이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

gcp_networkmanagement_connectivity_test

`ancestors`

Type: UNORDERED_LIST_STRING

`bypass_firewall_checks`

Type: BOOLEAN
Provider name: bypassFirewallChecks
Description: Whether the analysis should skip firewall checking. Default value is false.

`create_time`

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The time the test was created.

`description`

Type: STRING
Provider name: description
Description: The user-supplied description of the Connectivity Test. Maximum of 512 characters.

`destination`

Type: STRUCT
Provider name: destination
Description: Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, URI of a supported endpoint, project ID, or VPC network to identify the destination location. Reachability analysis proceeds even if the destination location is ambiguous. However, the test result might include endpoints or use a destination that you don’t intend to test.

app_engine_version
Type: STRUCT
Provider name: appEngineVersion
Description: An App Engine service version. Applicable only to source endpoint.
- uri
  Type: STRING
  Provider name: uri
  Description: An App Engine service version name.
cloud_function
Type: STRUCT
Provider name: cloudFunction
Description: A Cloud Function. Applicable only to source endpoint.
- uri
  Type: STRING
  Provider name: uri
  Description: A Cloud Function name.
cloud_run_revision
Type: STRUCT
Provider name: cloudRunRevision
Description: A Cloud Run revision Applicable only to source endpoint.
- service_uri
  Type: STRING
  Provider name: serviceUri
  Description: Output only. The URI of the Cloud Run service that the revision belongs to. The format is: projects/{project}/locations/{location}/services/{service}
- uri
  Type: STRING
  Provider name: uri
  Description: A Cloud Run revision URI. The format is: projects/{project}/locations/{location}/revisions/{revision}
cloud_sql_instance
Type: STRING
Provider name: cloudSqlInstance
Description: A Cloud SQL instance URI.
forwarding_rule
Type: STRING
Provider name: forwardingRule
Description: A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. Forwarding rules are also used for protocol forwarding, Private Service Connect and other network services to provide forwarding information in the control plane. Applicable only to destination endpoint. Format: projects/{project}/global/forwardingRules/{id} or projects/{project}/regions/{region}/forwardingRules/{id}
forwarding_rule_target
Type: STRING
Provider name: forwardingRuleTarget
Description: Output only. Specifies the type of the target of the forwarding rule.
Possible values:
- FORWARDING_RULE_TARGET_UNSPECIFIED - Forwarding rule target is unknown.
- INSTANCE - Compute Engine instance for protocol forwarding.
- LOAD_BALANCER - Load Balancer. The specific type can be found from load_balancer_type.
- VPN_GATEWAY - Classic Cloud VPN Gateway.
- PSC - Forwarding Rule is a Private Service Connect endpoint.
fqdn
Type: STRING
Provider name: fqdn
Description: DNS endpoint of Google Kubernetes Engine cluster control plane. Requires gke_master_cluster to be set, can’t be used simultaneoulsly with ip_address or network. Applicable only to destination endpoint.
gke_master_cluster
Type: STRING
Provider name: gkeMasterCluster
Description: A cluster URI for Google Kubernetes Engine cluster control plane.
instance
Type: STRING
Provider name: instance
Description: A Compute Engine instance URI.
ip_address
Type: STRING
Provider name: ipAddress
Description: The IP address of the endpoint, which can be an external or internal IP.
load_balancer_id
Type: STRING
Provider name: loadBalancerId
Description: Output only. ID of the load balancer the forwarding rule points to. Empty for forwarding rules not related to load balancers.
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: Output only. Type of the load balancer the forwarding rule points to.
Possible values:
- LOAD_BALANCER_TYPE_UNSPECIFIED - Forwarding rule points to a different target than a load balancer or a load balancer type is unknown.
- HTTPS_ADVANCED_LOAD_BALANCER - Global external HTTP(S) load balancer.
- HTTPS_LOAD_BALANCER - Global external HTTP(S) load balancer (classic)
- REGIONAL_HTTPS_LOAD_BALANCER - Regional external HTTP(S) load balancer.
- INTERNAL_HTTPS_LOAD_BALANCER - Internal HTTP(S) load balancer.
- SSL_PROXY_LOAD_BALANCER - External SSL proxy load balancer.
- TCP_PROXY_LOAD_BALANCER - External TCP proxy load balancer.
- INTERNAL_TCP_PROXY_LOAD_BALANCER - Internal regional TCP proxy load balancer.
- NETWORK_LOAD_BALANCER - External TCP/UDP Network load balancer.
- LEGACY_NETWORK_LOAD_BALANCER - Target-pool based external TCP/UDP Network load balancer.
- TCP_UDP_INTERNAL_LOAD_BALANCER - Internal TCP/UDP load balancer.
network
Type: STRING
Provider name: network
Description: A VPC network URI.
network_type
Type: STRING
Provider name: networkType
Description: Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source.
Possible values:
- NETWORK_TYPE_UNSPECIFIED - Default type if unspecified.
- GCP_NETWORK - A network hosted within Google Cloud. To receive more detailed output, specify the URI for the source or destination network.
- NON_GCP_NETWORK - A network hosted outside of Google Cloud. This can be an on-premises network, an internet resource or a network hosted by another cloud provider.
port
Type: INT32
Provider name: port
Description: The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.
project_id
Type: STRING
Provider name: projectId
Description: Project ID where the endpoint is located. The project ID can be derived from the URI if you provide a endpoint or network URI. The following are two cases where you may need to provide the project ID: 1. Only the IP address is specified, and the IP address is within a Google Cloud project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.
redis_cluster
Type: STRING
Provider name: redisCluster
Description: A Redis Cluster URI. Applicable only to destination endpoint.
redis_instance
Type: STRING
Provider name: redisInstance
Description: A Redis Instance URI. Applicable only to destination endpoint.

`gcp_display_name`

Type: STRING
Provider name: displayName
Description: Output only. The display name of a Connectivity Test.

`gcp_source`

Type: STRUCT
Provider name: source
Description: Required. Source specification of the Connectivity Test. You can use a combination of source IP address, URI of a supported endpoint, project ID, or VPC network to identify the source location. Reachability analysis might proceed even if the source location is ambiguous. However, the test result might include endpoints or use a source that you don’t intend to test.

app_engine_version
Type: STRUCT
Provider name: appEngineVersion
Description: An App Engine service version. Applicable only to source endpoint.
- uri
  Type: STRING
  Provider name: uri
  Description: An App Engine service version name.
cloud_function
Type: STRUCT
Provider name: cloudFunction
Description: A Cloud Function. Applicable only to source endpoint.
- uri
  Type: STRING
  Provider name: uri
  Description: A Cloud Function name.
cloud_run_revision
Type: STRUCT
Provider name: cloudRunRevision
Description: A Cloud Run revision Applicable only to source endpoint.
- service_uri
  Type: STRING
  Provider name: serviceUri
  Description: Output only. The URI of the Cloud Run service that the revision belongs to. The format is: projects/{project}/locations/{location}/services/{service}
- uri
  Type: STRING
  Provider name: uri
  Description: A Cloud Run revision URI. The format is: projects/{project}/locations/{location}/revisions/{revision}
cloud_sql_instance
Type: STRING
Provider name: cloudSqlInstance
Description: A Cloud SQL instance URI.
forwarding_rule
Type: STRING
Provider name: forwardingRule
Description: A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. Forwarding rules are also used for protocol forwarding, Private Service Connect and other network services to provide forwarding information in the control plane. Applicable only to destination endpoint. Format: projects/{project}/global/forwardingRules/{id} or projects/{project}/regions/{region}/forwardingRules/{id}
forwarding_rule_target
Type: STRING
Provider name: forwardingRuleTarget
Description: Output only. Specifies the type of the target of the forwarding rule.
Possible values:
- FORWARDING_RULE_TARGET_UNSPECIFIED - Forwarding rule target is unknown.
- INSTANCE - Compute Engine instance for protocol forwarding.
- LOAD_BALANCER - Load Balancer. The specific type can be found from load_balancer_type.
- VPN_GATEWAY - Classic Cloud VPN Gateway.
- PSC - Forwarding Rule is a Private Service Connect endpoint.
fqdn
Type: STRING
Provider name: fqdn
Description: DNS endpoint of Google Kubernetes Engine cluster control plane. Requires gke_master_cluster to be set, can’t be used simultaneoulsly with ip_address or network. Applicable only to destination endpoint.
gke_master_cluster
Type: STRING
Provider name: gkeMasterCluster
Description: A cluster URI for Google Kubernetes Engine cluster control plane.
instance
Type: STRING
Provider name: instance
Description: A Compute Engine instance URI.
ip_address
Type: STRING
Provider name: ipAddress
Description: The IP address of the endpoint, which can be an external or internal IP.
load_balancer_id
Type: STRING
Provider name: loadBalancerId
Description: Output only. ID of the load balancer the forwarding rule points to. Empty for forwarding rules not related to load balancers.
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: Output only. Type of the load balancer the forwarding rule points to.
Possible values:
- LOAD_BALANCER_TYPE_UNSPECIFIED - Forwarding rule points to a different target than a load balancer or a load balancer type is unknown.
- HTTPS_ADVANCED_LOAD_BALANCER - Global external HTTP(S) load balancer.
- HTTPS_LOAD_BALANCER - Global external HTTP(S) load balancer (classic)
- REGIONAL_HTTPS_LOAD_BALANCER - Regional external HTTP(S) load balancer.
- INTERNAL_HTTPS_LOAD_BALANCER - Internal HTTP(S) load balancer.
- SSL_PROXY_LOAD_BALANCER - External SSL proxy load balancer.
- TCP_PROXY_LOAD_BALANCER - External TCP proxy load balancer.
- INTERNAL_TCP_PROXY_LOAD_BALANCER - Internal regional TCP proxy load balancer.
- NETWORK_LOAD_BALANCER - External TCP/UDP Network load balancer.
- LEGACY_NETWORK_LOAD_BALANCER - Target-pool based external TCP/UDP Network load balancer.
- TCP_UDP_INTERNAL_LOAD_BALANCER - Internal TCP/UDP load balancer.
network
Type: STRING
Provider name: network
Description: A VPC network URI.
network_type
Type: STRING
Provider name: networkType
Description: Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source.
Possible values:
- NETWORK_TYPE_UNSPECIFIED - Default type if unspecified.
- GCP_NETWORK - A network hosted within Google Cloud. To receive more detailed output, specify the URI for the source or destination network.
- NON_GCP_NETWORK - A network hosted outside of Google Cloud. This can be an on-premises network, an internet resource or a network hosted by another cloud provider.
port
Type: INT32
Provider name: port
Description: The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.
project_id
Type: STRING
Provider name: projectId
Description: Project ID where the endpoint is located. The project ID can be derived from the URI if you provide a endpoint or network URI. The following are two cases where you may need to provide the project ID: 1. Only the IP address is specified, and the IP address is within a Google Cloud project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.
redis_cluster
Type: STRING
Provider name: redisCluster
Description: A Redis Cluster URI. Applicable only to destination endpoint.
redis_instance
Type: STRING
Provider name: redisInstance
Description: A Redis Instance URI. Applicable only to destination endpoint.

`labels`

Type: UNORDERED_LIST_STRING

`name`

Type: STRING
Provider name: name
Description: Identifier. Unique name of the resource using the form: projects/{project_id}/locations/global/connectivityTests/{test_id}

`organization_id`

Type: STRING

`parent`

Type: STRING

`probing_details`

Type: STRUCT
Provider name: probingDetails
Description: Output only. The probing details of this test from the latest run, present for applicable tests only. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test.

abort_cause
Type: STRING
Provider name: abortCause
Description: The reason probing was aborted.
Possible values:
- PROBING_ABORT_CAUSE_UNSPECIFIED - No reason was specified.
- PERMISSION_DENIED - The user lacks permission to access some of the network resources required to run the test.
- NO_SOURCE_LOCATION - No valid source endpoint could be derived from the request.
destination_egress_location
Type: STRUCT
Provider name: destinationEgressLocation
Description: The EdgeLocation from which a packet, destined to the internet, will egress the Google network. This will only be populated for a connectivity test which has an internet destination address. The absence of this field must not be used as an indication that the destination is part of the Google network.
- metropolitan_area
  Type: STRING
  Provider name: metropolitanArea
  Description: Name of the metropolitan area.
edge_responses
Type: UNORDERED_LIST_STRUCT
Provider name: edgeResponses
Description: Probing results for all edge devices.
- destination_egress_location
  Type: STRUCT
  Provider name: destinationEgressLocation
  Description: The EdgeLocation from which a packet, destined to the internet, will egress the Google network. This will only be populated for a connectivity test which has an internet destination address. The absence of this field must not be used as an indication that the destination is part of the Google network.
  - metropolitan_area
    Type: STRING
    Provider name: metropolitanArea
    Description: Name of the metropolitan area.
- destination_router
  Type: STRING
  Provider name: destinationRouter
  Description: Router name in the format ‘{router}.{metroshard}’. For example: pf01.aaa01, pr02.aaa01.
- probing_latency
  Type: STRUCT
  Provider name: probingLatency
  Description: Latency as measured by active probing in one direction: from the source to the destination endpoint.
  - latency_percentiles
    Type: UNORDERED_LIST_STRUCT
    Provider name: latencyPercentiles
    Description: Representative latency percentiles.
    - latency_micros
      Type: INT64
      Provider name: latencyMicros
      Description: percent-th percentile of latency observed, in microseconds. Fraction of percent/100 of samples have latency lower or equal to the value of this field.
    - percent
      Type: INT32
      Provider name: percent
      Description: Percentage of samples this data point applies to.
- result
  Type: STRING
  Provider name: result
  Description: The overall result of active probing for this egress device.
  Possible values:
  - PROBING_RESULT_UNSPECIFIED - No result was specified.
  - REACHABLE - At least 95% of packets reached the destination.
  - UNREACHABLE - No packets reached the destination.
  - REACHABILITY_INCONSISTENT - Less than 95% of packets reached the destination.
  - UNDETERMINED - Reachability could not be determined. Possible reasons are: * The user lacks permission to access some of the network resources required to run the test. * No valid source endpoint could be derived from the request. * An internal error occurred.
- sent_probe_count
  Type: INT32
  Provider name: sentProbeCount
  Description: Number of probes sent.
- successful_probe_count
  Type: INT32
  Provider name: successfulProbeCount
  Description: Number of probes that reached the destination.
endpoint_info
Type: STRUCT
Provider name: endpointInfo
Description: The source and destination endpoints derived from the test input and used for active probing.
- destination_ip
  Type: STRING
  Provider name: destinationIp
  Description: Destination IP address.
- destination_network_uri
  Type: STRING
  Provider name: destinationNetworkUri
  Description: URI of the network where this packet is sent to.
- destination_port
  Type: INT32
  Provider name: destinationPort
  Description: Destination port. Only valid when protocol is TCP or UDP.
- protocol
  Type: STRING
  Provider name: protocol
  Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
- source_agent_uri
  Type: STRING
  Provider name: sourceAgentUri
  Description: URI of the source telemetry agent this packet originates from.
- source_ip
  Type: STRING
  Provider name: sourceIp
  Description: Source IP address.
- source_network_uri
  Type: STRING
  Provider name: sourceNetworkUri
  Description: URI of the network where this packet originates from.
- source_port
  Type: INT32
  Provider name: sourcePort
  Description: Source port. Only valid when protocol is TCP or UDP.
error
Type: STRUCT
Provider name: error
Description: Details about an internal failure or the cancellation of active probing.
- code
  Type: INT32
  Provider name: code
  Description: The status code, which should be an enum value of google.rpc.Code.
- message
  Type: STRING
  Provider name: message
  Description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
probed_all_devices
Type: BOOLEAN
Provider name: probedAllDevices
Description: Whether all relevant edge devices were probed.
probing_latency
Type: STRUCT
Provider name: probingLatency
Description: Latency as measured by active probing in one direction: from the source to the destination endpoint.
- latency_percentiles
  Type: UNORDERED_LIST_STRUCT
  Provider name: latencyPercentiles
  Description: Representative latency percentiles.
  - latency_micros
    Type: INT64
    Provider name: latencyMicros
    Description: percent-th percentile of latency observed, in microseconds. Fraction of percent/100 of samples have latency lower or equal to the value of this field.
  - percent
    Type: INT32
    Provider name: percent
    Description: Percentage of samples this data point applies to.
result
Type: STRING
Provider name: result
Description: The overall result of active probing.
Possible values:
- PROBING_RESULT_UNSPECIFIED - No result was specified.
- REACHABLE - At least 95% of packets reached the destination.
- UNREACHABLE - No packets reached the destination.
- REACHABILITY_INCONSISTENT - Less than 95% of packets reached the destination.
- UNDETERMINED - Reachability could not be determined. Possible reasons are: * The user lacks permission to access some of the network resources required to run the test. * No valid source endpoint could be derived from the request. * An internal error occurred.
sent_probe_count
Type: INT32
Provider name: sentProbeCount
Description: Number of probes sent.
successful_probe_count
Type: INT32
Provider name: successfulProbeCount
Description: Number of probes that reached the destination.
verify_time
Type: TIMESTAMP
Provider name: verifyTime
Description: The time that reachability was assessed through active probing.

