Skip to content

Commit

Permalink
Exposing aws_v4_authentication configuration in global external alb (#…
Browse files Browse the repository at this point in the history 
…2539)

* added disable_default_snat variable

* add an option to disable default snat

* tfdoc readme

* change order of variables

* modify variable to exist within vpc_config and have a null default,
creating a conditional dynamic block to provide backward compatability

* defining disable snat variable in autopilot as it is also an option

* fix conditional

* update readme

* null is implied in optional bool

* update readmes

* expose aws_v4_authentication configuration option

* terraform fmt

* update readme

* use dynamic block and optional for new variable
  • Loading branch information
@okguru1
okguru1 authored Aug 29, 2024
1 parent 09de7d6 commit dc0a27b
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
2 changes: 1 addition & 1 deletion modules/net-lb-app-ext/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1050,7 +1050,7 @@ After provisioning this change, and verifying that the new certificate is provis
| [project_id](variables.tf#L195) | Project id. | <code>string</code> || |
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
| [backend_buckets_config](variables.tf#L23) | Backend buckets configuration. | <code title="map&#40;object&#40;&#123;&#10; bucket_name &#61; string&#10; compression_mode &#61; optional&#40;string&#41;&#10; custom_response_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; description &#61; optional&#40;string&#41;&#10; edge_security_policy &#61; optional&#40;string&#41;&#10; enable_cdn &#61; optional&#40;bool&#41;&#10; cdn_policy &#61; optional&#40;object&#40;&#123;&#10; bypass_cache_on_request_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; cache_mode &#61; optional&#40;string&#41;&#10; client_ttl &#61; optional&#40;number&#41;&#10; default_ttl &#61; optional&#40;number&#41;&#10; max_ttl &#61; optional&#40;number&#41;&#10; negative_caching &#61; optional&#40;bool&#41;&#10; request_coalescing &#61; optional&#40;bool&#41;&#10; serve_while_stale &#61; optional&#40;number&#41;&#10; signed_url_cache_max_age_sec &#61; optional&#40;number&#41;&#10; cache_key_policy &#61; optional&#40;object&#40;&#123;&#10; include_http_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; query_string_whitelist &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; negative_caching_policy &#61; optional&#40;object&#40;&#123;&#10; code &#61; optional&#40;number&#41;&#10; ttl &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | <code title="map&#40;object&#40;&#123;&#10; affinity_cookie_ttl_sec &#61; optional&#40;number&#41;&#10; compression_mode &#61; optional&#40;string&#41;&#10; connection_draining_timeout_sec &#61; optional&#40;number&#41;&#10; custom_request_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; custom_response_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; enable_cdn &#61; optional&#40;bool&#41;&#10; health_checks &#61; optional&#40;list&#40;string&#41;, &#91;&#34;default&#34;&#93;&#41;&#10; log_sample_rate &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; protocol &#61; optional&#40;string&#41;&#10; security_policy &#61; optional&#40;string&#41;&#10; session_affinity &#61; optional&#40;string&#41;&#10; timeout_sec &#61; optional&#40;number&#41;&#10; backends &#61; list&#40;object&#40;&#123;&#10; backend &#61; string&#10; balancing_mode &#61; optional&#40;string, &#34;UTILIZATION&#34;&#41;&#10; capacity_scaler &#61; optional&#40;number, 1&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; failover &#61; optional&#40;bool, false&#41;&#10; max_connections &#61; optional&#40;object&#40;&#123;&#10; per_endpoint &#61; optional&#40;number&#41;&#10; per_group &#61; optional&#40;number&#41;&#10; per_instance &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_rate &#61; optional&#40;object&#40;&#123;&#10; per_endpoint &#61; optional&#40;number&#41;&#10; per_group &#61; optional&#40;number&#41;&#10; per_instance &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_utilization &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; cdn_policy &#61; optional&#40;object&#40;&#123;&#10; cache_mode &#61; optional&#40;string&#41;&#10; client_ttl &#61; optional&#40;number&#41;&#10; default_ttl &#61; optional&#40;number&#41;&#10; max_ttl &#61; optional&#40;number&#41;&#10; negative_caching &#61; optional&#40;bool&#41;&#10; serve_while_stale &#61; optional&#40;number&#41;&#10; signed_url_cache_max_age_sec &#61; optional&#40;number&#41;&#10; cache_key_policy &#61; optional&#40;object&#40;&#123;&#10; include_host &#61; optional&#40;bool&#41;&#10; include_named_cookies &#61; optional&#40;list&#40;string&#41;&#41;&#10; include_protocol &#61; optional&#40;bool&#41;&#10; include_query_string &#61; optional&#40;bool&#41;&#10; query_string_blacklist &#61; optional&#40;list&#40;string&#41;&#41;&#10; query_string_whitelist &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; negative_caching_policy &#61; optional&#40;object&#40;&#123;&#10; code &#61; optional&#40;number&#41;&#10; ttl &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; circuit_breakers &#61; optional&#40;object&#40;&#123;&#10; max_connections &#61; optional&#40;number&#41;&#10; max_pending_requests &#61; optional&#40;number&#41;&#10; max_requests &#61; optional&#40;number&#41;&#10; max_requests_per_connection &#61; optional&#40;number&#41;&#10; max_retries &#61; optional&#40;number&#41;&#10; connect_timeout &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; consistent_hash &#61; optional&#40;object&#40;&#123;&#10; http_header_name &#61; optional&#40;string&#41;&#10; minimum_ring_size &#61; optional&#40;number&#41;&#10; http_cookie &#61; optional&#40;object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; path &#61; optional&#40;string&#41;&#10; ttl &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; iap_config &#61; optional&#40;object&#40;&#123;&#10; oauth2_client_id &#61; string&#10; oauth2_client_secret &#61; string&#10; oauth2_client_secret_sha256 &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; outlier_detection &#61; optional&#40;object&#40;&#123;&#10; consecutive_errors &#61; optional&#40;number&#41;&#10; consecutive_gateway_failure &#61; optional&#40;number&#41;&#10; enforcing_consecutive_errors &#61; optional&#40;number&#41;&#10; enforcing_consecutive_gateway_failure &#61; optional&#40;number&#41;&#10; enforcing_success_rate &#61; optional&#40;number&#41;&#10; max_ejection_percent &#61; optional&#40;number&#41;&#10; success_rate_minimum_hosts &#61; optional&#40;number&#41;&#10; success_rate_request_volume &#61; optional&#40;number&#41;&#10; success_rate_stdev_factor &#61; optional&#40;number&#41;&#10; base_ejection_time &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; interval &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; security_settings &#61; optional&#40;object&#40;&#123;&#10; client_tls_policy &#61; string&#10; subject_alt_names &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | <code title="map&#40;object&#40;&#123;&#10; affinity_cookie_ttl_sec &#61; optional&#40;number&#41;&#10; compression_mode &#61; optional&#40;string&#41;&#10; connection_draining_timeout_sec &#61; optional&#40;number&#41;&#10; custom_request_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; custom_response_headers &#61; optional&#40;list&#40;string&#41;&#41;&#10; enable_cdn &#61; optional&#40;bool&#41;&#10; health_checks &#61; optional&#40;list&#40;string&#41;, &#91;&#34;default&#34;&#93;&#41;&#10; log_sample_rate &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; protocol &#61; optional&#40;string&#41;&#10; security_policy &#61; optional&#40;string&#41;&#10; session_affinity &#61; optional&#40;string&#41;&#10; timeout_sec &#61; optional&#40;number&#41;&#10; backends &#61; list&#40;object&#40;&#123;&#10; backend &#61; string&#10; balancing_mode &#61; optional&#40;string, &#34;UTILIZATION&#34;&#41;&#10; capacity_scaler &#61; optional&#40;number, 1&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; failover &#61; optional&#40;bool, false&#41;&#10; max_connections &#61; optional&#40;object&#40;&#123;&#10; per_endpoint &#61; optional&#40;number&#41;&#10; per_group &#61; optional&#40;number&#41;&#10; per_instance &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_rate &#61; optional&#40;object&#40;&#123;&#10; per_endpoint &#61; optional&#40;number&#41;&#10; per_group &#61; optional&#40;number&#41;&#10; per_instance &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; max_utilization &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; cdn_policy &#61; optional&#40;object&#40;&#123;&#10; cache_mode &#61; optional&#40;string&#41;&#10; client_ttl &#61; optional&#40;number&#41;&#10; default_ttl &#61; optional&#40;number&#41;&#10; max_ttl &#61; optional&#40;number&#41;&#10; negative_caching &#61; optional&#40;bool&#41;&#10; serve_while_stale &#61; optional&#40;number&#41;&#10; signed_url_cache_max_age_sec &#61; optional&#40;number&#41;&#10; cache_key_policy &#61; optional&#40;object&#40;&#123;&#10; include_host &#61; optional&#40;bool&#41;&#10; include_named_cookies &#61; optional&#40;list&#40;string&#41;&#41;&#10; include_protocol &#61; optional&#40;bool&#41;&#10; include_query_string &#61; optional&#40;bool&#41;&#10; query_string_blacklist &#61; optional&#40;list&#40;string&#41;&#41;&#10; query_string_whitelist &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; negative_caching_policy &#61; optional&#40;object&#40;&#123;&#10; code &#61; optional&#40;number&#41;&#10; ttl &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; circuit_breakers &#61; optional&#40;object&#40;&#123;&#10; max_connections &#61; optional&#40;number&#41;&#10; max_pending_requests &#61; optional&#40;number&#41;&#10; max_requests &#61; optional&#40;number&#41;&#10; max_requests_per_connection &#61; optional&#40;number&#41;&#10; max_retries &#61; optional&#40;number&#41;&#10; connect_timeout &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; consistent_hash &#61; optional&#40;object&#40;&#123;&#10; http_header_name &#61; optional&#40;string&#41;&#10; minimum_ring_size &#61; optional&#40;number&#41;&#10; http_cookie &#61; optional&#40;object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; path &#61; optional&#40;string&#41;&#10; ttl &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; iap_config &#61; optional&#40;object&#40;&#123;&#10; oauth2_client_id &#61; string&#10; oauth2_client_secret &#61; string&#10; oauth2_client_secret_sha256 &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; outlier_detection &#61; optional&#40;object&#40;&#123;&#10; consecutive_errors &#61; optional&#40;number&#41;&#10; consecutive_gateway_failure &#61; optional&#40;number&#41;&#10; enforcing_consecutive_errors &#61; optional&#40;number&#41;&#10; enforcing_consecutive_gateway_failure &#61; optional&#40;number&#41;&#10; enforcing_success_rate &#61; optional&#40;number&#41;&#10; max_ejection_percent &#61; optional&#40;number&#41;&#10; success_rate_minimum_hosts &#61; optional&#40;number&#41;&#10; success_rate_request_volume &#61; optional&#40;number&#41;&#10; success_rate_stdev_factor &#61; optional&#40;number&#41;&#10; base_ejection_time &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; interval &#61; optional&#40;object&#40;&#123;&#10; seconds &#61; number&#10; nanos &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; security_settings &#61; optional&#40;object&#40;&#123;&#10; client_tls_policy &#61; string&#10; subject_alt_names &#61; list&#40;string&#41;&#10; aws_v4_authentication &#61; optional&#40;object&#40;&#123;&#10; access_key_id &#61; optional&#40;string&#41;&#10; access_key &#61; optional&#40;string&#41;&#10; access_key_version &#61; optional&#40;string&#41;&#10; origin_region &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41; &#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41; &#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L56) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [group_configs](variables.tf#L62) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code title="map&#40;object&#40;&#123;&#10; zone &#61; string&#10; instances &#61; optional&#40;list&#40;string&#41;&#41;&#10; named_ports &#61; optional&#40;map&#40;number&#41;, &#123;&#125;&#41;&#10; project_id &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check_configs](variables-health-check.tf#L19) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code title="map&#40;object&#40;&#123;&#10; check_interval_sec &#61; optional&#40;number&#41;&#10; description &#61; optional&#40;string, &#34;Terraform managed.&#34;&#41;&#10; enable_logging &#61; optional&#40;bool, false&#41;&#10; healthy_threshold &#61; optional&#40;number&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; timeout_sec &#61; optional&#40;number&#41;&#10; unhealthy_threshold &#61; optional&#40;number&#41;&#10; grpc &#61; optional&#40;object&#40;&#123;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; service_name &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; http &#61; optional&#40;object&#40;&#123;&#10; host &#61; optional&#40;string&#41;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; proxy_header &#61; optional&#40;string&#41;&#10; request_path &#61; optional&#40;string&#41;&#10; response &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; http2 &#61; optional&#40;object&#40;&#123;&#10; host &#61; optional&#40;string&#41;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; proxy_header &#61; optional&#40;string&#41;&#10; request_path &#61; optional&#40;string&#41;&#10; response &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; https &#61; optional&#40;object&#40;&#123;&#10; host &#61; optional&#40;string&#41;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; proxy_header &#61; optional&#40;string&#41;&#10; request_path &#61; optional&#40;string&#41;&#10; response &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; tcp &#61; optional&#40;object&#40;&#123;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; proxy_header &#61; optional&#40;string&#41;&#10; request &#61; optional&#40;string&#41;&#10; response &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; ssl &#61; optional&#40;object&#40;&#123;&#10; port &#61; optional&#40;number&#41;&#10; port_name &#61; optional&#40;string&#41;&#10; port_specification &#61; optional&#40;string&#41; &#35; USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT&#10; proxy_header &#61; optional&#40;string&#41;&#10; request &#61; optional&#40;string&#41;&#10; response &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; default &#61; &#123;&#10; http &#61; &#123;&#10; port_specification &#61; &#34;USE_SERVING_PORT&#34;&#10; &#125;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
Expand Down
11 changes: 11 additions & 0 deletions modules/net-lb-app-ext/backend-service.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,17 @@ resource "google_compute_backend_service" "default" {
content {
client_tls_policy = ss.value.client_tls_policy
subject_alt_names = ss.value.subject_alt_names

dynamic "aws_v4_authentication" {
for_each = ss.value.aws_v4_authentication == null ? [] : [""]

content {
access_key_id = ss.value.aws_v4_authentication.access_key_id
access_key = ss.value.aws_v4_authentication.access_key
access_key_version = ss.value.aws_v4_authentication.access_key_version
origin_region = ss.value.aws_v4_authentication.origin_region
}
}
}
}
}
9 changes: 7 additions & 2 deletions modules/net-lb-app-ext/variables-backend-service.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,13 @@ variable "backend_service_configs" {
security_settings = optional(object({
client_tls_policy = string
subject_alt_names = list(string)
}))
}))
aws_v4_authentication = optional(object({
access_key_id = optional(string)
access_key = optional(string)
access_key_version = optional(string)
origin_region = optional(string)
}))
})) }))
default = {}
nullable = false
validation {
Expand Down

0 comments on commit dc0a27b

Please sign in to comment.