Skip to main content
← back to extensions

Gcp/networkservices

@swamp/gcp/networkservicesv2026.06.12.1· 3d agoMODELS
01README

Google Cloud networkservices infrastructure models

02Release Notes
  • Updated: agentgateways
03Models21
@swamp/gcp/networkservices/agentgatewaysv2026.06.12.1agentgateways.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
agentGatewayCard?objectAgentGatewayOutputCard contains informational output-only fields
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
googleManaged?objectConfiguration for Google Managed deployment mode. Proxy is orchestrated and managed by GoogleCloud in a tenant project.
labels?recordOptional. Set of label tags associated with the AgentGateway resource.
name?stringIdentifier. Name of the AgentGateway resource. It matches pattern `projects/*/locations/*/agentGateways/`.
networkConfig?objectNetworkConfig contains network configurations for the AgentGateway.
registries?arrayOptional. A list of Agent registries containing the agents, MCP servers and tools governed by the Agent Gateway. Note: Currently limited to project-scoped registries Must be of format `//agentregistry.googleapis.com/projects/{project}/locations/{location}/
selfManaged?objectConfiguration for Self Managed deployment mode. Attach to existing Application Load Balancers or Secure Web Proxies.
agentGatewayId?stringRequired. Short name of the AgentGateway resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a agentGateways
fn get(identifier: string)
Get a agentGateways
ArgumentTypeDescription
identifierstringThe name of the agentGateways
fn update()
Update agentGateways attributes
fn delete(identifier: string)
Delete the agentGateways
ArgumentTypeDescription
identifierstringThe name of the agentGateways
fn sync()
Sync agentGateways state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List agentGateways resources
ArgumentTypeDescription
pageSize?numberOptional. Maximum number of AgentGateways to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— AgentGateway represents the agent gateway resource.
@swamp/gcp/networkservices/authzextensionsv2026.06.08.1authzextensions.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
authority?stringOptional. The `:authority` header in the gRPC request sent from Envoy to the extension service. It is required when the `service` field points to a backend service or a wasm plugin.
description?stringOptional. A human-readable description of the resource.
failOpen?booleanOptional. Determines how the proxy behaves if the call to the extension fails or times out. When set to `TRUE`, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to `FALSE` or the default setting of `FALSE` is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a
forwardAttributes?arrayOptional. List of the Envoy attributes to forward to the extension server. The attributes provided here are included as part of the `ProcessingRequest.attributes` field (of type `map`), where the keys are the attribute names. Refer to the [documentation](https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference#attributes) for the names of attributes that can be forwarded. If omitted, no attributes are sent. Each element is a string indicating the attribute name.
forwardHeaders?arrayOptional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.
labels?recordOptional. Set of labels associated with the `AuthzExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?enumOptional. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. Can be omitted for AuthzExtensions that do not reference a backend service. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?recordOptional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata is available under the namespace `com.google.authz_extension.`. The following variables are supported in the metadata Struct: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name.
name?stringRequired. Identifier. Name of the `AuthzExtension` resource in the following format: `projects/{project}/locations/{location}/authzExtensions/{authz_extension}`.
service?stringRequired. The reference to the service that runs the extension. To configure a callout extension, `service` must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: `https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService}` or `https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}`.
timeout?stringRequired. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
wireFormat?enumOptional. The format of communication supported by the callout extension. This field is supported only for regional `AuthzExtension` resources. If not specified, the default value `EXT_PROC_GRPC` is used. Global `AuthzExtension` resources use the `EXT_PROC_GRPC` wire format.
authzExtensionId?stringRequired. User-provided ID of the `AuthzExtension` resource to be created.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a authzExtensions
fn get(identifier: string)
Get a authzExtensions
ArgumentTypeDescription
identifierstringThe name of the authzExtensions
fn update()
Update authzExtensions attributes
fn delete(identifier: string)
Delete the authzExtensions
ArgumentTypeDescription
identifierstringThe name of the authzExtensions
fn sync()
Sync authzExtensions state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List authzExtensions resources
ArgumentTypeDescription
filter?stringOptional. Filtering results.
orderBy?stringOptional. Hint about how to order the results.
pageSize?numberOptional. Requested page size. The server might return fewer items than requested. If unspecified, the server picks an appropriate default.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— `AuthzExtension` is a resource that allows traffic forwarding to a callout ba...
@swamp/gcp/networkservices/endpointpoliciesv2026.06.08.1endpointpolicies.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
authorizationPolicy?stringOptional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
clientTlsPolicy?stringOptional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). A
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
endpointMatcher?objectA definition of a matcher that selects endpoints to which the policies should be applied.
labels?recordOptional. Set of label tags associated with the EndpointPolicy resource.
name?stringIdentifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/*/endpointPolicies/{endpoint_policy}`.
serverTlsPolicy?stringOptional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
trafficPortSelector?objectSpecification of a port-based selector.
type?enumRequired. The type of endpoint policy. This is primarily used to validate the configuration.
endpointPolicyId?stringRequired. Short name of the EndpointPolicy resource to be created. E.g. "CustomECS".
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a endpointPolicies
fn get(identifier: string)
Get a endpointPolicies
ArgumentTypeDescription
identifierstringThe name of the endpointPolicies
fn update()
Update endpointPolicies attributes
fn delete(identifier: string)
Delete the endpointPolicies
ArgumentTypeDescription
identifierstringThe name of the endpointPolicies
fn sync()
Sync endpointPolicies state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List endpointPolicies resources
ArgumentTypeDescription
pageSize?numberMaximum number of EndpointPolicies to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— EndpointPolicy is a resource that helps apply desired configuration on the en...
@swamp/gcp/networkservices/gatewaysv2026.06.08.1gateways.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
addresses?arrayOptional. Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and:: for IPv6.
allPorts?booleanOptional. If true, the Gateway will listen on all ports. This is mutually exclusive with the `ports` field. This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.
allowGlobalAccess?booleanOptional. If true, the gateway will allow traffic from clients outside of the region where the gateway is located. This field is configurable only for gateways of type SECURE_WEB_GATEWAY.
certificateUrls?arrayOptional. A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
envoyHeaders?enumOptional. Determines if envoy will insert internal debug headers into upstream requests. Other Envoy headers may still be injected. By default, envoy will not insert any debug headers.
gatewaySecurityPolicy?stringOptional. A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. For example: `projects/*/locations/*/gatewaySecurityPolicies/swg-policy`. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
ipVersion?enumOptional. The IP Version that will be used by this gateway. Valid options are IPV4 or IPV6. Default is IPV4.
labels?recordOptional. Set of label tags associated with the Gateway resource.
name?stringIdentifier. Name of the Gateway resource. It matches pattern `projects/*/locations/*/gateways/`.
network?stringOptional. The relative resource name identifying the VPC network that is using this configuration. For example: `projects/*/global/networks/network-1`. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.
ports?arrayRequired. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 5 ports. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and:: for IPv6 and support multiple ports.
routingMode?enumOptional. The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
scope?stringOptional. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single configuration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
serverTlsPolicy?stringOptional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
subnetwork?stringOptional. The relative resource name identifying the subnetwork in which this SWG is allocated. For example: `projects/*/regions/us-central1/subnetworks/network-1` Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY\
type?enumImmutable. The type of the customer managed gateway. This field is required. If unspecified, an error is returned.
gatewayId?stringRequired. Short name of the Gateway resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a gateways
fn get(identifier: string)
Get a gateways
ArgumentTypeDescription
identifierstringThe name of the gateways
fn update()
Update gateways attributes
fn delete(identifier: string)
Delete the gateways
ArgumentTypeDescription
identifierstringThe name of the gateways
fn sync()
Sync gateways state from GCP
fn list(pageSize?: number, maxPages?: number)
List gateways resources
ArgumentTypeDescription
pageSize?numberMaximum number of Gateways to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— Gateway represents the configuration for a proxy, typically a load balancer. ...
@swamp/gcp/networkservices/gateways-routeviewsv2026.06.08.1gateways_routeviews.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn get(identifier: string)
Get a routeViews
ArgumentTypeDescription
identifierstringThe name of the routeViews
fn sync()
Sync routeViews state from GCP
fn list(pageSize?: number, maxPages?: number)
List routeViews resources
ArgumentTypeDescription
pageSize?numberMaximum number of GatewayRouteViews to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— GatewayRouteView defines view-only resource for Routes to a Gateway
@swamp/gcp/networkservices/grpcroutesv2026.06.08.1grpcroutes.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
gateways?arrayOptional. Gateways defines a list of gateways this GrpcRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/*/gateways/`
hostnames?arrayRequired. Service hostnames with an optional port for which this route describes traffic. Format: [:] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.
labels?recordOptional. Set of label tags associated with the GrpcRoute resource.
meshes?arrayOptional. Meshes defines a list of meshes this GrpcRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/*/meshes/`
name?stringIdentifier. Name of the GrpcRoute resource. It matches pattern `projects/*/locations/*/grpcRoutes/`
rules?arrayRequired. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied.
grpcRouteId?stringRequired. Short name of the GrpcRoute resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a grpcRoutes
fn get(identifier: string)
Get a grpcRoutes
ArgumentTypeDescription
identifierstringThe name of the grpcRoutes
fn update()
Update grpcRoutes attributes
fn delete(identifier: string)
Delete the grpcRoutes
ArgumentTypeDescription
identifierstringThe name of the grpcRoutes
fn sync()
Sync grpcRoutes state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List grpcRoutes resources
ArgumentTypeDescription
pageSize?numberMaximum number of GrpcRoutes to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— GrpcRoute is the resource defining how gRPC traffic routed by a Mesh or Gatew...
@swamp/gcp/networkservices/httproutesv2026.06.08.1httproutes.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
gateways?arrayOptional. Gateways defines a list of gateways this HttpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/*/gateways/`
hostnames?arrayRequired. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.examp
labels?recordOptional. Set of label tags associated with the HttpRoute resource.
meshes?arrayOptional. Meshes defines a list of meshes this HttpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/*/meshes/` The attached Mesh should be of a type SIDECAR
name?stringIdentifier. Name of the HttpRoute resource. It matches pattern `projects/*/locations/*/httpRoutes/http_route_name>`.
rules?arrayRequired. Rules that define how traffic is routed and handled. Rules will be matched sequentially based on the RouteMatch specified for the rule.
httpRouteId?stringRequired. Short name of the HttpRoute resource to be created.
requestId?stringOptional. Idempotent request UUID.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a httpRoutes
fn get(identifier: string)
Get a httpRoutes
ArgumentTypeDescription
identifierstringThe name of the httpRoutes
fn update()
Update httpRoutes attributes
fn delete(identifier: string)
Delete the httpRoutes
ArgumentTypeDescription
identifierstringThe name of the httpRoutes
fn sync()
Sync httpRoutes state from GCP
fn list(filter?: string, pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List httpRoutes resources
ArgumentTypeDescription
filter?stringOptional. Filter expression to restrict the list.
pageSize?numberMaximum number of HttpRoutes to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— HttpRoute is the resource defining how HTTP traffic should be routed by a Mes...
@swamp/gcp/networkservices/lbedgeextensionsv2026.06.08.1lbedgeextensions.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A human-readable description of the resource.
extensionChains?arrayRequired. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?arrayRequired. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbEdgeExtension` resource can be associated with a forwarding rule.
labels?recordOptional. Set of labels associated with the `LbEdgeExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?enumRequired. All forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `EXTERNAL_MANAGED`.
name?stringRequired. Identifier. Name of the `LbEdgeExtension` resource in the following format: `projects/{project}/locations/{location}/lbEdgeExtensions/{lb_edge_extension}`.
lbEdgeExtensionId?stringRequired. User-provided ID of the `LbEdgeExtension` resource to be created.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a lbEdgeExtensions
fn get(identifier: string)
Get a lbEdgeExtensions
ArgumentTypeDescription
identifierstringThe name of the lbEdgeExtensions
fn update()
Update lbEdgeExtensions attributes
fn delete(identifier: string)
Delete the lbEdgeExtensions
ArgumentTypeDescription
identifierstringThe name of the lbEdgeExtensions
fn sync()
Sync lbEdgeExtensions state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List lbEdgeExtensions resources
ArgumentTypeDescription
filter?stringOptional. Filtering results.
orderBy?stringOptional. Hint about how to order the results.
pageSize?numberOptional. Requested page size. The server might return fewer items than requested. If unspecified, the server picks an appropriate default.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— `LbEdgeExtension` is a resource that lets the extension service influence the...
@swamp/gcp/networkservices/lbrouteextensionsv2026.06.08.1lbrouteextensions.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A human-readable description of the resource.
extensionChains?arrayRequired. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?arrayRequired. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbRouteExtension` resource can be associated with a forwarding rule.
labels?recordOptional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?enumRequired. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?recordOptional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata applies to all extensions in all extensions chains in this resource. The metadata is available under the key `com.google.lb_route_extension.`. The following variables are supported in the metadata: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name. This field
name?stringRequired. Identifier. Name of the `LbRouteExtension` resource in the following format: `projects/{project}/locations/{location}/lbRouteExtensions/{lb_route_extension}`.
lbRouteExtensionId?stringRequired. User-provided ID of the `LbRouteExtension` resource to be created.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a lbRouteExtensions
fn get(identifier: string)
Get a lbRouteExtensions
ArgumentTypeDescription
identifierstringThe name of the lbRouteExtensions
fn update()
Update lbRouteExtensions attributes
fn delete(identifier: string)
Delete the lbRouteExtensions
ArgumentTypeDescription
identifierstringThe name of the lbRouteExtensions
fn sync()
Sync lbRouteExtensions state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List lbRouteExtensions resources
ArgumentTypeDescription
filter?stringOptional. Filtering results.
orderBy?stringOptional. Hint about how to order the results.
pageSize?numberOptional. Requested page size. The server might return fewer items than requested. If unspecified, the server picks an appropriate default.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— `LbRouteExtension` is a resource that lets you control where traffic is route...
@swamp/gcp/networkservices/lbtrafficextensionsv2026.06.08.1lbtrafficextensions.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A human-readable description of the resource.
extensionChains?arrayRequired. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?arrayOptional. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbTrafficExtension` resource can be associated with a forwarding rule.
labels?recordOptional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?enumRequired. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?recordOptional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata applies to all extensions in all extensions chains in this resource. The metadata is available under the key `com.google.lb_traffic_extension.`. The following variables are supported in the metadata: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name. This fiel
name?stringRequired. Identifier. Name of the `LbTrafficExtension` resource in the following format: `projects/{project}/locations/{location}/lbTrafficExtensions/{lb_traffic_extension}`.
lbTrafficExtensionId?stringRequired. User-provided ID of the `LbTrafficExtension` resource to be created.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a lbTrafficExtensions
fn get(identifier: string)
Get a lbTrafficExtensions
ArgumentTypeDescription
identifierstringThe name of the lbTrafficExtensions
fn update()
Update lbTrafficExtensions attributes
fn delete(identifier: string)
Delete the lbTrafficExtensions
ArgumentTypeDescription
identifierstringThe name of the lbTrafficExtensions
fn sync()
Sync lbTrafficExtensions state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List lbTrafficExtensions resources
ArgumentTypeDescription
filter?stringOptional. Filtering results.
orderBy?stringOptional. Hint about how to order the results.
pageSize?numberOptional. Requested page size. The server might return fewer items than requested. If unspecified, the server picks an appropriate default.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— `LbTrafficExtension` is a resource that lets the extension service modify the...
@swamp/gcp/networkservices/locationsv2026.06.08.1locations.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
fn get(identifier: string)
Get a locations
ArgumentTypeDescription
identifierstringThe name of the locations
fn sync()
Sync locations state from GCP
fn list(extraLocationTypes?: string, filter?: string, pageSize?: number, maxPages?: number)
List locations resources
ArgumentTypeDescription
extraLocationTypes?stringOptional. Do not use this field unless explicitly documented otherwise. This is primarily for internal usage.
filter?stringA filter to narrow down results to a preferred subset. The filtering language accepts strings like `"displayName=tokyo"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160).
pageSize?numberThe maximum number of results to return. If not set, the service selects a default.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— A resource that represents a Google Cloud location.
@swamp/gcp/networkservices/meshesv2026.06.08.1meshes.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
envoyHeaders?enumOptional. Determines if envoy will insert internal debug headers into upstream requests. Other Envoy headers may still be injected. By default, envoy will not insert any debug headers.
interceptionPort?numberOptional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to be redirected to this port regardless of its actual ip:port destination. If unset, a port '15001' is used as the interception port. This is applicable only for sidecar proxy deployments.
labels?recordOptional. Set of label tags associated with the Mesh resource.
name?stringIdentifier. Name of the Mesh resource. It matches pattern `projects/*/locations/*/meshes/`.
meshId?stringRequired. Short name of the Mesh resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a meshes
fn get(identifier: string)
Get a meshes
ArgumentTypeDescription
identifierstringThe name of the meshes
fn update()
Update meshes attributes
fn delete(identifier: string)
Delete the meshes
ArgumentTypeDescription
identifierstringThe name of the meshes
fn sync()
Sync meshes state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List meshes resources
ArgumentTypeDescription
pageSize?numberMaximum number of Meshes to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— Mesh represents a logical configuration grouping for workload to workload com...
@swamp/gcp/networkservices/meshes-routeviewsv2026.06.08.1meshes_routeviews.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn get(identifier: string)
Get a routeViews
ArgumentTypeDescription
identifierstringThe name of the routeViews
fn sync()
Sync routeViews state from GCP
fn list(pageSize?: number, maxPages?: number)
List routeViews resources
ArgumentTypeDescription
pageSize?numberMaximum number of MeshRouteViews to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— MeshRouteView defines view-only resource for Routes to a Mesh
@swamp/gcp/networkservices/multicastconsumerassociationsv2026.06.08.1multicastconsumerassociations.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. An optional text description of the multicast consumer association.
labels?recordOptional. Labels as key-value pairs
multicastDomainActivation?stringOptional. The resource name of the multicast domain activation that is in the same zone as this multicast consumer association. Use the following format: `projects/*/locations/*/multicastDomainActivations/*`.
name?stringIdentifier. The resource name of the multicast consumer association. Use the following format: `projects/*/locations/*/multicastConsumerAssociations/*`.
network?stringRequired. The resource name of the multicast consumer VPC network. Use following format: `projects/{project}/locations/global/networks/{network}`.
state?objectThe multicast resource's state.
multicastConsumerAssociationId?stringRequired. A unique name for the multicast consumer association. The name is restricted to lower-case letters, numbers, and hyphen, with the first character a lower-case letter, and the last a letter or a number. The name must not exceed 48 characters.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID w
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a multicastConsumerAssociations
fn get(identifier: string)
Get a multicastConsumerAssociations
ArgumentTypeDescription
identifierstringThe name of the multicastConsumerAssociations
fn update()
Update multicastConsumerAssociations attributes
fn delete(identifier: string)
Delete the multicastConsumerAssociations
ArgumentTypeDescription
identifierstringThe name of the multicastConsumerAssociations
fn sync()
Sync multicastConsumerAssociations state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List multicastConsumerAssociations resources
ArgumentTypeDescription
filter?stringOptional. A filter expression that filters the resources listed in the response. The expression must be of the form ` ` where operators: `<`, `>`, `<=`, `>=`, `!=`, `=`, `:` are supported (colon `:` represents a HAS operator which is roughly synonymous with equality). can refer to a proto or JSON field, or a synthetic field. Field names can be camelCase or snake_case. Examples: * Filter by name: name = "RESOURCE_NAME" * Filter by labels: * Resources that have a key named `foo` labels.foo:* * Res
orderBy?stringOptional. A field used to sort the results by a certain order.
pageSize?numberOptional. The maximum number of multicast consumer associations to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— Multicast consumer association resource.
@swamp/gcp/networkservices/multicastgroupconsumeractivationsv2026.06.08.1multicastgroupconsumeractivations.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. An optional text description of the multicast group consumer activation.
labels?recordOptional. Labels as key-value pairs
logConfig?objectThe logging configuration.
multicastConsumerAssociation?stringRequired. The resource name of the multicast consumer association that is in the same zone as this multicast group consumer activation. Use the following format: `projects/*/locations/*/multicastConsumerAssociations/*`.
multicastGroupRangeActivation?stringRequired. The resource name of the multicast group range activation created by the admin in the same zone as this multicast group consumer activation. Use the following format: // `projects/*/locations/*/multicastGroupRangeActivations/*`.
name?stringIdentifier. The resource name of the multicast group consumer activation. Use the following format: `projects/*/locations/*/multicastGroupConsumerActivations/*`.
state?objectThe multicast resource's state.
multicastGroupConsumerActivationId?stringRequired. A unique name for the multicast group consumer activation. The name is restricted to lower-case letters, numbers, and hyphen, with the first character a lower-case letter, and the last a letter or a number. The name must not exceed 48 characters.
requestId?stringOptional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID w
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a multicastGroupConsumerActivations
fn get(identifier: string)
Get a multicastGroupConsumerActivations
ArgumentTypeDescription
identifierstringThe name of the multicastGroupConsumerActivations
fn update()
Update multicastGroupConsumerActivations attributes
fn delete(identifier: string)
Delete the multicastGroupConsumerActivations
ArgumentTypeDescription
identifierstringThe name of the multicastGroupConsumerActivations
fn sync()
Sync multicastGroupConsumerActivations state from GCP
fn list(filter?: string, orderBy?: string, pageSize?: number, maxPages?: number)
List multicastGroupConsumerActivations resources
ArgumentTypeDescription
filter?stringOptional. A filter expression that filters the resources listed in the response. The expression must be of the form ` ` where operators: `<`, `>`, `<=`, `>=`, `!=`, `=`, `:` are supported (colon `:` represents a HAS operator which is roughly synonymous with equality). can refer to a proto or JSON field, or a synthetic field. Field names can be camelCase or snake_case. Examples: * Filter by name: name = "RESOURCE_NAME" * Filter by labels: * Resources that have a key named `foo` labels.foo:* * Res
orderBy?stringOptional. A field used to sort the results by a certain order.
pageSize?numberOptional. The maximum number of multicast group consumer activations to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— Multicast group consumer activation resource.
@swamp/gcp/networkservices/servicebindingsv2026.06.08.1servicebindings.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
labels?recordOptional. Set of label tags associated with the ServiceBinding resource.
name?stringIdentifier. Name of the ServiceBinding resource. It matches pattern `projects/*/locations/*/serviceBindings/`.
serviceBindingId?stringRequired. Short name of the ServiceBinding resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a serviceBindings
fn get(identifier: string)
Get a serviceBindings
ArgumentTypeDescription
identifierstringThe name of the serviceBindings
fn update()
Update serviceBindings attributes
fn delete(identifier: string)
Delete the serviceBindings
ArgumentTypeDescription
identifierstringThe name of the serviceBindings
fn sync()
Sync serviceBindings state from GCP
fn list(pageSize?: number, maxPages?: number)
List serviceBindings resources
ArgumentTypeDescription
pageSize?numberMaximum number of ServiceBindings to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— ServiceBinding can be used to: - Bind a Service Directory Service to be used ...
@swamp/gcp/networkservices/servicelbpoliciesv2026.06.08.1servicelbpolicies.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
autoCapacityDrain?objectOption to specify if an unhealthy IG/NEG should be considered for global load balancing and traffic routing.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
failoverConfig?objectOption to specify health based failover behavior. This is not related to Network load balancer FailoverPolicy.
isolationConfig?objectConfiguration to provide isolation support for the associated Backend Service.
labels?recordOptional. Set of label tags associated with the ServiceLbPolicy resource.
loadBalancingAlgorithm?enumOptional. The type of load balancing algorithm to be used. The default behavior is WATERFALL_BY_REGION.
name?stringIdentifier. Name of the ServiceLbPolicy resource. It matches pattern `projects/{project}/locations/{location}/serviceLbPolicies/{service_lb_policy_name}`.
serviceLbPolicyId?stringRequired. Short name of the ServiceLbPolicy resource to be created. E.g. for resource name `projects/{project}/locations/{location}/serviceLbPolicies/{service_lb_policy_name}`. the id is value of {service_lb_policy_name}
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a serviceLbPolicies
fn get(identifier: string)
Get a serviceLbPolicies
ArgumentTypeDescription
identifierstringThe name of the serviceLbPolicies
fn update()
Update serviceLbPolicies attributes
fn delete(identifier: string)
Delete the serviceLbPolicies
ArgumentTypeDescription
identifierstringThe name of the serviceLbPolicies
fn sync()
Sync serviceLbPolicies state from GCP
fn list(pageSize?: number, maxPages?: number)
List serviceLbPolicies resources
ArgumentTypeDescription
pageSize?numberMaximum number of ServiceLbPolicies to return per call.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— ServiceLbPolicy holds global load balancing and traffic distribution configur...
@swamp/gcp/networkservices/tcproutesv2026.06.08.1tcproutes.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
gateways?arrayOptional. Gateways defines a list of gateways this TcpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/*/gateways/`
labels?recordOptional. Set of label tags associated with the TcpRoute resource.
meshes?arrayOptional. Meshes defines a list of meshes this TcpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/*/meshes/` The attached Mesh should be of a type SIDECAR
name?stringIdentifier. Name of the TcpRoute resource. It matches pattern `projects/*/locations/*/tcpRoutes/tcp_route_name>`.
rules?arrayRequired. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.
tcpRouteId?stringRequired. Short name of the TcpRoute resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a tcpRoutes
fn get(identifier: string)
Get a tcpRoutes
ArgumentTypeDescription
identifierstringThe name of the tcpRoutes
fn update()
Update tcpRoutes attributes
fn delete(identifier: string)
Delete the tcpRoutes
ArgumentTypeDescription
identifierstringThe name of the tcpRoutes
fn sync()
Sync tcpRoutes state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List tcpRoutes resources
ArgumentTypeDescription
pageSize?numberMaximum number of TcpRoutes to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— TcpRoute is the resource defining how TCP traffic should be routed by a Mesh/...
@swamp/gcp/networkservices/tlsroutesv2026.06.08.1tlsroutes.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A free-text description of the resource. Max length 1024 characters.
gateways?arrayOptional. Gateways defines a list of gateways this TlsRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/*/locations/*/gateways/`
labels?recordOptional. Set of label tags associated with the TlsRoute resource.
meshes?arrayOptional. Meshes defines a list of meshes this TlsRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/*/locations/*/meshes/` The attached Mesh should be of a type SIDECAR
name?stringIdentifier. Name of the TlsRoute resource. It matches pattern `projects/*/locations/*/tlsRoutes/tls_route_name>`.
rules?arrayRequired. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.
targetProxies?arrayOptional. TargetProxies defines a list of TargetTcpProxies this TlsRoute is attached to, as one of the routing rules to route the requests served by the TargetTcpProxy. Each TargetTcpProxy reference should match the pattern: `projects/*/locations/*/targetTcpProxies/`
tlsRouteId?stringRequired. Short name of the TlsRoute resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a tlsRoutes
fn get(identifier: string)
Get a tlsRoutes
ArgumentTypeDescription
identifierstringThe name of the tlsRoutes
fn update()
Update tlsRoutes attributes
fn delete(identifier: string)
Delete the tlsRoutes
ArgumentTypeDescription
identifierstringThe name of the tlsRoutes
fn sync()
Sync tlsRoutes state from GCP
fn list(pageSize?: number, returnPartialSuccess?: boolean, maxPages?: number)
List tlsRoutes resources
ArgumentTypeDescription
pageSize?numberMaximum number of TlsRoutes to return per call.
returnPartialSuccess?booleanOptional. If true, allow partial responses for multi-regional Aggregated List requests. Otherwise if one of the locations is down or unreachable, the Aggregated List request will fail.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— TlsRoute defines how traffic should be routed based on SNI and other matching...
@swamp/gcp/networkservices/wasmpluginsv2026.06.08.1wasmplugins.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A human-readable description of the resource.
labels?recordOptional. Set of labels associated with the `WasmPlugin` resource. The format must comply with [the following requirements](/compute/docs/labeling-resources#requirements).
logConfig?objectSpecifies the logging options for the activity performed by this plugin. If logging is enabled, plugin logs are exported to Cloud Logging.
mainVersionId?stringOptional. The ID of the `WasmPluginVersion` resource that is the currently serving one. The version referred to must be a child of this `WasmPlugin` resource.
name?stringIdentifier. Name of the `WasmPlugin` resource in the following format: `projects/{project}/locations/{location}/wasmPlugins/{wasm_plugin}`.
versions?recordOptional. All versions of this `WasmPlugin` resource in the key-value format. The key is the resource ID, and the value is the `VersionDetails` object. Lets you create or update a `WasmPlugin` resource and its versions in a single request. When the `main_version_id` field is not empty, it must point to one of the `VersionDetails` objects in the map. If provided in a `PATCH` request, the new versions replace the previous set. Any version omitted from the `versions` field is removed. Because the `
wasmPluginId?stringRequired. User-provided ID of the `WasmPlugin` resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a wasmPlugins
fn get(identifier: string)
Get a wasmPlugins
ArgumentTypeDescription
identifierstringThe name of the wasmPlugins
fn update()
Update wasmPlugins attributes
fn delete(identifier: string)
Delete the wasmPlugins
ArgumentTypeDescription
identifierstringThe name of the wasmPlugins
fn sync()
Sync wasmPlugins state from GCP
fn list(pageSize?: number, maxPages?: number)
List wasmPlugins resources
ArgumentTypeDescription
pageSize?numberMaximum number of `WasmPlugin` resources to return per call. If not specified, at most 50 `WasmPlugin` resources are returned. The maximum value is 1000; values above 1000 are coerced to 1000.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— `WasmPlugin` is a resource representing a service executing a customer-provid...
@swamp/gcp/networkservices/wasmplugins-versionsv2026.06.08.1wasmplugins_versions.ts

Global Arguments

ArgumentTypeDescription
accessToken?stringGCP OAuth2 access token; overrides GCP_ACCESS_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
credentialsJson?stringGCP service account JSON credentials; overrides GOOGLE_APPLICATION_CREDENTIALS_JSON environment variable. Wire with a vault.get(...) expression to source it from a vault.
project?stringGCP project ID; overrides GCP_PROJECT / GOOGLE_CLOUD_PROJECT environment variables.
description?stringOptional. A human-readable description of the resource.
imageUri?stringOptional. URI of the image containing the Wasm module, stored in Artifact Registry. The URI can refer to one of the following repository formats: * Container images: the `image_uri` must point to a container that contains a single file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `image_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifa
labels?recordOptional. Set of labels associated with the `WasmPluginVersion` resource.
name?stringIdentifier. Name of the `WasmPluginVersion` resource in the following format: `projects/{project}/locations/{location}/wasmPlugins/{wasm_plugin}/ versions/{wasm_plugin_version}`.
pluginConfigData?stringConfiguration for the plugin. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. When a new `WasmPluginVersion` resource is created, the digest of the contents is saved in the `plugin_config_digest` field.
pluginConfigUri?stringURI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The URI can refer to one of the following repository formats: * Container images: the `plugin_config_uri` must point to a container that contains a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `plugin_config_digest` field. When pulling a container image
wasmPluginVersionId?stringRequired. User-provided ID of the `WasmPluginVersion` resource to be created.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
fn create()
Create a versions
fn get(identifier: string)
Get a versions
ArgumentTypeDescription
identifierstringThe name of the versions
fn delete(identifier: string)
Delete the versions
ArgumentTypeDescription
identifierstringThe name of the versions
fn sync()
Sync versions state from GCP
fn list(pageSize?: number, maxPages?: number)
List versions resources
ArgumentTypeDescription
pageSize?numberMaximum number of `WasmPluginVersion` resources to return per call. If not specified, at most 50 `WasmPluginVersion` resources are returned. The maximum value is 1000; values above 1000 are coerced to 1000.
maxPages?numberMaximum number of pages to fetch (default: 10)

Resources

state(infinite)— A single immutable version of a `WasmPlugin` resource. Defines the Wasm modul...
04Previous Versions19
2026.06.08.2Jun 8, 2026
  • Updated: locations, agentgateways, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, multicastconsumerassociations, multicastgroupconsumeractivations, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.06.07.1Jun 7, 2026
  • Updated: locations, agentgateways, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, multicastconsumerassociations, multicastgroupconsumeractivations, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.06.05.1Jun 5, 2026
  • Added: agentgateways, multicastconsumerassociations, multicastgroupconsumeractivations

Added 3 models

2026.05.26.1May 26, 2026
  • Updated: locations, gateways, httproutes
2026.05.25.1May 25, 2026
  • Updated: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions

Modified 18 models

2026.05.24.1May 24, 2026
  • Updated: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.05.21.2May 21, 2026
  • Updated: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.05.21.1May 21, 2026
2026.05.20.1May 20, 2026
  • Updated: gateways, httproutes
2026.05.19.2May 19, 2026
2026.05.19.1May 19, 2026
2026.05.18.2May 18, 2026
2026.05.04.1May 4, 2026
  • Updated: httproutes
2026.04.23.1Apr 23, 2026
2026.04.04.1Apr 4, 2026
  • Updated: grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, tcproutes, tlsroutes
2026.04.03.3Apr 3, 2026
  • Updated: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.04.03.1Apr 3, 2026
  • Updated: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
2026.04.02.2Apr 2, 2026
2026.03.27.1Mar 27, 2026
  • Added: locations, authzextensions, endpointpolicies, gateways, gateways_routeviews, grpcroutes, httproutes, lbedgeextensions, lbrouteextensions, lbtrafficextensions, meshes, meshes_routeviews, servicebindings, servicelbpolicies, tcproutes, tlsroutes, wasmplugins, wasmplugins_versions
05Stats
A
100 / 100
Downloads
0
Archive size
275.9 KB
Verified by Swamp
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/swamp-club/swamp-extensions
06Platforms
07Labels
#gcp#google-cloud#networkservices#cloud#infrastructure