`project_id`

Type: STRING

`project_number`

Type: STRING

`protocol`

Type: STRING
Provider name: protocol
Description: IP Protocol of the test. When not provided, “TCP” is assumed.

`reachability_details`

Type: STRUCT
Provider name: reachabilityDetails
Description: Output only. The reachability details of this test from the latest run. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test.

error
Type: STRUCT
Provider name: error
Description: The details of a failure or a cancellation of reachability analysis.
- code
  Type: INT32
  Provider name: code
  Description: The status code, which should be an enum value of google.rpc.Code.
- message
  Type: STRING
  Provider name: message
  Description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
result
Type: STRING
Provider name: result
Description: The overall result of the test’s configuration analysis.
Possible values:
- RESULT_UNSPECIFIED - No result was specified.
- REACHABLE - Possible scenarios are: * The configuration analysis determined that a packet originating from the source is expected to reach the destination. * The analysis didn’t complete because the user lacks permission for some of the resources in the trace. However, at the time the user’s permission became insufficient, the trace had been successful so far.
- UNREACHABLE - A packet originating from the source is expected to be dropped before reaching the destination.
- AMBIGUOUS - The source and destination endpoints do not uniquely identify the test location in the network, and the reachability result contains multiple traces. For some traces, a packet could be delivered, and for others, it would not be. This result is also assigned to configuration analysis of return path if on its own it should be REACHABLE, but configuration analysis of forward path is AMBIGUOUS.
- UNDETERMINED - The configuration analysis did not complete. Possible reasons are: * A permissions error occurred–for example, the user might not have read permission for all of the resources named in the test. * An internal error occurred. * The analyzer received an invalid or unsupported argument or was unable to identify a known endpoint.
traces
Type: UNORDERED_LIST_STRUCT
Provider name: traces
Description: Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends.
- endpoint_info
  Type: STRUCT
  Provider name: endpointInfo
  Description: Derived from the source and destination endpoints definition specified by user request, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpoint_info may be different between traces.
  - destination_ip
    Type: STRING
    Provider name: destinationIp
    Description: Destination IP address.
  - destination_network_uri
    Type: STRING
    Provider name: destinationNetworkUri
    Description: URI of the network where this packet is sent to.
  - destination_port
    Type: INT32
    Provider name: destinationPort
    Description: Destination port. Only valid when protocol is TCP or UDP.
  - protocol
    Type: STRING
    Provider name: protocol
    Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
  - source_agent_uri
    Type: STRING
    Provider name: sourceAgentUri
    Description: URI of the source telemetry agent this packet originates from.
  - source_ip
    Type: STRING
    Provider name: sourceIp
    Description: Source IP address.
  - source_network_uri
    Type: STRING
    Provider name: sourceNetworkUri
    Description: URI of the network where this packet originates from.
  - source_port
    Type: INT32
    Provider name: sourcePort
    Description: Source port. Only valid when protocol is TCP or UDP.
- forward_trace_id
  Type: INT32
  Provider name: forwardTraceId
  Description: ID of trace. For forward traces, this ID is unique for each trace. For return traces, it matches ID of associated forward trace. A single forward trace can be associated with none, one or more than one return trace.
- steps
  Type: UNORDERED_LIST_STRUCT
  Provider name: steps
  Description: A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted). The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them.
  - abort
    Type: STRUCT
    Provider name: abort
    Description: Display information of the final state “abort” and reason.
    - cause
      Type: STRING
      Provider name: cause
      Description: Causes that the analysis is aborted.
      Possible values:
      - CAUSE_UNSPECIFIED - Cause is unspecified.
      - UNKNOWN_NETWORK - Aborted due to unknown network. Deprecated, not used in the new tests.
      - UNKNOWN_PROJECT - Aborted because no project information can be derived from the test input. Deprecated, not used in the new tests.
      - NO_EXTERNAL_IP - Aborted because traffic is sent from a public IP to an instance without an external IP. Deprecated, not used in the new tests.
      - UNINTENDED_DESTINATION - Aborted because none of the traces matches destination information specified in the input test request. Deprecated, not used in the new tests.
      - SOURCE_ENDPOINT_NOT_FOUND - Aborted because the source endpoint could not be found. Deprecated, not used in the new tests.
      - MISMATCHED_SOURCE_NETWORK - Aborted because the source network does not match the source endpoint. Deprecated, not used in the new tests.
      - DESTINATION_ENDPOINT_NOT_FOUND - Aborted because the destination endpoint could not be found. Deprecated, not used in the new tests.
      - MISMATCHED_DESTINATION_NETWORK - Aborted because the destination network does not match the destination endpoint. Deprecated, not used in the new tests.
      - UNKNOWN_IP - Aborted because no endpoint with the packet’s destination IP address is found.
      - GOOGLE_MANAGED_SERVICE_UNKNOWN_IP - Aborted because no endpoint with the packet’s destination IP is found in the Google-managed project.
      - SOURCE_IP_ADDRESS_NOT_IN_SOURCE_NETWORK - Aborted because the source IP address doesn’t belong to any of the subnets of the source VPC network.
      - PERMISSION_DENIED - Aborted because user lacks permission to access all or part of the network configurations required to run the test.
      - PERMISSION_DENIED_NO_CLOUD_NAT_CONFIGS - Aborted because user lacks permission to access Cloud NAT configs required to run the test.
      - PERMISSION_DENIED_NO_NEG_ENDPOINT_CONFIGS - Aborted because user lacks permission to access Network endpoint group endpoint configs required to run the test.
      - PERMISSION_DENIED_NO_CLOUD_ROUTER_CONFIGS - Aborted because user lacks permission to access Cloud Router configs required to run the test.
      - NO_SOURCE_LOCATION - Aborted because no valid source or destination endpoint is derived from the input test request.
      - INVALID_ARGUMENT - Aborted because the source or destination endpoint specified in the request is invalid. Some examples: - The request might contain malformed resource URI, project ID, or IP address. - The request might contain inconsistent information (for example, the request might include both the instance and the network, but the instance might not have a NIC in that network).
      - TRACE_TOO_LONG - Aborted because the number of steps in the trace exceeds a certain limit. It might be caused by a routing loop.
      - INTERNAL_ERROR - Aborted due to internal server error.
      - UNSUPPORTED - Aborted because the test scenario is not supported.
      - MISMATCHED_IP_VERSION - Aborted because the source and destination resources have no common IP version.
      - GKE_KONNECTIVITY_PROXY_UNSUPPORTED - Aborted because the connection between the control plane and the node of the source cluster is initiated by the node and managed by the Konnectivity proxy.
      - RESOURCE_CONFIG_NOT_FOUND - Aborted because expected resource configuration was missing.
      - VM_INSTANCE_CONFIG_NOT_FOUND - Aborted because expected VM instance configuration was missing.
      - NETWORK_CONFIG_NOT_FOUND - Aborted because expected network configuration was missing.
      - FIREWALL_CONFIG_NOT_FOUND - Aborted because expected firewall configuration was missing.
      - ROUTE_CONFIG_NOT_FOUND - Aborted because expected route configuration was missing.
      - GOOGLE_MANAGED_SERVICE_AMBIGUOUS_PSC_ENDPOINT - Aborted because PSC endpoint selection for the Google-managed service is ambiguous (several PSC endpoints satisfy test input).
      - GOOGLE_MANAGED_SERVICE_AMBIGUOUS_ENDPOINT - Aborted because endpoint selection for the Google-managed service is ambiguous (several endpoints satisfy test input).
      - SOURCE_PSC_CLOUD_SQL_UNSUPPORTED - Aborted because tests with a PSC-based Cloud SQL instance as a source are not supported.
      - SOURCE_REDIS_CLUSTER_UNSUPPORTED - Aborted because tests with a Redis Cluster as a source are not supported.
      - SOURCE_REDIS_INSTANCE_UNSUPPORTED - Aborted because tests with a Redis Instance as a source are not supported.
      - SOURCE_FORWARDING_RULE_UNSUPPORTED - Aborted because tests with a forwarding rule as a source are not supported.
      - NON_ROUTABLE_IP_ADDRESS - Aborted because one of the endpoints is a non-routable IP address (loopback, link-local, etc).
      - UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT - Aborted due to an unknown issue in the Google-managed project.
      - UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG - Aborted due to an unsupported configuration of the Google-managed project.
      - NO_SERVERLESS_IP_RANGES - Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges.
      - IP_VERSION_PROTOCOL_MISMATCH - Aborted because the used protocol is not supported for the used IP version.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address that caused the abort.
    - projects_missing_permission
      Type: UNORDERED_LIST_STRING
      Provider name: projectsMissingPermission
      Description: List of project IDs the user specified in the request but lacks access to. In this case, analysis is aborted with the PERMISSION_DENIED cause.
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that caused the abort.
  - app_engine_version
    Type: STRUCT
    Provider name: appEngineVersion
    Description: Display information of an App Engine service version.
    - environment
      Type: STRING
      Provider name: environment
      Description: App Engine execution environment for a version.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of an App Engine version.
    - runtime
      Type: STRING
      Provider name: runtime
      Description: Runtime of the App Engine version.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of an App Engine version.
  - causes_drop
    Type: BOOLEAN
    Provider name: causesDrop
    Description: This is a step that leads to the final state Drop.
  - cloud_function
    Type: STRUCT
    Provider name: cloudFunction
    Description: Display information of a Cloud Function.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Function.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which the Cloud Function is deployed.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Function.
    - version_id
      Type: INT64
      Provider name: versionId
      Description: Latest successfully deployed version id of the Cloud Function.
  - cloud_run_revision
    Type: STRUCT
    Provider name: cloudRunRevision
    Description: Display information of a Cloud Run revision.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Run revision.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which this revision is deployed.
    - service_uri
      Type: STRING
      Provider name: serviceUri
      Description: URI of Cloud Run service this revision belongs to.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Run revision.
  - cloud_sql_instance
    Type: STRUCT
    Provider name: cloudSqlInstance
    Description: Display information of a Cloud SQL instance.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of a Cloud SQL instance.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud SQL instance.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of a Cloud SQL instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Cloud SQL instance network or empty string if the instance does not have one.
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Cloud SQL instance is running.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud SQL instance.
  - deliver
    Type: STRUCT
    Provider name: deliver
    Description: Display information of the final state “deliver” and reason.
    - google_service_type
      Type: STRING
      Provider name: googleServiceType
      Description: Recognized type of a Google Service the packet is delivered to (if applicable).
      Possible values:
      - GOOGLE_SERVICE_TYPE_UNSPECIFIED - Unspecified Google Service.
      - IAP - Identity aware proxy. https://cloud.google.com/iap/docs/using-tcp-forwarding
      - GFE_PROXY_OR_HEALTH_CHECK_PROBER - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober https://cloud.google.com/load-balancing/docs/firewall-rules
      - CLOUD_DNS - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules
      - PRIVATE_GOOGLE_ACCESS - private.googleapis.com and restricted.googleapis.com
      - SERVERLESS_VPC_ACCESS - Google API via Private Service Connect. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis Google API via Serverless VPC Access. https://cloud.google.com/vpc/docs/serverless-vpc-access
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the target (if applicable).
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target the packet is delivered to (if applicable).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that the packet is delivered to.
    - storage_bucket
      Type: STRING
      Provider name: storageBucket
      Description: Name of the Cloud Storage Bucket the packet is delivered to (if applicable).
    - target
      Type: STRING
      Provider name: target
      Description: Target type where the packet is delivered to.
      Possible values:
      - TARGET_UNSPECIFIED - Target not specified.
      - INSTANCE - Target is a Compute Engine instance.
      - INTERNET - Target is the internet.
      - GOOGLE_API - Target is a Google API.
      - GKE_MASTER - Target is a Google Kubernetes Engine cluster master.
      - CLOUD_SQL_INSTANCE - Target is a Cloud SQL instance.
      - PSC_PUBLISHED_SERVICE - Target is a published service that uses Private Service Connect.
      - PSC_GOOGLE_API - Target is Google APIs that use Private Service Connect.
      - PSC_VPC_SC - Target is a VPC-SC that uses Private Service Connect.
      - SERVERLESS_NEG - Target is a serverless network endpoint group.
      - STORAGE_BUCKET - Target is a Cloud Storage bucket.
      - PRIVATE_NETWORK - Target is a private network. Used only for return traces.
      - CLOUD_FUNCTION - Target is a Cloud Function. Used only for return traces.
      - APP_ENGINE_VERSION - Target is a App Engine service version. Used only for return traces.
      - CLOUD_RUN_REVISION - Target is a Cloud Run revision. Used only for return traces.
      - GOOGLE_MANAGED_SERVICE - Target is a Google-managed service. Used only for return traces.
      - REDIS_INSTANCE - Target is a Redis Instance.
      - REDIS_CLUSTER - Target is a Redis Cluster.
  - description
    Type: STRING
    Provider name: description
    Description: A description of the step. Usually this is a summary of the state.
  - direct_vpc_egress_connection
    Type: STRUCT
    Provider name: directVpcEgressConnection
    Description: Display information of a serverless direct VPC egress connection.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of direct access network.
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Direct VPC egress is deployed.
    - selected_ip_address
      Type: STRING
      Provider name: selectedIpAddress
      Description: Selected starting IP address, from the selected IP range.
    - selected_ip_range
      Type: STRING
      Provider name: selectedIpRange
      Description: Selected IP range.
    - subnetwork_uri
      Type: STRING
      Provider name: subnetworkUri
      Description: URI of direct access subnetwork.
  - drop
    Type: STRUCT
    Provider name: drop
    Description: Display information of the final state “drop” and reason.
    - cause
      Type: STRING
      Provider name: cause
      Description: Cause that the packet is dropped.
      Possible values:
      - CAUSE_UNSPECIFIED - Cause is unspecified.
      - UNKNOWN_EXTERNAL_ADDRESS - Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input.
      - FOREIGN_IP_DISALLOWED - A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled.
      - FIREWALL_RULE - Dropped due to a firewall rule, unless allowed due to connection tracking.
      - NO_ROUTE - Dropped due to no matching routes.
      - ROUTE_BLACKHOLE - Dropped due to invalid route. Route’s next hop is a blackhole.
      - ROUTE_WRONG_NETWORK - Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2’s IP address to Network3.
      - ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED - Route’s next hop IP address cannot be resolved to a GCP resource.
      - ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND - Route’s next hop resource is not found.
      - ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK - Route’s next hop instance doesn’t have a NIC in the route’s network.
      - ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP - Route’s next hop IP address is not a primary IP address of the next hop instance.
      - ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH - Route’s next hop forwarding rule doesn’t match next hop IP address.
      - ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED - Route’s next hop VPN tunnel is down (does not have valid IKE SAs).
      - ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID - Route’s next hop forwarding rule type is invalid (it’s not a forwarding rule of the internal passthrough load balancer).
      - NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS - Packet is sent from the Internet or Google service to the private IPv6 address.
      - NO_ROUTE_FROM_EXTERNAL_IPV6_SOURCE_TO_PRIVATE_IPV6_ADDRESS - Packet is sent from the external IPv6 source address of an instance to the private IPv6 address of an instance.
      - VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH - The packet does not match a policy-based VPN tunnel local selector.
      - VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH - The packet does not match a policy-based VPN tunnel remote selector.
      - PRIVATE_TRAFFIC_TO_INTERNET - Packet with internal destination address sent to the internet gateway.
      - PRIVATE_GOOGLE_ACCESS_DISALLOWED - Endpoint with only an internal IP address tries to access Google API and services, but Private Google Access is not enabled in the subnet or is not applicable.
      - PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED - Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network.
      - NO_EXTERNAL_ADDRESS - Endpoint with only an internal IP address tries to access external hosts, but there is no matching Cloud NAT gateway in the subnet.
      - UNKNOWN_INTERNAL_ADDRESS - Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.
      - FORWARDING_RULE_MISMATCH - Forwarding rule’s protocol and ports do not match the packet header.
      - FORWARDING_RULE_NO_INSTANCES - Forwarding rule does not have backends configured.
      - FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK - Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules.
      - INGRESS_FIREWALL_TAGS_UNSUPPORTED_BY_DIRECT_VPC_EGRESS - Matching ingress firewall rules by network tags for packets sent via serverless VPC direct egress is unsupported. Behavior is undefined. https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations
      - INSTANCE_NOT_RUNNING - Packet is sent from or to a Compute Engine instance that is not in a running state.
      - GKE_CLUSTER_NOT_RUNNING - Packet sent from or to a GKE cluster that is not in running state.
      - CLOUD_SQL_INSTANCE_NOT_RUNNING - Packet sent from or to a Cloud SQL instance that is not in running state.
      - REDIS_INSTANCE_NOT_RUNNING - Packet sent from or to a Redis Instance that is not in running state.
      - REDIS_CLUSTER_NOT_RUNNING - Packet sent from or to a Redis Cluster that is not in running state.
      - TRAFFIC_TYPE_BLOCKED - The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details.
      - GKE_MASTER_UNAUTHORIZED_ACCESS - Access to Google Kubernetes Engine cluster master’s endpoint is not authorized. See Access to the cluster endpoints for more details.
      - CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS - Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details.
      - DROPPED_INSIDE_GKE_SERVICE - Packet was dropped inside Google Kubernetes Engine Service.
      - DROPPED_INSIDE_CLOUD_SQL_SERVICE - Packet was dropped inside Cloud SQL Service.
      - GOOGLE_MANAGED_SERVICE_NO_PEERING - Packet was dropped because there is no peering between the originating network and the Google Managed Services Network.
      - GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT - Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.
      - GKE_PSC_ENDPOINT_MISSING - Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.
      - CLOUD_SQL_INSTANCE_NO_IP_ADDRESS - Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address.
      - GKE_CONTROL_PLANE_REGION_MISMATCH - Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster’s region.
      - PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION - Packet sent from a public GKE cluster control plane to a private IP address.
      - GKE_CONTROL_PLANE_NO_ROUTE - Packet was dropped because there is no route from a GKE cluster control plane to a destination network.
      - CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC - Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses.
      - PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION - Packet sent from a Cloud SQL instance with only a public IP address to a private IP address.
      - CLOUD_SQL_INSTANCE_NO_ROUTE - Packet was dropped because there is no route from a Cloud SQL instance to a destination network.
      - CLOUD_SQL_CONNECTOR_REQUIRED - Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307).
      - CLOUD_FUNCTION_NOT_ACTIVE - Packet could be dropped because the Cloud Function is not in an active status.
