|
591 | 591 | } |
592 | 592 | } |
593 | 593 | }, |
594 | | - "revision": "20231108", |
| 594 | + "revision": "20231129", |
595 | 595 | "rootUrl": "https://networkmanagement.googleapis.com/", |
596 | 596 | "schemas": { |
597 | 597 | "AbortInfo": { |
|
997 | 997 | "NO_ROUTE", |
998 | 998 | "ROUTE_BLACKHOLE", |
999 | 999 | "ROUTE_WRONG_NETWORK", |
| 1000 | + "ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED", |
| 1001 | + "ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND", |
| 1002 | + "NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS", |
| 1003 | + "VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH", |
| 1004 | + "VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH", |
1000 | 1005 | "PRIVATE_TRAFFIC_TO_INTERNET", |
1001 | 1006 | "PRIVATE_GOOGLE_ACCESS_DISALLOWED", |
| 1007 | + "PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED", |
1002 | 1008 | "NO_EXTERNAL_ADDRESS", |
1003 | 1009 | "UNKNOWN_INTERNAL_ADDRESS", |
1004 | 1010 | "FORWARDING_RULE_MISMATCH", |
1005 | | - "FORWARDING_RULE_REGION_MISMATCH", |
1006 | 1011 | "FORWARDING_RULE_NO_INSTANCES", |
1007 | 1012 | "FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK", |
1008 | 1013 | "INSTANCE_NOT_RUNNING", |
|
1026 | 1031 | "CLOUD_FUNCTION_NOT_ACTIVE", |
1027 | 1032 | "VPC_CONNECTOR_NOT_SET", |
1028 | 1033 | "VPC_CONNECTOR_NOT_RUNNING", |
| 1034 | + "FORWARDING_RULE_REGION_MISMATCH", |
1029 | 1035 | "PSC_CONNECTION_NOT_ACCEPTED", |
| 1036 | + "PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK", |
1030 | 1037 | "CLOUD_RUN_REVISION_NOT_READY", |
1031 | 1038 | "DROPPED_INSIDE_PSC_SERVICE_PRODUCER", |
1032 | | - "LOAD_BALANCER_HAS_NO_PROXY_SUBNET" |
| 1039 | + "LOAD_BALANCER_HAS_NO_PROXY_SUBNET", |
| 1040 | + "CLOUD_NAT_NO_ADDRESSES" |
1033 | 1041 | ], |
1034 | 1042 | "enumDescriptions": [ |
1035 | 1043 | "Cause is unspecified.", |
1036 | 1044 | "Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input.", |
1037 | 1045 | "A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled.", |
1038 | 1046 | "Dropped due to a firewall rule, unless allowed due to connection tracking.", |
1039 | | - "Dropped due to no routes.", |
| 1047 | + "Dropped due to no matching routes.", |
1040 | 1048 | "Dropped due to invalid route. Route's next hop is a blackhole.", |
1041 | 1049 | "Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3.", |
| 1050 | + "Route's next hop IP address cannot be resolved to a GCP resource.", |
| 1051 | + "Route's next hop resource is not found.", |
| 1052 | + "Packet is sent from the Internet to the private IPv6 address.", |
| 1053 | + "The packet does not match a policy-based VPN tunnel local selector.", |
| 1054 | + "The packet does not match a policy-based VPN tunnel remote selector.", |
1042 | 1055 | "Packet with internal destination address sent to the internet gateway.", |
1043 | | - "Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled.", |
| 1056 | + "Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet.", |
| 1057 | + "Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network.", |
1044 | 1058 | "Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection.", |
1045 | 1059 | "Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.", |
1046 | 1060 | "Forwarding rule's protocol and ports do not match the packet header.", |
1047 | | - "Packet could be dropped because it was sent from a different region to a regional forwarding without global access.", |
1048 | 1061 | "Forwarding rule does not have backends configured.", |
1049 | 1062 | "Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see [Health check firewall rules](https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules).", |
1050 | 1063 | "Packet is sent from or to a Compute Engine instance that is not in a running state.", |
|
1068 | 1081 | "Packet could be dropped because the Cloud Function is not in an active status.", |
1069 | 1082 | "Packet could be dropped because no VPC connector is set.", |
1070 | 1083 | "Packet could be dropped because the VPC connector is not in a running state.", |
| 1084 | + "Packet could be dropped because it was sent from a different region to a regional forwarding without global access.", |
1071 | 1085 | "The Private Service Connect endpoint is in a project that is not approved to connect to the service.", |
| 1086 | + "The packet is sent to the Private Service Connect endpoint over the peering, but [it's not supported](https://cloud.google.com/vpc/docs/configure-private-service-connect-services#on-premises).", |
1072 | 1087 | "Packet sent from a Cloud Run revision that is not ready.", |
1073 | 1088 | "Packet was dropped inside Private Service Connect service producer.", |
1074 | | - "Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found." |
| 1089 | + "Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found.", |
| 1090 | + "Packet sent to Cloud Nat without active NAT IPs." |
1075 | 1091 | ], |
1076 | 1092 | "type": "string" |
1077 | 1093 | }, |
| 1094 | + "destinationIp": { |
| 1095 | + "description": "Destination IP address of the dropped packet (if relevant).", |
| 1096 | + "type": "string" |
| 1097 | + }, |
| 1098 | + "region": { |
| 1099 | + "description": "Region of the dropped packet (if relevant).", |
| 1100 | + "type": "string" |
| 1101 | + }, |
1078 | 1102 | "resourceUri": { |
1079 | 1103 | "description": "URI of the resource that caused the drop.", |
1080 | 1104 | "type": "string" |
| 1105 | + }, |
| 1106 | + "sourceIp": { |
| 1107 | + "description": "Source IP address of the dropped packet (if relevant).", |
| 1108 | + "type": "string" |
1081 | 1109 | } |
1082 | 1110 | }, |
1083 | 1111 | "type": "object" |
|
1151 | 1179 | "type": "string" |
1152 | 1180 | }, |
1153 | 1181 | "ipAddress": { |
1154 | | - "description": "The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a [global load balancer VIP](https://cloud.google.com/load-balancing/docs/load-balancing-overview).", |
| 1182 | + "description": "The IP address of the endpoint, which can be an external or internal IP.", |
1155 | 1183 | "type": "string" |
1156 | 1184 | }, |
1157 | 1185 | "loadBalancerId": { |
|
1463 | 1491 | "GOOGLE_SERVICE_TYPE_UNSPECIFIED", |
1464 | 1492 | "IAP", |
1465 | 1493 | "GFE_PROXY_OR_HEALTH_CHECK_PROBER", |
1466 | | - "CLOUD_DNS" |
| 1494 | + "CLOUD_DNS", |
| 1495 | + "GOOGLE_API", |
| 1496 | + "GOOGLE_API_PSC", |
| 1497 | + "GOOGLE_API_VPC_SC" |
1467 | 1498 | ], |
1468 | 1499 | "enumDescriptions": [ |
1469 | | - "Unspecified Google Service. Includes most of Google APIs and services.", |
| 1500 | + "Unspecified Google Service.", |
1470 | 1501 | "Identity aware proxy. https://cloud.google.com/iap/docs/using-tcp-forwarding", |
1471 | 1502 | "One of two services sharing IP ranges: * Load Balancer proxy * Centralized Health Check prober https://cloud.google.com/load-balancing/docs/firewall-rules", |
1472 | | - "Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules" |
| 1503 | + "Connectivity from Cloud DNS to forwarding targets or alternate name servers that use private routing. https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules https://cloud.google.com/dns/docs/policies#firewall-rules", |
| 1504 | + "private.googleapis.com and restricted.googleapis.com", |
| 1505 | + "Google API via Private Service Connect. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis", |
| 1506 | + "Google API via VPC Service Controls. https://cloud.google.com/vpc/docs/configure-private-service-connect-apis" |
1473 | 1507 | ], |
1474 | 1508 | "type": "string" |
1475 | 1509 | }, |
|
1658 | 1692 | }, |
1659 | 1693 | "type": "object" |
1660 | 1694 | }, |
| 1695 | + "LoadBalancerBackendInfo": { |
| 1696 | + "description": "For display only. Metadata associated with the load balancer backend.", |
| 1697 | + "id": "LoadBalancerBackendInfo", |
| 1698 | + "properties": { |
| 1699 | + "backendDisplayName": { |
| 1700 | + "description": "Display name of the backend. For example, it might be an instance name for the instance group backends, or an IP address and port for zonal network endpoint group backends.", |
| 1701 | + "type": "string" |
| 1702 | + }, |
| 1703 | + "backendServiceUri": { |
| 1704 | + "description": "URI of the backend service this backend belongs to (if applicable).", |
| 1705 | + "type": "string" |
| 1706 | + }, |
| 1707 | + "healthCheckConfigState": { |
| 1708 | + "description": "Output only. Health check configuration state for the backend. This is a result of the static firewall analysis (verifying that health check traffic from required IP ranges to the backend is allowed or not). The backend might still be unhealthy even if these firewalls are configured. Please refer to the documentation for more information: https://cloud.google.com/load-balancing/docs/firewall-rules", |
| 1709 | + "enum": [ |
| 1710 | + "HEALTH_CHECK_CONFIG_STATE_UNSPECIFIED", |
| 1711 | + "FIREWALLS_CONFIGURED", |
| 1712 | + "FIREWALLS_PARTIALLY_CONFIGURED", |
| 1713 | + "FIREWALLS_NOT_CONFIGURED", |
| 1714 | + "FIREWALLS_UNSUPPORTED" |
| 1715 | + ], |
| 1716 | + "enumDescriptions": [ |
| 1717 | + "Configuration state unspecified. It usually means that the backend has no health check attached, or there was an unexpected configuration error preventing Connectivity tests from verifying health check configuration.", |
| 1718 | + "Firewall rules (policies) allowing health check traffic from all required IP ranges to the backend are configured.", |
| 1719 | + "Firewall rules (policies) allow health check traffic only from a part of required IP ranges.", |
| 1720 | + "Firewall rules (policies) deny health check traffic from all required IP ranges to the backend.", |
| 1721 | + "The network contains firewall rules of unsupported types, so Connectivity tests were not able to verify health check configuration status. Please refer to the documentation for the list of unsupported configurations: https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/concepts/overview#unsupported-configs" |
| 1722 | + ], |
| 1723 | + "readOnly": true, |
| 1724 | + "type": "string" |
| 1725 | + }, |
| 1726 | + "healthCheckUri": { |
| 1727 | + "description": "URI of the health check attached to this backend (if applicable).", |
| 1728 | + "type": "string" |
| 1729 | + }, |
| 1730 | + "instanceGroupUri": { |
| 1731 | + "description": "URI of the instance group this backend belongs to (if applicable).", |
| 1732 | + "type": "string" |
| 1733 | + }, |
| 1734 | + "instanceUri": { |
| 1735 | + "description": "URI of the backend instance (if applicable). Populated for instance group backends, and zonal NEG backends.", |
| 1736 | + "type": "string" |
| 1737 | + }, |
| 1738 | + "networkEndpointGroupUri": { |
| 1739 | + "description": "URI of the network endpoint group this backend belongs to (if applicable).", |
| 1740 | + "type": "string" |
| 1741 | + } |
| 1742 | + }, |
| 1743 | + "type": "object" |
| 1744 | + }, |
1661 | 1745 | "LoadBalancerInfo": { |
1662 | 1746 | "description": "For display only. Metadata associated with a load balancer.", |
1663 | 1747 | "id": "LoadBalancerInfo", |
|
1751 | 1835 | }, |
1752 | 1836 | "type": "object" |
1753 | 1837 | }, |
| 1838 | + "NatInfo": { |
| 1839 | + "description": "For display only. Metadata associated with NAT.", |
| 1840 | + "id": "NatInfo", |
| 1841 | + "properties": { |
| 1842 | + "natGatewayName": { |
| 1843 | + "description": "The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT.", |
| 1844 | + "type": "string" |
| 1845 | + }, |
| 1846 | + "networkUri": { |
| 1847 | + "description": "URI of the network where NAT translation takes place.", |
| 1848 | + "type": "string" |
| 1849 | + }, |
| 1850 | + "newDestinationIp": { |
| 1851 | + "description": "Destination IP address after NAT translation.", |
| 1852 | + "type": "string" |
| 1853 | + }, |
| 1854 | + "newDestinationPort": { |
| 1855 | + "description": "Destination port after NAT translation. Only valid when protocol is TCP or UDP.", |
| 1856 | + "format": "int32", |
| 1857 | + "type": "integer" |
| 1858 | + }, |
| 1859 | + "newSourceIp": { |
| 1860 | + "description": "Source IP address after NAT translation.", |
| 1861 | + "type": "string" |
| 1862 | + }, |
| 1863 | + "newSourcePort": { |
| 1864 | + "description": "Source port after NAT translation. Only valid when protocol is TCP or UDP.", |
| 1865 | + "format": "int32", |
| 1866 | + "type": "integer" |
| 1867 | + }, |
| 1868 | + "oldDestinationIp": { |
| 1869 | + "description": "Destination IP address before NAT translation.", |
| 1870 | + "type": "string" |
| 1871 | + }, |
| 1872 | + "oldDestinationPort": { |
| 1873 | + "description": "Destination port before NAT translation. Only valid when protocol is TCP or UDP.", |
| 1874 | + "format": "int32", |
| 1875 | + "type": "integer" |
| 1876 | + }, |
| 1877 | + "oldSourceIp": { |
| 1878 | + "description": "Source IP address before NAT translation.", |
| 1879 | + "type": "string" |
| 1880 | + }, |
| 1881 | + "oldSourcePort": { |
| 1882 | + "description": "Source port before NAT translation. Only valid when protocol is TCP or UDP.", |
| 1883 | + "format": "int32", |
| 1884 | + "type": "integer" |
| 1885 | + }, |
| 1886 | + "protocol": { |
| 1887 | + "description": "IP protocol in string format, for example: \"TCP\", \"UDP\", \"ICMP\".", |
| 1888 | + "type": "string" |
| 1889 | + }, |
| 1890 | + "routerUri": { |
| 1891 | + "description": "Uri of the Cloud Router. Only valid when type is CLOUD_NAT.", |
| 1892 | + "type": "string" |
| 1893 | + }, |
| 1894 | + "type": { |
| 1895 | + "description": "Type of NAT.", |
| 1896 | + "enum": [ |
| 1897 | + "TYPE_UNSPECIFIED", |
| 1898 | + "INTERNAL_TO_EXTERNAL", |
| 1899 | + "EXTERNAL_TO_INTERNAL", |
| 1900 | + "CLOUD_NAT", |
| 1901 | + "PRIVATE_SERVICE_CONNECT" |
| 1902 | + ], |
| 1903 | + "enumDescriptions": [ |
| 1904 | + "Type is unspecified.", |
| 1905 | + "From Compute Engine instance's internal address to external address.", |
| 1906 | + "From Compute Engine instance's external address to internal address.", |
| 1907 | + "Cloud NAT Gateway.", |
| 1908 | + "Private service connect NAT." |
| 1909 | + ], |
| 1910 | + "type": "string" |
| 1911 | + } |
| 1912 | + }, |
| 1913 | + "type": "object" |
| 1914 | + }, |
1754 | 1915 | "NetworkInfo": { |
1755 | 1916 | "description": "For display only. Metadata associated with a Compute Engine network.", |
1756 | 1917 | "id": "NetworkInfo", |
|
1943 | 2104 | }, |
1944 | 2105 | "type": "object" |
1945 | 2106 | }, |
| 2107 | + "ProxyConnectionInfo": { |
| 2108 | + "description": "For display only. Metadata associated with ProxyConnection.", |
| 2109 | + "id": "ProxyConnectionInfo", |
| 2110 | + "properties": { |
| 2111 | + "networkUri": { |
| 2112 | + "description": "URI of the network where connection is proxied.", |
| 2113 | + "type": "string" |
| 2114 | + }, |
| 2115 | + "newDestinationIp": { |
| 2116 | + "description": "Destination IP address of a new connection.", |
| 2117 | + "type": "string" |
| 2118 | + }, |
| 2119 | + "newDestinationPort": { |
| 2120 | + "description": "Destination port of a new connection. Only valid when protocol is TCP or UDP.", |
| 2121 | + "format": "int32", |
| 2122 | + "type": "integer" |
| 2123 | + }, |
| 2124 | + "newSourceIp": { |
| 2125 | + "description": "Source IP address of a new connection.", |
| 2126 | + "type": "string" |
| 2127 | + }, |
| 2128 | + "newSourcePort": { |
| 2129 | + "description": "Source port of a new connection. Only valid when protocol is TCP or UDP.", |
| 2130 | + "format": "int32", |
| 2131 | + "type": "integer" |
| 2132 | + }, |
| 2133 | + "oldDestinationIp": { |
| 2134 | + "description": "Destination IP address of an original connection", |
| 2135 | + "type": "string" |
| 2136 | + }, |
| 2137 | + "oldDestinationPort": { |
| 2138 | + "description": "Destination port of an original connection. Only valid when protocol is TCP or UDP.", |
| 2139 | + "format": "int32", |
| 2140 | + "type": "integer" |
| 2141 | + }, |
| 2142 | + "oldSourceIp": { |
| 2143 | + "description": "Source IP address of an original connection.", |
| 2144 | + "type": "string" |
| 2145 | + }, |
| 2146 | + "oldSourcePort": { |
| 2147 | + "description": "Source port of an original connection. Only valid when protocol is TCP or UDP.", |
| 2148 | + "format": "int32", |
| 2149 | + "type": "integer" |
| 2150 | + }, |
| 2151 | + "protocol": { |
| 2152 | + "description": "IP protocol in string format, for example: \"TCP\", \"UDP\", \"ICMP\".", |
| 2153 | + "type": "string" |
| 2154 | + }, |
| 2155 | + "subnetUri": { |
| 2156 | + "description": "Uri of proxy subnet.", |
| 2157 | + "type": "string" |
| 2158 | + } |
| 2159 | + }, |
| 2160 | + "type": "object" |
| 2161 | + }, |
1946 | 2162 | "ReachabilityDetails": { |
1947 | 2163 | "description": "Results of the configuration analysis from the last run of the test.", |
1948 | 2164 | "id": "ReachabilityDetails", |
|
2249 | 2465 | "$ref": "LoadBalancerInfo", |
2250 | 2466 | "description": "Display information of the load balancers." |
2251 | 2467 | }, |
| 2468 | + "loadBalancerBackendInfo": { |
| 2469 | + "$ref": "LoadBalancerBackendInfo", |
| 2470 | + "description": "Display information of a specific load balancer backend." |
| 2471 | + }, |
| 2472 | + "nat": { |
| 2473 | + "$ref": "NatInfo", |
| 2474 | + "description": "Display information of a NAT." |
| 2475 | + }, |
2252 | 2476 | "network": { |
2253 | 2477 | "$ref": "NetworkInfo", |
2254 | 2478 | "description": "Display information of a Google Cloud network." |
|
2257 | 2481 | "description": "Project ID that contains the configuration this step is validating.", |
2258 | 2482 | "type": "string" |
2259 | 2483 | }, |
| 2484 | + "proxyConnection": { |
| 2485 | + "$ref": "ProxyConnectionInfo", |
| 2486 | + "description": "Display information of a ProxyConnection." |
| 2487 | + }, |
2260 | 2488 | "route": { |
2261 | 2489 | "$ref": "RouteInfo", |
2262 | 2490 | "description": "Display information of a Compute Engine route." |
|
2278 | 2506 | "APPLY_EGRESS_FIREWALL_RULE", |
2279 | 2507 | "APPLY_ROUTE", |
2280 | 2508 | "APPLY_FORWARDING_RULE", |
| 2509 | + "ANALYZE_LOAD_BALANCER_BACKEND", |
2281 | 2510 | "SPOOFING_APPROVED", |
2282 | 2511 | "ARRIVE_AT_INSTANCE", |
2283 | 2512 | "ARRIVE_AT_INTERNAL_LOAD_BALANCER", |
|
2297 | 2526 | "Unspecified state.", |
2298 | 2527 | "Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information.", |
2299 | 2528 | "Initial state: packet originating from the internet. The endpoint information is populated.", |
2300 | | - "Initial state: packet originating from a Google service. Some Google services, such as health check probers or Identity Aware Proxy use special routes, outside VPC routing configuration to reach Compute Engine Instances.", |
| 2529 | + "Initial state: packet originating from a Google service. The google_service information is populated.", |
2301 | 2530 | "Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network.", |
2302 | 2531 | "Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information.", |
2303 | 2532 | "Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information.", |
|
2308 | 2537 | "Config checking state: verify egress firewall rule.", |
2309 | 2538 | "Config checking state: verify route.", |
2310 | 2539 | "Config checking state: match forwarding rule.", |
| 2540 | + "Config checking state: verify load balancer backend configuration.", |
2311 | 2541 | "Config checking state: packet sent or received under foreign IP address and allowed.", |
2312 | 2542 | "Forwarding state: arriving at a Compute Engine instance.", |
2313 | 2543 | "Forwarding state: arriving at a Compute Engine internal load balancer.", |
|
0 commit comments