The gcp:networkmanagement/connectivityTest:ConnectivityTest resource, part of the Pulumi GCP provider, defines static connectivity tests that analyze network paths between Google Cloud resources without sending actual traffic. This guide focuses on three capabilities: VM instance connectivity, IP address reachability, and managed service endpoint testing.
Connectivity tests reference existing VPC networks, compute instances, or managed service endpoints like GKE clusters, Cloud SQL instances, and Cloud Run services. The examples are intentionally small. Combine them with your own network infrastructure and service deployments.
Test connectivity between VM instances
When troubleshooting network issues, teams often start by verifying that two VMs can communicate. Connectivity tests analyze the path between instances without sending actual traffic.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const vpc = new gcp.compute.Network("vpc", {name: "conn-test-net"});
const debian9 = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const source = new gcp.compute.Instance("source", {
networkInterfaces: [{
accessConfigs: [{}],
network: vpc.id,
}],
name: "source-vm",
machineType: "e2-medium",
bootDisk: {
initializeParams: {
image: debian9.then(debian9 => debian9.id),
},
},
});
const destination = new gcp.compute.Instance("destination", {
networkInterfaces: [{
accessConfigs: [{}],
network: vpc.id,
}],
name: "dest-vm",
machineType: "e2-medium",
bootDisk: {
initializeParams: {
image: debian9.then(debian9 => debian9.id),
},
},
});
const instance_test = new gcp.networkmanagement.ConnectivityTest("instance-test", {
name: "conn-test-instances",
source: {
instance: source.id,
},
destination: {
instance: destination.id,
},
protocol: "TCP",
labels: {
env: "test",
},
});
import pulumi
import pulumi_gcp as gcp
vpc = gcp.compute.Network("vpc", name="conn-test-net")
debian9 = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
source = gcp.compute.Instance("source",
network_interfaces=[{
"access_configs": [{}],
"network": vpc.id,
}],
name="source-vm",
machine_type="e2-medium",
boot_disk={
"initialize_params": {
"image": debian9.id,
},
})
destination = gcp.compute.Instance("destination",
network_interfaces=[{
"access_configs": [{}],
"network": vpc.id,
}],
name="dest-vm",
machine_type="e2-medium",
boot_disk={
"initialize_params": {
"image": debian9.id,
},
})
instance_test = gcp.networkmanagement.ConnectivityTest("instance-test",
name="conn-test-instances",
source={
"instance": source.id,
},
destination={
"instance": destination.id,
},
protocol="TCP",
labels={
"env": "test",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
vpc, err := compute.NewNetwork(ctx, "vpc", &compute.NetworkArgs{
Name: pulumi.String("conn-test-net"),
})
if err != nil {
return err
}
debian9, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
source, err := compute.NewInstance(ctx, "source", &compute.InstanceArgs{
NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
&compute.InstanceNetworkInterfaceArgs{
AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
&compute.InstanceNetworkInterfaceAccessConfigArgs{},
},
Network: vpc.ID(),
},
},
Name: pulumi.String("source-vm"),
MachineType: pulumi.String("e2-medium"),
BootDisk: &compute.InstanceBootDiskArgs{
InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
Image: pulumi.String(debian9.Id),
},
},
})
if err != nil {
return err
}
destination, err := compute.NewInstance(ctx, "destination", &compute.InstanceArgs{
NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
&compute.InstanceNetworkInterfaceArgs{
AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
&compute.InstanceNetworkInterfaceAccessConfigArgs{},
},
Network: vpc.ID(),
},
},
Name: pulumi.String("dest-vm"),
MachineType: pulumi.String("e2-medium"),
BootDisk: &compute.InstanceBootDiskArgs{
InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
Image: pulumi.String(debian9.Id),
},
},
})
if err != nil {
return err
}
_, err = networkmanagement.NewConnectivityTest(ctx, "instance-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-instances"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
Instance: source.ID(),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
Instance: destination.ID(),
},
Protocol: pulumi.String("TCP"),
Labels: pulumi.StringMap{
"env": pulumi.String("test"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var vpc = new Gcp.Compute.Network("vpc", new()
{
Name = "conn-test-net",
});
var debian9 = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var source = new Gcp.Compute.Instance("source", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = vpc.Id,
},
},
Name = "source-vm",
MachineType = "e2-medium",
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = debian9.Apply(getImageResult => getImageResult.Id),
},
},
});
var destination = new Gcp.Compute.Instance("destination", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = vpc.Id,
},
},
Name = "dest-vm",
MachineType = "e2-medium",
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = debian9.Apply(getImageResult => getImageResult.Id),
},
},
});
var instance_test = new Gcp.NetworkManagement.ConnectivityTest("instance-test", new()
{
Name = "conn-test-instances",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
Instance = source.Id,
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
Instance = destination.Id,
},
Protocol = "TCP",
Labels =
{
{ "env", "test" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vpc = new Network("vpc", NetworkArgs.builder()
.name("conn-test-net")
.build());
final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var source = new Instance("source", InstanceArgs.builder()
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()
.build())
.network(vpc.id())
.build())
.name("source-vm")
.machineType("e2-medium")
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image(debian9.id())
.build())
.build())
.build());
var destination = new Instance("destination", InstanceArgs.builder()
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()
.build())
.network(vpc.id())
.build())
.name("dest-vm")
.machineType("e2-medium")
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image(debian9.id())
.build())
.build())
.build());
var instance_test = new ConnectivityTest("instance-test", ConnectivityTestArgs.builder()
.name("conn-test-instances")
.source(ConnectivityTestSourceArgs.builder()
.instance(source.id())
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.instance(destination.id())
.build())
.protocol("TCP")
.labels(Map.of("env", "test"))
.build());
}
}
resources:
instance-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-instances
source:
instance: ${source.id}
destination:
instance: ${destination.id}
protocol: TCP
labels:
env: test
source:
type: gcp:compute:Instance
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${vpc.id}
name: source-vm
machineType: e2-medium
bootDisk:
initializeParams:
image: ${debian9.id}
destination:
type: gcp:compute:Instance
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${vpc.id}
name: dest-vm
machineType: e2-medium
bootDisk:
initializeParams:
image: ${debian9.id}
vpc:
type: gcp:compute:Network
properties:
name: conn-test-net
variables:
debian9:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud
The source and destination properties identify the instances by ID. The protocol property specifies which transport protocol to test (TCP in this case). The test performs static analysis of firewall rules, routes, and network configuration to determine if traffic would succeed, without actually sending packets between the instances.
Test connectivity between IP addresses
When troubleshooting connectivity to specific IP addresses within your VPC, you can test reachability without needing to reference specific instances.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const vpc = new gcp.compute.Network("vpc", {name: "connectivity-vpc"});
const subnet = new gcp.compute.Subnetwork("subnet", {
name: "connectivity-vpc-subnet",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: vpc.id,
});
const source_addr = new gcp.compute.Address("source-addr", {
name: "src-addr",
subnetwork: subnet.id,
addressType: "INTERNAL",
address: "10.0.42.42",
region: "us-central1",
});
const dest_addr = new gcp.compute.Address("dest-addr", {
name: "dest-addr",
subnetwork: subnet.id,
addressType: "INTERNAL",
address: "10.0.43.43",
region: "us-central1",
});
const address_test = new gcp.networkmanagement.ConnectivityTest("address-test", {
name: "conn-test-addr",
source: {
ipAddress: source_addr.address,
projectId: source_addr.project,
network: vpc.id,
networkType: "GCP_NETWORK",
},
destination: {
ipAddress: dest_addr.address,
projectId: dest_addr.project,
network: vpc.id,
},
protocol: "UDP",
});
import pulumi
import pulumi_gcp as gcp
vpc = gcp.compute.Network("vpc", name="connectivity-vpc")
subnet = gcp.compute.Subnetwork("subnet",
name="connectivity-vpc-subnet",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=vpc.id)
source_addr = gcp.compute.Address("source-addr",
name="src-addr",
subnetwork=subnet.id,
address_type="INTERNAL",
address="10.0.42.42",
region="us-central1")
dest_addr = gcp.compute.Address("dest-addr",
name="dest-addr",
subnetwork=subnet.id,
address_type="INTERNAL",
address="10.0.43.43",
region="us-central1")
address_test = gcp.networkmanagement.ConnectivityTest("address-test",
name="conn-test-addr",
source={
"ip_address": source_addr.address,
"project_id": source_addr.project,
"network": vpc.id,
"network_type": "GCP_NETWORK",
},
destination={
"ip_address": dest_addr.address,
"project_id": dest_addr.project,
"network": vpc.id,
},
protocol="UDP")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
vpc, err := compute.NewNetwork(ctx, "vpc", &compute.NetworkArgs{
Name: pulumi.String("connectivity-vpc"),
})
if err != nil {
return err
}
subnet, err := compute.NewSubnetwork(ctx, "subnet", &compute.SubnetworkArgs{
Name: pulumi.String("connectivity-vpc-subnet"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: vpc.ID(),
})
if err != nil {
return err
}
source_addr, err := compute.NewAddress(ctx, "source-addr", &compute.AddressArgs{
Name: pulumi.String("src-addr"),
Subnetwork: subnet.ID(),
AddressType: pulumi.String("INTERNAL"),
Address: pulumi.String("10.0.42.42"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
dest_addr, err := compute.NewAddress(ctx, "dest-addr", &compute.AddressArgs{
Name: pulumi.String("dest-addr"),
Subnetwork: subnet.ID(),
AddressType: pulumi.String("INTERNAL"),
Address: pulumi.String("10.0.43.43"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
_, err = networkmanagement.NewConnectivityTest(ctx, "address-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-addr"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
IpAddress: source_addr.Address,
ProjectId: source_addr.Project,
Network: vpc.ID(),
NetworkType: pulumi.String("GCP_NETWORK"),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
IpAddress: dest_addr.Address,
ProjectId: dest_addr.Project,
Network: vpc.ID(),
},
Protocol: pulumi.String("UDP"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var vpc = new Gcp.Compute.Network("vpc", new()
{
Name = "connectivity-vpc",
});
var subnet = new Gcp.Compute.Subnetwork("subnet", new()
{
Name = "connectivity-vpc-subnet",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = vpc.Id,
});
var source_addr = new Gcp.Compute.Address("source-addr", new()
{
Name = "src-addr",
Subnetwork = subnet.Id,
AddressType = "INTERNAL",
IPAddress = "10.0.42.42",
Region = "us-central1",
});
var dest_addr = new Gcp.Compute.Address("dest-addr", new()
{
Name = "dest-addr",
Subnetwork = subnet.Id,
AddressType = "INTERNAL",
IPAddress = "10.0.43.43",
Region = "us-central1",
});
var address_test = new Gcp.NetworkManagement.ConnectivityTest("address-test", new()
{
Name = "conn-test-addr",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
IpAddress = source_addr.IPAddress,
ProjectId = source_addr.Project,
Network = vpc.Id,
NetworkType = "GCP_NETWORK",
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
IpAddress = dest_addr.IPAddress,
ProjectId = dest_addr.Project,
Network = vpc.Id,
},
Protocol = "UDP",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var vpc = new Network("vpc", NetworkArgs.builder()
.name("connectivity-vpc")
.build());
var subnet = new Subnetwork("subnet", SubnetworkArgs.builder()
.name("connectivity-vpc-subnet")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(vpc.id())
.build());
var source_addr = new Address("source-addr", AddressArgs.builder()
.name("src-addr")
.subnetwork(subnet.id())
.addressType("INTERNAL")
.address("10.0.42.42")
.region("us-central1")
.build());
var dest_addr = new Address("dest-addr", AddressArgs.builder()
.name("dest-addr")
.subnetwork(subnet.id())
.addressType("INTERNAL")
.address("10.0.43.43")
.region("us-central1")
.build());
var address_test = new ConnectivityTest("address-test", ConnectivityTestArgs.builder()
.name("conn-test-addr")
.source(ConnectivityTestSourceArgs.builder()
.ipAddress(source_addr.address())
.projectId(source_addr.project())
.network(vpc.id())
.networkType("GCP_NETWORK")
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.ipAddress(dest_addr.address())
.projectId(dest_addr.project())
.network(vpc.id())
.build())
.protocol("UDP")
.build());
}
}
resources:
address-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-addr
source:
ipAddress: ${["source-addr"].address}
projectId: ${["source-addr"].project}
network: ${vpc.id}
networkType: GCP_NETWORK
destination:
ipAddress: ${["dest-addr"].address}
projectId: ${["dest-addr"].project}
network: ${vpc.id}
protocol: UDP
vpc:
type: gcp:compute:Network
properties:
name: connectivity-vpc
subnet:
type: gcp:compute:Subnetwork
properties:
name: connectivity-vpc-subnet
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${vpc.id}
source-addr:
type: gcp:compute:Address
properties:
name: src-addr
subnetwork: ${subnet.id}
addressType: INTERNAL
address: 10.0.42.42
region: us-central1
dest-addr:
type: gcp:compute:Address
properties:
name: dest-addr
subnetwork: ${subnet.id}
addressType: INTERNAL
address: 10.0.43.43
region: us-central1
The ipAddress property specifies the source and destination addresses. The network property identifies which VPC network contains these addresses. The networkType property indicates this is a GCP-managed network. This configuration tests UDP connectivity by analyzing the network path between the two internal addresses.
Test connectivity across managed service endpoints
Applications often span multiple managed services like GKE, Cloud SQL, and Cloud Run. Testing connectivity between these endpoints helps diagnose cross-service communication issues.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const endpoints_test = new gcp.networkmanagement.ConnectivityTest("endpoints-test", {
name: "conn-test-endpoints",
source: {
gkeMasterCluster: "projects/test-project/locations/us-central1/clusters/name",
cloudSqlInstance: "projects/test-project/instances/name",
appEngineVersion: {
uri: "apps/test-project/services/default/versions/name",
},
cloudFunction: {
uri: "projects/test-project/locations/us-central1/functions/name",
},
cloudRunRevision: {
uri: "projects/test-project/locations/us-central1/revisions/name",
},
port: 80,
},
destination: {
port: 443,
forwardingRule: "projects/test-project/regions/us-central1/forwardingRules/name",
gkeMasterCluster: "projects/test-project/locations/us-central1/clusters/name",
fqdn: "name.us-central1.gke.goog",
cloudSqlInstance: "projects/test-project/instances/name",
redisInstance: "projects/test-project/locations/us-central1/instances/name",
redisCluster: "projects/test-project/locations/us-central1/clusters/name",
},
bypassFirewallChecks: true,
roundTrip: true,
});
import pulumi
import pulumi_gcp as gcp
endpoints_test = gcp.networkmanagement.ConnectivityTest("endpoints-test",
name="conn-test-endpoints",
source={
"gke_master_cluster": "projects/test-project/locations/us-central1/clusters/name",
"cloud_sql_instance": "projects/test-project/instances/name",
"app_engine_version": {
"uri": "apps/test-project/services/default/versions/name",
},
"cloud_function": {
"uri": "projects/test-project/locations/us-central1/functions/name",
},
"cloud_run_revision": {
"uri": "projects/test-project/locations/us-central1/revisions/name",
},
"port": 80,
},
destination={
"port": 443,
"forwarding_rule": "projects/test-project/regions/us-central1/forwardingRules/name",
"gke_master_cluster": "projects/test-project/locations/us-central1/clusters/name",
"fqdn": "name.us-central1.gke.goog",
"cloud_sql_instance": "projects/test-project/instances/name",
"redis_instance": "projects/test-project/locations/us-central1/instances/name",
"redis_cluster": "projects/test-project/locations/us-central1/clusters/name",
},
bypass_firewall_checks=True,
round_trip=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkmanagement"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkmanagement.NewConnectivityTest(ctx, "endpoints-test", &networkmanagement.ConnectivityTestArgs{
Name: pulumi.String("conn-test-endpoints"),
Source: &networkmanagement.ConnectivityTestSourceArgs{
GkeMasterCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
CloudSqlInstance: pulumi.String("projects/test-project/instances/name"),
AppEngineVersion: &networkmanagement.ConnectivityTestSourceAppEngineVersionArgs{
Uri: pulumi.String("apps/test-project/services/default/versions/name"),
},
CloudFunction: &networkmanagement.ConnectivityTestSourceCloudFunctionArgs{
Uri: pulumi.String("projects/test-project/locations/us-central1/functions/name"),
},
CloudRunRevision: &networkmanagement.ConnectivityTestSourceCloudRunRevisionArgs{
Uri: pulumi.String("projects/test-project/locations/us-central1/revisions/name"),
},
Port: pulumi.Int(80),
},
Destination: &networkmanagement.ConnectivityTestDestinationArgs{
Port: pulumi.Int(443),
ForwardingRule: pulumi.String("projects/test-project/regions/us-central1/forwardingRules/name"),
GkeMasterCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
Fqdn: pulumi.String("name.us-central1.gke.goog"),
CloudSqlInstance: pulumi.String("projects/test-project/instances/name"),
RedisInstance: pulumi.String("projects/test-project/locations/us-central1/instances/name"),
RedisCluster: pulumi.String("projects/test-project/locations/us-central1/clusters/name"),
},
BypassFirewallChecks: pulumi.Bool(true),
RoundTrip: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var endpoints_test = new Gcp.NetworkManagement.ConnectivityTest("endpoints-test", new()
{
Name = "conn-test-endpoints",
Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs
{
GkeMasterCluster = "projects/test-project/locations/us-central1/clusters/name",
CloudSqlInstance = "projects/test-project/instances/name",
AppEngineVersion = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceAppEngineVersionArgs
{
Uri = "apps/test-project/services/default/versions/name",
},
CloudFunction = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceCloudFunctionArgs
{
Uri = "projects/test-project/locations/us-central1/functions/name",
},
CloudRunRevision = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceCloudRunRevisionArgs
{
Uri = "projects/test-project/locations/us-central1/revisions/name",
},
Port = 80,
},
Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs
{
Port = 443,
ForwardingRule = "projects/test-project/regions/us-central1/forwardingRules/name",
GkeMasterCluster = "projects/test-project/locations/us-central1/clusters/name",
Fqdn = "name.us-central1.gke.goog",
CloudSqlInstance = "projects/test-project/instances/name",
RedisInstance = "projects/test-project/locations/us-central1/instances/name",
RedisCluster = "projects/test-project/locations/us-central1/clusters/name",
},
BypassFirewallChecks = true,
RoundTrip = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networkmanagement.ConnectivityTest;
import com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceAppEngineVersionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceCloudFunctionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceCloudRunRevisionArgs;
import com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var endpoints_test = new ConnectivityTest("endpoints-test", ConnectivityTestArgs.builder()
.name("conn-test-endpoints")
.source(ConnectivityTestSourceArgs.builder()
.gkeMasterCluster("projects/test-project/locations/us-central1/clusters/name")
.cloudSqlInstance("projects/test-project/instances/name")
.appEngineVersion(ConnectivityTestSourceAppEngineVersionArgs.builder()
.uri("apps/test-project/services/default/versions/name")
.build())
.cloudFunction(ConnectivityTestSourceCloudFunctionArgs.builder()
.uri("projects/test-project/locations/us-central1/functions/name")
.build())
.cloudRunRevision(ConnectivityTestSourceCloudRunRevisionArgs.builder()
.uri("projects/test-project/locations/us-central1/revisions/name")
.build())
.port(80)
.build())
.destination(ConnectivityTestDestinationArgs.builder()
.port(443)
.forwardingRule("projects/test-project/regions/us-central1/forwardingRules/name")
.gkeMasterCluster("projects/test-project/locations/us-central1/clusters/name")
.fqdn("name.us-central1.gke.goog")
.cloudSqlInstance("projects/test-project/instances/name")
.redisInstance("projects/test-project/locations/us-central1/instances/name")
.redisCluster("projects/test-project/locations/us-central1/clusters/name")
.build())
.bypassFirewallChecks(true)
.roundTrip(true)
.build());
}
}
resources:
endpoints-test:
type: gcp:networkmanagement:ConnectivityTest
properties:
name: conn-test-endpoints
source:
gkeMasterCluster: projects/test-project/locations/us-central1/clusters/name
cloudSqlInstance: projects/test-project/instances/name
appEngineVersion:
uri: apps/test-project/services/default/versions/name
