googleNetworkServicesAuthzExtension.python.md

googleNetworkServicesAuthzExtension Submodule

Constructs

GoogleNetworkServicesAuthzExtension

Represents a {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension google_network_services_authz_extension}.

Initializers

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtension(
  scope: Construct,
  id: str,
  connection: SSHProvisionerConnection | WinrmProvisionerConnection = None,
  count: typing.Union[int, float] | TerraformCount = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner] = None,
  location: str,
  name: str,
  service: str,
  timeout: str,
  authority: str = None,
  deletion_policy: str = None,
  description: str = None,
  fail_open: bool | IResolvable = None,
  forward_headers: typing.List[str] = None,
  id: str = None,
  labels: typing.Mapping[str] = None,
  load_balancing_scheme: str = None,
  metadata: typing.Mapping[str] = None,
  project: str = None,
  timeouts: GoogleNetworkServicesAuthzExtensionTimeouts = None,
  wire_format: str = None
)

Name	Type	Description
scope	constructs.Construct	The scope in which to define this construct.
id	str	The scoped construct ID.
connection	cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection	No description.
count	typing.Union[int, float] | cdktn.TerraformCount	No description.
depends_on	typing.List[cdktn.ITerraformDependable]	No description.
for_each	cdktn.ITerraformIterator	No description.
lifecycle	cdktn.TerraformResourceLifecycle	No description.
provider	cdktn.TerraformProvider	No description.
provisioners	typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]	No description.
location	str	The location of the resource.
name	str	Identifier. Name of the AuthzExtension resource.
service	str	The service that runs the extension.
timeout	str	Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
authority	str	The :authority header in the gRPC request sent from Envoy to the extension service.
deletion_policy	str	Whether Terraform will be prevented from destroying the instance.
description	str	A human-readable description of the resource.
fail_open	bool | cdktn.IResolvable	Determines how the proxy behaves if the call to the extension fails or times out.
forward_headers	typing.List[str]	List of the HTTP headers to forward to the extension (from the client).
id	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#id GoogleNetworkServicesAuthzExtension#id}.
labels	typing.Mapping[str]	Set of labels associated with the AuthzExtension resource.
load_balancing_scheme	str	Required when the service points to a backend service.
metadata	typing.Mapping[str]	The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct:.
project	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#project GoogleNetworkServicesAuthzExtension#project}.
timeouts	GoogleNetworkServicesAuthzExtensionTimeouts	timeouts block.
wire_format	str	The format of communication supported by the callout extension.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

---

connection^Optional

• Type: cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection

---

count^Optional

• Type: typing.Union[int, float] | cdktn.TerraformCount

---

depends_on^Optional

• Type: typing.List[cdktn.ITerraformDependable]

---

for_each^Optional

• Type: cdktn.ITerraformIterator

---

lifecycle^Optional

• Type: cdktn.TerraformResourceLifecycle

---

provider^Optional

• Type: cdktn.TerraformProvider

---

provisioners^Optional

• Type: typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]

---

location^Required

• Type: str

The location of the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#location GoogleNetworkServicesAuthzExtension#location}

---

name^Required

• Type: str

Identifier. Name of the AuthzExtension resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#name GoogleNetworkServicesAuthzExtension#name}

---

service^Required

• Type: str

The service that runs the extension.

The following values and formats are accepted:

• 'iap.googleapis.com' when the policyProfile is set to REQUEST_AUTHZ
• 'modelarmor.{{region}}.rep.googleapis.com' when the policyProfile is set to CONTENT_AUTHZ
• A fully qualified domain name that can be resolved by the dataplane
• Backend service resource URI of the form 'https://www.googleapis.com/compute/v1/projects/{{project}}/regions/{{region}}/backendServices/{{name}}' or 'https://www.googleapis.com/compute/v1/projects/{{project}}/global/backendServices/{{name}}}}'

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#service GoogleNetworkServicesAuthzExtension#service}

---

timeout^Required

• Type: str

Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#timeout GoogleNetworkServicesAuthzExtension#timeout}

---

authority^Optional

• Type: str

The :authority header in the gRPC request sent from Envoy to the extension service.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#authority GoogleNetworkServicesAuthzExtension#authority}

---

deletion_policy^Optional

• Type: str

Whether Terraform will be prevented from destroying the instance.