      - VPC_CONNECTOR_NOT_SET - Packet could be dropped because no VPC connector is set.
      - VPC_CONNECTOR_NOT_RUNNING - Packet could be dropped because the VPC connector is not in a running state.
      - VPC_CONNECTOR_SERVERLESS_TRAFFIC_BLOCKED - Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed.
      - VPC_CONNECTOR_HEALTH_CHECK_TRAFFIC_BLOCKED - Packet could be dropped because the health check traffic to the VPC connector is not allowed.
      - FORWARDING_RULE_REGION_MISMATCH - Packet could be dropped because it was sent from a different region to a regional forwarding without global access.
      - PSC_CONNECTION_NOT_ACCEPTED - The Private Service Connect endpoint is in a project that is not approved to connect to the service.
      - PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK - The packet is sent to the Private Service Connect endpoint over the peering, but it’s not supported.
      - PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled.
      - PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified.
      - CLOUD_SQL_PSC_NEG_UNSUPPORTED - The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported.
      - NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT - No NAT subnets are defined for the PSC service attachment.
      - PSC_TRANSITIVITY_NOT_PROPAGATED - PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated.
      - HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED - The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported.
      - HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED - The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported.
      - CLOUD_RUN_REVISION_NOT_READY - Packet sent from a Cloud Run revision that is not ready.
      - DROPPED_INSIDE_PSC_SERVICE_PRODUCER - Packet was dropped inside Private Service Connect service producer.
      - LOAD_BALANCER_HAS_NO_PROXY_SUBNET - Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found.
      - CLOUD_NAT_NO_ADDRESSES - Packet sent to Cloud Nat without active NAT IPs.
      - ROUTING_LOOP - Packet is stuck in a routing loop.
      - DROPPED_INSIDE_GOOGLE_MANAGED_SERVICE - Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn’t match the endpoint the packet was sent from in forward trace. Used only for return traces.
      - LOAD_BALANCER_BACKEND_INVALID_NETWORK - Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer.
      - BACKEND_SERVICE_NAMED_PORT_NOT_DEFINED - Packet is dropped due to a backend service named port not being defined on the instance group level.
      - DESTINATION_IS_PRIVATE_NAT_IP_RANGE - Packet is dropped due to a destination IP range being part of a Private NAT IP range.
      - DROPPED_INSIDE_REDIS_INSTANCE_SERVICE - Generic drop cause for a packet being dropped inside a Redis Instance service project.
      - REDIS_INSTANCE_UNSUPPORTED_PORT - Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance.
      - REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS - Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.
      - REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK - Packet is dropped due to no route to the destination network.
      - REDIS_INSTANCE_NO_EXTERNAL_IP - Redis Instance does not have an external IP address.
      - REDIS_INSTANCE_UNSUPPORTED_PROTOCOL - Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.
      - DROPPED_INSIDE_REDIS_CLUSTER_SERVICE - Generic drop cause for a packet being dropped inside a Redis Cluster service project.
      - REDIS_CLUSTER_UNSUPPORTED_PORT - Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.
      - REDIS_CLUSTER_NO_EXTERNAL_IP - Redis Cluster does not have an external IP address.
      - REDIS_CLUSTER_UNSUPPORTED_PROTOCOL - Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.
      - NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.
      - NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.
      - NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION - Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address.
      - PRIVATE_NAT_TO_PSC_ENDPOINT_UNSUPPORTED - Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported.
      - PSC_PORT_MAPPING_PORT_MISMATCH - Packet is sent to the PSC port mapping service, but its destination port does not match any port mapping rules.
      - PSC_PORT_MAPPING_WITHOUT_PSC_CONNECTION_UNSUPPORTED - Sending packets directly to the PSC port mapping service without going through the PSC connection is not supported.
      - UNSUPPORTED_ROUTE_MATCHED_FOR_NAT64_DESTINATION - Packet with destination IP address within the reserved NAT64 range is dropped due to matching a route of an unsupported type.
      - TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED - Packet could be dropped because hybrid endpoint like a VPN gateway or Interconnect is not allowed to send traffic to the Internet.
      - NO_MATCHING_NAT64_GATEWAY - Packet with destination IP address within the reserved NAT64 range is dropped due to no matching NAT gateway in the subnet.
      - LOAD_BALANCER_BACKEND_IP_VERSION_MISMATCH - Packet is dropped due to being sent to a backend of a passthrough load balancer that doesn’t use the same IP version as the frontend.
      - NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION - Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address.
      - CLOUD_NAT_PROTOCOL_UNSUPPORTED - Packet is dropped by Cloud NAT due to using an unsupported protocol.
    - destination_geolocation_code
      Type: STRING
      Provider name: destinationGeolocationCode
      Description: Geolocation (region code) of the destination IP address (if relevant).
    - destination_ip
      Type: STRING
      Provider name: destinationIp
      Description: Destination IP address of the dropped packet (if relevant).
    - region
      Type: STRING
      Provider name: region
      Description: Region of the dropped packet (if relevant).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that caused the drop.
    - source_geolocation_code
      Type: STRING
      Provider name: sourceGeolocationCode
      Description: Geolocation (region code) of the source IP address (if relevant).
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address of the dropped packet (if relevant).
  - endpoint
    Type: STRUCT
    Provider name: endpoint
    Description: Display information of the source and destination under analysis. The endpoint information in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy.
    - destination_ip
      Type: STRING
      Provider name: destinationIp
      Description: Destination IP address.
    - destination_network_uri
      Type: STRING
      Provider name: destinationNetworkUri
      Description: URI of the network where this packet is sent to.
    - destination_port
      Type: INT32
      Provider name: destinationPort
      Description: Destination port. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - source_agent_uri
      Type: STRING
      Provider name: sourceAgentUri
      Description: URI of the source telemetry agent this packet originates from.
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address.
    - source_network_uri
      Type: STRING
      Provider name: sourceNetworkUri
      Description: URI of the network where this packet originates from.
    - source_port
      Type: INT32
      Provider name: sourcePort
      Description: Source port. Only valid when protocol is TCP or UDP.
  - firewall
    Type: STRUCT
    Provider name: firewall
    Description: Display information of a Compute Engine firewall rule.
    - action
      Type: STRING
      Provider name: action
      Description: Possible values: ALLOW, DENY, APPLY_SECURITY_PROFILE_GROUP
    - direction
      Type: STRING
      Provider name: direction
      Description: Possible values: INGRESS, EGRESS
    - firewall_rule_type
      Type: STRING
      Provider name: firewallRuleType
      Description: The firewall rule’s type.
      Possible values:
      - FIREWALL_RULE_TYPE_UNSPECIFIED - Unspecified type.
      - HIERARCHICAL_FIREWALL_POLICY_RULE - Hierarchical firewall policy rule. For details, see Hierarchical firewall policies overview.
      - VPC_FIREWALL_RULE - VPC firewall rule. For details, see VPC firewall rules overview.
      - IMPLIED_VPC_FIREWALL_RULE - Implied VPC firewall rule. For details, see Implied rules.
      - SERVERLESS_VPC_ACCESS_MANAGED_FIREWALL_RULE - Implicit firewall rules that are managed by serverless VPC access to allow ingress access. They are not visible in the Google Cloud console. For details, see VPC connector’s implicit rules.
      - NETWORK_FIREWALL_POLICY_RULE - Global network firewall policy rule. For details, see Network firewall policies.
      - NETWORK_REGIONAL_FIREWALL_POLICY_RULE - Regional network firewall policy rule. For details, see Regional network firewall policies.
      - UNSUPPORTED_FIREWALL_POLICY_RULE - Firewall policy rule containing attributes not yet supported in Connectivity tests. Firewall analysis is skipped if such a rule can potentially be matched. Please see the list of unsupported configurations.
      - TRACKING_STATE - Tracking state for response traffic created when request traffic goes through allow firewall rule. For details, see firewall rules specifications
      - ANALYSIS_SKIPPED - Firewall analysis was skipped due to executing Connectivity Test in the BypassFirewallChecks mode
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: The display name of the firewall rule. This field might be empty for firewall policy rules.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: The URI of the VPC network that the firewall rule is associated with. This field is not applicable to hierarchical firewall policy rules.
    - policy
      Type: STRING
      Provider name: policy
      Description: The name of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - policy_priority
      Type: INT32
      Provider name: policyPriority
      Description: The priority of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - policy_uri
      Type: STRING
      Provider name: policyUri
      Description: The URI of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - priority
      Type: INT32
      Provider name: priority
      Description: The priority of the firewall rule.
    - target_service_accounts
      Type: UNORDERED_LIST_STRING
      Provider name: targetServiceAccounts
      Description: The target service accounts specified by the firewall rule.
    - target_tags
      Type: UNORDERED_LIST_STRING
      Provider name: targetTags
      Description: The target tags defined by the VPC firewall rule. This field is not applicable to firewall policy rules.
    - target_type
      Type: STRING
      Provider name: targetType
      Description: Target type of the firewall rule.
      Possible values:
      - TARGET_TYPE_UNSPECIFIED - Target type is not specified. In this case we treat the rule as applying to INSTANCES target type.
      - INSTANCES - Firewall rule applies to instances.
      - INTERNAL_MANAGED_LB - Firewall rule applies to internal managed load balancers.
    - uri
      Type: STRING
      Provider name: uri
      Description: The URI of the firewall rule. This field is not applicable to implied VPC firewall rules.
  - forward
    Type: STRUCT
    Provider name: forward
    Description: Display information of the final state “forward” and reason.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the target (if applicable).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that the packet is forwarded to.
    - target
      Type: STRING
      Provider name: target
      Description: Target type where this packet is forwarded to.
      Possible values:
      - TARGET_UNSPECIFIED - Target not specified.
      - PEERING_VPC - Forwarded to a VPC peering network.
      - VPN_GATEWAY - Forwarded to a Cloud VPN gateway.
      - INTERCONNECT - Forwarded to a Cloud Interconnect connection.
      - GKE_MASTER - Forwarded to a Google Kubernetes Engine Container cluster master.
      - IMPORTED_CUSTOM_ROUTE_NEXT_HOP - Forwarded to the next hop of a custom route imported from a peering VPC.
      - CLOUD_SQL_INSTANCE - Forwarded to a Cloud SQL instance.
      - ANOTHER_PROJECT - Forwarded to a VPC network in another project.
      - NCC_HUB - Forwarded to an NCC Hub.
      - ROUTER_APPLIANCE - Forwarded to a router appliance.
      - SECURE_WEB_PROXY_GATEWAY - Forwarded to a Secure Web Proxy Gateway.
  - forwarding_rule
    Type: STRUCT
    Provider name: forwardingRule
    Description: Display information of a Compute Engine forwarding rule.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of the forwarding rule.
    - load_balancer_name
      Type: STRING
      Provider name: loadBalancerName
      Description: Name of the load balancer the forwarding rule belongs to. Empty for forwarding rules not related to load balancers (like PSC forwarding rules).
    - matched_port_range
      Type: STRING
      Provider name: matchedPortRange
      Description: Port range defined in the forwarding rule that matches the packet.
    - matched_protocol
      Type: STRING
      Provider name: matchedProtocol
      Description: Protocol defined in the forwarding rule that matches the packet.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: Network URI.
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target this forwarding rule targets (if applicable).
    - psc_service_attachment_uri
      Type: STRING
      Provider name: pscServiceAttachmentUri
      Description: URI of the PSC service attachment this forwarding rule targets (if applicable).
    - region
      Type: STRING
      Provider name: region
      Description: Region of the forwarding rule. Set only for regional forwarding rules.
    - target
      Type: STRING
      Provider name: target
      Description: Target type of the forwarding rule.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of the forwarding rule.
    - vip
      Type: STRING
      Provider name: vip
      Description: VIP of the forwarding rule.
  - gke_master
    Type: STRUCT
    Provider name: gkeMaster
    Description: Display information of a Google Kubernetes Engine cluster master.
    - cluster_network_uri
      Type: STRING
      Provider name: clusterNetworkUri
      Description: URI of a GKE cluster network.
    - cluster_uri
      Type: STRING
      Provider name: clusterUri
      Description: URI of a GKE cluster.
    - dns_endpoint
      Type: STRING
      Provider name: dnsEndpoint
      Description: DNS endpoint of a GKE cluster control plane.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of a GKE cluster control plane.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of a GKE cluster control plane.
  - google_service
    Type: STRUCT
    Provider name: googleService
    Description: Display information of a Google service
    - google_service_type
      Type: STRING
      Provider name: googleServiceType
      Description: Recognized type of a Google Service.
      Possible values:
      - GOOGLE_SERVICE_TYPE_UNSPECIFIED - Unspecified Google Service.
      - IAP - Identity aware proxy. https://cloud.google.com/iap/docs/using-tcp-forwarding
      - GFE_PROXY_OR_HEALTH_CHECK_PROBER - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober https://cloud.google.com/load-balancing/docs/firewall-rules
      - CLOUD_DNS - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules
      - GOOGLE_API - private.googleapis.com and restricted.googleapis.com
      - GOOGLE_API_PSC - Google API via Private Service Connect. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
      - GOOGLE_API_VPC_SC - Google API via VPC Service Controls. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
      - SERVERLESS_VPC_ACCESS - Google API via Serverless VPC Access. https://cloud.google.com/vpc/docs/serverless-vpc-access
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address.
  - instance
    Type: STRUCT
    Provider name: instance
    Description: Display information of a Compute Engine instance.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of the network interface.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Compute Engine instance.
    - gcp_status
      Type: STRING
      Provider name: status
      Description: The status of the instance.
      Possible values:
      - STATUS_UNSPECIFIED - Default unspecified value.
      - RUNNING - The instance is running.
      - NOT_RUNNING - The instance has any status other than ‘RUNNING’.
    - interface
      Type: STRING
      Provider name: interface
      Description: Name of the network interface of a Compute Engine instance.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of the network interface.
    - network_tags
      Type: UNORDERED_LIST_STRING
      Provider name: networkTags
      Description: Network tags configured on the instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network.
    - psc_network_attachment_uri
      Type: STRING
      Provider name: pscNetworkAttachmentUri
      Description: URI of the PSC network attachment the NIC is attached to (if relevant).
    - running
      Type: BOOLEAN
      Provider name: running
      Description: Indicates whether the Compute Engine instance is running. Deprecated: use the status field instead.
    - service_account
      Type: STRING
      Provider name: serviceAccount
      Description: Service account authorized for the instance.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Compute Engine instance.
  - interconnect_attachment
    Type: STRUCT
    Provider name: interconnectAttachment
    Description: Display information of an interconnect attachment.
    - cloud_router_uri
      Type: STRING
      Provider name: cloudRouterUri
      Description: URI of the Cloud Router to be used for dynamic routing.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of an Interconnect attachment.
    - interconnect_uri
      Type: STRING
      Provider name: interconnectUri
      Description: URI of the Interconnect where the Interconnect attachment is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where the Interconnect attachment is configured.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of an Interconnect attachment.
  - load_balancer
    Type: STRUCT
    Provider name: loadBalancer
    Description: Display information of the load balancers. Deprecated in favor of the load_balancer_backend_info field, not used in new tests.
    - backend_type
      Type: STRING
      Provider name: backendType
      Description: Type of load balancer’s backend configuration.
      Possible values:
      - BACKEND_TYPE_UNSPECIFIED - Type is unspecified.
      - BACKEND_SERVICE - Backend Service as the load balancer’s backend.
      - TARGET_POOL - Target Pool as the load balancer’s backend.
      - TARGET_INSTANCE - Target Instance as the load balancer’s backend.
    - backend_uri
      Type: STRING
      Provider name: backendUri
      Description: Backend configuration URI.
    - backends
      Type: UNORDERED_LIST_STRUCT
      Provider name: backends
      Description: Information for the loadbalancer backends.
      - gcp_display_name
        Type: STRING
        Provider name: displayName
        Description: Name of a Compute Engine instance or network endpoint.
      - health_check_allowing_firewall_rules
        Type: UNORDERED_LIST_STRING
        Provider name: healthCheckAllowingFirewallRules
        Description: A list of firewall rule URIs allowing probes from health check IP ranges.
      - health_check_blocking_firewall_rules
        Type: UNORDERED_LIST_STRING
        Provider name: healthCheckBlockingFirewallRules
        Description: A list of firewall rule URIs blocking probes from health check IP ranges.
      - health_check_firewall_state
        Type: STRING
        Provider name: healthCheckFirewallState
        Description: State of the health check firewall configuration.
        Possible values:
        HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED - State is unspecified. Default state if not populated.
        CONFIGURED - There are configured firewall rules to allow health check probes to the backend.
        MISCONFIGURED - There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer.
      - uri
        Type: STRING
        Provider name: uri
        Description: URI of a Compute Engine instance or network endpoint.
    - health_check_uri
      Type: STRING
      Provider name: healthCheckUri
      Description: URI of the health check for the load balancer. Deprecated and no longer populated as different load balancer backends might have different health checks.
    - load_balancer_type
      Type: STRING
      Provider name: loadBalancerType
      Description: Type of the load balancer.
      Possible values:
      - LOAD_BALANCER_TYPE_UNSPECIFIED - Type is unspecified.
      - INTERNAL_TCP_UDP - Internal TCP/UDP load balancer.
      - NETWORK_TCP_UDP - Network TCP/UDP load balancer.
      - HTTP_PROXY - HTTP(S) proxy load balancer.
      - TCP_PROXY - TCP proxy load balancer.
      - SSL_PROXY - SSL proxy load balancer.
  - load_balancer_backend_info
    Type: STRUCT
    Provider name: loadBalancerBackendInfo
    Description: Display information of a specific load balancer backend.
    - backend_bucket_uri
      Type: STRING
      Provider name: backendBucketUri
      Description: URI of the backend bucket this backend targets (if applicable).
    - backend_service_uri
      Type: STRING
      Provider name: backendServiceUri
      Description: URI of the backend service this backend belongs to (if applicable).
    - health_check_firewalls_config_state
      Type: STRING
      Provider name: healthCheckFirewallsConfigState
      Description: Output only. Health check firewalls configuration state for the backend. This is a result of the static firewall analysis (verifying that health check traffic from required IP ranges to the backend is allowed or not). The backend might still be unhealthy even if these firewalls are configured. Please refer to the documentation for more information: https://cloud.google.com/load-balancing/docs/firewall-rules
      Possible values:
      - HEALTH_CHECK_FIREWALLS_CONFIG_STATE_UNSPECIFIED - Configuration state unspecified. It usually means that the backend has no health check attached, or there was an unexpected configuration error preventing Connectivity tests from verifying health check configuration.
      - FIREWALLS_CONFIGURED - Firewall rules (policies) allowing health check traffic from all required IP ranges to the backend are configured.
      - FIREWALLS_PARTIALLY_CONFIGURED - Firewall rules (policies) allow health check traffic only from a part of required IP ranges.
      - FIREWALLS_NOT_CONFIGURED - Firewall rules (policies) deny health check traffic from all required IP ranges to the backend.
      - FIREWALLS_UNSUPPORTED - The network contains firewall rules of unsupported types, so Connectivity tests were not able to verify health check configuration status. Please refer to the documentation for the list of unsupported configurations: https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs
    - health_check_uri
      Type: STRING
      Provider name: healthCheckUri
      Description: URI of the health check attached to this backend (if applicable).
    - instance_group_uri
      Type: STRING
      Provider name: instanceGroupUri
      Description: URI of the instance group this backend belongs to (if applicable).
    - instance_uri
      Type: STRING
      Provider name: instanceUri
      Description: URI of the backend instance (if applicable). Populated for instance group backends, and zonal NEG backends.
    - name
      Type: STRING
      Provider name: name
      Description: Display name of the backend. For example, it might be an instance name for the instance group backends, or an IP address and port for zonal network endpoint group backends.
    - network_endpoint_group_uri
      Type: STRING
      Provider name: networkEndpointGroupUri
      Description: URI of the network endpoint group this backend belongs to (if applicable).
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target this PSC NEG backend targets (if applicable).
    - psc_service_attachment_uri
      Type: STRING
      Provider name: pscServiceAttachmentUri
      Description: URI of the PSC service attachment this PSC NEG backend targets (if applicable).
  - nat
    Type: STRUCT
    Provider name: nat
    Description: Display information of a NAT.
    - nat_gateway_name
      Type: STRING
      Provider name: natGatewayName
      Description: The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network where NAT translation takes place.
    - new_destination_ip
      Type: STRING
      Provider name: newDestinationIp
      Description: Destination IP address after NAT translation.
    - new_destination_port
      Type: INT32
      Provider name: newDestinationPort
      Description: Destination port after NAT translation. Only valid when protocol is TCP or UDP.
    - new_source_ip
      Type: STRING
      Provider name: newSourceIp
      Description: Source IP address after NAT translation.
    - new_source_port
      Type: INT32
      Provider name: newSourcePort
      Description: Source port after NAT translation. Only valid when protocol is TCP or UDP.
    - old_destination_ip
      Type: STRING
      Provider name: oldDestinationIp
      Description: Destination IP address before NAT translation.
    - old_destination_port
      Type: INT32
      Provider name: oldDestinationPort
      Description: Destination port before NAT translation. Only valid when protocol is TCP or UDP.
    - old_source_ip
      Type: STRING
      Provider name: oldSourceIp
      Description: Source IP address before NAT translation.
    - old_source_port
      Type: INT32
      Provider name: oldSourcePort
      Description: Source port before NAT translation. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - router_uri
      Type: STRING
      Provider name: routerUri
      Description: Uri of the Cloud Router. Only valid when type is CLOUD_NAT.
    - type
      Type: STRING
      Provider name: type
      Description: Type of NAT.
      Possible values:
      - TYPE_UNSPECIFIED - Type is unspecified.
      - INTERNAL_TO_EXTERNAL - From Compute Engine instance’s internal address to external address.
      - EXTERNAL_TO_INTERNAL - From Compute Engine instance’s external address to internal address.
      - CLOUD_NAT - Cloud NAT Gateway.
      - PRIVATE_SERVICE_CONNECT - Private service connect NAT.
  - network
    Type: STRUCT
    Provider name: network
    Description: Display information of a Google Cloud network.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Compute Engine network.
    - matched_ip_range
      Type: STRING
      Provider name: matchedIpRange
      Description: The IP range of the subnet matching the source IP address of the test.
    - matched_subnet_uri
      Type: STRING
      Provider name: matchedSubnetUri
      Description: URI of the subnet matching the source IP address of the test.
    - region
      Type: STRING
      Provider name: region
      Description: The region of the subnet matching the source IP address of the test.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Compute Engine network.
  - project_id
    Type: STRING
    Provider name: projectId
    Description: Project ID that contains the configuration this step is validating.
  - proxy_connection
    Type: STRUCT
    Provider name: proxyConnection
    Description: Display information of a ProxyConnection.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network where connection is proxied.
    - new_destination_ip
      Type: STRING
      Provider name: newDestinationIp
      Description: Destination IP address of a new connection.
    - new_destination_port
      Type: INT32
      Provider name: newDestinationPort
      Description: Destination port of a new connection. Only valid when protocol is TCP or UDP.
    - new_source_ip
      Type: STRING
      Provider name: newSourceIp
      Description: Source IP address of a new connection.
    - new_source_port
      Type: INT32
      Provider name: newSourcePort
      Description: Source port of a new connection. Only valid when protocol is TCP or UDP.
    - old_destination_ip
      Type: STRING
      Provider name: oldDestinationIp
      Description: Destination IP address of an original connection
    - old_destination_port
      Type: INT32
      Provider name: oldDestinationPort
      Description: Destination port of an original connection. Only valid when protocol is TCP or UDP.
    - old_source_ip
      Type: STRING
      Provider name: oldSourceIp
      Description: Source IP address of an original connection.
    - old_source_port
      Type: INT32
      Provider name: oldSourcePort
      Description: Source port of an original connection. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - subnet_uri
      Type: STRING
      Provider name: subnetUri
      Description: Uri of proxy subnet.
  - redis_cluster
    Type: STRUCT
    Provider name: redisCluster
    Description: Display information of a Redis Cluster.
    - discovery_endpoint_ip_address
      Type: STRING
      Provider name: discoveryEndpointIpAddress
      Description: Discovery endpoint IP address of a Redis Cluster.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Redis Cluster.
    - location
      Type: STRING
      Provider name: location
      Description: Name of the region in which the Redis Cluster is defined. For example, “us-central1”.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network containing the Redis Cluster endpoints in format “projects/{project_id}/global/networks/{network_id}”.
    - secondary_endpoint_ip_address
      Type: STRING
      Provider name: secondaryEndpointIpAddress
      Description: Secondary endpoint IP address of a Redis Cluster.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Redis Cluster in format “projects/{project_id}/locations/{location}/clusters/{cluster_id}"
  - redis_instance
    Type: STRUCT
    Provider name: redisInstance
    Description: Display information of a Redis Instance.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Redis Instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Cloud Redis Instance network.
    - primary_endpoint_ip
      Type: STRING
      Provider name: primaryEndpointIp
      Description: Primary endpoint IP address of a Cloud Redis Instance.
    - read_endpoint_ip
      Type: STRING
      Provider name: readEndpointIp
      Description: Read endpoint IP address of a Cloud Redis Instance (if applicable).
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Cloud Redis Instance is defined.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Redis Instance.
  - route
    Type: STRUCT
    Provider name: route
    Description: Display information of a Compute Engine route.
    - advertised_route_next_hop_uri
      Type: STRING
      Provider name: advertisedRouteNextHopUri
      Description: For ADVERTISED routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network. Deprecated in favor of the next_hop_uri field, not used in new tests.
    - advertised_route_source_router_uri
      Type: STRING
      Provider name: advertisedRouteSourceRouterUri
      Description: For ADVERTISED dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix.
    - dest_ip_range
      Type: STRING
      Provider name: destIpRange
      Description: Destination IP range of the route.
    - dest_port_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: destPortRanges
      Description: Destination port ranges of the route. POLICY_BASED routes only.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a route.
    - instance_tags
      Type: UNORDERED_LIST_STRING
      Provider name: instanceTags
      Description: Instance tags of the route.
    - ncc_hub_route_uri
      Type: STRING
      Provider name: nccHubRouteUri
      Description: For PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub, the URI of the corresponding route in NCC Hub’s routing table.
    - ncc_hub_uri
      Type: STRING
      Provider name: nccHubUri
      Description: URI of the NCC Hub the route is advertised by. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only.
    - ncc_spoke_uri
      Type: STRING
      Provider name: nccSpokeUri
      Description: URI of the destination NCC Spoke. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a VPC network where route is located.
    - next_hop
      Type: STRING
      Provider name: nextHop
      Description: String type of the next hop of the route (for example, “VPN tunnel”). Deprecated in favor of the next_hop_type and next_hop_uri fields, not used in new tests.
    - next_hop_network_uri
      Type: STRING
      Provider name: nextHopNetworkUri
      Description: URI of a VPC network where the next hop resource is located.
    - next_hop_type
      Type: STRING
      Provider name: nextHopType
      Description: Type of next hop.
      Possible values:
      - NEXT_HOP_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - NEXT_HOP_IP - Next hop is an IP address.
      - NEXT_HOP_INSTANCE - Next hop is a Compute Engine instance.
      - NEXT_HOP_NETWORK - Next hop is a VPC network gateway.
      - NEXT_HOP_PEERING - Next hop is a peering VPC. This scenario only happens when the user doesn’t have permissions to the project where the next hop resource is located.
      - NEXT_HOP_INTERCONNECT - Next hop is an interconnect.
      - NEXT_HOP_VPN_TUNNEL - Next hop is a VPN tunnel.
      - NEXT_HOP_VPN_GATEWAY - Next hop is a VPN gateway. This scenario only happens when tracing connectivity from an on-premises network to Google Cloud through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arriving at a Cloud VPN gateway.
      - NEXT_HOP_INTERNET_GATEWAY - Next hop is an internet gateway.
      - NEXT_HOP_BLACKHOLE - Next hop is blackhole; that is, the next hop either does not exist or is unusable.
      - NEXT_HOP_ILB - Next hop is the forwarding rule of an Internal Load Balancer.
      - NEXT_HOP_ROUTER_APPLIANCE - Next hop is a router appliance instance.
      - NEXT_HOP_NCC_HUB - Next hop is an NCC hub. This scenario only happens when the user doesn’t have permissions to the project where the next hop resource is located.
      - SECURE_WEB_PROXY_GATEWAY - Next hop is Secure Web Proxy Gateway.
    - next_hop_uri
      Type: STRING
      Provider name: nextHopUri
      Description: URI of the next hop resource.
    - originating_route_display_name
      Type: STRING
      Provider name: originatingRouteDisplayName
      Description: For PEERING_SUBNET, PEERING_STATIC and PEERING_DYNAMIC routes, the name of the originating SUBNET/STATIC/DYNAMIC route.
    - originating_route_uri
      Type: STRING
      Provider name: originatingRouteUri
      Description: For PEERING_SUBNET and PEERING_STATIC routes, the URI of the originating SUBNET/STATIC route.
    - priority
      Type: INT32
      Provider name: priority
      Description: Priority of the route.
    - protocols
      Type: UNORDERED_LIST_STRING
      Provider name: protocols
      Description: Protocols of the route. POLICY_BASED routes only.
    - region
      Type: STRING
      Provider name: region
      Description: Region of the route. DYNAMIC, PEERING_DYNAMIC, POLICY_BASED and ADVERTISED routes only. If set for POLICY_BASED route, this is a region of VLAN attachments for Cloud Interconnect the route applies to.
    - route_scope
      Type: STRING
      Provider name: routeScope
      Description: Indicates where route is applicable. Deprecated, routes with NCC_HUB scope are not included in the trace in new tests.
      Possible values:
      - ROUTE_SCOPE_UNSPECIFIED - Unspecified scope. Default value.
      - NETWORK - Route is applicable to packets in Network.
      - NCC_HUB - Route is applicable to packets using NCC Hub’s routing table.
    - route_type
      Type: STRING
      Provider name: routeType
      Description: Type of route.
      Possible values:
      - ROUTE_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - SUBNET - Route is a subnet route automatically created by the system.
      - STATIC - Static route created by the user, including the default route to the internet.
      - DYNAMIC - Dynamic route exchanged between BGP peers.
      - PEERING_SUBNET - A subnet route received from peering network or NCC Hub.
      - PEERING_STATIC - A static route received from peering network.
      - PEERING_DYNAMIC - A dynamic route received from peering network or NCC Hub.
      - POLICY_BASED - Policy based route.
      - ADVERTISED - Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests.
    - src_ip_range
      Type: STRING
      Provider name: srcIpRange
      Description: Source IP address range of the route. POLICY_BASED routes only.
    - src_port_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: srcPortRanges
      Description: Source port ranges of the route. POLICY_BASED routes only.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a route. SUBNET, STATIC, PEERING_SUBNET (only for peering network) and POLICY_BASED routes only.
  - serverless_external_connection
    Type: STRUCT
    Provider name: serverlessExternalConnection
    Description: Display information of a serverless public (external) connection.
    - selected_ip_address
      Type: STRING
      Provider name: selectedIpAddress
      Description: Selected starting IP address, from the Google dynamic address pool.
  - serverless_neg
    Type: STRUCT
    Provider name: serverlessNeg
    Description: Display information of a Serverless network endpoint group backend. Used only for return traces.
    - neg_uri
      Type: STRING
      Provider name: negUri
      Description: URI of the serverless network endpoint group.
  - state
    Type: STRING
    Provider name: state
    Description: Each step is in one of the pre-defined states.
    Possible values:
    - STATE_UNSPECIFIED - Unspecified state.
    - START_FROM_INSTANCE - Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information.
    - START_FROM_INTERNET - Initial state: packet originating from the internet. The endpoint information is populated.
    - START_FROM_GOOGLE_SERVICE - Initial state: packet originating from a Google service. The google_service information is populated.
    - START_FROM_PRIVATE_NETWORK - Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network.
    - START_FROM_GKE_MASTER - Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information.
    - START_FROM_CLOUD_SQL_INSTANCE - Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information.
    - START_FROM_REDIS_INSTANCE - Initial state: packet originating from a Redis instance. A RedisInstanceInfo is populated with starting instance information.
    - START_FROM_REDIS_CLUSTER - Initial state: packet originating from a Redis Cluster. A RedisClusterInfo is populated with starting Cluster information.
    - START_FROM_CLOUD_FUNCTION - Initial state: packet originating from a Cloud Function. A CloudFunctionInfo is populated with starting function information.
    - START_FROM_APP_ENGINE_VERSION - Initial state: packet originating from an App Engine service version. An AppEngineVersionInfo is populated with starting version information.
    - START_FROM_CLOUD_RUN_REVISION - Initial state: packet originating from a Cloud Run revision. A CloudRunRevisionInfo is populated with starting revision information.
    - START_FROM_STORAGE_BUCKET - Initial state: packet originating from a Storage Bucket. Used only for return traces. The storage_bucket information is populated.
    - START_FROM_PSC_PUBLISHED_SERVICE - Initial state: packet originating from a published service that uses Private Service Connect. Used only for return traces.
    - START_FROM_SERVERLESS_NEG - Initial state: packet originating from a serverless network endpoint group backend. Used only for return traces. The serverless_neg information is populated.
    - APPLY_INGRESS_FIREWALL_RULE - Config checking state: verify ingress firewall rule.
    - APPLY_EGRESS_FIREWALL_RULE - Config checking state: verify egress firewall rule.
    - APPLY_ROUTE - Config checking state: verify route.
    - APPLY_FORWARDING_RULE - Config checking state: match forwarding rule.
    - ANALYZE_LOAD_BALANCER_BACKEND - Config checking state: verify load balancer backend configuration.
    - SPOOFING_APPROVED - Config checking state: packet sent or received under foreign IP address and allowed.
    - ARRIVE_AT_INSTANCE - Forwarding state: arriving at a Compute Engine instance.
    - ARRIVE_AT_INTERNAL_LOAD_BALANCER - Forwarding state: arriving at a Compute Engine internal load balancer.
    - ARRIVE_AT_EXTERNAL_LOAD_BALANCER - Forwarding state: arriving at a Compute Engine external load balancer.
    - ARRIVE_AT_VPN_GATEWAY - Forwarding state: arriving at a Cloud VPN gateway.
    - ARRIVE_AT_VPN_TUNNEL - Forwarding state: arriving at a Cloud VPN tunnel.
    - ARRIVE_AT_INTERCONNECT_ATTACHMENT - Forwarding state: arriving at an interconnect attachment.
    - ARRIVE_AT_VPC_CONNECTOR - Forwarding state: arriving at a VPC connector.
    - DIRECT_VPC_EGRESS_CONNECTION - Forwarding state: for packets originating from a serverless endpoint forwarded through Direct VPC egress.
    - SERVERLESS_EXTERNAL_CONNECTION - Forwarding state: for packets originating from a serverless endpoint forwarded through public (external) connectivity.
    - NAT - Transition state: packet header translated.
    - PROXY_CONNECTION - Transition state: original connection is terminated and a new proxied connection is initiated.
    - DELIVER - Final state: packet could be delivered.
    - DROP - Final state: packet could be dropped.
    - FORWARD - Final state: packet could be forwarded to a network with an unknown configuration.
    - ABORT - Final state: analysis is aborted.
    - VIEWER_PERMISSION_MISSING - Special state: viewer of the test result does not have permission to see the configuration in this step.
  - storage_bucket
    Type: STRUCT
    Provider name: storageBucket
    Description: Display information of a Storage Bucket. Used only for return traces.
    - bucket
      Type: STRING
      Provider name: bucket
      Description: Cloud Storage Bucket name.
  - vpc_connector
    Type: STRUCT
    Provider name: vpcConnector
    Description: Display information of a VPC connector.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPC connector.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which the VPC connector is deployed.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPC connector.
  - vpn_gateway
    Type: STRUCT
    Provider name: vpnGateway
    Description: Display information of a Compute Engine VPN gateway.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPN gateway.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the VPN gateway.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network where the VPN gateway is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where this VPN gateway is configured.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPN gateway.
    - vpn_tunnel_uri
      Type: STRING
      Provider name: vpnTunnelUri
      Description: A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed.
  - vpn_tunnel
    Type: STRUCT
    Provider name: vpnTunnel
    Description: Display information of a Compute Engine VPN tunnel.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPN tunnel.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network where the VPN tunnel is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where this VPN tunnel is configured.
    - remote_gateway
      Type: STRING
      Provider name: remoteGateway
      Description: URI of a VPN gateway at remote end of the tunnel.
    - remote_gateway_ip
      Type: STRING
      Provider name: remoteGatewayIp
      Description: Remote VPN gateway’s IP address.
    - routing_type
      Type: STRING
      Provider name: routingType
      Description: Type of the routing policy.
      Possible values:
      - ROUTING_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - ROUTE_BASED - Route based VPN.
      - POLICY_BASED - Policy based routing.
      - DYNAMIC - Dynamic (BGP) routing.
    - source_gateway
      Type: STRING
      Provider name: sourceGateway
      Description: URI of the VPN gateway at local end of the tunnel.
    - source_gateway_ip
      Type: STRING
      Provider name: sourceGatewayIp
      Description: Local VPN gateway’s IP address.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPN tunnel.
verify_time
Type: TIMESTAMP
Provider name: verifyTime
Description: The time of the configuration analysis.

`related_projects`

Type: UNORDERED_LIST_STRING
Provider name: relatedProjects
Description: Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries.

`resource_name`

Type: STRING

`return_reachability_details`

Type: STRUCT
Provider name: returnReachabilityDetails
Description: Output only. The reachability details of this test from the latest run for the return path. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test.

error
Type: STRUCT
Provider name: error
Description: The details of a failure or a cancellation of reachability analysis.
- code
  Type: INT32
  Provider name: code
  Description: The status code, which should be an enum value of google.rpc.Code.
- message
  Type: STRING
  Provider name: message
  Description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
result
Type: STRING
Provider name: result
Description: The overall result of the test’s configuration analysis.
Possible values:
- RESULT_UNSPECIFIED - No result was specified.
- REACHABLE - Possible scenarios are: * The configuration analysis determined that a packet originating from the source is expected to reach the destination. * The analysis didn’t complete because the user lacks permission for some of the resources in the trace. However, at the time the user’s permission became insufficient, the trace had been successful so far.
- UNREACHABLE - A packet originating from the source is expected to be dropped before reaching the destination.
- AMBIGUOUS - The source and destination endpoints do not uniquely identify the test location in the network, and the reachability result contains multiple traces. For some traces, a packet could be delivered, and for others, it would not be. This result is also assigned to configuration analysis of return path if on its own it should be REACHABLE, but configuration analysis of forward path is AMBIGUOUS.
- UNDETERMINED - The configuration analysis did not complete. Possible reasons are: * A permissions error occurred–for example, the user might not have read permission for all of the resources named in the test. * An internal error occurred. * The analyzer received an invalid or unsupported argument or was unable to identify a known endpoint.
traces
Type: UNORDERED_LIST_STRUCT
Provider name: traces
Description: Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends.
- endpoint_info
  Type: STRUCT
  Provider name: endpointInfo
  Description: Derived from the source and destination endpoints definition specified by user request, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpoint_info may be different between traces.
  - destination_ip
    Type: STRING
    Provider name: destinationIp
    Description: Destination IP address.
  - destination_network_uri
    Type: STRING
    Provider name: destinationNetworkUri
    Description: URI of the network where this packet is sent to.
  - destination_port
    Type: INT32
    Provider name: destinationPort
    Description: Destination port. Only valid when protocol is TCP or UDP.
  - protocol
    Type: STRING
    Provider name: protocol
    Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
  - source_agent_uri
    Type: STRING
    Provider name: sourceAgentUri
    Description: URI of the source telemetry agent this packet originates from.
  - source_ip
    Type: STRING
    Provider name: sourceIp
    Description: Source IP address.
  - source_network_uri
    Type: STRING
    Provider name: sourceNetworkUri
    Description: URI of the network where this packet originates from.
  - source_port
    Type: INT32
    Provider name: sourcePort
    Description: Source port. Only valid when protocol is TCP or UDP.
- forward_trace_id
  Type: INT32
  Provider name: forwardTraceId
  Description: ID of trace. For forward traces, this ID is unique for each trace. For return traces, it matches ID of associated forward trace. A single forward trace can be associated with none, one or more than one return trace.
- steps
  Type: UNORDERED_LIST_STRUCT
  Provider name: steps
  Description: A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted). The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them.
  - abort
    Type: STRUCT
    Provider name: abort
    Description: Display information of the final state “abort” and reason.
    - cause
      Type: STRING
      Provider name: cause
      Description: Causes that the analysis is aborted.
      Possible values:
      - CAUSE_UNSPECIFIED - Cause is unspecified.
      - UNKNOWN_NETWORK - Aborted due to unknown network. Deprecated, not used in the new tests.
      - UNKNOWN_PROJECT - Aborted because no project information can be derived from the test input. Deprecated, not used in the new tests.
      - NO_EXTERNAL_IP - Aborted because traffic is sent from a public IP to an instance without an external IP. Deprecated, not used in the new tests.
      - UNINTENDED_DESTINATION - Aborted because none of the traces matches destination information specified in the input test request. Deprecated, not used in the new tests.
      - SOURCE_ENDPOINT_NOT_FOUND - Aborted because the source endpoint could not be found. Deprecated, not used in the new tests.
      - MISMATCHED_SOURCE_NETWORK - Aborted because the source network does not match the source endpoint. Deprecated, not used in the new tests.
      - DESTINATION_ENDPOINT_NOT_FOUND - Aborted because the destination endpoint could not be found. Deprecated, not used in the new tests.
      - MISMATCHED_DESTINATION_NETWORK - Aborted because the destination network does not match the destination endpoint. Deprecated, not used in the new tests.
      - UNKNOWN_IP - Aborted because no endpoint with the packet’s destination IP address is found.
      - GOOGLE_MANAGED_SERVICE_UNKNOWN_IP - Aborted because no endpoint with the packet’s destination IP is found in the Google-managed project.
      - SOURCE_IP_ADDRESS_NOT_IN_SOURCE_NETWORK - Aborted because the source IP address doesn’t belong to any of the subnets of the source VPC network.
      - PERMISSION_DENIED - Aborted because user lacks permission to access all or part of the network configurations required to run the test.
      - PERMISSION_DENIED_NO_CLOUD_NAT_CONFIGS - Aborted because user lacks permission to access Cloud NAT configs required to run the test.
      - PERMISSION_DENIED_NO_NEG_ENDPOINT_CONFIGS - Aborted because user lacks permission to access Network endpoint group endpoint configs required to run the test.
      - PERMISSION_DENIED_NO_CLOUD_ROUTER_CONFIGS - Aborted because user lacks permission to access Cloud Router configs required to run the test.
      - NO_SOURCE_LOCATION - Aborted because no valid source or destination endpoint is derived from the input test request.
      - INVALID_ARGUMENT - Aborted because the source or destination endpoint specified in the request is invalid. Some examples: - The request might contain malformed resource URI, project ID, or IP address. - The request might contain inconsistent information (for example, the request might include both the instance and the network, but the instance might not have a NIC in that network).
      - TRACE_TOO_LONG - Aborted because the number of steps in the trace exceeds a certain limit. It might be caused by a routing loop.
      - INTERNAL_ERROR - Aborted due to internal server error.
      - UNSUPPORTED - Aborted because the test scenario is not supported.
      - MISMATCHED_IP_VERSION - Aborted because the source and destination resources have no common IP version.
      - GKE_KONNECTIVITY_PROXY_UNSUPPORTED - Aborted because the connection between the control plane and the node of the source cluster is initiated by the node and managed by the Konnectivity proxy.
      - RESOURCE_CONFIG_NOT_FOUND - Aborted because expected resource configuration was missing.
      - VM_INSTANCE_CONFIG_NOT_FOUND - Aborted because expected VM instance configuration was missing.
      - NETWORK_CONFIG_NOT_FOUND - Aborted because expected network configuration was missing.
      - FIREWALL_CONFIG_NOT_FOUND - Aborted because expected firewall configuration was missing.
      - ROUTE_CONFIG_NOT_FOUND - Aborted because expected route configuration was missing.
      - GOOGLE_MANAGED_SERVICE_AMBIGUOUS_PSC_ENDPOINT - Aborted because PSC endpoint selection for the Google-managed service is ambiguous (several PSC endpoints satisfy test input).
      - GOOGLE_MANAGED_SERVICE_AMBIGUOUS_ENDPOINT - Aborted because endpoint selection for the Google-managed service is ambiguous (several endpoints satisfy test input).
      - SOURCE_PSC_CLOUD_SQL_UNSUPPORTED - Aborted because tests with a PSC-based Cloud SQL instance as a source are not supported.
      - SOURCE_REDIS_CLUSTER_UNSUPPORTED - Aborted because tests with a Redis Cluster as a source are not supported.
      - SOURCE_REDIS_INSTANCE_UNSUPPORTED - Aborted because tests with a Redis Instance as a source are not supported.
      - SOURCE_FORWARDING_RULE_UNSUPPORTED - Aborted because tests with a forwarding rule as a source are not supported.
      - NON_ROUTABLE_IP_ADDRESS - Aborted because one of the endpoints is a non-routable IP address (loopback, link-local, etc).
      - UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT - Aborted due to an unknown issue in the Google-managed project.
      - UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG - Aborted due to an unsupported configuration of the Google-managed project.
      - NO_SERVERLESS_IP_RANGES - Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges.
      - IP_VERSION_PROTOCOL_MISMATCH - Aborted because the used protocol is not supported for the used IP version.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address that caused the abort.
    - projects_missing_permission
      Type: UNORDERED_LIST_STRING
      Provider name: projectsMissingPermission
      Description: List of project IDs the user specified in the request but lacks access to. In this case, analysis is aborted with the PERMISSION_DENIED cause.
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that caused the abort.
  - app_engine_version
    Type: STRUCT
    Provider name: appEngineVersion
    Description: Display information of an App Engine service version.
    - environment
      Type: STRING
      Provider name: environment
      Description: App Engine execution environment for a version.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of an App Engine version.
    - runtime
      Type: STRING
      Provider name: runtime
      Description: Runtime of the App Engine version.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of an App Engine version.
  - causes_drop
    Type: BOOLEAN
    Provider name: causesDrop
    Description: This is a step that leads to the final state Drop.
  - cloud_function
    Type: STRUCT
    Provider name: cloudFunction
    Description: Display information of a Cloud Function.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Function.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which the Cloud Function is deployed.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Function.
    - version_id
      Type: INT64
      Provider name: versionId
      Description: Latest successfully deployed version id of the Cloud Function.
  - cloud_run_revision
    Type: STRUCT
    Provider name: cloudRunRevision
    Description: Display information of a Cloud Run revision.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Run revision.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which this revision is deployed.
    - service_uri
      Type: STRING
      Provider name: serviceUri
      Description: URI of Cloud Run service this revision belongs to.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Run revision.
  - cloud_sql_instance
    Type: STRUCT
    Provider name: cloudSqlInstance
    Description: Display information of a Cloud SQL instance.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of a Cloud SQL instance.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud SQL instance.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of a Cloud SQL instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Cloud SQL instance network or empty string if the instance does not have one.
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Cloud SQL instance is running.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud SQL instance.
  - deliver
    Type: STRUCT
    Provider name: deliver
    Description: Display information of the final state “deliver” and reason.
    - google_service_type
      Type: STRING
      Provider name: googleServiceType
      Description: Recognized type of a Google Service the packet is delivered to (if applicable).
      Possible values:
      - GOOGLE_SERVICE_TYPE_UNSPECIFIED - Unspecified Google Service.
      - IAP - Identity aware proxy. https://cloud.google.com/iap/docs/using-tcp-forwarding
      - GFE_PROXY_OR_HEALTH_CHECK_PROBER - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober https://cloud.google.com/load-balancing/docs/firewall-rules
      - CLOUD_DNS - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules
      - PRIVATE_GOOGLE_ACCESS - private.googleapis.com and restricted.googleapis.com
      - SERVERLESS_VPC_ACCESS - Google API via Private Service Connect. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis Google API via Serverless VPC Access. https://cloud.google.com/vpc/docs/serverless-vpc-access
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the target (if applicable).
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target the packet is delivered to (if applicable).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that the packet is delivered to.
    - storage_bucket
      Type: STRING
      Provider name: storageBucket
      Description: Name of the Cloud Storage Bucket the packet is delivered to (if applicable).
    - target
      Type: STRING
      Provider name: target
      Description: Target type where the packet is delivered to.
      Possible values:
      - TARGET_UNSPECIFIED - Target not specified.
      - INSTANCE - Target is a Compute Engine instance.
      - INTERNET - Target is the internet.
      - GOOGLE_API - Target is a Google API.
      - GKE_MASTER - Target is a Google Kubernetes Engine cluster master.
      - CLOUD_SQL_INSTANCE - Target is a Cloud SQL instance.
      - PSC_PUBLISHED_SERVICE - Target is a published service that uses Private Service Connect.
      - PSC_GOOGLE_API - Target is Google APIs that use Private Service Connect.
      - PSC_VPC_SC - Target is a VPC-SC that uses Private Service Connect.
      - SERVERLESS_NEG - Target is a serverless network endpoint group.
      - STORAGE_BUCKET - Target is a Cloud Storage bucket.
      - PRIVATE_NETWORK - Target is a private network. Used only for return traces.
      - CLOUD_FUNCTION - Target is a Cloud Function. Used only for return traces.
      - APP_ENGINE_VERSION - Target is a App Engine service version. Used only for return traces.
      - CLOUD_RUN_REVISION - Target is a Cloud Run revision. Used only for return traces.
      - GOOGLE_MANAGED_SERVICE - Target is a Google-managed service. Used only for return traces.
      - REDIS_INSTANCE - Target is a Redis Instance.
      - REDIS_CLUSTER - Target is a Redis Cluster.
  - description
    Type: STRING
    Provider name: description
    Description: A description of the step. Usually this is a summary of the state.
  - direct_vpc_egress_connection
    Type: STRUCT
    Provider name: directVpcEgressConnection
    Description: Display information of a serverless direct VPC egress connection.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of direct access network.
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Direct VPC egress is deployed.
    - selected_ip_address
      Type: STRING
      Provider name: selectedIpAddress
      Description: Selected starting IP address, from the selected IP range.
    - selected_ip_range
      Type: STRING
      Provider name: selectedIpRange
      Description: Selected IP range.
    - subnetwork_uri
      Type: STRING
      Provider name: subnetworkUri
      Description: URI of direct access subnetwork.
  - drop
    Type: STRUCT
    Provider name: drop
    Description: Display information of the final state “drop” and reason.
    - cause
      Type: STRING
      Provider name: cause
      Description: Cause that the packet is dropped.
      Possible values:
      - CAUSE_UNSPECIFIED - Cause is unspecified.
      - UNKNOWN_EXTERNAL_ADDRESS - Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input.
      - FOREIGN_IP_DISALLOWED - A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled.
      - FIREWALL_RULE - Dropped due to a firewall rule, unless allowed due to connection tracking.
      - NO_ROUTE - Dropped due to no matching routes.
      - ROUTE_BLACKHOLE - Dropped due to invalid route. Route’s next hop is a blackhole.
      - ROUTE_WRONG_NETWORK - Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2’s IP address to Network3.
      - ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED - Route’s next hop IP address cannot be resolved to a GCP resource.
      - ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND - Route’s next hop resource is not found.
      - ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK - Route’s next hop instance doesn’t have a NIC in the route’s network.
      - ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP - Route’s next hop IP address is not a primary IP address of the next hop instance.
      - ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH - Route’s next hop forwarding rule doesn’t match next hop IP address.
      - ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED - Route’s next hop VPN tunnel is down (does not have valid IKE SAs).
      - ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID - Route’s next hop forwarding rule type is invalid (it’s not a forwarding rule of the internal passthrough load balancer).
      - NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS - Packet is sent from the Internet or Google service to the private IPv6 address.
      - NO_ROUTE_FROM_EXTERNAL_IPV6_SOURCE_TO_PRIVATE_IPV6_ADDRESS - Packet is sent from the external IPv6 source address of an instance to the private IPv6 address of an instance.
      - VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH - The packet does not match a policy-based VPN tunnel local selector.
      - VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH - The packet does not match a policy-based VPN tunnel remote selector.
      - PRIVATE_TRAFFIC_TO_INTERNET - Packet with internal destination address sent to the internet gateway.
      - PRIVATE_GOOGLE_ACCESS_DISALLOWED - Endpoint with only an internal IP address tries to access Google API and services, but Private Google Access is not enabled in the subnet or is not applicable.
      - PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED - Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network.
      - NO_EXTERNAL_ADDRESS - Endpoint with only an internal IP address tries to access external hosts, but there is no matching Cloud NAT gateway in the subnet.
      - UNKNOWN_INTERNAL_ADDRESS - Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.
      - FORWARDING_RULE_MISMATCH - Forwarding rule’s protocol and ports do not match the packet header.
      - FORWARDING_RULE_NO_INSTANCES - Forwarding rule does not have backends configured.
      - FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK - Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules.
      - INGRESS_FIREWALL_TAGS_UNSUPPORTED_BY_DIRECT_VPC_EGRESS - Matching ingress firewall rules by network tags for packets sent via serverless VPC direct egress is unsupported. Behavior is undefined. https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#limitations
      - INSTANCE_NOT_RUNNING - Packet is sent from or to a Compute Engine instance that is not in a running state.
      - GKE_CLUSTER_NOT_RUNNING - Packet sent from or to a GKE cluster that is not in running state.
      - CLOUD_SQL_INSTANCE_NOT_RUNNING - Packet sent from or to a Cloud SQL instance that is not in running state.
      - REDIS_INSTANCE_NOT_RUNNING - Packet sent from or to a Redis Instance that is not in running state.
      - REDIS_CLUSTER_NOT_RUNNING - Packet sent from or to a Redis Cluster that is not in running state.
      - TRAFFIC_TYPE_BLOCKED - The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details.
      - GKE_MASTER_UNAUTHORIZED_ACCESS - Access to Google Kubernetes Engine cluster master’s endpoint is not authorized. See Access to the cluster endpoints for more details.
      - CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS - Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details.
      - DROPPED_INSIDE_GKE_SERVICE - Packet was dropped inside Google Kubernetes Engine Service.
      - DROPPED_INSIDE_CLOUD_SQL_SERVICE - Packet was dropped inside Cloud SQL Service.
      - GOOGLE_MANAGED_SERVICE_NO_PEERING - Packet was dropped because there is no peering between the originating network and the Google Managed Services Network.
      - GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT - Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.
      - GKE_PSC_ENDPOINT_MISSING - Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.
      - CLOUD_SQL_INSTANCE_NO_IP_ADDRESS - Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address.
      - GKE_CONTROL_PLANE_REGION_MISMATCH - Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster’s region.
      - PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION - Packet sent from a public GKE cluster control plane to a private IP address.
      - GKE_CONTROL_PLANE_NO_ROUTE - Packet was dropped because there is no route from a GKE cluster control plane to a destination network.
      - CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC - Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses.
      - PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION - Packet sent from a Cloud SQL instance with only a public IP address to a private IP address.
      - CLOUD_SQL_INSTANCE_NO_ROUTE - Packet was dropped because there is no route from a Cloud SQL instance to a destination network.
      - CLOUD_SQL_CONNECTOR_REQUIRED - Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307).
      - CLOUD_FUNCTION_NOT_ACTIVE - Packet could be dropped because the Cloud Function is not in an active status.
      - VPC_CONNECTOR_NOT_SET - Packet could be dropped because no VPC connector is set.
      - VPC_CONNECTOR_NOT_RUNNING - Packet could be dropped because the VPC connector is not in a running state.
      - VPC_CONNECTOR_SERVERLESS_TRAFFIC_BLOCKED - Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed.
      - VPC_CONNECTOR_HEALTH_CHECK_TRAFFIC_BLOCKED - Packet could be dropped because the health check traffic to the VPC connector is not allowed.
      - FORWARDING_RULE_REGION_MISMATCH - Packet could be dropped because it was sent from a different region to a regional forwarding without global access.
      - PSC_CONNECTION_NOT_ACCEPTED - The Private Service Connect endpoint is in a project that is not approved to connect to the service.
      - PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK - The packet is sent to the Private Service Connect endpoint over the peering, but it’s not supported.
      - PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled.
      - PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS - The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified.
      - CLOUD_SQL_PSC_NEG_UNSUPPORTED - The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported.
      - NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT - No NAT subnets are defined for the PSC service attachment.
      - PSC_TRANSITIVITY_NOT_PROPAGATED - PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated.
      - HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED - The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported.
      - HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED - The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported.
      - CLOUD_RUN_REVISION_NOT_READY - Packet sent from a Cloud Run revision that is not ready.
      - DROPPED_INSIDE_PSC_SERVICE_PRODUCER - Packet was dropped inside Private Service Connect service producer.
      - LOAD_BALANCER_HAS_NO_PROXY_SUBNET - Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found.
      - CLOUD_NAT_NO_ADDRESSES - Packet sent to Cloud Nat without active NAT IPs.
      - ROUTING_LOOP - Packet is stuck in a routing loop.
      - DROPPED_INSIDE_GOOGLE_MANAGED_SERVICE - Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn’t match the endpoint the packet was sent from in forward trace. Used only for return traces.
      - LOAD_BALANCER_BACKEND_INVALID_NETWORK - Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer.
      - BACKEND_SERVICE_NAMED_PORT_NOT_DEFINED - Packet is dropped due to a backend service named port not being defined on the instance group level.
      - DESTINATION_IS_PRIVATE_NAT_IP_RANGE - Packet is dropped due to a destination IP range being part of a Private NAT IP range.
      - DROPPED_INSIDE_REDIS_INSTANCE_SERVICE - Generic drop cause for a packet being dropped inside a Redis Instance service project.
      - REDIS_INSTANCE_UNSUPPORTED_PORT - Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance.
      - REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS - Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.
      - REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK - Packet is dropped due to no route to the destination network.
      - REDIS_INSTANCE_NO_EXTERNAL_IP - Redis Instance does not have an external IP address.
      - REDIS_INSTANCE_UNSUPPORTED_PROTOCOL - Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.
      - DROPPED_INSIDE_REDIS_CLUSTER_SERVICE - Generic drop cause for a packet being dropped inside a Redis Cluster service project.
      - REDIS_CLUSTER_UNSUPPORTED_PORT - Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.
      - REDIS_CLUSTER_NO_EXTERNAL_IP - Redis Cluster does not have an external IP address.
      - REDIS_CLUSTER_UNSUPPORTED_PROTOCOL - Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.
      - NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.
      - NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION - Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.
      - NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION - Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address.
      - PRIVATE_NAT_TO_PSC_ENDPOINT_UNSUPPORTED - Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported.
      - PSC_PORT_MAPPING_PORT_MISMATCH - Packet is sent to the PSC port mapping service, but its destination port does not match any port mapping rules.
      - PSC_PORT_MAPPING_WITHOUT_PSC_CONNECTION_UNSUPPORTED - Sending packets directly to the PSC port mapping service without going through the PSC connection is not supported.
      - UNSUPPORTED_ROUTE_MATCHED_FOR_NAT64_DESTINATION - Packet with destination IP address within the reserved NAT64 range is dropped due to matching a route of an unsupported type.
      - TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED - Packet could be dropped because hybrid endpoint like a VPN gateway or Interconnect is not allowed to send traffic to the Internet.
      - NO_MATCHING_NAT64_GATEWAY - Packet with destination IP address within the reserved NAT64 range is dropped due to no matching NAT gateway in the subnet.
      - LOAD_BALANCER_BACKEND_IP_VERSION_MISMATCH - Packet is dropped due to being sent to a backend of a passthrough load balancer that doesn’t use the same IP version as the frontend.
      - NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION - Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address.
      - CLOUD_NAT_PROTOCOL_UNSUPPORTED - Packet is dropped by Cloud NAT due to using an unsupported protocol.
    - destination_geolocation_code
      Type: STRING
      Provider name: destinationGeolocationCode
      Description: Geolocation (region code) of the destination IP address (if relevant).
    - destination_ip
      Type: STRING
      Provider name: destinationIp
      Description: Destination IP address of the dropped packet (if relevant).
    - region
      Type: STRING
      Provider name: region
      Description: Region of the dropped packet (if relevant).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that caused the drop.
    - source_geolocation_code
      Type: STRING
      Provider name: sourceGeolocationCode
      Description: Geolocation (region code) of the source IP address (if relevant).
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address of the dropped packet (if relevant).
  - endpoint
    Type: STRUCT
    Provider name: endpoint
    Description: Display information of the source and destination under analysis. The endpoint information in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy.
    - destination_ip
      Type: STRING
      Provider name: destinationIp
      Description: Destination IP address.
    - destination_network_uri
      Type: STRING
      Provider name: destinationNetworkUri
      Description: URI of the network where this packet is sent to.
    - destination_port
      Type: INT32
      Provider name: destinationPort
      Description: Destination port. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - source_agent_uri
      Type: STRING
      Provider name: sourceAgentUri
      Description: URI of the source telemetry agent this packet originates from.
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address.
    - source_network_uri
      Type: STRING
      Provider name: sourceNetworkUri
      Description: URI of the network where this packet originates from.
    - source_port
      Type: INT32
      Provider name: sourcePort
      Description: Source port. Only valid when protocol is TCP or UDP.
  - firewall
    Type: STRUCT
    Provider name: firewall
    Description: Display information of a Compute Engine firewall rule.
    - action
      Type: STRING
      Provider name: action
      Description: Possible values: ALLOW, DENY, APPLY_SECURITY_PROFILE_GROUP
    - direction
      Type: STRING
      Provider name: direction
      Description: Possible values: INGRESS, EGRESS
    - firewall_rule_type
      Type: STRING
      Provider name: firewallRuleType
      Description: The firewall rule’s type.
      Possible values:
      - FIREWALL_RULE_TYPE_UNSPECIFIED - Unspecified type.
      - HIERARCHICAL_FIREWALL_POLICY_RULE - Hierarchical firewall policy rule. For details, see Hierarchical firewall policies overview.
      - VPC_FIREWALL_RULE - VPC firewall rule. For details, see VPC firewall rules overview.
      - IMPLIED_VPC_FIREWALL_RULE - Implied VPC firewall rule. For details, see Implied rules.
      - SERVERLESS_VPC_ACCESS_MANAGED_FIREWALL_RULE - Implicit firewall rules that are managed by serverless VPC access to allow ingress access. They are not visible in the Google Cloud console. For details, see VPC connector’s implicit rules.
      - NETWORK_FIREWALL_POLICY_RULE - Global network firewall policy rule. For details, see Network firewall policies.
      - NETWORK_REGIONAL_FIREWALL_POLICY_RULE - Regional network firewall policy rule. For details, see Regional network firewall policies.
      - UNSUPPORTED_FIREWALL_POLICY_RULE - Firewall policy rule containing attributes not yet supported in Connectivity tests. Firewall analysis is skipped if such a rule can potentially be matched. Please see the list of unsupported configurations.
      - TRACKING_STATE - Tracking state for response traffic created when request traffic goes through allow firewall rule. For details, see firewall rules specifications
      - ANALYSIS_SKIPPED - Firewall analysis was skipped due to executing Connectivity Test in the BypassFirewallChecks mode
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: The display name of the firewall rule. This field might be empty for firewall policy rules.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: The URI of the VPC network that the firewall rule is associated with. This field is not applicable to hierarchical firewall policy rules.
    - policy
      Type: STRING
      Provider name: policy
      Description: The name of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - policy_priority
      Type: INT32
      Provider name: policyPriority
      Description: The priority of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - policy_uri
      Type: STRING
      Provider name: policyUri
      Description: The URI of the firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules and implied VPC firewall rules.
    - priority
      Type: INT32
      Provider name: priority
      Description: The priority of the firewall rule.
    - target_service_accounts
      Type: UNORDERED_LIST_STRING
      Provider name: targetServiceAccounts
      Description: The target service accounts specified by the firewall rule.
    - target_tags
      Type: UNORDERED_LIST_STRING
      Provider name: targetTags
      Description: The target tags defined by the VPC firewall rule. This field is not applicable to firewall policy rules.
    - target_type
      Type: STRING
      Provider name: targetType
      Description: Target type of the firewall rule.
      Possible values:
      - TARGET_TYPE_UNSPECIFIED - Target type is not specified. In this case we treat the rule as applying to INSTANCES target type.
      - INSTANCES - Firewall rule applies to instances.
      - INTERNAL_MANAGED_LB - Firewall rule applies to internal managed load balancers.
    - uri
      Type: STRING
      Provider name: uri
      Description: The URI of the firewall rule. This field is not applicable to implied VPC firewall rules.
  - forward
    Type: STRUCT
    Provider name: forward
    Description: Display information of the final state “forward” and reason.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the target (if applicable).
    - resource_uri
      Type: STRING
      Provider name: resourceUri
      Description: URI of the resource that the packet is forwarded to.
    - target
      Type: STRING
      Provider name: target
      Description: Target type where this packet is forwarded to.
      Possible values:
      - TARGET_UNSPECIFIED - Target not specified.
      - PEERING_VPC - Forwarded to a VPC peering network.
      - VPN_GATEWAY - Forwarded to a Cloud VPN gateway.
      - INTERCONNECT - Forwarded to a Cloud Interconnect connection.
      - GKE_MASTER - Forwarded to a Google Kubernetes Engine Container cluster master.
      - IMPORTED_CUSTOM_ROUTE_NEXT_HOP - Forwarded to the next hop of a custom route imported from a peering VPC.
      - CLOUD_SQL_INSTANCE - Forwarded to a Cloud SQL instance.
      - ANOTHER_PROJECT - Forwarded to a VPC network in another project.
      - NCC_HUB - Forwarded to an NCC Hub.
      - ROUTER_APPLIANCE - Forwarded to a router appliance.
      - SECURE_WEB_PROXY_GATEWAY - Forwarded to a Secure Web Proxy Gateway.
  - forwarding_rule
    Type: STRUCT
    Provider name: forwardingRule
    Description: Display information of a Compute Engine forwarding rule.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of the forwarding rule.
    - load_balancer_name
      Type: STRING
      Provider name: loadBalancerName
      Description: Name of the load balancer the forwarding rule belongs to. Empty for forwarding rules not related to load balancers (like PSC forwarding rules).
    - matched_port_range
      Type: STRING
      Provider name: matchedPortRange
      Description: Port range defined in the forwarding rule that matches the packet.
    - matched_protocol
      Type: STRING
      Provider name: matchedProtocol
      Description: Protocol defined in the forwarding rule that matches the packet.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: Network URI.
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target this forwarding rule targets (if applicable).
    - psc_service_attachment_uri
      Type: STRING
      Provider name: pscServiceAttachmentUri
      Description: URI of the PSC service attachment this forwarding rule targets (if applicable).
    - region
      Type: STRING
      Provider name: region
      Description: Region of the forwarding rule. Set only for regional forwarding rules.
    - target
      Type: STRING
      Provider name: target
      Description: Target type of the forwarding rule.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of the forwarding rule.
    - vip
      Type: STRING
      Provider name: vip
      Description: VIP of the forwarding rule.
  - gke_master
    Type: STRUCT
    Provider name: gkeMaster
    Description: Display information of a Google Kubernetes Engine cluster master.
    - cluster_network_uri
      Type: STRING
      Provider name: clusterNetworkUri
      Description: URI of a GKE cluster network.
    - cluster_uri
      Type: STRING
      Provider name: clusterUri
      Description: URI of a GKE cluster.
    - dns_endpoint
      Type: STRING
      Provider name: dnsEndpoint
      Description: DNS endpoint of a GKE cluster control plane.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of a GKE cluster control plane.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of a GKE cluster control plane.
  - google_service
    Type: STRUCT
    Provider name: googleService
    Description: Display information of a Google service
    - google_service_type
      Type: STRING
      Provider name: googleServiceType
      Description: Recognized type of a Google Service.
      Possible values:
      - GOOGLE_SERVICE_TYPE_UNSPECIFIED - Unspecified Google Service.
      - IAP - Identity aware proxy. https://cloud.google.com/iap/docs/using-tcp-forwarding
      - GFE_PROXY_OR_HEALTH_CHECK_PROBER - One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober https://cloud.google.com/load-balancing/docs/firewall-rules
      - CLOUD_DNS - Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules
      - GOOGLE_API - private.googleapis.com and restricted.googleapis.com
      - GOOGLE_API_PSC - Google API via Private Service Connect. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
      - GOOGLE_API_VPC_SC - Google API via VPC Service Controls. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
      - SERVERLESS_VPC_ACCESS - Google API via Serverless VPC Access. https://cloud.google.com/vpc/docs/serverless-vpc-access
    - source_ip
      Type: STRING
      Provider name: sourceIp
      Description: Source IP address.
  - instance
    Type: STRUCT
    Provider name: instance
    Description: Display information of a Compute Engine instance.
    - external_ip
      Type: STRING
      Provider name: externalIp
      Description: External IP address of the network interface.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Compute Engine instance.
    - gcp_status
      Type: STRING
      Provider name: status
      Description: The status of the instance.
      Possible values:
      - STATUS_UNSPECIFIED - Default unspecified value.
      - RUNNING - The instance is running.
      - NOT_RUNNING - The instance has any status other than ‘RUNNING’.
    - interface
      Type: STRING
      Provider name: interface
      Description: Name of the network interface of a Compute Engine instance.
    - internal_ip
      Type: STRING
      Provider name: internalIp
      Description: Internal IP address of the network interface.
    - network_tags
      Type: UNORDERED_LIST_STRING
      Provider name: networkTags
      Description: Network tags configured on the instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network.
    - psc_network_attachment_uri
      Type: STRING
      Provider name: pscNetworkAttachmentUri
      Description: URI of the PSC network attachment the NIC is attached to (if relevant).
    - running
      Type: BOOLEAN
      Provider name: running
      Description: Indicates whether the Compute Engine instance is running. Deprecated: use the status field instead.
    - service_account
      Type: STRING
      Provider name: serviceAccount
      Description: Service account authorized for the instance.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Compute Engine instance.
  - interconnect_attachment
    Type: STRUCT
    Provider name: interconnectAttachment
    Description: Display information of an interconnect attachment.
    - cloud_router_uri
      Type: STRING
      Provider name: cloudRouterUri
      Description: URI of the Cloud Router to be used for dynamic routing.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of an Interconnect attachment.
    - interconnect_uri
      Type: STRING
      Provider name: interconnectUri
      Description: URI of the Interconnect where the Interconnect attachment is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where the Interconnect attachment is configured.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of an Interconnect attachment.
  - load_balancer
    Type: STRUCT
    Provider name: loadBalancer
    Description: Display information of the load balancers. Deprecated in favor of the load_balancer_backend_info field, not used in new tests.
    - backend_type
      Type: STRING
      Provider name: backendType
      Description: Type of load balancer’s backend configuration.
      Possible values:
      - BACKEND_TYPE_UNSPECIFIED - Type is unspecified.
      - BACKEND_SERVICE - Backend Service as the load balancer’s backend.
      - TARGET_POOL - Target Pool as the load balancer’s backend.
      - TARGET_INSTANCE - Target Instance as the load balancer’s backend.
    - backend_uri
      Type: STRING
      Provider name: backendUri
      Description: Backend configuration URI.
    - backends
      Type: UNORDERED_LIST_STRUCT
      Provider name: backends
      Description: Information for the loadbalancer backends.
      - gcp_display_name
        Type: STRING
        Provider name: displayName
        Description: Name of a Compute Engine instance or network endpoint.
      - health_check_allowing_firewall_rules
        Type: UNORDERED_LIST_STRING
        Provider name: healthCheckAllowingFirewallRules
        Description: A list of firewall rule URIs allowing probes from health check IP ranges.
      - health_check_blocking_firewall_rules
        Type: UNORDERED_LIST_STRING
        Provider name: healthCheckBlockingFirewallRules
        Description: A list of firewall rule URIs blocking probes from health check IP ranges.
      - health_check_firewall_state
        Type: STRING
        Provider name: healthCheckFirewallState
        Description: State of the health check firewall configuration.
        Possible values:
        HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED - State is unspecified. Default state if not populated.
        CONFIGURED - There are configured firewall rules to allow health check probes to the backend.
        MISCONFIGURED - There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer.
      - uri
        Type: STRING
        Provider name: uri
        Description: URI of a Compute Engine instance or network endpoint.
    - health_check_uri
      Type: STRING
      Provider name: healthCheckUri
      Description: URI of the health check for the load balancer. Deprecated and no longer populated as different load balancer backends might have different health checks.
    - load_balancer_type
      Type: STRING
      Provider name: loadBalancerType
      Description: Type of the load balancer.
      Possible values:
      - LOAD_BALANCER_TYPE_UNSPECIFIED - Type is unspecified.
      - INTERNAL_TCP_UDP - Internal TCP/UDP load balancer.
      - NETWORK_TCP_UDP - Network TCP/UDP load balancer.
      - HTTP_PROXY - HTTP(S) proxy load balancer.
      - TCP_PROXY - TCP proxy load balancer.
      - SSL_PROXY - SSL proxy load balancer.
  - load_balancer_backend_info
    Type: STRUCT
    Provider name: loadBalancerBackendInfo
    Description: Display information of a specific load balancer backend.
    - backend_bucket_uri
      Type: STRING
      Provider name: backendBucketUri
      Description: URI of the backend bucket this backend targets (if applicable).
    - backend_service_uri
      Type: STRING
      Provider name: backendServiceUri
      Description: URI of the backend service this backend belongs to (if applicable).
    - health_check_firewalls_config_state
      Type: STRING
      Provider name: healthCheckFirewallsConfigState
      Description: Output only. Health check firewalls configuration state for the backend. This is a result of the static firewall analysis (verifying that health check traffic from required IP ranges to the backend is allowed or not). The backend might still be unhealthy even if these firewalls are configured. Please refer to the documentation for more information: https://cloud.google.com/load-balancing/docs/firewall-rules
      Possible values:
      - HEALTH_CHECK_FIREWALLS_CONFIG_STATE_UNSPECIFIED - Configuration state unspecified. It usually means that the backend has no health check attached, or there was an unexpected configuration error preventing Connectivity tests from verifying health check configuration.
      - FIREWALLS_CONFIGURED - Firewall rules (policies) allowing health check traffic from all required IP ranges to the backend are configured.
      - FIREWALLS_PARTIALLY_CONFIGURED - Firewall rules (policies) allow health check traffic only from a part of required IP ranges.
      - FIREWALLS_NOT_CONFIGURED - Firewall rules (policies) deny health check traffic from all required IP ranges to the backend.
      - FIREWALLS_UNSUPPORTED - The network contains firewall rules of unsupported types, so Connectivity tests were not able to verify health check configuration status. Please refer to the documentation for the list of unsupported configurations: https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs
    - health_check_uri
      Type: STRING
      Provider name: healthCheckUri
      Description: URI of the health check attached to this backend (if applicable).
    - instance_group_uri
      Type: STRING
      Provider name: instanceGroupUri
      Description: URI of the instance group this backend belongs to (if applicable).
    - instance_uri
      Type: STRING
      Provider name: instanceUri
      Description: URI of the backend instance (if applicable). Populated for instance group backends, and zonal NEG backends.
    - name
      Type: STRING
      Provider name: name
      Description: Display name of the backend. For example, it might be an instance name for the instance group backends, or an IP address and port for zonal network endpoint group backends.
    - network_endpoint_group_uri
      Type: STRING
      Provider name: networkEndpointGroupUri
      Description: URI of the network endpoint group this backend belongs to (if applicable).
    - psc_google_api_target
      Type: STRING
      Provider name: pscGoogleApiTarget
      Description: PSC Google API target this PSC NEG backend targets (if applicable).
    - psc_service_attachment_uri
      Type: STRING
      Provider name: pscServiceAttachmentUri
      Description: URI of the PSC service attachment this PSC NEG backend targets (if applicable).
  - nat
    Type: STRUCT
    Provider name: nat
    Description: Display information of a NAT.
    - nat_gateway_name
      Type: STRING
      Provider name: natGatewayName
      Description: The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network where NAT translation takes place.
    - new_destination_ip
      Type: STRING
      Provider name: newDestinationIp
      Description: Destination IP address after NAT translation.
    - new_destination_port
      Type: INT32
      Provider name: newDestinationPort
      Description: Destination port after NAT translation. Only valid when protocol is TCP or UDP.
    - new_source_ip
      Type: STRING
      Provider name: newSourceIp
      Description: Source IP address after NAT translation.
    - new_source_port
      Type: INT32
      Provider name: newSourcePort
      Description: Source port after NAT translation. Only valid when protocol is TCP or UDP.
    - old_destination_ip
      Type: STRING
      Provider name: oldDestinationIp
      Description: Destination IP address before NAT translation.
    - old_destination_port
      Type: INT32
      Provider name: oldDestinationPort
      Description: Destination port before NAT translation. Only valid when protocol is TCP or UDP.
    - old_source_ip
      Type: STRING
      Provider name: oldSourceIp
      Description: Source IP address before NAT translation.
    - old_source_port
      Type: INT32
      Provider name: oldSourcePort
      Description: Source port before NAT translation. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - router_uri
      Type: STRING
      Provider name: routerUri
      Description: Uri of the Cloud Router. Only valid when type is CLOUD_NAT.
    - type
      Type: STRING
      Provider name: type
      Description: Type of NAT.
      Possible values:
      - TYPE_UNSPECIFIED - Type is unspecified.
      - INTERNAL_TO_EXTERNAL - From Compute Engine instance’s internal address to external address.
      - EXTERNAL_TO_INTERNAL - From Compute Engine instance’s external address to internal address.
      - CLOUD_NAT - Cloud NAT Gateway.
      - PRIVATE_SERVICE_CONNECT - Private service connect NAT.
  - network
    Type: STRUCT
    Provider name: network
    Description: Display information of a Google Cloud network.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Compute Engine network.
    - matched_ip_range
      Type: STRING
      Provider name: matchedIpRange
      Description: The IP range of the subnet matching the source IP address of the test.
    - matched_subnet_uri
      Type: STRING
      Provider name: matchedSubnetUri
      Description: URI of the subnet matching the source IP address of the test.
    - region
      Type: STRING
      Provider name: region
      Description: The region of the subnet matching the source IP address of the test.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Compute Engine network.
  - project_id
    Type: STRING
    Provider name: projectId
    Description: Project ID that contains the configuration this step is validating.
  - proxy_connection
    Type: STRUCT
    Provider name: proxyConnection
    Description: Display information of a ProxyConnection.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network where connection is proxied.
    - new_destination_ip
      Type: STRING
      Provider name: newDestinationIp
      Description: Destination IP address of a new connection.
    - new_destination_port
      Type: INT32
      Provider name: newDestinationPort
      Description: Destination port of a new connection. Only valid when protocol is TCP or UDP.
    - new_source_ip
      Type: STRING
      Provider name: newSourceIp
      Description: Source IP address of a new connection.
    - new_source_port
      Type: INT32
      Provider name: newSourcePort
      Description: Source port of a new connection. Only valid when protocol is TCP or UDP.
    - old_destination_ip
      Type: STRING
      Provider name: oldDestinationIp
      Description: Destination IP address of an original connection
    - old_destination_port
      Type: INT32
      Provider name: oldDestinationPort
      Description: Destination port of an original connection. Only valid when protocol is TCP or UDP.
    - old_source_ip
      Type: STRING
      Provider name: oldSourceIp
      Description: Source IP address of an original connection.
    - old_source_port
      Type: INT32
      Provider name: oldSourcePort
      Description: Source port of an original connection. Only valid when protocol is TCP or UDP.
    - protocol
      Type: STRING
      Provider name: protocol
      Description: IP protocol in string format, for example: “TCP”, “UDP”, “ICMP”.
    - subnet_uri
      Type: STRING
      Provider name: subnetUri
      Description: Uri of proxy subnet.
  - redis_cluster
    Type: STRUCT
    Provider name: redisCluster
    Description: Display information of a Redis Cluster.
    - discovery_endpoint_ip_address
      Type: STRING
      Provider name: discoveryEndpointIpAddress
      Description: Discovery endpoint IP address of a Redis Cluster.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Redis Cluster.
    - location
      Type: STRING
      Provider name: location
      Description: Name of the region in which the Redis Cluster is defined. For example, “us-central1”.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of the network containing the Redis Cluster endpoints in format “projects/{project_id}/global/networks/{network_id}”.
    - secondary_endpoint_ip_address
      Type: STRING
      Provider name: secondaryEndpointIpAddress
      Description: Secondary endpoint IP address of a Redis Cluster.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Redis Cluster in format “projects/{project_id}/locations/{location}/clusters/{cluster_id}"
  - redis_instance
    Type: STRUCT
    Provider name: redisInstance
    Description: Display information of a Redis Instance.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a Cloud Redis Instance.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Cloud Redis Instance network.
    - primary_endpoint_ip
      Type: STRING
      Provider name: primaryEndpointIp
      Description: Primary endpoint IP address of a Cloud Redis Instance.
    - read_endpoint_ip
      Type: STRING
      Provider name: readEndpointIp
      Description: Read endpoint IP address of a Cloud Redis Instance (if applicable).
    - region
      Type: STRING
      Provider name: region
      Description: Region in which the Cloud Redis Instance is defined.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a Cloud Redis Instance.
  - route
    Type: STRUCT
    Provider name: route
    Description: Display information of a Compute Engine route.
    - advertised_route_next_hop_uri
      Type: STRING
      Provider name: advertisedRouteNextHopUri
      Description: For ADVERTISED routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network. Deprecated in favor of the next_hop_uri field, not used in new tests.
    - advertised_route_source_router_uri
      Type: STRING
      Provider name: advertisedRouteSourceRouterUri
      Description: For ADVERTISED dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix.
    - dest_ip_range
      Type: STRING
      Provider name: destIpRange
      Description: Destination IP range of the route.
    - dest_port_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: destPortRanges
      Description: Destination port ranges of the route. POLICY_BASED routes only.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a route.
    - instance_tags
      Type: UNORDERED_LIST_STRING
      Provider name: instanceTags
      Description: Instance tags of the route.
    - ncc_hub_route_uri
      Type: STRING
      Provider name: nccHubRouteUri
      Description: For PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub, the URI of the corresponding route in NCC Hub’s routing table.
    - ncc_hub_uri
      Type: STRING
      Provider name: nccHubUri
      Description: URI of the NCC Hub the route is advertised by. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only.
    - ncc_spoke_uri
      Type: STRING
      Provider name: nccSpokeUri
      Description: URI of the destination NCC Spoke. PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC Hub only.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a VPC network where route is located.
    - next_hop
      Type: STRING
      Provider name: nextHop
      Description: String type of the next hop of the route (for example, “VPN tunnel”). Deprecated in favor of the next_hop_type and next_hop_uri fields, not used in new tests.
    - next_hop_network_uri
      Type: STRING
      Provider name: nextHopNetworkUri
      Description: URI of a VPC network where the next hop resource is located.
    - next_hop_type
      Type: STRING
      Provider name: nextHopType
      Description: Type of next hop.
      Possible values:
      - NEXT_HOP_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - NEXT_HOP_IP - Next hop is an IP address.
      - NEXT_HOP_INSTANCE - Next hop is a Compute Engine instance.
      - NEXT_HOP_NETWORK - Next hop is a VPC network gateway.
      - NEXT_HOP_PEERING - Next hop is a peering VPC. This scenario only happens when the user doesn’t have permissions to the project where the next hop resource is located.
      - NEXT_HOP_INTERCONNECT - Next hop is an interconnect.
      - NEXT_HOP_VPN_TUNNEL - Next hop is a VPN tunnel.
      - NEXT_HOP_VPN_GATEWAY - Next hop is a VPN gateway. This scenario only happens when tracing connectivity from an on-premises network to Google Cloud through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arriving at a Cloud VPN gateway.
      - NEXT_HOP_INTERNET_GATEWAY - Next hop is an internet gateway.
      - NEXT_HOP_BLACKHOLE - Next hop is blackhole; that is, the next hop either does not exist or is unusable.
      - NEXT_HOP_ILB - Next hop is the forwarding rule of an Internal Load Balancer.
      - NEXT_HOP_ROUTER_APPLIANCE - Next hop is a router appliance instance.
      - NEXT_HOP_NCC_HUB - Next hop is an NCC hub. This scenario only happens when the user doesn’t have permissions to the project where the next hop resource is located.
      - SECURE_WEB_PROXY_GATEWAY - Next hop is Secure Web Proxy Gateway.
    - next_hop_uri
      Type: STRING
      Provider name: nextHopUri
      Description: URI of the next hop resource.
    - originating_route_display_name
      Type: STRING
      Provider name: originatingRouteDisplayName
      Description: For PEERING_SUBNET, PEERING_STATIC and PEERING_DYNAMIC routes, the name of the originating SUBNET/STATIC/DYNAMIC route.
    - originating_route_uri
      Type: STRING
      Provider name: originatingRouteUri
      Description: For PEERING_SUBNET and PEERING_STATIC routes, the URI of the originating SUBNET/STATIC route.
    - priority
      Type: INT32
      Provider name: priority
      Description: Priority of the route.
    - protocols
      Type: UNORDERED_LIST_STRING
      Provider name: protocols
      Description: Protocols of the route. POLICY_BASED routes only.
    - region
      Type: STRING
      Provider name: region
      Description: Region of the route. DYNAMIC, PEERING_DYNAMIC, POLICY_BASED and ADVERTISED routes only. If set for POLICY_BASED route, this is a region of VLAN attachments for Cloud Interconnect the route applies to.
    - route_scope
      Type: STRING
      Provider name: routeScope
      Description: Indicates where route is applicable. Deprecated, routes with NCC_HUB scope are not included in the trace in new tests.
      Possible values:
      - ROUTE_SCOPE_UNSPECIFIED - Unspecified scope. Default value.
      - NETWORK - Route is applicable to packets in Network.
      - NCC_HUB - Route is applicable to packets using NCC Hub’s routing table.
    - route_type
      Type: STRING
      Provider name: routeType
      Description: Type of route.
      Possible values:
      - ROUTE_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - SUBNET - Route is a subnet route automatically created by the system.
      - STATIC - Static route created by the user, including the default route to the internet.
      - DYNAMIC - Dynamic route exchanged between BGP peers.
      - PEERING_SUBNET - A subnet route received from peering network or NCC Hub.
      - PEERING_STATIC - A static route received from peering network.
      - PEERING_DYNAMIC - A dynamic route received from peering network or NCC Hub.
      - POLICY_BASED - Policy based route.
      - ADVERTISED - Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests.
    - src_ip_range
      Type: STRING
      Provider name: srcIpRange
      Description: Source IP address range of the route. POLICY_BASED routes only.
    - src_port_ranges
      Type: UNORDERED_LIST_STRING
      Provider name: srcPortRanges
      Description: Source port ranges of the route. POLICY_BASED routes only.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a route. SUBNET, STATIC, PEERING_SUBNET (only for peering network) and POLICY_BASED routes only.
  - serverless_external_connection
    Type: STRUCT
    Provider name: serverlessExternalConnection
    Description: Display information of a serverless public (external) connection.
    - selected_ip_address
      Type: STRING
      Provider name: selectedIpAddress
      Description: Selected starting IP address, from the Google dynamic address pool.
  - serverless_neg
    Type: STRUCT
    Provider name: serverlessNeg
    Description: Display information of a Serverless network endpoint group backend. Used only for return traces.
    - neg_uri
      Type: STRING
      Provider name: negUri
      Description: URI of the serverless network endpoint group.
  - state
    Type: STRING
    Provider name: state
    Description: Each step is in one of the pre-defined states.
    Possible values:
    - STATE_UNSPECIFIED - Unspecified state.
    - START_FROM_INSTANCE - Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information.
    - START_FROM_INTERNET - Initial state: packet originating from the internet. The endpoint information is populated.
    - START_FROM_GOOGLE_SERVICE - Initial state: packet originating from a Google service. The google_service information is populated.
    - START_FROM_PRIVATE_NETWORK - Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network.
    - START_FROM_GKE_MASTER - Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information.
    - START_FROM_CLOUD_SQL_INSTANCE - Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information.
    - START_FROM_REDIS_INSTANCE - Initial state: packet originating from a Redis instance. A RedisInstanceInfo is populated with starting instance information.
    - START_FROM_REDIS_CLUSTER - Initial state: packet originating from a Redis Cluster. A RedisClusterInfo is populated with starting Cluster information.
    - START_FROM_CLOUD_FUNCTION - Initial state: packet originating from a Cloud Function. A CloudFunctionInfo is populated with starting function information.
    - START_FROM_APP_ENGINE_VERSION - Initial state: packet originating from an App Engine service version. An AppEngineVersionInfo is populated with starting version information.
    - START_FROM_CLOUD_RUN_REVISION - Initial state: packet originating from a Cloud Run revision. A CloudRunRevisionInfo is populated with starting revision information.
    - START_FROM_STORAGE_BUCKET - Initial state: packet originating from a Storage Bucket. Used only for return traces. The storage_bucket information is populated.
    - START_FROM_PSC_PUBLISHED_SERVICE - Initial state: packet originating from a published service that uses Private Service Connect. Used only for return traces.
    - START_FROM_SERVERLESS_NEG - Initial state: packet originating from a serverless network endpoint group backend. Used only for return traces. The serverless_neg information is populated.
    - APPLY_INGRESS_FIREWALL_RULE - Config checking state: verify ingress firewall rule.
    - APPLY_EGRESS_FIREWALL_RULE - Config checking state: verify egress firewall rule.
    - APPLY_ROUTE - Config checking state: verify route.
    - APPLY_FORWARDING_RULE - Config checking state: match forwarding rule.
    - ANALYZE_LOAD_BALANCER_BACKEND - Config checking state: verify load balancer backend configuration.
    - SPOOFING_APPROVED - Config checking state: packet sent or received under foreign IP address and allowed.
    - ARRIVE_AT_INSTANCE - Forwarding state: arriving at a Compute Engine instance.
    - ARRIVE_AT_INTERNAL_LOAD_BALANCER - Forwarding state: arriving at a Compute Engine internal load balancer.
    - ARRIVE_AT_EXTERNAL_LOAD_BALANCER - Forwarding state: arriving at a Compute Engine external load balancer.
    - ARRIVE_AT_VPN_GATEWAY - Forwarding state: arriving at a Cloud VPN gateway.
    - ARRIVE_AT_VPN_TUNNEL - Forwarding state: arriving at a Cloud VPN tunnel.
    - ARRIVE_AT_INTERCONNECT_ATTACHMENT - Forwarding state: arriving at an interconnect attachment.
    - ARRIVE_AT_VPC_CONNECTOR - Forwarding state: arriving at a VPC connector.
    - DIRECT_VPC_EGRESS_CONNECTION - Forwarding state: for packets originating from a serverless endpoint forwarded through Direct VPC egress.
    - SERVERLESS_EXTERNAL_CONNECTION - Forwarding state: for packets originating from a serverless endpoint forwarded through public (external) connectivity.
    - NAT - Transition state: packet header translated.
    - PROXY_CONNECTION - Transition state: original connection is terminated and a new proxied connection is initiated.
    - DELIVER - Final state: packet could be delivered.
    - DROP - Final state: packet could be dropped.
    - FORWARD - Final state: packet could be forwarded to a network with an unknown configuration.
    - ABORT - Final state: analysis is aborted.
    - VIEWER_PERMISSION_MISSING - Special state: viewer of the test result does not have permission to see the configuration in this step.
  - storage_bucket
    Type: STRUCT
    Provider name: storageBucket
    Description: Display information of a Storage Bucket. Used only for return traces.
    - bucket
      Type: STRING
      Provider name: bucket
      Description: Cloud Storage Bucket name.
  - vpc_connector
    Type: STRUCT
    Provider name: vpcConnector
    Description: Display information of a VPC connector.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPC connector.
    - location
      Type: STRING
      Provider name: location
      Description: Location in which the VPC connector is deployed.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPC connector.
  - vpn_gateway
    Type: STRUCT
    Provider name: vpnGateway
    Description: Display information of a Compute Engine VPN gateway.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPN gateway.
    - ip_address
      Type: STRING
      Provider name: ipAddress
      Description: IP address of the VPN gateway.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network where the VPN gateway is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where this VPN gateway is configured.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPN gateway.
    - vpn_tunnel_uri
      Type: STRING
      Provider name: vpnTunnelUri
      Description: A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed.
  - vpn_tunnel
    Type: STRUCT
    Provider name: vpnTunnel
    Description: Display information of a Compute Engine VPN tunnel.
    - gcp_display_name
      Type: STRING
      Provider name: displayName
      Description: Name of a VPN tunnel.
    - network_uri
      Type: STRING
      Provider name: networkUri
      Description: URI of a Compute Engine network where the VPN tunnel is configured.
    - region
      Type: STRING
      Provider name: region
      Description: Name of a Google Cloud region where this VPN tunnel is configured.
    - remote_gateway
      Type: STRING
      Provider name: remoteGateway
      Description: URI of a VPN gateway at remote end of the tunnel.
    - remote_gateway_ip
      Type: STRING
      Provider name: remoteGatewayIp
      Description: Remote VPN gateway’s IP address.
    - routing_type
      Type: STRING
      Provider name: routingType
      Description: Type of the routing policy.
      Possible values:
      - ROUTING_TYPE_UNSPECIFIED - Unspecified type. Default value.
      - ROUTE_BASED - Route based VPN.
      - POLICY_BASED - Policy based routing.
      - DYNAMIC - Dynamic (BGP) routing.
    - source_gateway
      Type: STRING
      Provider name: sourceGateway
      Description: URI of the VPN gateway at local end of the tunnel.
    - source_gateway_ip
      Type: STRING
      Provider name: sourceGatewayIp
      Description: Local VPN gateway’s IP address.
    - uri
      Type: STRING
      Provider name: uri
      Description: URI of a VPN tunnel.
verify_time
Type: TIMESTAMP
Provider name: verifyTime
Description: The time of the configuration analysis.

`round_trip`

Type: BOOLEAN
Provider name: roundTrip
Description: Whether run analysis for the return path from destination to source. Default value is false.

`tags`

Type: UNORDERED_LIST_STRING

`update_time`

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. The time the test’s configuration was updated.