The gcp:networkmanagement/connectivityTest:ConnectivityTest resource, part of the Pulumi GCP provider, defines static connectivity tests that analyze network paths between GCP resources without sending actual traffic. This guide focuses on three capabilities: VM instance connectivity, IP address reachability, and managed service endpoint testing.
Connectivity tests reference existing VPC networks, VM instances, IP addresses, or managed services like GKE clusters and Cloud SQL instances. The examples are intentionally small. Combine them with your own VPC infrastructure and service deployments.
Test connectivity between VM instances
Teams troubleshooting network issues often start by verifying that two VMs can communicate within a VPC. Connectivity tests analyze the path without sending actual traffic.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const vpc = new gcp.compute.Network("vpc", {name: "conn-test-net"});
const debian9 = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const source = new gcp.compute.Instance("source", {
networkInterfaces: [{
accessConfigs: [{}],
network: vpc.id,
}],
name: "source-vm",
machineType: "e2-medium",
bootDisk: {
initializeParams: {
image: debian9.then(debian9 => debian9.id),
},
},
});
const destination = new gcp.compute.Instance("destination", {
networkInterfaces: [{
accessConfigs: [{}],
network: vpc.id,
}],
name: "dest-vm",
machineType: "e2-medium",
bootDisk: {
initializeParams: {
image: debian9.then(debian9 => debian9.id),
},
},
});
const instance_test = new gcp.networkmanagement.ConnectivityTest("instance-test", {
name: "conn-test-instances",
source: {
instance: source.id,
},
destination: {
instance: destination.id,
},
protocol: "TCP",
labels: {
env: "test",
},
});
import pulumi
import pulumi_gcp as gcp
vpc = gcp.compute.Network("vpc", name="conn-test-net")
debian9 = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
source = gcp.compute.Instance("source",
network_interfaces=[{
"access_configs": [{}],
"network": vpc.id,
}],
name="source-vm",
machine_type="e2-medium",
boot_disk={
"initialize_params": {
"image": debian9.id,
},
})
destination = gcp.compute.Instance("destination",
network_interfaces=[{
"access_configs": [{}],
"network": vpc.id,
}],
name="dest-vm",
machine_type="e2-medium",
boot_disk={
"initialize_params": {
"image": debian9.id,
},
})
instance_test = gcp.networkmanagement.ConnectivityTest("instance-test",
name="conn-test-instances",
source={
"instance": source.id,
},
destination={
"instance": destination.id,
},
protocol="TCP",
labels={
"env": "test",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
vpc, err := compute.NewNetwork(ctx, "vpc", &compute.NetworkArgs{
Name: pulumi.String("conn-test-net"),
})
if err != nil {
return err
}
debian9, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
source, err := compute.NewInstance(ctx, "source", &compute.InstanceArgs{
NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
&compute.InstanceNetworkInterfaceArgs{
AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
&compute.InstanceNetworkInterfaceAccessConfigArgs{},
},
Network: vpc.ID(),
},
},
Name: pulumi.String("source-vm"),
MachineType: pulumi.String("e2-medium"),
BootDisk: &compute.InstanceBootDiskArgs{
InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
Image: pulumi.String(debian9.Id),
},
},
})
if err != nil {
return err
}
destination, err := compute.NewInstance(ctx, "destination", &compute.InstanceArgs{
NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
&compute.InstanceNetworkInterfaceArgs{
AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
&compute.InstanceNetworkInterfaceAccessConfigArgs{},
},
Network: vpc.ID(),
},
},
Name: pulumi.String("dest-vm"),
MachineType: pulumi.String("e2-medium"),
BootDisk: &compute.InstanceBootDiskArgs{
InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
Image: pulumi.String(debian9.Id),
},
},
})
if err != nil {
return err
}
_, err = networkmanagement.NewConnectivityTest(ctx, "instance-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-instances"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
Instance: source.ID(),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
Instance: destination.ID(),
},
Protocol: pulumi.String("TCP"),
Labels: pulumi.StringMap{