Defaults to "DELETE". When a 'terraform destroy' or 'terraform apply' would delete the instance, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#deletion_policy GoogleNetworkServicesAuthzExtension#deletion_policy}

---

description^Optional

• Type: str

A human-readable description of the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#description GoogleNetworkServicesAuthzExtension#description}

---

fail_open^Optional

• Type: bool | cdktn.IResolvable

Determines how the proxy behaves if the call to the extension fails or times out.

When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:

• If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.
• If response headers have been delivered, then the HTTP stream to the downstream client is reset.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#fail_open GoogleNetworkServicesAuthzExtension#fail_open}

---

forward_headers^Optional

• Type: typing.List[str]

List of the HTTP headers to forward to the extension (from the client).

If omitted, all headers are sent. Each element is a string indicating the header name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#forward_headers GoogleNetworkServicesAuthzExtension#forward_headers}

---

id^Optional

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#id GoogleNetworkServicesAuthzExtension#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

---

labels^Optional

• Type: typing.Mapping[str]

Set of labels associated with the AuthzExtension resource.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#labels GoogleNetworkServicesAuthzExtension#labels}

---

load_balancing_scheme^Optional

• Type: str

Required when the service points to a backend service.

All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values: ["INTERNAL_MANAGED", "EXTERNAL_MANAGED"]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#load_balancing_scheme GoogleNetworkServicesAuthzExtension#load_balancing_scheme}

---

metadata^Optional

• Type: typing.Mapping[str]

The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct:.

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#metadata GoogleNetworkServicesAuthzExtension#metadata}

---

project^Optional

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#project GoogleNetworkServicesAuthzExtension#project}.

---

timeouts^Optional

• Type: GoogleNetworkServicesAuthzExtensionTimeouts

timeouts block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#timeouts GoogleNetworkServicesAuthzExtension#timeouts}

---

wire_format^Optional

• Type: str

The format of communication supported by the callout extension.

Applicable only when the policyProfile is REQUEST_AUTHZ. This field is supported only for regional AuthzExtension resources. If not specified, the default value EXT_PROC_GRPC is used. Global AuthzExtension resources use the EXT_PROC_GRPC wire format.

Supported values:

• WIRE_FORMAT_UNSPECIFIED: No wire format is explicitly specified. The backend automatically defaults this value to EXT_PROC_GRPC.
• EXT_PROC_GRPC: Uses Envoy's External Processing (ext_proc) gRPC API over a single gRPC stream. The backend service must support HTTP/2 or H2C. All supported events for a client request are sent over the same gRPC stream. This is the default wire format.
• EXT_AUTHZ_GRPC: Uses Envoy's external authorization (ext_authz) gRPC API. The backend service must support HTTP/2 or H2C. This option is only supported for regional AuthzExtension resources. Possible values: ["WIRE_FORMAT_UNSPECIFIED", "EXT_PROC_GRPC", "EXT_AUTHZ_GRPC"]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#wire_format GoogleNetworkServicesAuthzExtension#wire_format}

---

Methods

Name	Description
to_string	Returns a string representation of this construct.
with	Applies one or more mixins to this construct.
add_override	No description.
override_logical_id	Overrides the auto-generated logical ID with a specific ID.
reset_override_logical_id	Resets a previously passed logical Id to use the auto-generated logical id again.
to_hcl_terraform	No description.
to_metadata	No description.
to_terraform	Adds this resource to the terraform JSON output.
add_move_target	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
get_any_map_attribute	No description.
get_boolean_attribute	No description.
get_boolean_map_attribute	No description.
get_list_attribute	No description.
get_number_attribute	No description.
get_number_list_attribute	No description.
get_number_map_attribute	No description.
get_string_attribute	No description.
get_string_map_attribute	No description.
has_resource_move	No description.
import_from	No description.
interpolation_for_attribute	No description.
move_from_id	Move the resource corresponding to "id" to this resource.
move_to	Moves this resource to the target resource given by moveTarget.
move_to_id	Moves this resource to the resource corresponding to "id".
put_timeouts	No description.
reset_authority	No description.
reset_deletion_policy	No description.
reset_description	No description.
reset_fail_open	No description.
reset_forward_headers	No description.
reset_id	No description.
reset_labels	No description.
reset_load_balancing_scheme	No description.
reset_metadata	No description.
reset_project	No description.
reset_timeouts	No description.
reset_wire_format	No description.

---

to_string

def to_string() -> str

Returns a string representation of this construct.

with

def with(
  mixins: *IMixin
) -> IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

mixins^Required

• Type: *constructs.IMixin

The mixins to apply.

---

add_override

def add_override(
  path: str,
  value: typing.Any
) -> None

path^Required

• Type: str

---

value^Required

• Type: typing.Any

---

override_logical_id

def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

new_logical_id^Required

• Type: str

The new logical ID to use for this stack element.

---

reset_override_logical_id

def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

to_hcl_terraform

def to_hcl_terraform() -> typing.Any

to_metadata

def to_metadata() -> typing.Any

to_terraform

def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

add_move_target

def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

move_target^Required

• Type: str

The string move target that will correspond to this resource.

---

get_any_map_attribute

def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]

terraform_attribute^Required

• Type: str

---

get_boolean_attribute

def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable

terraform_attribute^Required

• Type: str

---

get_boolean_map_attribute

def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]

terraform_attribute^Required

• Type: str

---

get_list_attribute

def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]

terraform_attribute^Required

• Type: str

---

get_number_attribute

def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]

terraform_attribute^Required

• Type: str

---

get_number_list_attribute

def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]

terraform_attribute^Required

• Type: str

---

get_number_map_attribute

def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]

terraform_attribute^Required

• Type: str

---

get_string_attribute

def get_string_attribute(
  terraform_attribute: str
) -> str

terraform_attribute^Required

• Type: str

---

get_string_map_attribute

def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]

terraform_attribute^Required

• Type: str

---

has_resource_move

def has_resource_move() -> TerraformResourceMoveByTarget | TerraformResourceMoveById

import_from

def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None

id^Required

• Type: str

---

provider^Optional

• Type: cdktn.TerraformProvider

---

interpolation_for_attribute

def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable

terraform_attribute^Required

• Type: str

---

move_from_id

def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

id^Required

• Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

---

move_to

def move_to(
  move_target: str,
  index: str | typing.Union[int, float] = None
) -> None

Moves this resource to the target resource given by moveTarget.

move_target^Required

• Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

---

index^Optional

• Type: str | typing.Union[int, float]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

---

move_to_id

def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

id^Required

• Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

---

put_timeouts

def put_timeouts(
  create: str = None,
  delete: str = None,
  update: str = None
) -> None

create^Optional

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#create GoogleNetworkServicesAuthzExtension#create}.

---

delete^Optional

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#delete GoogleNetworkServicesAuthzExtension#delete}.

---

update^Optional

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#update GoogleNetworkServicesAuthzExtension#update}.

---

reset_authority

def reset_authority() -> None

reset_deletion_policy

def reset_deletion_policy() -> None

reset_description

def reset_description() -> None

reset_fail_open

def reset_fail_open() -> None

reset_forward_headers

def reset_forward_headers() -> None

reset_id

def reset_id() -> None

reset_labels

def reset_labels() -> None

reset_load_balancing_scheme

def reset_load_balancing_scheme() -> None

reset_metadata

def reset_metadata() -> None

reset_project

def reset_project() -> None

reset_timeouts

def reset_timeouts() -> None

reset_wire_format

def reset_wire_format() -> None

Static Functions

Name	Description
is_construct	Checks if x is a construct.
is_terraform_element	No description.
is_terraform_resource	No description.
generate_config_for_import	Generates CDKTN code for importing a GoogleNetworkServicesAuthzExtension resource upon running "cdktn plan ".