cloudFunction:
uri: projects/test-project/locations/us-central1/functions/name
cloudRunRevision:
uri: projects/test-project/locations/us-central1/revisions/name
port: 80
destination:
port: 443
forwardingRule: projects/test-project/regions/us-central1/forwardingRules/name
gkeMasterCluster: projects/test-project/locations/us-central1/clusters/name
fqdn: name.us-central1.gke.goog
cloudSqlInstance: projects/test-project/instances/name
redisInstance: projects/test-project/locations/us-central1/instances/name
redisCluster: projects/test-project/locations/us-central1/clusters/name
bypassFirewallChecks: true
roundTrip: true
The source and destination properties support multiple endpoint types: gkeMasterCluster for GKE control planes, cloudSqlInstance for databases, appEngineVersion for App Engine services, cloudFunction for Cloud Functions, cloudRunRevision for Cloud Run services, forwardingRule for load balancers, fqdn for DNS names, redisInstance and redisCluster for Redis deployments. The port property specifies which TCP or UDP port to test. This configuration demonstrates testing connectivity from various source types to multiple destination endpoints.
Beyond these examples
These snippets focus on specific connectivity test features: VM instance connectivity testing, IP address-based reachability analysis, and managed service endpoint testing. They’re intentionally minimal rather than full network diagnostic solutions.
The examples may reference pre-existing infrastructure such as VPC networks and subnets, and managed service endpoints like GKE clusters, Cloud SQL instances, and Cloud Run services. They focus on configuring the connectivity test rather than provisioning the underlying infrastructure.
To keep things focused, common connectivity test patterns are omitted, including:
- Firewall rule bypass (bypassFirewallChecks)
- Bidirectional testing (roundTrip)
- Cross-project analysis (relatedProjects)
- Test descriptions and custom labels
These omissions are intentional: the goal is to illustrate how each connectivity test feature is wired, not provide drop-in network diagnostic modules. See the ConnectivityTest resource reference for all available configuration options.
Let's configure GCP Network Connectivity Tests
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Source & Destination Specification
What happens if my source or destination location is ambiguous?
Reachability analysis proceeds even with ambiguous locations, but the test might include unintended endpoints or paths. Provide specific identifiers like instance IDs, IP addresses, or network references to ensure accurate results.
How do I test connectivity between VM instances?
Set the
instance property in both source and destination to reference your VM instance IDs, as shown in the instances example.How do I test connectivity using IP addresses?
Configure
ipAddress, projectId, network, and networkType in both source and destination specifications.What endpoint types can I test connectivity for?
You can test GKE clusters (
gkeMasterCluster), Cloud SQL instances (cloudSqlInstance), App Engine versions (appEngineVersion), Cloud Functions (cloudFunction), Cloud Run revisions (cloudRunRevision), forwarding rules (forwardingRule), FQDNs (fqdn), Redis instances (redisInstance), and Redis clusters (redisCluster).Configuration & Defaults
What are the default values for connectivity tests?
The default protocol is TCP,
bypassFirewallChecks defaults to false, and roundTrip defaults to false (unidirectional testing).How do I enable bidirectional connectivity testing?
Set
roundTrip to true to analyze the return path from destination back to source.When should I use the relatedProjects property?
Use
relatedProjects when your connectivity test crosses project boundaries and you need to include other projects in the reachability analysis.Resource Management
What properties can't I change after creating a connectivity test?
The
name and project properties are immutable. Changing either forces resource replacement.Why don't my labels match what's shown in GCP?
The
labels field is non-authoritative and only manages labels in your configuration. Use effectiveLabels to see all labels present on the resource, including those set by other clients or services.Using a different cloud?
Explore networking guides for other cloud providers: