networkservices

v2026.04.23.1

Google Cloud networkservices infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64 linux-aarch64 darwin-x86_64 darwin-aarch64

Labels

gcpgoogle-cloudnetworkservicescloudinfrastructure

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

Grade A

Has README or module doc2/2earned
README has a code example1/1earned
README is substantive1/1earned
Most symbols documented1/1earned
No slow types1/1earned
Has description1/1earned
At least one platform tag (or universal)1/1earned
Two or more platform tags (or universal)1/1earned
License declared1/1earned
Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/networkservices

@swamp/gcp/networkservices/authzextensionsv2026.04.23.1authzextensions.ts

Global Arguments

Argument	Type	Required	Description
authority?	string	no	Optional. The `:authority` header in the gRPC request sent from Envoy to the extension service. It is required when the `service` field points to a backend service or a wasm plugin.
description?	string	no	Optional. A human-readable description of the resource.
failOpen?	boolean	no	Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to `TRUE`, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to `FALSE` or the default setting of `FALSE` is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a
forwardAttributes?	array	no	Optional. List of the Envoy attributes to forward to the extension server. The attributes provided here are included as part of the `ProcessingRequest.attributes` field (of type `map`), where the keys are the attribute names. Refer to the [documentation](https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference#attributes) for the names of attributes that can be forwarded. If omitted, no attributes are sent. Each element is a string indicating the attribute name.
forwardHeaders?	array	no	Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.
labels?	record	no	Optional. Set of labels associated with the `AuthzExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?	enum	no	Optional. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. Can be omitted for AuthzExtensions that do not reference a backend service. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?	record	no	Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata is available under the namespace `com.google.authz_extension.`. The following variables are supported in the metadata Struct: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name.
name?	string	no	Required. Identifier. Name of the `AuthzExtension` resource in the following format: `projects/{project}/locations/{location}/authzExtensions/{authz_extension}`.
service?	string	no	Required. The reference to the service that runs the extension. To configure a callout extension, `service` must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: `https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService}` or `https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}`.
timeout?	string	no	Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
wireFormat?	enum	no	Optional. The format of communication supported by the callout extension. This field is supported only for regional `AuthzExtension` resources. If not specified, the default value `EXT_PROC_GRPC` is used. Global `AuthzExtension` resources use the `EXT_PROC_GRPC` wire format.
authzExtensionId?	string	no	Required. User-provided ID of the `AuthzExtension` resource to be created.
requestId?	string	no	Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a authzExtensions

getGet a authzExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the authzExtensions

updateUpdate authzExtensions attributes

deleteDelete the authzExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the authzExtensions

syncSync authzExtensions state from GCP

Resources

state(infinite)— `AuthzExtension` is a resource that allows traffic forwarding to a callout ba...

@swamp/gcp/networkservices/endpointpoliciesv2026.04.23.1endpointpolicies.ts

Global Arguments

Argument	Type	Required	Description
authorizationPolicy?	string	no	Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
clientTlsPolicy?	string	no	Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). A
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
endpointMatcher?	object	no	A definition of a matcher that selects endpoints to which the policies should be applied.
labels?	record	no	Optional. Set of label tags associated with the EndpointPolicy resource.
name?	string	no	Identifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/*/endpointPolicies/{endpoint_policy}`.
serverTlsPolicy?	string	no	Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
trafficPortSelector?	object	no	Specification of a port-based selector.
type?	enum	no	Required. The type of endpoint policy. This is primarily used to validate the configuration.
endpointPolicyId?	string	no	Required. Short name of the EndpointPolicy resource to be created. E.g. "CustomECS".
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a endpointPolicies

getGet a endpointPolicies

Argument	Type	Required	Description
identifier	string	yes	The name of the endpointPolicies

updateUpdate endpointPolicies attributes

deleteDelete the endpointPolicies

Argument	Type	Required	Description
identifier	string	yes	The name of the endpointPolicies

syncSync endpointPolicies state from GCP

Resources

state(infinite)— EndpointPolicy is a resource that helps apply desired configuration on the en...

@swamp/gcp/networkservices/gatewaysv2026.04.23.1gateways.ts

Global Arguments

Argument	Type	Required	Description
addresses?	array	no	Optional. Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and:: for IPv6.
allPorts?	boolean	no	Optional. If true, the Gateway will listen on all ports. This is mutually exclusive with the `ports` field. This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.
allowGlobalAccess?	boolean	no	Optional. If true, the gateway will allow traffic from clients outside of the region where the gateway is located. This field is configurable only for gateways of type SECURE_WEB_GATEWAY.
certificateUrls?	array	no	Optional. A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
envoyHeaders?	enum	no	Optional. Determines if envoy will insert internal debug headers into upstream requests. Other Envoy headers may still be injected. By default, envoy will not insert any debug headers.
gatewaySecurityPolicy?	string	no	Optional. A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. For example: `projects//locations//gatewaySecurityPolicies/swg-policy`. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
ipVersion?	enum	no	Optional. The IP Version that will be used by this gateway. Valid options are IPV4 or IPV6. Default is IPV4.
labels?	record	no	Optional. Set of label tags associated with the Gateway resource.
name?	string	no	Identifier. Name of the Gateway resource. It matches pattern `projects//locations//gateways/`.
network?	string	no	Optional. The relative resource name identifying the VPC network that is using this configuration. For example: `projects/*/global/networks/network-1`. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.
ports?	array	no	Required. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 5 ports. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and:: for IPv6 and support multiple ports.
routingMode?	enum	no	Optional. The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY.
scope?	string	no	Optional. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single configuration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
serverTlsPolicy?	string	no	Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.
subnetwork?	string	no	Optional. The relative resource name identifying the subnetwork in which this SWG is allocated. For example: `projects/*/regions/us-central1/subnetworks/network-1` Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY\
type?	enum	no	Immutable. The type of the customer managed gateway. This field is required. If unspecified, an error is returned.
gatewayId?	string	no	Required. Short name of the Gateway resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a gateways

getGet a gateways

Argument	Type	Required	Description
identifier	string	yes	The name of the gateways

updateUpdate gateways attributes

deleteDelete the gateways

Argument	Type	Required	Description
identifier	string	yes	The name of the gateways

syncSync gateways state from GCP

Resources

state(infinite)— Gateway represents the configuration for a proxy, typically a load balancer. ...

@swamp/gcp/networkservices/gateways-routeviewsv2026.04.23.1gateways_routeviews.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Instance name for this resource (used as the unique identifier in the factory pattern)
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

getGet a routeViews

Argument	Type	Required	Description
identifier	string	yes	The name of the routeViews

syncSync routeViews state from GCP

Resources

state(infinite)— GatewayRouteView defines view-only resource for Routes to a Gateway

@swamp/gcp/networkservices/grpcroutesv2026.04.23.1grpcroutes.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
gateways?	array	no	Optional. Gateways defines a list of gateways this GrpcRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects//locations//gateways/`
hostnames?	array	no	Required. Service hostnames with an optional port for which this route describes traffic. Format: [:] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.
labels?	record	no	Optional. Set of label tags associated with the GrpcRoute resource.
meshes?	array	no	Optional. Meshes defines a list of meshes this GrpcRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects//locations//meshes/`
name?	string	no	Identifier. Name of the GrpcRoute resource. It matches pattern `projects//locations//grpcRoutes/`
rules?	array	no	Required. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied.
grpcRouteId?	string	no	Required. Short name of the GrpcRoute resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a grpcRoutes

getGet a grpcRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the grpcRoutes

updateUpdate grpcRoutes attributes

deleteDelete the grpcRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the grpcRoutes

syncSync grpcRoutes state from GCP

Resources

state(infinite)— GrpcRoute is the resource defining how gRPC traffic routed by a Mesh or Gatew...

@swamp/gcp/networkservices/httproutesv2026.04.23.1httproutes.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
gateways?	array	no	Optional. Gateways defines a list of gateways this HttpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects//locations//gateways/`
hostnames?	array	no	Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.examp
labels?	record	no	Optional. Set of label tags associated with the HttpRoute resource.
meshes?	array	no	Optional. Meshes defines a list of meshes this HttpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects//locations//meshes/` The attached Mesh should be of a type SIDECAR
name?	string	no	Identifier. Name of the HttpRoute resource. It matches pattern `projects//locations//httpRoutes/http_route_name>`.
rules?	array	no	Required. Rules that define how traffic is routed and handled. Rules will be matched sequentially based on the RouteMatch specified for the rule.
httpRouteId?	string	no	Required. Short name of the HttpRoute resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a httpRoutes

getGet a httpRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the httpRoutes

updateUpdate httpRoutes attributes

deleteDelete the httpRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the httpRoutes

syncSync httpRoutes state from GCP

Resources

state(infinite)— HttpRoute is the resource defining how HTTP traffic should be routed by a Mes...

@swamp/gcp/networkservices/lbedgeextensionsv2026.04.23.1lbedgeextensions.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A human-readable description of the resource.
extensionChains?	array	no	Required. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?	array	no	Required. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbEdgeExtension` resource can be associated with a forwarding rule.
labels?	record	no	Optional. Set of labels associated with the `LbEdgeExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?	enum	no	Required. All forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `EXTERNAL_MANAGED`.
name?	string	no	Required. Identifier. Name of the `LbEdgeExtension` resource in the following format: `projects/{project}/locations/{location}/lbEdgeExtensions/{lb_edge_extension}`.
lbEdgeExtensionId?	string	no	Required. User-provided ID of the `LbEdgeExtension` resource to be created.
requestId?	string	no	Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a lbEdgeExtensions

getGet a lbEdgeExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbEdgeExtensions

updateUpdate lbEdgeExtensions attributes

deleteDelete the lbEdgeExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbEdgeExtensions

syncSync lbEdgeExtensions state from GCP

Resources

state(infinite)— `LbEdgeExtension` is a resource that lets the extension service influence the...

@swamp/gcp/networkservices/lbrouteextensionsv2026.04.23.1lbrouteextensions.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A human-readable description of the resource.
extensionChains?	array	no	Required. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?	array	no	Required. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbRouteExtension` resource can be associated with a forwarding rule.
labels?	record	no	Optional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?	enum	no	Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?	record	no	Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata applies to all extensions in all extensions chains in this resource. The metadata is available under the key `com.google.lb_route_extension.`. The following variables are supported in the metadata: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name. This field
name?	string	no	Required. Identifier. Name of the `LbRouteExtension` resource in the following format: `projects/{project}/locations/{location}/lbRouteExtensions/{lb_route_extension}`.
lbRouteExtensionId?	string	no	Required. User-provided ID of the `LbRouteExtension` resource to be created.
requestId?	string	no	Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a lbRouteExtensions

getGet a lbRouteExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbRouteExtensions

updateUpdate lbRouteExtensions attributes

deleteDelete the lbRouteExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbRouteExtensions

syncSync lbRouteExtensions state from GCP

Resources

state(infinite)— `LbRouteExtension` is a resource that lets you control where traffic is route...

@swamp/gcp/networkservices/lbtrafficextensionsv2026.04.23.1lbtrafficextensions.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A human-readable description of the resource.
extensionChains?	array	no	Required. A set of ordered extension chains that contain the match conditions and extensions to execute. Match conditions for each extension chain are evaluated in sequence for a given request. The first extension chain that has a condition that matches the request is executed. Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
forwardingRules?	array	no	Optional. A list of references to the forwarding rules to which this service extension is attached. At least one forwarding rule is required. Only one `LbTrafficExtension` resource can be associated with a forwarding rule.
labels?	record	no	Optional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
loadBalancingScheme?	enum	no	Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
metadata?	record	no	Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata applies to all extensions in all extensions chains in this resource. The metadata is available under the key `com.google.lb_traffic_extension.`. The following variables are supported in the metadata: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name. This fiel
name?	string	no	Required. Identifier. Name of the `LbTrafficExtension` resource in the following format: `projects/{project}/locations/{location}/lbTrafficExtensions/{lb_traffic_extension}`.
lbTrafficExtensionId?	string	no	Required. User-provided ID of the `LbTrafficExtension` resource to be created.
requestId?	string	no	Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server can ignore the request if it has already been completed. The server guarantees that for 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server ignores the second request This prevents clients from accidentally creating dupl
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a lbTrafficExtensions

getGet a lbTrafficExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbTrafficExtensions

updateUpdate lbTrafficExtensions attributes

deleteDelete the lbTrafficExtensions

Argument	Type	Required	Description
identifier	string	yes	The name of the lbTrafficExtensions

syncSync lbTrafficExtensions state from GCP

Resources

state(infinite)— `LbTrafficExtension` is a resource that lets the extension service modify the...

@swamp/gcp/networkservices/locationsv2026.04.23.1locations.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Instance name for this resource (used as the unique identifier in the factory pattern)

getGet a locations

Argument	Type	Required	Description
identifier	string	yes	The name of the locations

syncSync locations state from GCP

Resources

state(infinite)— A resource that represents a Google Cloud location.

@swamp/gcp/networkservices/meshesv2026.04.23.1meshes.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
envoyHeaders?	enum	no	Optional. Determines if envoy will insert internal debug headers into upstream requests. Other Envoy headers may still be injected. By default, envoy will not insert any debug headers.
interceptionPort?	number	no	Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to be redirected to this port regardless of its actual ip:port destination. If unset, a port '15001' is used as the interception port. This is applicable only for sidecar proxy deployments.
labels?	record	no	Optional. Set of label tags associated with the Mesh resource.
name?	string	no	Identifier. Name of the Mesh resource. It matches pattern `projects//locations//meshes/`.
meshId?	string	no	Required. Short name of the Mesh resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a meshes

getGet a meshes

Argument	Type	Required	Description
identifier	string	yes	The name of the meshes

updateUpdate meshes attributes

deleteDelete the meshes

Argument	Type	Required	Description
identifier	string	yes	The name of the meshes

syncSync meshes state from GCP

Resources

state(infinite)— Mesh represents a logical configuration grouping for workload to workload com...

@swamp/gcp/networkservices/meshes-routeviewsv2026.04.23.1meshes_routeviews.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Instance name for this resource (used as the unique identifier in the factory pattern)
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

getGet a routeViews

Argument	Type	Required	Description
identifier	string	yes	The name of the routeViews

syncSync routeViews state from GCP

Resources

state(infinite)— MeshRouteView defines view-only resource for Routes to a Mesh

@swamp/gcp/networkservices/servicebindingsv2026.04.23.1servicebindings.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
labels?	record	no	Optional. Set of label tags associated with the ServiceBinding resource.
name?	string	no	Identifier. Name of the ServiceBinding resource. It matches pattern `projects//locations//serviceBindings/`.
serviceBindingId?	string	no	Required. Short name of the ServiceBinding resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a serviceBindings

getGet a serviceBindings

Argument	Type	Required	Description
identifier	string	yes	The name of the serviceBindings

updateUpdate serviceBindings attributes

deleteDelete the serviceBindings

Argument	Type	Required	Description
identifier	string	yes	The name of the serviceBindings

syncSync serviceBindings state from GCP

Resources

state(infinite)— ServiceBinding can be used to: - Bind a Service Directory Service to be used ...

@swamp/gcp/networkservices/servicelbpoliciesv2026.04.23.1servicelbpolicies.ts

Global Arguments

Argument	Type	Required	Description
autoCapacityDrain?	object	no	Option to specify if an unhealthy IG/NEG should be considered for global load balancing and traffic routing.
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
failoverConfig?	object	no	Option to specify health based failover behavior. This is not related to Network load balancer FailoverPolicy.
isolationConfig?	object	no	Configuration to provide isolation support for the associated Backend Service.
labels?	record	no	Optional. Set of label tags associated with the ServiceLbPolicy resource.
loadBalancingAlgorithm?	enum	no	Optional. The type of load balancing algorithm to be used. The default behavior is WATERFALL_BY_REGION.
name?	string	no	Identifier. Name of the ServiceLbPolicy resource. It matches pattern `projects/{project}/locations/{location}/serviceLbPolicies/{service_lb_policy_name}`.
serviceLbPolicyId?	string	no	Required. Short name of the ServiceLbPolicy resource to be created. E.g. for resource name `projects/{project}/locations/{location}/serviceLbPolicies/{service_lb_policy_name}`. the id is value of {service_lb_policy_name}
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a serviceLbPolicies

getGet a serviceLbPolicies

Argument	Type	Required	Description
identifier	string	yes	The name of the serviceLbPolicies

updateUpdate serviceLbPolicies attributes

deleteDelete the serviceLbPolicies

Argument	Type	Required	Description
identifier	string	yes	The name of the serviceLbPolicies

syncSync serviceLbPolicies state from GCP

Resources

state(infinite)— ServiceLbPolicy holds global load balancing and traffic distribution configur...

@swamp/gcp/networkservices/tcproutesv2026.04.23.1tcproutes.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
gateways?	array	no	Optional. Gateways defines a list of gateways this TcpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects//locations//gateways/`
labels?	record	no	Optional. Set of label tags associated with the TcpRoute resource.
meshes?	array	no	Optional. Meshes defines a list of meshes this TcpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects//locations//meshes/` The attached Mesh should be of a type SIDECAR
name?	string	no	Identifier. Name of the TcpRoute resource. It matches pattern `projects//locations//tcpRoutes/tcp_route_name>`.
rules?	array	no	Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.
tcpRouteId?	string	no	Required. Short name of the TcpRoute resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a tcpRoutes

getGet a tcpRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the tcpRoutes

updateUpdate tcpRoutes attributes

deleteDelete the tcpRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the tcpRoutes

syncSync tcpRoutes state from GCP

Resources

state(infinite)— TcpRoute is the resource defining how TCP traffic should be routed by a Mesh/...

@swamp/gcp/networkservices/tlsroutesv2026.04.23.1tlsroutes.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A free-text description of the resource. Max length 1024 characters.
gateways?	array	no	Optional. Gateways defines a list of gateways this TlsRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects//locations//gateways/`
labels?	record	no	Optional. Set of label tags associated with the TlsRoute resource.
meshes?	array	no	Optional. Meshes defines a list of meshes this TlsRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects//locations//meshes/` The attached Mesh should be of a type SIDECAR
name?	string	no	Identifier. Name of the TlsRoute resource. It matches pattern `projects//locations//tlsRoutes/tls_route_name>`.
rules?	array	no	Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.
targetProxies?	array	no	Optional. TargetProxies defines a list of TargetTcpProxies this TlsRoute is attached to, as one of the routing rules to route the requests served by the TargetTcpProxy. Each TargetTcpProxy reference should match the pattern: `projects//locations//targetTcpProxies/`
tlsRouteId?	string	no	Required. Short name of the TlsRoute resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a tlsRoutes

getGet a tlsRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the tlsRoutes

updateUpdate tlsRoutes attributes

deleteDelete the tlsRoutes

Argument	Type	Required	Description
identifier	string	yes	The name of the tlsRoutes

syncSync tlsRoutes state from GCP

Resources

state(infinite)— TlsRoute defines how traffic should be routed based on SNI and other matching...

@swamp/gcp/networkservices/wasmpluginsv2026.04.23.1wasmplugins.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A human-readable description of the resource.
labels?	record	no	Optional. Set of labels associated with the `WasmPlugin` resource. The format must comply with [the following requirements](/compute/docs/labeling-resources#requirements).
logConfig?	object	no	Specifies the logging options for the activity performed by this plugin. If logging is enabled, plugin logs are exported to Cloud Logging.
mainVersionId?	string	no	Optional. The ID of the `WasmPluginVersion` resource that is the currently serving one. The version referred to must be a child of this `WasmPlugin` resource.
name?	string	no	Identifier. Name of the `WasmPlugin` resource in the following format: `projects/{project}/locations/{location}/wasmPlugins/{wasm_plugin}`.
versions?	record	no	Optional. All versions of this `WasmPlugin` resource in the key-value format. The key is the resource ID, and the value is the `VersionDetails` object. Lets you create or update a `WasmPlugin` resource and its versions in a single request. When the `main_version_id` field is not empty, it must point to one of the `VersionDetails` objects in the map. If provided in a `PATCH` request, the new versions replace the previous set. Any version omitted from the `versions` field is removed. Because the `
wasmPluginId?	string	no	Required. User-provided ID of the `WasmPlugin` resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a wasmPlugins

getGet a wasmPlugins

Argument	Type	Required	Description
identifier	string	yes	The name of the wasmPlugins

updateUpdate wasmPlugins attributes

deleteDelete the wasmPlugins

Argument	Type	Required	Description
identifier	string	yes	The name of the wasmPlugins

syncSync wasmPlugins state from GCP

Resources

state(infinite)— `WasmPlugin` is a resource representing a service executing a customer-provid...

@swamp/gcp/networkservices/wasmplugins-versionsv2026.04.23.1wasmplugins_versions.ts

Global Arguments

Argument	Type	Required	Description
description?	string	no	Optional. A human-readable description of the resource.
imageUri?	string	no	Optional. URI of the image containing the Wasm module, stored in Artifact Registry. The URI can refer to one of the following repository formats: * Container images: the `image_uri` must point to a container that contains a single file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `image_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifa
labels?	record	no	Optional. Set of labels associated with the `WasmPluginVersion` resource.
name?	string	no	Identifier. Name of the `WasmPluginVersion` resource in the following format: `projects/{project}/locations/{location}/wasmPlugins/{wasm_plugin}/ versions/{wasm_plugin_version}`.
pluginConfigData?	string	no	Configuration for the plugin. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. When a new `WasmPluginVersion` resource is created, the digest of the contents is saved in the `plugin_config_digest` field.
pluginConfigUri?	string	no	URI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The URI can refer to one of the following repository formats: * Container images: the `plugin_config_uri` must point to a container that contains a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `plugin_config_digest` field. When pulling a container image
wasmPluginVersionId?	string	no	Required. User-provided ID of the `WasmPluginVersion` resource to be created.
location?	string	no	The location for this resource (e.g., 'us', 'us-central1', 'europe-west1')

createCreate a versions

getGet a versions

Argument	Type	Required	Description
identifier	string	yes	The name of the versions

deleteDelete the versions

Argument	Type	Required	Description
identifier	string	yes	The name of the versions

syncSync versions state from GCP

Resources

state(infinite)— A single immutable version of a `WasmPlugin` resource. Defines the Wasm modul...

@swamp/gcp/networkservices

Repository

Platforms

Labels

Contents

Quality score

Install

Models18

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Previous Versions5

Release Notes

Release Notes

Release Notes

Release Notes