"env": pulumi.String("test"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var vpc = new Gcp.Compute.Network("vpc", new()
{
Name = "conn-test-net",
});
var debian9 = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var source = new Gcp.Compute.Instance("source", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = vpc.Id,
},
},
Name = "source-vm",
MachineType = "e2-medium",
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = debian9.Apply(getImageResult => getImageResult.Id),
},
},
});
var destination = new Gcp.Compute.Instance("destination", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = vpc.Id,
},
},
Name = "dest-vm",
MachineType = "e2-medium",
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = debian9.Apply(getImageResult => getImageResult.Id),
},
},
});
var instance_test = new Gcp.NetworkManagement.ConnectivityTest("instance-test", new()
{
Name = "conn-test-instances",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
Instance = source.Id,
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
Instance = destination.Id,
},
Protocol = "TCP",
Labels =
{
{ "env", "test" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vpc = new Network("vpc", NetworkArgs.builder()
.name("conn-test-net")
.build());
final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var source = new Instance("source", InstanceArgs.builder()
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()
.build())
.network(vpc.id())
.build())
.name("source-vm")
.machineType("e2-medium")
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image(debian9.id())
.build())
.build())
.build());
var destination = new Instance("destination", InstanceArgs.builder()
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()
.build())
.network(vpc.id())
.build())
.name("dest-vm")
.machineType("e2-medium")
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image(debian9.id())
.build())
.build())
.build());
var instance_test = new ConnectivityTest("instance-test", ConnectivityTestArgs.builder()
.name("conn-test-instances")
.source(ConnectivityTestSourceArgs.builder()
.instance(source.id())
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.instance(destination.id())
.build())
.protocol("TCP")
.labels(Map.of("env", "test"))
.build());
}
}
resources:
instance-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-instances
source:
instance: ${source.id}
destination:
instance: ${destination.id}
protocol: TCP
labels:
env: test
source:
type: gcp:compute:Instance
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${vpc.id}
name: source-vm
machineType: e2-medium
bootDisk:
initializeParams:
image: ${debian9.id}
destination:
type: gcp:compute:Instance
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${vpc.id}
name: dest-vm
machineType: e2-medium
bootDisk:
initializeParams:
image: ${debian9.id}
vpc:
type: gcp:compute:Network
properties:
name: conn-test-net
variables:
debian9:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud
The test performs static analysis of the network path from source VM to destination VM. The source and destination properties each specify an instance ID. The protocol property sets which IP protocol to test (TCP is default). The test evaluates firewall rules, routes, and network configuration without generating actual packets.
Test connectivity between IP addresses
When troubleshooting connectivity to specific IP addresses within a VPC, you can test reachability without needing to reference specific VM instances.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const vpc = new gcp.compute.Network("vpc", {name: "connectivity-vpc"});
const subnet = new gcp.compute.Subnetwork("subnet", {
name: "connectivity-vpc-subnet",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: vpc.id,
});
const source_addr = new gcp.compute.Address("source-addr", {
name: "src-addr",
subnetwork: subnet.id,
addressType: "INTERNAL",
address: "10.0.42.42",
region: "us-central1",
});
const dest_addr = new gcp.compute.Address("dest-addr", {
name: "dest-addr",
subnetwork: subnet.id,
addressType: "INTERNAL",
address: "10.0.43.43",
region: "us-central1",
});
const address_test = new gcp.networkmanagement.ConnectivityTest("address-test", {
name: "conn-test-addr",
source: {
ipAddress: source_addr.address,
projectId: source_addr.project,
network: vpc.id,
networkType: "GCP_NETWORK",
},
destination: {
ipAddress: dest_addr.address,
projectId: dest_addr.project,
network: vpc.id,
},
protocol: "UDP",
});
import pulumi
import pulumi_gcp as gcp
vpc = gcp.compute.Network("vpc", name="connectivity-vpc")
subnet = gcp.compute.Subnetwork("subnet",
name="connectivity-vpc-subnet",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=vpc.id)
source_addr = gcp.compute.Address("source-addr",
name="src-addr",
subnetwork=subnet.id,
address_type="INTERNAL",
address="10.0.42.42",
region="us-central1")
dest_addr = gcp.compute.Address("dest-addr",
name="dest-addr",
subnetwork=subnet.id,
address_type="INTERNAL",
address="10.0.43.43",
region="us-central1")
address_test = gcp.networkmanagement.ConnectivityTest("address-test",
name="conn-test-addr",
source={
"ip_address": source_addr.address,
"project_id": source_addr.project,
"network": vpc.id,
"network_type": "GCP_NETWORK",
},
destination={
"ip_address": dest_addr.address,
"project_id": dest_addr.project,
"network": vpc.id,
},
protocol="UDP")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
vpc, err := compute.NewNetwork(ctx, "vpc", &compute.NetworkArgs{
Name: pulumi.String("connectivity-vpc"),
})
if err != nil {
return err
}
subnet, err := compute.NewSubnetwork(ctx, "subnet", &compute.SubnetworkArgs{
Name: pulumi.String("connectivity-vpc-subnet"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: vpc.ID(),
})
if err != nil {
return err
}
source_addr, err := compute.NewAddress(ctx, "source-addr", &compute.AddressArgs{
Name: pulumi.String("src-addr"),
Subnetwork: subnet.ID(),
AddressType: pulumi.String("INTERNAL"),
Address: pulumi.String("10.0.42.42"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
dest_addr, err := compute.NewAddress(ctx, "dest-addr", &compute.AddressArgs{
Name: pulumi.String("dest-addr"),
Subnetwork: subnet.ID(),
AddressType: pulumi.String("INTERNAL"),
Address: pulumi.String("10.0.43.43"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
_, err = networkmanagement.NewConnectivityTest(ctx, "address-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-addr"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
IpAddress: source_addr.Address,
ProjectId: source_addr.Project,
Network: vpc.ID(),
NetworkType: pulumi.String("GCP_NETWORK"),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
IpAddress: dest_addr.Address,
ProjectId: dest_addr.Project,
Network: vpc.ID(),
},
Protocol: pulumi.String("UDP"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var vpc = new Gcp.Compute.Network("vpc", new()
{
Name = "connectivity-vpc",
});
var subnet = new Gcp.Compute.Subnetwork("subnet", new()
{
Name = "connectivity-vpc-subnet",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = vpc.Id,
});
var source_addr = new Gcp.Compute.Address("source-addr", new()
{
Name = "src-addr",
Subnetwork = subnet.Id,
AddressType = "INTERNAL",
IPAddress = "10.0.42.42",
Region = "us-central1",
});
var dest_addr = new Gcp.Compute.Address("dest-addr", new()
{
Name = "dest-addr",
Subnetwork = subnet.Id,
AddressType = "INTERNAL",
IPAddress = "10.0.43.43",
Region = "us-central1",
});
var address_test = new Gcp.NetworkManagement.ConnectivityTest("address-test", new()
{
Name = "conn-test-addr",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
IpAddress = source_addr.IPAddress,
ProjectId = source_addr.Project,
Network = vpc.Id,
NetworkType = "GCP_NETWORK",
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
IpAddress = dest_addr.IPAddress,
ProjectId = dest_addr.Project,
Network = vpc.Id,
},
Protocol = "UDP",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vpc = new Network("vpc", NetworkArgs.builder()
.name("connectivity-vpc")
.build());
var subnet = new Subnetwork("subnet", SubnetworkArgs.builder()
.name("connectivity-vpc-subnet")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(vpc.id())
.build());
var source_addr = new Address("source-addr", AddressArgs.builder()
.name("src-addr")
.subnetwork(subnet.id())
.addressType("INTERNAL")
.address("10.0.42.42")
.region("us-central1")
.build());
var dest_addr = new Address("dest-addr", AddressArgs.builder()
.name("dest-addr")
.subnetwork(subnet.id())
.addressType("INTERNAL")
.address("10.0.43.43")
.region("us-central1")
.build());
var address_test = new ConnectivityTest("address-test", ConnectivityTestArgs.builder()
.name("conn-test-addr")
.source(ConnectivityTestSourceArgs.builder()
.ipAddress(source_addr.address())
.projectId(source_addr.project())
.network(vpc.id())
.networkType("GCP_NETWORK")
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.ipAddress(dest_addr.address())
.projectId(dest_addr.project())
.network(vpc.id())
.build())
.protocol("UDP")
.build());
}
}
resources:
address-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-addr
source:
ipAddress: ${["source-addr"].address}
projectId: ${["source-addr"].project}
network: ${vpc.id}
networkType: GCP_NETWORK
destination:
ipAddress: ${["dest-addr"].address}
projectId: ${["dest-addr"].project}
network: ${vpc.id}
protocol: UDP
vpc:
type: gcp:compute:Network
properties:
name: connectivity-vpc
subnet:
type: gcp:compute:Subnetwork
properties:
name: connectivity-vpc-subnet
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${vpc.id}
source-addr:
type: gcp:compute:Address
properties:
name: src-addr
subnetwork: ${subnet.id}
addressType: INTERNAL
address: 10.0.42.42
region: us-central1
dest-addr:
type: gcp:compute:Address
properties:
name: dest-addr
subnetwork: ${subnet.id}
addressType: INTERNAL
address: 10.0.43.43
region: us-central1
This configuration tests connectivity between two internal IP addresses. The source and destination properties specify ipAddress, projectId, and network. The networkType property identifies this as a GCP_NETWORK rather than an external endpoint. This approach works when you know the IP addresses but don’t need to reference specific instances.
Test connectivity across managed service endpoints
Production environments often involve connectivity between managed services like GKE clusters, Cloud SQL instances, Cloud Run revisions, and load balancers.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const endpoints_test = new gcp.networkmanagement.ConnectivityTest("endpoints-test", {
name: "conn-test-endpoints",
source: {
gkeMasterCluster: "projects/test-project/locations/us-central1/clusters/name",
cloudSqlInstance: "projects/test-project/instances/name",
appEngineVersion: {
uri: "apps/test-project/services/default/versions/name",
},
cloudFunction: {
uri: "projects/test-project/locations/us-central1/functions/name",
},
cloudRunRevision: {
uri: "projects/test-project/locations/us-central1/revisions/name",
},
port: 80,
},
destination: {
port: 443,
forwardingRule: "projects/test-project/regions/us-central1/forwardingRules/name",
gkeMasterCluster: "projects/test-project/locations/us-central1/clusters/name",
fqdn: "name.us-central1.gke.goog",
cloudSqlInstance: "projects/test-project/instances/name",
redisInstance: "projects/test-project/locations/us-central1/instances/name",
redisCluster: "projects/test-project/locations/us-central1/clusters/name",
},
bypassFirewallChecks: true,
roundTrip: true,
});
import pulumi
import pulumi_gcp as gcp
endpoints_test = gcp.networkmanagement.ConnectivityTest("endpoints-test",
name="conn-test-endpoints",
source={
"gke_master_cluster": "projects/test-project/locations/us-central1/clusters/name",
"cloud_sql_instance": "projects/test-project/instances/name",
"app_engine_version": {
"uri": "apps/test-project/services/default/versions/name",
},
"cloud_function": {
"uri": "projects/test-project/locations/us-central1/functions/name",
},
"cloud_run_revision": {
"uri": "projects/test-project/locations/us-central1/revisions/name",
},
"port": 80,
},
destination={
"port": 443,
"forwarding_rule": "projects/test-project/regions/us-central1/forwardingRules/name",
"gke_master_cluster": "projects/test-project/locations/us-central1/clusters/name",
"fqdn": "name.us-central1.gke.goog",
"cloud_sql_instance": "projects/test-project/instances/name",
"redis_instance": "projects/test-project/locations/us-central1/instances/name",
"redis_cluster": "projects/test-project/locations/us-central1/clusters/name",
},
bypass_firewall_checks=True,
round_trip=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkmanagement.NewConnectivityTest(ctx, "endpoints-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-endpoints"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
GkeMasterCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
CloudSqlInstance: pulumi.String("projects/test-project/instances/name"),
AppEngineVersion: &networkmanagement.ConnectivityTestSourceAppEngineVersionArgs{
Uri: pulumi.String("apps/test-project/services/default/versions/name"),
},
CloudFunction: &networkmanagement.ConnectivityTestSourceCloudFunctionArgs{
Uri: pulumi.String("projects/test-project/locations/us-central1/functions/name"),
},
CloudRunRevision: &networkmanagement.ConnectivityTestSourceCloudRunRevisionArgs{
Uri: pulumi.String("projects/test-project/locations/us-central1/revisions/name"),
},
Port: pulumi.Int(80),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
Port: pulumi.Int(443),
ForwardingRule: pulumi.String("projects/test-project/regions/us-central1/forwardingRules/name"),
GkeMasterCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
Fqdn: pulumi.String("name.us-central1.gke.goog"),
CloudSqlInstance: pulumi.String("projects/test-project/instances/name"),
RedisInstance: pulumi.String("projects/test-project/locations/us-central1/instances/name"),
RedisCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
},
BypassFirewallChecks: pulumi.Bool(true),
RoundTrip: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var endpoints_test = new Gcp.NetworkManagement.ConnectivityTest("endpoints-test", new()
{
Name = "conn-test-endpoints",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
GkeMasterCluster = "projects/test-project/locations/us-central1/clusters/name",
CloudSqlInstance = "projects/test-project/instances/name",
AppEngineVersion = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceAppEngineVersionArgs
{
Uri = "apps/test-project/services/default/versions/name",
},
CloudFunction = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceCloudFunctionArgs
{
Uri = "projects/test-project/locations/us-central1/functions/name",
},
CloudRunRevision = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceCloudRunRevisionArgs
{
Uri = "projects/test-project/locations/us-central1/revisions/name",
},
Port = 80,
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
Port = 443,
ForwardingRule = "projects/test-project/regions/us-central1/forwardingRules/name",
GkeMasterCluster = "projects/test-project/locations/us-central1/clusters/name",
Fqdn = "name.us-central1.gke.goog",
CloudSqlInstance = "projects/test-project/instances/name",
RedisInstance = "projects/test-project/locations/us-central1/instances/name",
RedisCluster = "projects/test-project/locations/us-central1/clusters/name",
},
BypassFirewallChecks = true,
RoundTrip = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceAppEngineVersionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceCloudFunctionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceCloudRunRevisionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var endpoints_test = new ConnectivityTest("endpoints-test", ConnectivityTestArgs.builder()
.name("conn-test-endpoints")
.source(ConnectivityTestSourceArgs.builder()
.gkeMasterCluster("projects/test-project/locations/us-central1/clusters/name")
.cloudSqlInstance("projects/test-project/instances/name")
.appEngineVersion(ConnectivityTestSourceAppEngineVersionArgs.builder()
.uri("apps/test-project/services/default/versions/name")
.build())
.cloudFunction(ConnectivityTestSourceCloudFunctionArgs.builder()
.uri("projects/test-project/locations/us-central1/functions/name")
.build())
.cloudRunRevision(ConnectivityTestSourceCloudRunRevisionArgs.builder()
.uri("projects/test-project/locations/us-central1/revisions/name")
.build())
.port(80)
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.port(443)
.forwardingRule("projects/test-project/regions/us-central1/forwardingRules/name")
.gkeMasterCluster("projects/test-project/locations/us-central1/clusters/name")
.fqdn("name.us-central1.gke.goog")
.cloudSqlInstance("projects/test-project/instances/name")
.redisInstance("projects/test-project/locations/us-central1/instances/name")
.redisCluster("projects/test-project/locations/us-central1/clusters/name")
.build())
.bypassFirewallChecks(true)
.roundTrip(true)
.build());
}
}
resources:
endpoints-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-endpoints
source:
gkeMasterCluster: projects/test-project/locations/us-central1/clusters/name
cloudSqlInstance: projects/test-project/instances/name
appEngineVersion:
uri: apps/test-project/services/default/versions/name
cloudFunction:
uri: projects/test-project/locations/us-central1/functions/name
cloudRunRevision:
uri: projects/test-project/locations/us-central1/revisions/name
port: 80
destination:
port: 443
forwardingRule: projects/test-project/regions/us-central1/forwardingRules/name
gkeMasterCluster: projects/test-project/locations/us-central1/clusters/name
fqdn: name.us-central1.gke.goog
cloudSqlInstance: projects/test-project/instances/name
redisInstance: projects/test-project/locations/us-central1/instances/name
redisCluster: projects/test-project/locations/us-central1/clusters/name
bypassFirewallChecks: true
roundTrip: true
The test can analyze paths between various managed service types. The source property can reference gkeMasterCluster, cloudSqlInstance, appEngineVersion, cloudFunction, or cloudRunRevision. The destination property supports these plus forwardingRule, fqdn, redisInstance, and redisCluster. The bypassFirewallChecks property skips firewall analysis when you want to focus on routing. The roundTrip property tests the return path from destination back to source.
Beyond these examples
These snippets focus on specific connectivity test features: VM instance and IP address testing, managed service endpoint connectivity, and bidirectional path analysis. They’re intentionally minimal rather than full network validation suites.
The examples reference pre-existing infrastructure such as VPC networks and subnets, VM instances or compute addresses, and managed services like GKE, Cloud SQL, Cloud Run, and forwarding rules. They focus on test configuration rather than provisioning the infrastructure being tested.
To keep things focused, common connectivity test patterns are omitted, including:
- Cross-project connectivity (relatedProjects)
- Custom descriptions and labels for organization
- Protocol-specific testing beyond TCP/UDP
- Firewall rule analysis (bypassFirewallChecks defaults to false)
These omissions are intentional: the goal is to illustrate how each connectivity test feature is wired, not provide drop-in network validation modules. See the ConnectivityTest resource reference for all available configuration options.
Let's configure GCP Network Connectivity Tests
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Immutability
What properties can't I change after creating a connectivity test?
The
name and project properties are immutable. To change them, you must delete and recreate the resource.What protocol does the connectivity test use?
The test defaults to TCP when
protocol isn’t specified. You can set it to other protocols like UDP.Source & Destination Specification
How do I test connectivity between two VM instances?
Set
source.instance and destination.instance to the instance IDs, as shown in the instances example.How do I test using IP addresses instead of instances?
Use
source.ipAddress and destination.ipAddress along with network and projectId, as shown in the addresses example.What types of endpoints can I specify as source or destination?
You can specify VM instances, IP addresses, GKE clusters, Cloud SQL instances, App Engine versions, Cloud Functions, Cloud Run revisions, forwarding rules, FQDNs, Redis instances, and Redis clusters.
What happens if my source or destination location is ambiguous?
Reachability analysis proceeds even with ambiguous locations, but the test result might include endpoints you don’t intend to test. Provide specific identifiers (instance ID, IP address) to avoid ambiguity.
Test Behavior & Options
Can I test the return path from destination back to source?
Yes, set
roundTrip to true to analyze the return path. It defaults to false.Can I skip firewall checking in my connectivity test?
Yes, set
bypassFirewallChecks to true. It defaults to false.How do I test connectivity across multiple projects?
Use the
relatedProjects property to specify other projects relevant for reachability analysis in cross-project scenarios.Labels & Metadata
Why are there labels on my connectivity test that I didn't set?
The
labels field is non-authoritative and only manages labels in your configuration. Other labels may be added by GCP services or other clients. Use effectiveLabels to see all labels present on the resource.Using a different cloud?
Explore networking guides for other cloud providers: