: ID of trace. For forward traces, this ID is unique for each trace. For return traces, it matches ID of associated forward trace. A single forward trace can be associated with none, one or more than one return trace. - `steps`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `steps`**Description**: A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted). The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them. - `abort`**Type**: `STRUCT`**Provider name**: `abort`**Description**: Display information of the final state "abort" and reason. - `cause`**Type**: `STRING`**Provider name**: `cause`**Description**: Causes that the analysis is aborted.**Possible values**: - `CAUSE_UNSPECIFIED` - Cause is unspecified. - `UNKNOWN_NETWORK` - Aborted due to unknown network. Deprecated, not used in the new tests. - `UNKNOWN_PROJECT` - Aborted because no project information can be derived from the test input. Deprecated, not used in the new tests. - `NO_EXTERNAL_IP` - Aborted because traffic is sent from a public IP to an instance without an external IP. Deprecated, not used in the new tests. - `UNINTENDED_DESTINATION` - Aborted because none of the traces matches destination information specified in the input test request. Deprecated, not used in the new tests. - `SOURCE_ENDPOINT_NOT_FOUND` - Aborted because the source endpoint could not be found. Deprecated, not used in the new tests. - `MISMATCHED_SOURCE_NETWORK` - Aborted because the source network does not match the source endpoint. Deprecated, not used in the new tests. - `DESTINATION_ENDPOINT_NOT_FOUND` - Aborted because the destination endpoint could not be found. Deprecated, not used in the new tests. - `MISMATCHED_DESTINATION_NETWORK` - Aborted because the destination network does not match the destination endpoint. Deprecated, not used in the new tests. - `UNKNOWN_IP` - Aborted because no endpoint with the packet's destination IP address is found. - `GOOGLE_MANAGED_SERVICE_UNKNOWN_IP` - Aborted because no endpoint with the packet's destination IP is found in the Google-managed project. - `SOURCE_IP_ADDRESS_NOT_IN_SOURCE_NETWORK` - Aborted because the source IP address doesn't belong to any of the subnets of the source VPC network. - `PERMISSION_DENIED` - Aborted because user lacks permission to access all or part of the network configurations required to run the test. - `PERMISSION_DENIED_NO_CLOUD_NAT_CONFIGS` - Aborted because user lacks permission to access Cloud NAT configs required to run the test. - `PERMISSION_DENIED_NO_NEG_ENDPOINT_CONFIGS` - Aborted because user lacks permission to access Network endpoint group endpoint configs required to run the test. - `PERMISSION_DENIED_NO_CLOUD_ROUTER_CONFIGS` - Aborted because user lacks permission to access Cloud Router configs required to run the test. - `NO_SOURCE_LOCATION` - Aborted because no valid source or destination endpoint is derived from the input test request. - `INVALID_ARGUMENT` - Aborted because the source or destination endpoint specified in the request is invalid. Some examples: - The request might contain malformed resource URI, project ID, or IP address. - The request might contain inconsistent information (for example, the request might include both the instance and the network, but the instance might not have a NIC in that network). - `TRACE_TOO_LONG` - Aborted because the number of steps in the trace exceeds a certain limit. It might be caused by a routing loop. - `INTERNAL_ERROR` - Aborted due to internal server error. - `UNSUPPORTED` - Aborted because the test scenario is not supported. - `MISMATCHED_IP_VERSION` - Aborted because the source and destination resources have no common IP version. - `GKE_KONNECTIVITY_PROXY_UNSUPPORTED` - Aborted because the connection between the control plane and the node of the source cluster is initiated by the node and managed by the Konnectivity proxy. - `RESOURCE_CONFIG_NOT_FOUND` - Aborted because expected resource configuration was missing. - `VM_INSTANCE_CONFIG_NOT_FOUND` - Aborted because expected VM instance configuration was missing. - `NETWORK_CONFIG_NOT_FOUND` - Aborted because expected network configuration was missing. - `FIREWALL_CONFIG_NOT_FOUND` - Aborted because expected firewall configuration was missing. - `ROUTE_CONFIG_NOT_FOUND` - Aborted because expected route configuration was missing. - `GOOGLE_MANAGED_SERVICE_AMBIGUOUS_PSC_ENDPOINT` - Aborted because PSC endpoint selection for the Google-managed service is ambiguous (several PSC endpoints satisfy test input). - `GOOGLE_MANAGED_SERVICE_AMBIGUOUS_ENDPOINT` - Aborted because endpoint selection for the Google-managed service is ambiguous (several endpoints satisfy test input). - `SOURCE_PSC_CLOUD_SQL_UNSUPPORTED` - Aborted because tests with a PSC-based Cloud SQL instance as a source are not supported. - `SOURCE_REDIS_CLUSTER_UNSUPPORTED` - Aborted because tests with a Redis Cluster as a source are not supported. - `SOURCE_REDIS_INSTANCE_UNSUPPORTED` - Aborted because tests with a Redis Instance as a source are not supported. - `SOURCE_FORWARDING_RULE_UNSUPPORTED` - Aborted because tests with a forwarding rule as a source are not supported. - `NON_ROUTABLE_IP_ADDRESS` - Aborted because one of the endpoints is a non-routable IP address (loopback, link-local, etc). - `UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT` - Aborted due to an unknown issue in the Google-managed project. - `UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG` - Aborted due to an unsupported configuration of the Google-managed project. - `NO_SERVERLESS_IP_RANGES` - Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges. - `IP_VERSION_PROTOCOL_MISMATCH` - Aborted because the used protocol is not supported for the used IP version. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address that caused the abort. - `projects_missing_permission`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `projectsMissingPermission`**Description**: List of project IDs the user specified in the request but lacks access to. In this case, analysis is aborted with the PERMISSION_DENIED cause. - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that caused the abort. - `app_engine_version`**Type**: `STRUCT`**Provider name**: `appEngineVersion`**Description**: Display information of an App Engine service version. - `environment`**Type**: `STRING`**Provider name**: `environment`**Description**: App Engine execution environment for a version. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of an App Engine version. - `runtime`**Type**: `STRING`**Provider name**: `runtime`**Description**: Runtime of the App Engine version. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of an App Engine version. - `causes_drop`**Type**: `BOOLEAN`**Provider name**: `causesDrop`**Description**: This is a step that leads to the final state Drop. - `cloud_function`**Type**: `STRUCT`**Provider name**: `cloudFunction`**Description**: Display information of a Cloud Function. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Function. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which the Cloud Function is deployed. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Function. - `version_id`**Type**: `INT64`**Provider name**: `versionId`**Description**: Latest successfully deployed version id of the Cloud Function. - `cloud_run_revision`**Type**: `STRUCT`**Provider name**: `cloudRunRevision`**Description**: Display information of a Cloud Run revision. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Run revision. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which this revision is deployed. - `service_uri`**Type**: `STRING`**Provider name**: `serviceUri`**Description**: URI of Cloud Run service this revision belongs to. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Run revision. - `cloud_sql_instance`**Type**: `STRUCT`**Provider name**: `cloudSqlInstance`**Description**: Display information of a Cloud SQL instance. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of a Cloud SQL instance. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud SQL instance. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of a Cloud SQL instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Cloud SQL instance network or empty string if the instance does not have one. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Cloud SQL instance is running. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud SQL instance. - `deliver`**Type**: `STRUCT`**Provider name**: `deliver`**Description**: Display information of the final state "deliver" and reason. - `google_service_type`**Type**: `STRING`**Provider name**: `googleServiceType`**Description**: Recognized type of a Google Service the packet is delivered to (if applicable).**Possible values**: - `GOOGLE_SERVICE_TYPE_UNSPECIFIED` - Unspecified Google Service. - `IAP` - Identity aware proxy. [https://cloud.google.com/iap/docs/using-tcp-forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) - `GFE_PROXY_OR_HEALTH_CHECK_PROBER` - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules) - `CLOUD_DNS` - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. [https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules](https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules) [https://cloud.google.com/dns/docs/policies#firewall-rules](https://cloud.google.com/dns/docs/policies#firewall-rules) - `PRIVATE_GOOGLE_ACCESS` - private.googleapis.com and restricted.googleapis.com - `SERVERLESS_VPC_ACCESS` - Google API via Private Service Connect. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) Google API via Serverless VPC Access. [https://cloud.google.com/vpc/docs/serverless-vpc-access](https://cloud.google.com/vpc/docs/serverless-vpc-access) - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the target (if applicable). - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target the packet is delivered to (if applicable). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that the packet is delivered to. - `storage_bucket`**Type**: `STRING`**Provider name**: `storageBucket`**Description**: Name of the Cloud Storage Bucket the packet is delivered to (if applicable). - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type where the packet is delivered to.**Possible values**: - `TARGET_UNSPECIFIED` - Target not specified. - `INSTANCE` - Target is a Compute Engine instance. - `INTERNET` - Target is the internet. - `GOOGLE_API` - Target is a Google API. - `GKE_MASTER` - Target is a Google Kubernetes Engine cluster master. - `CLOUD_SQL_INSTANCE` - Target is a Cloud SQL instance. - `PSC_PUBLISHED_SERVICE` - Target is a published service that uses [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). - `PSC_GOOGLE_API` - Target is Google APIs that use [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis). - `PSC_VPC_SC` - Target is a VPC-SC that uses [Private Service Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis). - `SERVERLESS_NEG` - Target is a serverless network endpoint group. - `STORAGE_BUCKET` - Target is a Cloud Storage bucket. - `PRIVATE_NETWORK` - Target is a private network. Used only for return traces. - `CLOUD_FUNCTION` - Target is a Cloud Function. Used only for return traces. - `APP_ENGINE_VERSION` - Target is a App Engine service version. Used only for return traces. - `CLOUD_RUN_REVISION` - Target is a Cloud Run revision. Used only for return traces. - `GOOGLE_MANAGED_SERVICE` - Target is a Google-managed service. Used only for return traces. - `REDIS_INSTANCE` - Target is a Redis Instance. - `REDIS_CLUSTER` - Target is a Redis Cluster. - `description`**Type**: `STRING`**Provider name**: `description`**Description**: A description of the step. Usually this is a summary of the state. - `direct_vpc_egress_connection`**Type**: `STRUCT`**Provider name**: `directVpcEgressConnection`**Description**: Display information of a serverless direct VPC egress connection. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of direct access network. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Direct VPC egress is deployed. - `selected_ip_address`**Type**: `STRING`**Provider name**: `selectedIpAddress`**Description**: Selected starting IP address, from the selected IP range. - `selected_ip_range`**Type**: `STRING`**Provider name**: `selectedIpRange`**Description**: Selected IP range. - `subnetwork_uri`**Type**: `STRING`**Provider name**: `subnetworkUri`**Description**: URI of direct access subnetwork. - `drop`**Type**: `STRUCT`**Provider name**: `drop`**Description**: Display information of the final state "drop" and reason. - `cause`**Type**: `STRING`**Provider name**: `cause`**Description**: Cause that the packet is dropped.**Possible values**: - `CAUSE_UNSPECIFIED` - Cause is unspecified. - `UNKNOWN_EXTERNAL_ADDRESS` - Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input. - `FOREIGN_IP_DISALLOWED` - A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled. - `FIREWALL_RULE` - Dropped due to a firewall rule, unless allowed due to connection tracking. - `NO_ROUTE` - Dropped due to no matching routes. - `ROUTE_BLACKHOLE` - Dropped due to invalid route. Route's next hop is a blackhole. - `ROUTE_WRONG_NETWORK` - Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3. - `ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED` - Route's next hop IP address cannot be resolved to a GCP resource. - `ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND` - Route's next hop resource is not found. - `ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK` - Route's next hop instance doesn't have a NIC in the route's network. - `ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP` - Route's next hop IP address is not a primary IP address of the next hop instance. - `ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH` - Route's next hop forwarding rule doesn't match next hop IP address. - `ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED` - Route's next hop VPN tunnel is down (does not have valid IKE SAs). - `ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID` - Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer). - `NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS` - Packet is sent from the Internet or Google service to the private IPv6 address. - `NO_ROUTE_FROM_EXTERNAL_IPV6_SOURCE_TO_PRIVATE_IPV6_ADDRESS` - Packet is sent from the external IPv6 source address of an instance to the private IPv6 address of an instance. - `VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH` - The packet does not match a policy-based VPN tunnel local selector. - `VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH` - The packet does not match a policy-based VPN tunnel remote selector. - `PRIVATE_TRAFFIC_TO_INTERNET` - Packet with internal destination address sent to the internet gateway. - `PRIVATE_GOOGLE_ACCESS_DISALLOWED` - Endpoint with only an internal IP address tries to access Google API and services, but Private Google Access is not enabled in the subnet or is not applicable. - `PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED` - Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network. - `NO_EXTERNAL_ADDRESS` - Endpoint with only an internal IP address tries to access external hosts, but there is no matching Cloud NAT gateway in the subnet. - `UNKNOWN_INTERNAL_ADDRESS` - Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project. - `FORWARDING_RULE_MISMATCH` - Forwarding rule's protocol and ports do not match the packet header. - `FORWARDING_RULE_NO_INSTANCES` - Forwarding rule does not have backends configured. - `FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK` - Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see [Health check firewall rules](https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules). - `INGRESS_FIREWALL_TAGS_UNSUPPORTED_BY_DIRECT_VPC_EGRESS` - Matching ingress firewall rules by network tags for packets sent via serverless VPC direct egress is unsupported. Behavior is undefined. [https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations) - `INSTANCE_NOT_RUNNING` - Packet is sent from or to a Compute Engine instance that is not in a running state. - `GKE_CLUSTER_NOT_RUNNING` - Packet sent from or to a GKE cluster that is not in running state. - `CLOUD_SQL_INSTANCE_NOT_RUNNING` - Packet sent from or to a Cloud SQL instance that is not in running state. - `REDIS_INSTANCE_NOT_RUNNING` - Packet sent from or to a Redis Instance that is not in running state. - `REDIS_CLUSTER_NOT_RUNNING` - Packet sent from or to a Redis Cluster that is not in running state. - `TRAFFIC_TYPE_BLOCKED` - The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See [Always blocked traffic](https://cloud.google.com/vpc/docs/firewalls#blockedtraffic) for more details. - `GKE_MASTER_UNAUTHORIZED_ACCESS` - Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See [Access to the cluster endpoints](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints) for more details. - `CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS` - Access to the Cloud SQL instance endpoint is not authorized. See [Authorizing with authorized networks](https://cloud.google.com/sql/docs/mysql/authorize-networks) for more details. - `DROPPED_INSIDE_GKE_SERVICE` - Packet was dropped inside Google Kubernetes Engine Service. - `DROPPED_INSIDE_CLOUD_SQL_SERVICE` - Packet was dropped inside Cloud SQL Service. - `GOOGLE_MANAGED_SERVICE_NO_PEERING` - Packet was dropped because there is no peering between the originating network and the Google Managed Services Network. - `GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT` - Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. - `GKE_PSC_ENDPOINT_MISSING` - Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. - `CLOUD_SQL_INSTANCE_NO_IP_ADDRESS` - Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address. - `GKE_CONTROL_PLANE_REGION_MISMATCH` - Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region. - `PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION` - Packet sent from a public GKE cluster control plane to a private IP address. - `GKE_CONTROL_PLANE_NO_ROUTE` - Packet was dropped because there is no route from a GKE cluster control plane to a destination network. - `CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC` - Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses. - `PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION` - Packet sent from a Cloud SQL instance with only a public IP address to a private IP address. - `CLOUD_SQL_INSTANCE_NO_ROUTE` - Packet was dropped because there is no route from a Cloud SQL instance to a destination network. - `CLOUD_SQL_CONNECTOR_REQUIRED` - Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307). - `CLOUD_FUNCTION_NOT_ACTIVE` - Packet could be dropped because the Cloud Function is not in an active status. - `VPC_CONNECTOR_NOT_SET` - Packet could be dropped because no VPC connector is set. - `VPC_CONNECTOR_NOT_RUNNING` - Packet could be dropped because the VPC connector is not in a running state. - `VPC_CONNECTOR_SERVERLESS_TRAFFIC_BLOCKED` - Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed. - `VPC_CONNECTOR_HEALTH_CHECK_TRAFFIC_BLOCKED` - Packet could be dropped because the health check traffic to the VPC connector is not allowed. - `FORWARDING_RULE_REGION_MISMATCH` - Packet could be dropped because it was sent from a different region to a regional forwarding without global access. - `PSC_CONNECTION_NOT_ACCEPTED` - The Private Service Connect endpoint is in a project that is not approved to connect to the service. - `PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK` - The packet is sent to the Private Service Connect endpoint over the peering, but [it's not supported](https://cloud.google.com/vpc/docs/configure-private-service-connect-services#on-premises). - `PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS` - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled. - `PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS` - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified. - `CLOUD_SQL_PSC_NEG_UNSUPPORTED` - The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported. - `NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT` - No NAT subnets are defined for the PSC service attachment. - `PSC_TRANSITIVITY_NOT_PROPAGATED` - PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated. - `HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED` - The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported. - `HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED` - The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported. - `CLOUD_RUN_REVISION_NOT_READY` - Packet sent from a Cloud Run revision that is not ready. - `DROPPED_INSIDE_PSC_SERVICE_PRODUCER` - Packet was dropped inside Private Service Connect service producer. - `LOAD_BALANCER_HAS_NO_PROXY_SUBNET` - Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found. - `CLOUD_NAT_NO_ADDRESSES` - Packet sent to Cloud Nat without active NAT IPs. - `ROUTING_LOOP` - Packet is stuck in a routing loop. - `DROPPED_INSIDE_GOOGLE_MANAGED_SERVICE` - Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn't match the endpoint the packet was sent from in forward trace. Used only for return traces. - `LOAD_BALANCER_BACKEND_INVALID_NETWORK` - Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer. - `BACKEND_SERVICE_NAMED_PORT_NOT_DEFINED` - Packet is dropped due to a backend service named port not being defined on the instance group level. - `DESTINATION_IS_PRIVATE_NAT_IP_RANGE` - Packet is dropped due to a destination IP range being part of a Private NAT IP range. - `DROPPED_INSIDE_REDIS_INSTANCE_SERVICE` - Generic drop cause for a packet being dropped inside a Redis Instance service project. - `REDIS_INSTANCE_UNSUPPORTED_PORT` - Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance. - `REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS` - Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance. - `REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK` - Packet is dropped due to no route to the destination network. - `REDIS_INSTANCE_NO_EXTERNAL_IP` - Redis Instance does not have an external IP address. - `REDIS_INSTANCE_UNSUPPORTED_PROTOCOL` - Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance. - `DROPPED_INSIDE_REDIS_CLUSTER_SERVICE` - Generic drop cause for a packet being dropped inside a Redis Cluster service project. - `REDIS_CLUSTER_UNSUPPORTED_PORT` - Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster. - `REDIS_CLUSTER_NO_EXTERNAL_IP` - Redis Cluster does not have an external IP address. - `REDIS_CLUSTER_UNSUPPORTED_PROTOCOL` - Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster. - `NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION` - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router. - `NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION` - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel. - `NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION` - Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address. - `PRIVATE_NAT_TO_PSC_ENDPOINT_UNSUPPORTED` - Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported. - `PSC_PORT_MAPPING_PORT_MISMATCH` - Packet is sent to the PSC port mapping service, but its destination port does not match any port mapping rules. - `PSC_PORT_MAPPING_WITHOUT_PSC_CONNECTION_UNSUPPORTED` - Sending packets directly to the PSC port mapping service without going through the PSC connection is not supported. - `UNSUPPORTED_ROUTE_MATCHED_FOR_NAT64_DESTINATION` - Packet with destination IP address within the reserved NAT64 range is dropped due to matching a route of an unsupported type. - `TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED` - Packet could be dropped because hybrid endpoint like a VPN gateway or Interconnect is not allowed to send traffic to the Internet. - `NO_MATCHING_NAT64_GATEWAY` - Packet with destination IP address within the reserved NAT64 range is dropped due to no matching NAT gateway in the subnet. - `LOAD_BALANCER_BACKEND_IP_VERSION_MISMATCH` - Packet is dropped due to being sent to a backend of a passthrough load balancer that doesn't use the same IP version as the frontend. - `NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION` - Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address. - `CLOUD_NAT_PROTOCOL_UNSUPPORTED` - Packet is dropped by Cloud NAT due to using an unsupported protocol. - `destination_geolocation_code`**Type**: `STRING`**Provider name**: `destinationGeolocationCode`**Description**: Geolocation (region code) of the destination IP address (if relevant). - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address of the dropped packet (if relevant). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the dropped packet (if relevant). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that caused the drop. - `source_geolocation_code`**Type**: `STRING`**Provider name**: `sourceGeolocationCode`**Description**: Geolocation (region code) of the source IP address (if relevant). - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address of the dropped packet (if relevant). - `endpoint`**Type**: `STRUCT`**Provider name**: `endpoint`**Description**: Display information of the source and destination under analysis. The endpoint information in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy. - `destination_ip`**Type**: `STRING`**Provider name**: `destinationIp`**Description**: Destination IP address. - `destination_network_uri`**Type**: `STRING`**Provider name**: `destinationNetworkUri`**Description**: URI of the network where this packet is sent to. - `destination_port`**Type**: `INT32`**Provider name**: `destinationPort`**Description**: Destination port. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `source_agent_uri`**Type**: `STRING`**Provider name**: `sourceAgentUri`**Description**: URI of the source telemetry agent this packet originates from. - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `source_network_uri`**Type**: `STRING`**Provider name**: `sourceNetworkUri`**Description**: URI of the network where this packet originates from. - `source_port`**Type**: `INT32`**Provider name**: `sourcePort`**Description**: Source port. Only valid when protocol is TCP or UDP. - `firewall`**Type**: `STRUCT`**Provider name**: `firewall`**Description**: Display information of a Compute Engine firewall rule. - `action`**Type**: `STRING`**Provider name**: `action`**Description**: Possible values: ALLOW, DENY, APPLY_SECURITY_PROFILE_GROUP - `direction`**Type**: `STRING`**Provider name**: `direction`**Description**: Possible values: INGRESS, EGRESS - `firewall_rule_type`**Type**: `STRING`**Provider name**: `firewallRuleType`**Description**: The firewall rule's type.**Possible values**: - `FIREWALL_RULE_TYPE_UNSPECIFIED` - Unspecified type. - `HIERARCHICAL_FIREWALL_POLICY_RULE` - Hierarchical firewall policy rule. For details, see [Hierarchical firewall policies overview](https://cloud.google.com/vpc/docs/firewall-policies). - `VPC_FIREWALL_RULE` - VPC firewall rule. For details, see [VPC firewall rules overview](https://cloud.google.com/vpc/docs/firewalls). - `IMPLIED_VPC_FIREWALL_RULE` - Implied VPC firewall rule. For details, see [Implied rules](https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules). - `SERVERLESS_VPC_ACCESS_MANAGED_FIREWALL_RULE` - Implicit firewall rules that are managed by serverless VPC access to allow ingress access. They are not visible in the Google Cloud console. For details, see [VPC connector's implicit rules](https://cloud.google.com/functions/docs/networking/connecting-vpc#restrict-access). - `NETWORK_FIREWALL_POLICY_RULE` - Global network firewall policy rule. For details, see [Network firewall policies](https://cloud.google.com/vpc/docs/network-firewall-policies). - `NETWORK_REGIONAL_FIREWALL_POLICY_RULE` - Regional network firewall policy rule. For details, see [Regional network firewall policies](https://cloud.google.com/firewall/docs/regional-firewall-policies). - `UNSUPPORTED_FIREWALL_POLICY_RULE` - Firewall policy rule containing attributes not yet supported in Connectivity tests. Firewall analysis is skipped if such a rule can potentially be matched. Please see the [list of unsupported configurations](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs). - `TRACKING_STATE` - Tracking state for response traffic created when request traffic goes through allow firewall rule. For details, see [firewall rules specifications](https://cloud.google.com/firewall/docs/firewalls#specifications) - `ANALYSIS_SKIPPED` - Firewall analysis was skipped due to executing Connectivity Test in the BypassFirewallChecks mode - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: The display name of the firewall rule. This field might be empty for firewall policy rules. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: The URI of the VPC network that the firewall rule is associated with. This field is not applicable to hierarchical firewall policy rules. - `policy`**Type**: `STRING`**Provider name**: `policy`**Description**: The name of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `policy_priority`**Type**: `INT32`**Provider name**: `policyPriority`**Description**: The priority of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `policy_uri`**Type**: `STRING`**Provider name**: `policyUri`**Description**: The URI of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules. - `priority`**Type**: `INT32`**Provider name**: `priority`**Description**: The priority of the firewall rule. - `target_service_accounts`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `targetServiceAccounts`**Description**: The target service accounts specified by the firewall rule. - `target_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `targetTags`**Description**: The target tags defined by the VPC firewall rule. This field is not applicable to firewall policy rules. - `target_type`**Type**: `STRING`**Provider name**: `targetType`**Description**: Target type of the firewall rule.**Possible values**: - `TARGET_TYPE_UNSPECIFIED` - Target type is not specified. In this case we treat the rule as applying to INSTANCES target type. - `INSTANCES` - Firewall rule applies to instances. - `INTERNAL_MANAGED_LB` - Firewall rule applies to internal managed load balancers. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: The URI of the firewall rule. This field is not applicable to implied VPC firewall rules. - `forward`**Type**: `STRUCT`**Provider name**: `forward`**Description**: Display information of the final state "forward" and reason. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the target (if applicable). - `resource_uri`**Type**: `STRING`**Provider name**: `resourceUri`**Description**: URI of the resource that the packet is forwarded to. - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type where this packet is forwarded to.**Possible values**: - `TARGET_UNSPECIFIED` - Target not specified. - `PEERING_VPC` - Forwarded to a VPC peering network. - `VPN_GATEWAY` - Forwarded to a Cloud VPN gateway. - `INTERCONNECT` - Forwarded to a Cloud Interconnect connection. - `GKE_MASTER` - Forwarded to a Google Kubernetes Engine Container cluster master. - `IMPORTED_CUSTOM_ROUTE_NEXT_HOP` - Forwarded to the next hop of a custom route imported from a peering VPC. - `CLOUD_SQL_INSTANCE` - Forwarded to a Cloud SQL instance. - `ANOTHER_PROJECT` - Forwarded to a VPC network in another project. - `NCC_HUB` - Forwarded to an NCC Hub. - `ROUTER_APPLIANCE` - Forwarded to a router appliance. - `SECURE_WEB_PROXY_GATEWAY` - Forwarded to a Secure Web Proxy Gateway. - `forwarding_rule`**Type**: `STRUCT`**Provider name**: `forwardingRule`**Description**: Display information of a Compute Engine forwarding rule. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of the forwarding rule. - `load_balancer_name`**Type**: `STRING`**Provider name**: `loadBalancerName`**Description**: Name of the load balancer the forwarding rule belongs to. Empty for forwarding rules not related to load balancers (like PSC forwarding rules). - `matched_port_range`**Type**: `STRING`**Provider name**: `matchedPortRange`**Description**: Port range defined in the forwarding rule that matches the packet. - `matched_protocol`**Type**: `STRING`**Provider name**: `matchedProtocol`**Description**: Protocol defined in the forwarding rule that matches the packet. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: Network URI. - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target this forwarding rule targets (if applicable). - `psc_service_attachment_uri`**Type**: `STRING`**Provider name**: `pscServiceAttachmentUri`**Description**: URI of the PSC service attachment this forwarding rule targets (if applicable). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the forwarding rule. Set only for regional forwarding rules. - `target`**Type**: `STRING`**Provider name**: `target`**Description**: Target type of the forwarding rule. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of the forwarding rule. - `vip`**Type**: `STRING`**Provider name**: `vip`**Description**: VIP of the forwarding rule. - `gke_master`**Type**: `STRUCT`**Provider name**: `gkeMaster`**Description**: Display information of a Google Kubernetes Engine cluster master. - `cluster_network_uri`**Type**: `STRING`**Provider name**: `clusterNetworkUri`**Description**: URI of a GKE cluster network. - `cluster_uri`**Type**: `STRING`**Provider name**: `clusterUri`**Description**: URI of a GKE cluster. - `dns_endpoint`**Type**: `STRING`**Provider name**: `dnsEndpoint`**Description**: DNS endpoint of a GKE cluster control plane. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of a GKE cluster control plane. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of a GKE cluster control plane. - `google_service`**Type**: `STRUCT`**Provider name**: `googleService`**Description**: Display information of a Google service - `google_service_type`**Type**: `STRING`**Provider name**: `googleServiceType`**Description**: Recognized type of a Google Service.**Possible values**: - `GOOGLE_SERVICE_TYPE_UNSPECIFIED` - Unspecified Google Service. - `IAP` - Identity aware proxy. [https://cloud.google.com/iap/docs/using-tcp-forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) - `GFE_PROXY_OR_HEALTH_CHECK_PROBER` - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules) - `CLOUD_DNS` - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. [https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules](https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules) [https://cloud.google.com/dns/docs/policies#firewall-rules](https://cloud.google.com/dns/docs/policies#firewall-rules) - `GOOGLE_API` - private.googleapis.com and restricted.googleapis.com - `GOOGLE_API_PSC` - Google API via Private Service Connect. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) - `GOOGLE_API_VPC_SC` - Google API via VPC Service Controls. [https://cloud.google.com/vpc/docs/configure-private-service-connect-apis](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) - `SERVERLESS_VPC_ACCESS` - Google API via Serverless VPC Access. [https://cloud.google.com/vpc/docs/serverless-vpc-access](https://cloud.google.com/vpc/docs/serverless-vpc-access) - `source_ip`**Type**: `STRING`**Provider name**: `sourceIp`**Description**: Source IP address. - `instance`**Type**: `STRUCT`**Provider name**: `instance`**Description**: Display information of a Compute Engine instance. - `external_ip`**Type**: `STRING`**Provider name**: `externalIp`**Description**: External IP address of the network interface. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine instance. - `gcp_status`**Type**: `STRING`**Provider name**: `status`**Description**: The status of the instance.**Possible values**: - `STATUS_UNSPECIFIED` - Default unspecified value. - `RUNNING` - The instance is running. - `NOT_RUNNING` - The instance has any status other than 'RUNNING'. - `interface`**Type**: `STRING`**Provider name**: `interface`**Description**: Name of the network interface of a Compute Engine instance. - `internal_ip`**Type**: `STRING`**Provider name**: `internalIp`**Description**: Internal IP address of the network interface. - `network_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `networkTags`**Description**: Network tags configured on the instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network. - `psc_network_attachment_uri`**Type**: `STRING`**Provider name**: `pscNetworkAttachmentUri`**Description**: URI of the PSC network attachment the NIC is attached to (if relevant). - `running`**Type**: `BOOLEAN`**Provider name**: `running`**Description**: Indicates whether the Compute Engine instance is running. Deprecated: use the `status` field instead. - `service_account`**Type**: `STRING`**Provider name**: `serviceAccount`**Description**: Service account authorized for the instance. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine instance. - `interconnect_attachment`**Type**: `STRUCT`**Provider name**: `interconnectAttachment`**Description**: Display information of an interconnect attachment. - `cloud_router_uri`**Type**: `STRING`**Provider name**: `cloudRouterUri`**Description**: URI of the Cloud Router to be used for dynamic routing. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of an Interconnect attachment. - `interconnect_uri`**Type**: `STRING`**Provider name**: `interconnectUri`**Description**: URI of the Interconnect where the Interconnect attachment is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where the Interconnect attachment is configured. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of an Interconnect attachment. - `load_balancer`**Type**: `STRUCT`**Provider name**: `loadBalancer`**Description**: Display information of the load balancers. Deprecated in favor of the `load_balancer_backend_info` field, not used in new tests. - `backend_type`**Type**: `STRING`**Provider name**: `backendType`**Description**: Type of load balancer's backend configuration.**Possible values**: - `BACKEND_TYPE_UNSPECIFIED` - Type is unspecified. - `BACKEND_SERVICE` - Backend Service as the load balancer's backend. - `TARGET_POOL` - Target Pool as the load balancer's backend. - `TARGET_INSTANCE` - Target Instance as the load balancer's backend. - `backend_uri`**Type**: `STRING`**Provider name**: `backendUri`**Description**: Backend configuration URI. - `backends`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `backends`**Description**: Information for the loadbalancer backends. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine instance or network endpoint. - `health_check_allowing_firewall_rules`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `healthCheckAllowingFirewallRules`**Description**: A list of firewall rule URIs allowing probes from health check IP ranges. - `health_check_blocking_firewall_rules`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `healthCheckBlockingFirewallRules`**Description**: A list of firewall rule URIs blocking probes from health check IP ranges. - `health_check_firewall_state`**Type**: `STRING`**Provider name**: `healthCheckFirewallState`**Description**: State of the health check firewall configuration.**Possible values**: - `HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED` - State is unspecified. Default state if not populated. - `CONFIGURED` - There are configured firewall rules to allow health check probes to the backend. - `MISCONFIGURED` - There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine instance or network endpoint. - `health_check_uri`**Type**: `STRING`**Provider name**: `healthCheckUri`**Description**: URI of the health check for the load balancer. Deprecated and no longer populated as different load balancer backends might have different health checks. - `load_balancer_type`**Type**: `STRING`**Provider name**: `loadBalancerType`**Description**: Type of the load balancer.**Possible values**: - `LOAD_BALANCER_TYPE_UNSPECIFIED` - Type is unspecified. - `INTERNAL_TCP_UDP` - Internal TCP/UDP load balancer. - `NETWORK_TCP_UDP` - Network TCP/UDP load balancer. - `HTTP_PROXY` - HTTP(S) proxy load balancer. - `TCP_PROXY` - TCP proxy load balancer. - `SSL_PROXY` - SSL proxy load balancer. - `load_balancer_backend_info`**Type**: `STRUCT`**Provider name**: `loadBalancerBackendInfo`**Description**: Display information of a specific load balancer backend. - `backend_bucket_uri`**Type**: `STRING`**Provider name**: `backendBucketUri`**Description**: URI of the backend bucket this backend targets (if applicable). - `backend_service_uri`**Type**: `STRING`**Provider name**: `backendServiceUri`**Description**: URI of the backend service this backend belongs to (if applicable). - `health_check_firewalls_config_state`**Type**: `STRING`**Provider name**: `healthCheckFirewallsConfigState`**Description**: Output only. Health check firewalls configuration state for the backend. This is a result of the static firewall analysis (verifying that health check traffic from required IP ranges to the backend is allowed or not). The backend might still be unhealthy even if these firewalls are configured. Please refer to the documentation for more information: [https://cloud.google.com/load-balancing/docs/firewall-rules](https://cloud.google.com/load-balancing/docs/firewall-rules)**Possible values**: - `HEALTH_CHECK_FIREWALLS_CONFIG_STATE_UNSPECIFIED` - Configuration state unspecified. It usually means that the backend has no health check attached, or there was an unexpected configuration error preventing Connectivity tests from verifying health check configuration. - `FIREWALLS_CONFIGURED` - Firewall rules (policies) allowing health check traffic from all required IP ranges to the backend are configured. - `FIREWALLS_PARTIALLY_CONFIGURED` - Firewall rules (policies) allow health check traffic only from a part of required IP ranges. - `FIREWALLS_NOT_CONFIGURED` - Firewall rules (policies) deny health check traffic from all required IP ranges to the backend. - `FIREWALLS_UNSUPPORTED` - The network contains firewall rules of unsupported types, so Connectivity tests were not able to verify health check configuration status. Please refer to the documentation for the list of unsupported configurations: [https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs) - `health_check_uri`**Type**: `STRING`**Provider name**: `healthCheckUri`**Description**: URI of the health check attached to this backend (if applicable). - `instance_group_uri`**Type**: `STRING`**Provider name**: `instanceGroupUri`**Description**: URI of the instance group this backend belongs to (if applicable). - `instance_uri`**Type**: `STRING`**Provider name**: `instanceUri`**Description**: URI of the backend instance (if applicable). Populated for instance group backends, and zonal NEG backends. - `name`**Type**: `STRING`**Provider name**: `name`**Description**: Display name of the backend. For example, it might be an instance name for the instance group backends, or an IP address and port for zonal network endpoint group backends. - `network_endpoint_group_uri`**Type**: `STRING`**Provider name**: `networkEndpointGroupUri`**Description**: URI of the network endpoint group this backend belongs to (if applicable). - `psc_google_api_target`**Type**: `STRING`**Provider name**: `pscGoogleApiTarget`**Description**: PSC Google API target this PSC NEG backend targets (if applicable). - `psc_service_attachment_uri`**Type**: `STRING`**Provider name**: `pscServiceAttachmentUri`**Description**: URI of the PSC service attachment this PSC NEG backend targets (if applicable). - `nat`**Type**: `STRUCT`**Provider name**: `nat`**Description**: Display information of a NAT. - `nat_gateway_name`**Type**: `STRING`**Provider name**: `natGatewayName`**Description**: The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network where NAT translation takes place. - `new_destination_ip`**Type**: `STRING`**Provider name**: `newDestinationIp`**Description**: Destination IP address after NAT translation. - `new_destination_port`**Type**: `INT32`**Provider name**: `newDestinationPort`**Description**: Destination port after NAT translation. Only valid when protocol is TCP or UDP. - `new_source_ip`**Type**: `STRING`**Provider name**: `newSourceIp`**Description**: Source IP address after NAT translation. - `new_source_port`**Type**: `INT32`**Provider name**: `newSourcePort`**Description**: Source port after NAT translation. Only valid when protocol is TCP or UDP. - `old_destination_ip`**Type**: `STRING`**Provider name**: `oldDestinationIp`**Description**: Destination IP address before NAT translation. - `old_destination_port`**Type**: `INT32`**Provider name**: `oldDestinationPort`**Description**: Destination port before NAT translation. Only valid when protocol is TCP or UDP. - `old_source_ip`**Type**: `STRING`**Provider name**: `oldSourceIp`**Description**: Source IP address before NAT translation. - `old_source_port`**Type**: `INT32`**Provider name**: `oldSourcePort`**Description**: Source port before NAT translation. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `router_uri`**Type**: `STRING`**Provider name**: `routerUri`**Description**: Uri of the Cloud Router. Only valid when type is CLOUD_NAT. - `type`**Type**: `STRING`**Provider name**: `type`**Description**: Type of NAT.**Possible values**: - `TYPE_UNSPECIFIED` - Type is unspecified. - `INTERNAL_TO_EXTERNAL` - From Compute Engine instance's internal address to external address. - `EXTERNAL_TO_INTERNAL` - From Compute Engine instance's external address to internal address. - `CLOUD_NAT` - Cloud NAT Gateway. - `PRIVATE_SERVICE_CONNECT` - Private service connect NAT. - `network`**Type**: `STRUCT`**Provider name**: `network`**Description**: Display information of a Google Cloud network. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Compute Engine network. - `matched_ip_range`**Type**: `STRING`**Provider name**: `matchedIpRange`**Description**: The IP range of the subnet matching the source IP address of the test. - `matched_subnet_uri`**Type**: `STRING`**Provider name**: `matchedSubnetUri`**Description**: URI of the subnet matching the source IP address of the test. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: The region of the subnet matching the source IP address of the test. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Compute Engine network. - `project_id`**Type**: `STRING`**Provider name**: `projectId`**Description**: Project ID that contains the configuration this step is validating. - `proxy_connection`**Type**: `STRUCT`**Provider name**: `proxyConnection`**Description**: Display information of a ProxyConnection. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network where connection is proxied. - `new_destination_ip`**Type**: `STRING`**Provider name**: `newDestinationIp`**Description**: Destination IP address of a new connection. - `new_destination_port`**Type**: `INT32`**Provider name**: `newDestinationPort`**Description**: Destination port of a new connection. Only valid when protocol is TCP or UDP. - `new_source_ip`**Type**: `STRING`**Provider name**: `newSourceIp`**Description**: Source IP address of a new connection. - `new_source_port`**Type**: `INT32`**Provider name**: `newSourcePort`**Description**: Source port of a new connection. Only valid when protocol is TCP or UDP. - `old_destination_ip`**Type**: `STRING`**Provider name**: `oldDestinationIp`**Description**: Destination IP address of an original connection - `old_destination_port`**Type**: `INT32`**Provider name**: `oldDestinationPort`**Description**: Destination port of an original connection. Only valid when protocol is TCP or UDP. - `old_source_ip`**Type**: `STRING`**Provider name**: `oldSourceIp`**Description**: Source IP address of an original connection. - `old_source_port`**Type**: `INT32`**Provider name**: `oldSourcePort`**Description**: Source port of an original connection. Only valid when protocol is TCP or UDP. - `protocol`**Type**: `STRING`**Provider name**: `protocol`**Description**: IP protocol in string format, for example: "TCP", "UDP", "ICMP". - `subnet_uri`**Type**: `STRING`**Provider name**: `subnetUri`**Description**: Uri of proxy subnet. - `redis_cluster`**Type**: `STRUCT`**Provider name**: `redisCluster`**Description**: Display information of a Redis Cluster. - `discovery_endpoint_ip_address`**Type**: `STRING`**Provider name**: `discoveryEndpointIpAddress`**Description**: Discovery endpoint IP address of a Redis Cluster. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Redis Cluster. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Name of the region in which the Redis Cluster is defined. For example, "us-central1". - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of the network containing the Redis Cluster endpoints in format "projects/{project_id}/global/networks/{network_id}". - `secondary_endpoint_ip_address`**Type**: `STRING`**Provider name**: `secondaryEndpointIpAddress`**Description**: Secondary endpoint IP address of a Redis Cluster. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Redis Cluster in format "projects/{project_id}/locations/{location}/clusters/{cluster_id}" - `redis_instance`**Type**: `STRUCT`**Provider name**: `redisInstance`**Description**: Display information of a Redis Instance. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a Cloud Redis Instance. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Cloud Redis Instance network. - `primary_endpoint_ip`**Type**: `STRING`**Provider name**: `primaryEndpointIp`**Description**: Primary endpoint IP address of a Cloud Redis Instance. - `read_endpoint_ip`**Type**: `STRING`**Provider name**: `readEndpointIp`**Description**: Read endpoint IP address of a Cloud Redis Instance (if applicable). - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region in which the Cloud Redis Instance is defined. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a Cloud Redis Instance. - `route`**Type**: `STRUCT`**Provider name**: `route`**Description**: Display information of a Compute Engine route. - `advertised_route_next_hop_uri`**Type**: `STRING`**Provider name**: `advertisedRouteNextHopUri`**Description**: For ADVERTISED routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network. Deprecated in favor of the next_hop_uri field, not used in new tests. - `advertised_route_source_router_uri`**Type**: `STRING`**Provider name**: `advertisedRouteSourceRouterUri`**Description**: For ADVERTISED dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix. - `dest_ip_range`**Type**: `STRING`**Provider name**: `destIpRange`**Description**: Destination IP range of the route. - `dest_port_ranges`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `destPortRanges`**Description**: Destination port ranges of the route. POLICY_BASED routes only. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a route. - `instance_tags`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `instanceTags`**Description**: Instance tags of the route. - `ncc_hub_route_uri`**Type**: `STRING`**Provider name**: `nccHubRouteUri`**Description**: For PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub, the URI of the corresponding route in NCC Hub's routing table. - `ncc_hub_uri`**Type**: `STRING`**Provider name**: `nccHubUri`**Description**: URI of the NCC Hub the route is advertised by. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only. - `ncc_spoke_uri`**Type**: `STRING`**Provider name**: `nccSpokeUri`**Description**: URI of the destination NCC Spoke. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a VPC network where route is located. - `next_hop`**Type**: `STRING`**Provider name**: `nextHop`**Description**: String type of the next hop of the route (for example, "VPN tunnel"). Deprecated in favor of the next_hop_type and next_hop_uri fields, not used in new tests. - `next_hop_network_uri`**Type**: `STRING`**Provider name**: `nextHopNetworkUri`**Description**: URI of a VPC network where the next hop resource is located. - `next_hop_type`**Type**: `STRING`**Provider name**: `nextHopType`**Description**: Type of next hop.**Possible values**: - `NEXT_HOP_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `NEXT_HOP_IP` - Next hop is an IP address. - `NEXT_HOP_INSTANCE` - Next hop is a Compute Engine instance. - `NEXT_HOP_NETWORK` - Next hop is a VPC network gateway. - `NEXT_HOP_PEERING` - Next hop is a peering VPC. This scenario only happens when the user doesn't have permissions to the project where the next hop resource is located. - `NEXT_HOP_INTERCONNECT` - Next hop is an interconnect. - `NEXT_HOP_VPN_TUNNEL` - Next hop is a VPN tunnel. - `NEXT_HOP_VPN_GATEWAY` - Next hop is a VPN gateway. This scenario only happens when tracing connectivity from an on-premises network to Google Cloud through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arriving at a Cloud VPN gateway. - `NEXT_HOP_INTERNET_GATEWAY` - Next hop is an internet gateway. - `NEXT_HOP_BLACKHOLE` - Next hop is blackhole; that is, the next hop either does not exist or is unusable. - `NEXT_HOP_ILB` - Next hop is the forwarding rule of an Internal Load Balancer. - `NEXT_HOP_ROUTER_APPLIANCE` - Next hop is a [router appliance instance](https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/ra-overview). - `NEXT_HOP_NCC_HUB` - Next hop is an NCC hub. This scenario only happens when the user doesn't have permissions to the project where the next hop resource is located. - `SECURE_WEB_PROXY_GATEWAY` - Next hop is Secure Web Proxy Gateway. - `next_hop_uri`**Type**: `STRING`**Provider name**: `nextHopUri`**Description**: URI of the next hop resource. - `originating_route_display_name`**Type**: `STRING`**Provider name**: `originatingRouteDisplayName`**Description**: For PEERING_SUBNET, PEERING_STATIC and PEERING_DYNAMIC routes, the name of the originating SUBNET/STATIC/DYNAMIC route. - `originating_route_uri`**Type**: `STRING`**Provider name**: `originatingRouteUri`**Description**: For PEERING_SUBNET and PEERING_STATIC routes, the URI of the originating SUBNET/STATIC route. - `priority`**Type**: `INT32`**Provider name**: `priority`**Description**: Priority of the route. - `protocols`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `protocols`**Description**: Protocols of the route. POLICY_BASED routes only. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Region of the route. DYNAMIC, PEERING_DYNAMIC, POLICY_BASED and ADVERTISED routes only. If set for POLICY_BASED route, this is a region of VLAN attachments for Cloud Interconnect the route applies to. - `route_scope`**Type**: `STRING`**Provider name**: `routeScope`**Description**: Indicates where route is applicable. Deprecated, routes with NCC_HUB scope are not included in the trace in new tests.**Possible values**: - `ROUTE_SCOPE_UNSPECIFIED` - Unspecified scope. Default value. - `NETWORK` - Route is applicable to packets in Network. - `NCC_HUB` - Route is applicable to packets using NCC Hub's routing table. - `route_type`**Type**: `STRING`**Provider name**: `routeType`**Description**: Type of route.**Possible values**: - `ROUTE_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `SUBNET` - Route is a subnet route automatically created by the system. - `STATIC` - Static route created by the user, including the default route to the internet. - `DYNAMIC` - Dynamic route exchanged between BGP peers. - `PEERING_SUBNET` - A subnet route received from peering network or NCC Hub. - `PEERING_STATIC` - A static route received from peering network. - `PEERING_DYNAMIC` - A dynamic route received from peering network or NCC Hub. - `POLICY_BASED` - Policy based route. - `ADVERTISED` - Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests. - `src_ip_range`**Type**: `STRING`**Provider name**: `srcIpRange`**Description**: Source IP address range of the route. POLICY_BASED routes only. - `src_port_ranges`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `srcPortRanges`**Description**: Source port ranges of the route. POLICY_BASED routes only. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a route. SUBNET, STATIC, PEERING_SUBNET (only for peering network) and POLICY_BASED routes only. - `serverless_external_connection`**Type**: `STRUCT`**Provider name**: `serverlessExternalConnection`**Description**: Display information of a serverless public (external) connection. - `selected_ip_address`**Type**: `STRING`**Provider name**: `selectedIpAddress`**Description**: Selected starting IP address, from the Google dynamic address pool. - `serverless_neg`**Type**: `STRUCT`**Provider name**: `serverlessNeg`**Description**: Display information of a Serverless network endpoint group backend. Used only for return traces. - `neg_uri`**Type**: `STRING`**Provider name**: `negUri`**Description**: URI of the serverless network endpoint group. - `state`**Type**: `STRING`**Provider name**: `state`**Description**: Each step is in one of the pre-defined states.**Possible values**: - `STATE_UNSPECIFIED` - Unspecified state. - `START_FROM_INSTANCE` - Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information. - `START_FROM_INTERNET` - Initial state: packet originating from the internet. The endpoint information is populated. - `START_FROM_GOOGLE_SERVICE` - Initial state: packet originating from a Google service. The google_service information is populated. - `START_FROM_PRIVATE_NETWORK` - Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network. - `START_FROM_GKE_MASTER` - Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information. - `START_FROM_CLOUD_SQL_INSTANCE` - Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information. - `START_FROM_REDIS_INSTANCE` - Initial state: packet originating from a Redis instance. A RedisInstanceInfo is populated with starting instance information. - `START_FROM_REDIS_CLUSTER` - Initial state: packet originating from a Redis Cluster. A RedisClusterInfo is populated with starting Cluster information. - `START_FROM_CLOUD_FUNCTION` - Initial state: packet originating from a Cloud Function. A CloudFunctionInfo is populated with starting function information. - `START_FROM_APP_ENGINE_VERSION` - Initial state: packet originating from an App Engine service version. An AppEngineVersionInfo is populated with starting version information. - `START_FROM_CLOUD_RUN_REVISION` - Initial state: packet originating from a Cloud Run revision. A CloudRunRevisionInfo is populated with starting revision information. - `START_FROM_STORAGE_BUCKET` - Initial state: packet originating from a Storage Bucket. Used only for return traces. The storage_bucket information is populated. - `START_FROM_PSC_PUBLISHED_SERVICE` - Initial state: packet originating from a published service that uses Private Service Connect. Used only for return traces. - `START_FROM_SERVERLESS_NEG` - Initial state: packet originating from a serverless network endpoint group backend. Used only for return traces. The serverless_neg information is populated. - `APPLY_INGRESS_FIREWALL_RULE` - Config checking state: verify ingress firewall rule. - `APPLY_EGRESS_FIREWALL_RULE` - Config checking state: verify egress firewall rule. - `APPLY_ROUTE` - Config checking state: verify route. - `APPLY_FORWARDING_RULE` - Config checking state: match forwarding rule. - `ANALYZE_LOAD_BALANCER_BACKEND` - Config checking state: verify load balancer backend configuration. - `SPOOFING_APPROVED` - Config checking state: packet sent or received under foreign IP address and allowed. - `ARRIVE_AT_INSTANCE` - Forwarding state: arriving at a Compute Engine instance. - `ARRIVE_AT_INTERNAL_LOAD_BALANCER` - Forwarding state: arriving at a Compute Engine internal load balancer. - `ARRIVE_AT_EXTERNAL_LOAD_BALANCER` - Forwarding state: arriving at a Compute Engine external load balancer. - `ARRIVE_AT_VPN_GATEWAY` - Forwarding state: arriving at a Cloud VPN gateway. - `ARRIVE_AT_VPN_TUNNEL` - Forwarding state: arriving at a Cloud VPN tunnel. - `ARRIVE_AT_INTERCONNECT_ATTACHMENT` - Forwarding state: arriving at an interconnect attachment. - `ARRIVE_AT_VPC_CONNECTOR` - Forwarding state: arriving at a VPC connector. - `DIRECT_VPC_EGRESS_CONNECTION` - Forwarding state: for packets originating from a serverless endpoint forwarded through Direct VPC egress. - `SERVERLESS_EXTERNAL_CONNECTION` - Forwarding state: for packets originating from a serverless endpoint forwarded through public (external) connectivity. - `NAT` - Transition state: packet header translated. - `PROXY_CONNECTION` - Transition state: original connection is terminated and a new proxied connection is initiated. - `DELIVER` - Final state: packet could be delivered. - `DROP` - Final state: packet could be dropped. - `FORWARD` - Final state: packet could be forwarded to a network with an unknown configuration. - `ABORT` - Final state: analysis is aborted. - `VIEWER_PERMISSION_MISSING` - Special state: viewer of the test result does not have permission to see the configuration in this step. - `storage_bucket`**Type**: `STRUCT`**Provider name**: `storageBucket`**Description**: Display information of a Storage Bucket. Used only for return traces. - `bucket`**Type**: `STRING`**Provider name**: `bucket`**Description**: Cloud Storage Bucket name. - `vpc_connector`**Type**: `STRUCT`**Provider name**: `vpcConnector`**Description**: Display information of a VPC connector. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPC connector. - `location`**Type**: `STRING`**Provider name**: `location`**Description**: Location in which the VPC connector is deployed. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPC connector. - `vpn_gateway`**Type**: `STRUCT`**Provider name**: `vpnGateway`**Description**: Display information of a Compute Engine VPN gateway. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPN gateway. - `ip_address`**Type**: `STRING`**Provider name**: `ipAddress`**Description**: IP address of the VPN gateway. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network where the VPN gateway is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where this VPN gateway is configured. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPN gateway. - `vpn_tunnel_uri`**Type**: `STRING`**Provider name**: `vpnTunnelUri`**Description**: A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed. - `vpn_tunnel`**Type**: `STRUCT`**Provider name**: `vpnTunnel`**Description**: Display information of a Compute Engine VPN tunnel. - `gcp_display_name`**Type**: `STRING`**Provider name**: `displayName`**Description**: Name of a VPN tunnel. - `network_uri`**Type**: `STRING`**Provider name**: `networkUri`**Description**: URI of a Compute Engine network where the VPN tunnel is configured. - `region`**Type**: `STRING`**Provider name**: `region`**Description**: Name of a Google Cloud region where this VPN tunnel is configured. - `remote_gateway`**Type**: `STRING`**Provider name**: `remoteGateway`**Description**: URI of a VPN gateway at remote end of the tunnel. - `remote_gateway_ip`**Type**: `STRING`**Provider name**: `remoteGatewayIp`**Description**: Remote VPN gateway's IP address. - `routing_type`**Type**: `STRING`**Provider name**: `routingType`**Description**: Type of the routing policy.**Possible values**: - `ROUTING_TYPE_UNSPECIFIED` - Unspecified type. Default value. - `ROUTE_BASED` - Route based VPN. - `POLICY_BASED` - Policy based routing. - `DYNAMIC` - Dynamic (BGP) routing. - `source_gateway`**Type**: `STRING`**Provider name**: `sourceGateway`**Description**: URI of the VPN gateway at local end of the tunnel. - `source_gateway_ip`**Type**: `STRING`**Provider name**: `sourceGatewayIp`**Description**: Local VPN gateway's IP address. - `uri`**Type**: `STRING`**Provider name**: `uri`**Description**: URI of a VPN tunnel. - `verify_time`**Type**: `TIMESTAMP`**Provider name**: `verifyTime`**Description**: The time of the configuration analysis. ## `round_trip`{% #round_trip %} **Type**: `BOOLEAN`**Provider name**: `roundTrip`**Description**: Whether run analysis for the return path from destination to source. Default value is false. ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `update_time`{% #update_time %} **Type**: `TIMESTAMP`**Provider name**: `updateTime`**Description**: Output only. The time the test's configuration was updated. ## `zone_id`{% #zone_id %} **Type**: `STRING`