---

is_construct

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtension.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: typing.Any

Any object.

---

is_terraform_element

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtension.is_terraform_element(
  x: typing.Any
)

x^Required

• Type: typing.Any

---

is_terraform_resource

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtension.is_terraform_resource(
  x: typing.Any
)

x^Required

• Type: typing.Any

---

generate_config_for_import

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtension.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTN code for importing a GoogleNetworkServicesAuthzExtension resource upon running "cdktn plan ".

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

import_to_id^Required

• Type: str

The construct id used in the generated config for the GoogleNetworkServicesAuthzExtension to import.

---

import_from_id^Required

• Type: str

The id of the existing GoogleNetworkServicesAuthzExtension that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#import import section} in the documentation of this resource for the id to use

---

provider^Optional

• Type: cdktn.TerraformProvider

? Optional instance of the provider where the GoogleNetworkServicesAuthzExtension to import is found.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
cdktf_stack	cdktn.TerraformStack	No description.
fqn	str	No description.
friendly_unique_id	str	No description.
terraform_meta_arguments	typing.Mapping[typing.Any]	No description.
terraform_resource_type	str	No description.
terraform_generator_metadata	cdktn.TerraformProviderGeneratorMetadata	No description.
connection	cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection	No description.
count	typing.Union[int, float] | cdktn.TerraformCount	No description.
depends_on	typing.List[str]	No description.
for_each	cdktn.ITerraformIterator	No description.
lifecycle	cdktn.TerraformResourceLifecycle	No description.
provider	cdktn.TerraformProvider	No description.
provisioners	typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]	No description.
create_time	str	No description.
effective_labels	cdktn.StringMap	No description.
terraform_labels	cdktn.StringMap	No description.
timeouts	GoogleNetworkServicesAuthzExtensionTimeoutsOutputReference	No description.
update_time	str	No description.
authority_input	str	No description.
deletion_policy_input	str	No description.
description_input	str	No description.
fail_open_input	bool | cdktn.IResolvable	No description.
forward_headers_input	typing.List[str]	No description.
id_input	str	No description.
labels_input	typing.Mapping[str]	No description.
load_balancing_scheme_input	str	No description.
location_input	str	No description.
metadata_input	typing.Mapping[str]	No description.
name_input	str	No description.
project_input	str	No description.
service_input	str	No description.
timeout_input	str	No description.
timeouts_input	cdktn.IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts	No description.
wire_format_input	str	No description.
authority	str	No description.
deletion_policy	str	No description.
description	str	No description.
fail_open	bool | cdktn.IResolvable	No description.
forward_headers	typing.List[str]	No description.
id	str	No description.
labels	typing.Mapping[str]	No description.
load_balancing_scheme	str	No description.
location	str	No description.
metadata	typing.Mapping[str]	No description.
name	str	No description.
project	str	No description.
service	str	No description.
timeout	str	No description.
wire_format	str	No description.

---

node^Required

node: Node

• Type: constructs.Node

The tree node.

---

cdktf_stack^Required

cdktf_stack: TerraformStack

• Type: cdktn.TerraformStack

---

fqn^Required

fqn: str

• Type: str

---

friendly_unique_id^Required

friendly_unique_id: str

• Type: str

---

terraform_meta_arguments^Required

terraform_meta_arguments: typing.Mapping[typing.Any]

• Type: typing.Mapping[typing.Any]

---

terraform_resource_type^Required

terraform_resource_type: str

• Type: str

---

terraform_generator_metadata^Optional

terraform_generator_metadata: TerraformProviderGeneratorMetadata

• Type: cdktn.TerraformProviderGeneratorMetadata

---

connection^Optional

connection: SSHProvisionerConnection | WinrmProvisionerConnection

• Type: cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection

---

count^Optional

count: typing.Union[int, float] | TerraformCount

• Type: typing.Union[int, float] | cdktn.TerraformCount

---

depends_on^Optional

depends_on: typing.List[str]

• Type: typing.List[str]

---

for_each^Optional

for_each: ITerraformIterator

• Type: cdktn.ITerraformIterator

---

lifecycle^Optional

lifecycle: TerraformResourceLifecycle

• Type: cdktn.TerraformResourceLifecycle

---

provider^Optional

provider: TerraformProvider

• Type: cdktn.TerraformProvider

---

provisioners^Optional

provisioners: typing.List[FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner]

• Type: typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]

---

create_time^Required

create_time: str

• Type: str

---

effective_labels^Required

effective_labels: StringMap

• Type: cdktn.StringMap

---

terraform_labels^Required

terraform_labels: StringMap

• Type: cdktn.StringMap

---

timeouts^Required

timeouts: GoogleNetworkServicesAuthzExtensionTimeoutsOutputReference

• Type: GoogleNetworkServicesAuthzExtensionTimeoutsOutputReference

---

update_time^Required

update_time: str

• Type: str

---

authority_input^Optional

authority_input: str

• Type: str

---

deletion_policy_input^Optional

deletion_policy_input: str

• Type: str

---

description_input^Optional

description_input: str

• Type: str

---

fail_open_input^Optional

fail_open_input: bool | IResolvable

• Type: bool | cdktn.IResolvable

---

forward_headers_input^Optional

forward_headers_input: typing.List[str]

• Type: typing.List[str]

---

id_input^Optional

id_input: str

• Type: str

---

labels_input^Optional

labels_input: typing.Mapping[str]

• Type: typing.Mapping[str]

---

load_balancing_scheme_input^Optional

load_balancing_scheme_input: str

• Type: str

---

location_input^Optional

location_input: str

• Type: str

---

metadata_input^Optional

metadata_input: typing.Mapping[str]

• Type: typing.Mapping[str]

---

name_input^Optional

name_input: str

• Type: str

---

project_input^Optional

project_input: str

• Type: str

---

service_input^Optional

service_input: str

• Type: str

---

timeout_input^Optional

timeout_input: str

• Type: str

---

timeouts_input^Optional

timeouts_input: IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts

• Type: cdktn.IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts

---

wire_format_input^Optional

wire_format_input: str

• Type: str

---

authority^Required

authority: str

• Type: str

---

deletion_policy^Required

deletion_policy: str

• Type: str

---

description^Required

description: str

• Type: str

---

fail_open^Required

fail_open: bool | IResolvable

• Type: bool | cdktn.IResolvable

---

forward_headers^Required

forward_headers: typing.List[str]

• Type: typing.List[str]

---

id^Required

id: str

• Type: str

---

labels^Required

labels: typing.Mapping[str]

• Type: typing.Mapping[str]

---

load_balancing_scheme^Required

load_balancing_scheme: str

• Type: str

---

location^Required

location: str

• Type: str

---

metadata^Required

metadata: typing.Mapping[str]

• Type: typing.Mapping[str]

---

name^Required

name: str

• Type: str

---

project^Required

project: str

• Type: str

---

service^Required

service: str

• Type: str

---

timeout^Required

timeout: str

• Type: str

---

wire_format^Required

wire_format: str

• Type: str

---

Constants

Name	Type	Description
tfResourceType	str	No description.

---

tfResourceType^Required

tfResourceType: str

• Type: str

---

Structs

GoogleNetworkServicesAuthzExtensionConfig

Initializer

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtensionConfig(
  connection: SSHProvisionerConnection | WinrmProvisionerConnection = None,
  count: typing.Union[int, float] | TerraformCount = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner] = None,
  location: str,
  name: str,
  service: str,
  timeout: str,
  authority: str = None,
  deletion_policy: str = None,
  description: str = None,
  fail_open: bool | IResolvable = None,
  forward_headers: typing.List[str] = None,
  id: str = None,
  labels: typing.Mapping[str] = None,
  load_balancing_scheme: str = None,
  metadata: typing.Mapping[str] = None,
  project: str = None,
  timeouts: GoogleNetworkServicesAuthzExtensionTimeouts = None,
  wire_format: str = None
)

Properties

Name	Type	Description
connection	cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection	No description.
count	typing.Union[int, float] | cdktn.TerraformCount	No description.
depends_on	typing.List[cdktn.ITerraformDependable]	No description.
for_each	cdktn.ITerraformIterator	No description.
lifecycle	cdktn.TerraformResourceLifecycle	No description.
provider	cdktn.TerraformProvider	No description.
provisioners	typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]	No description.
location	str	The location of the resource.
name	str	Identifier. Name of the AuthzExtension resource.
service	str	The service that runs the extension.
timeout	str	Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
authority	str	The :authority header in the gRPC request sent from Envoy to the extension service.
deletion_policy	str	Whether Terraform will be prevented from destroying the instance.
description	str	A human-readable description of the resource.
fail_open	bool | cdktn.IResolvable	Determines how the proxy behaves if the call to the extension fails or times out.
forward_headers	typing.List[str]	List of the HTTP headers to forward to the extension (from the client).
id	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#id GoogleNetworkServicesAuthzExtension#id}.
labels	typing.Mapping[str]	Set of labels associated with the AuthzExtension resource.
load_balancing_scheme	str	Required when the service points to a backend service.
metadata	typing.Mapping[str]	The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct:.
project	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#project GoogleNetworkServicesAuthzExtension#project}.
timeouts	GoogleNetworkServicesAuthzExtensionTimeouts	timeouts block.
wire_format	str	The format of communication supported by the callout extension.

---

connection^Optional

connection: SSHProvisionerConnection | WinrmProvisionerConnection

• Type: cdktn.SSHProvisionerConnection | cdktn.WinrmProvisionerConnection

---

count^Optional

count: typing.Union[int, float] | TerraformCount

• Type: typing.Union[int, float] | cdktn.TerraformCount

---

depends_on^Optional

depends_on: typing.List[ITerraformDependable]

• Type: typing.List[cdktn.ITerraformDependable]

---

for_each^Optional

for_each: ITerraformIterator

• Type: cdktn.ITerraformIterator

---

lifecycle^Optional

lifecycle: TerraformResourceLifecycle

• Type: cdktn.TerraformResourceLifecycle

---

provider^Optional

provider: TerraformProvider

• Type: cdktn.TerraformProvider

---

provisioners^Optional

provisioners: typing.List[FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner]

• Type: typing.List[cdktn.FileProvisioner | cdktn.LocalExecProvisioner | cdktn.RemoteExecProvisioner]

---

location^Required

location: str

• Type: str

The location of the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#location GoogleNetworkServicesAuthzExtension#location}

---

name^Required

name: str

• Type: str

Identifier. Name of the AuthzExtension resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#name GoogleNetworkServicesAuthzExtension#name}

---

service^Required

service: str

• Type: str

The service that runs the extension.

The following values and formats are accepted:

• 'iap.googleapis.com' when the policyProfile is set to REQUEST_AUTHZ
• 'modelarmor.{{region}}.rep.googleapis.com' when the policyProfile is set to CONTENT_AUTHZ
• A fully qualified domain name that can be resolved by the dataplane
• Backend service resource URI of the form 'https://www.googleapis.com/compute/v1/projects/{{project}}/regions/{{region}}/backendServices/{{name}}' or 'https://www.googleapis.com/compute/v1/projects/{{project}}/global/backendServices/{{name}}}}'

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#service GoogleNetworkServicesAuthzExtension#service}

---

timeout^Required

timeout: str

• Type: str

Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#timeout GoogleNetworkServicesAuthzExtension#timeout}

---

authority^Optional

authority: str

• Type: str

The :authority header in the gRPC request sent from Envoy to the extension service.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#authority GoogleNetworkServicesAuthzExtension#authority}

---

deletion_policy^Optional

deletion_policy: str

• Type: str

Whether Terraform will be prevented from destroying the instance.

Defaults to "DELETE". When a 'terraform destroy' or 'terraform apply' would delete the instance, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#deletion_policy GoogleNetworkServicesAuthzExtension#deletion_policy}

---

description^Optional

description: str

• Type: str

A human-readable description of the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#description GoogleNetworkServicesAuthzExtension#description}

---

fail_open^Optional

fail_open: bool | IResolvable

• Type: bool | cdktn.IResolvable

Determines how the proxy behaves if the call to the extension fails or times out.

When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:

• If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.
• If response headers have been delivered, then the HTTP stream to the downstream client is reset.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#fail_open GoogleNetworkServicesAuthzExtension#fail_open}

---

forward_headers^Optional

forward_headers: typing.List[str]

• Type: typing.List[str]

List of the HTTP headers to forward to the extension (from the client).

If omitted, all headers are sent. Each element is a string indicating the header name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#forward_headers GoogleNetworkServicesAuthzExtension#forward_headers}

---

id^Optional

id: str

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#id GoogleNetworkServicesAuthzExtension#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

---

labels^Optional

labels: typing.Mapping[str]

• Type: typing.Mapping[str]

Set of labels associated with the AuthzExtension resource.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#labels GoogleNetworkServicesAuthzExtension#labels}

---

load_balancing_scheme^Optional

load_balancing_scheme: str

• Type: str

Required when the service points to a backend service.

All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. For more information, refer to Backend services overview. Possible values: ["INTERNAL_MANAGED", "EXTERNAL_MANAGED"]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#load_balancing_scheme GoogleNetworkServicesAuthzExtension#load_balancing_scheme}

---

metadata^Optional

metadata: typing.Mapping[str]

• Type: typing.Mapping[str]

The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct:.

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#metadata GoogleNetworkServicesAuthzExtension#metadata}

---

project^Optional

project: str

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#project GoogleNetworkServicesAuthzExtension#project}.

---

timeouts^Optional

timeouts: GoogleNetworkServicesAuthzExtensionTimeouts

• Type: GoogleNetworkServicesAuthzExtensionTimeouts

timeouts block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#timeouts GoogleNetworkServicesAuthzExtension#timeouts}

---

wire_format^Optional

wire_format: str

• Type: str

The format of communication supported by the callout extension.

Applicable only when the policyProfile is REQUEST_AUTHZ. This field is supported only for regional AuthzExtension resources. If not specified, the default value EXT_PROC_GRPC is used. Global AuthzExtension resources use the EXT_PROC_GRPC wire format.

Supported values:

• WIRE_FORMAT_UNSPECIFIED: No wire format is explicitly specified. The backend automatically defaults this value to EXT_PROC_GRPC.
• EXT_PROC_GRPC: Uses Envoy's External Processing (ext_proc) gRPC API over a single gRPC stream. The backend service must support HTTP/2 or H2C. All supported events for a client request are sent over the same gRPC stream. This is the default wire format.
• EXT_AUTHZ_GRPC: Uses Envoy's external authorization (ext_authz) gRPC API. The backend service must support HTTP/2 or H2C. This option is only supported for regional AuthzExtension resources. Possible values: ["WIRE_FORMAT_UNSPECIFIED", "EXT_PROC_GRPC", "EXT_AUTHZ_GRPC"]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#wire_format GoogleNetworkServicesAuthzExtension#wire_format}

---

GoogleNetworkServicesAuthzExtensionTimeouts

Initializer

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtensionTimeouts(
  create: str = None,
  delete: str = None,
  update: str = None
)

Properties

Name	Type	Description
create	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#create GoogleNetworkServicesAuthzExtension#create}.
delete	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#delete GoogleNetworkServicesAuthzExtension#delete}.
update	str	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#update GoogleNetworkServicesAuthzExtension#update}.

---

create^Optional

create: str

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#create GoogleNetworkServicesAuthzExtension#create}.

---

delete^Optional

delete: str

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#delete GoogleNetworkServicesAuthzExtension#delete}.

---

update^Optional

update: str

• Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google-beta/7.36.0/docs/resources/google_network_services_authz_extension#update GoogleNetworkServicesAuthzExtension#update}.

---

Classes

GoogleNetworkServicesAuthzExtensionTimeoutsOutputReference

Initializers

from cdktn_provider_google_beta import google_network_services_authz_extension

googleNetworkServicesAuthzExtension.GoogleNetworkServicesAuthzExtensionTimeoutsOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)

Name	Type	Description
terraform_resource	cdktn.IInterpolatingParent	The parent resource.
terraform_attribute	str	The attribute on the parent resource this class is referencing.

---

terraform_resource^Required

• Type: cdktn.IInterpolatingParent

The parent resource.

---

terraform_attribute^Required

• Type: str

The attribute on the parent resource this class is referencing.

---

Methods

Name	Description
compute_fqn	No description.
get_any_map_attribute	No description.
get_boolean_attribute	No description.
get_boolean_map_attribute	No description.
get_list_attribute	No description.
get_number_attribute	No description.
get_number_list_attribute	No description.
get_number_map_attribute	No description.
get_string_attribute	No description.
get_string_map_attribute	No description.
interpolation_for_attribute	No description.
resolve	Produce the Token's value at resolution time.
to_string	Return a string representation of this resolvable object.
reset_create	No description.
reset_delete	No description.
reset_update	No description.

---

compute_fqn

def compute_fqn() -> str

get_any_map_attribute

def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]

terraform_attribute^Required

• Type: str

---

get_boolean_attribute

def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable

terraform_attribute^Required

• Type: str

---

get_boolean_map_attribute

def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]

terraform_attribute^Required

• Type: str

---

get_list_attribute

def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]

terraform_attribute^Required

• Type: str

---

get_number_attribute

def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]

terraform_attribute^Required

• Type: str

---

get_number_list_attribute

def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]

terraform_attribute^Required

• Type: str

---

get_number_map_attribute

def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]

terraform_attribute^Required

• Type: str

---

get_string_attribute

def get_string_attribute(
  terraform_attribute: str
) -> str

terraform_attribute^Required

• Type: str

---

get_string_map_attribute

def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]

terraform_attribute^Required

• Type: str

---

interpolation_for_attribute

def interpolation_for_attribute(
  property: str
) -> IResolvable

property^Required

• Type: str

---

resolve

def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_context^Required

• Type: cdktn.IResolveContext

---

to_string

def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_create

def reset_create() -> None

reset_delete

def reset_delete() -> None

reset_update

def reset_update() -> None

Properties

Name	Type	Description
creation_stack	typing.List[str]	The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn	str	No description.
create_input	str	No description.
delete_input	str	No description.
update_input	str	No description.
create	str	No description.
delete	str	No description.
update	str	No description.
internal_value	cdktn.IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts	No description.

---

creation_stack^Required

creation_stack: typing.List[str]

• Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

---

fqn^Required

fqn: str

• Type: str

---

create_input^Optional

create_input: str

• Type: str

---

delete_input^Optional

delete_input: str

• Type: str

---

update_input^Optional

update_input: str

• Type: str

---

create^Required

create: str

• Type: str

---

delete^Required

delete: str

• Type: str

---

update^Required

update: str

• Type: str

---

internal_value^Optional

internal_value: IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts

• Type: cdktn.IResolvable | GoogleNetworkServicesAuthzExtensionTimeouts

---