diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md
index 7fd3231b53..96937cbc81 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/README.md
+++ b/blueprints/data-solutions/sqlserver-alwayson/README.md
@@ -18,7 +18,6 @@ and to `C:\GcpSetupLog.txt` file.
-
## Files
| name | description | modules |
@@ -66,10 +65,8 @@ and to `C:\GcpSetupLog.txt` file.
| name | description | sensitive |
|---|---|:---:|
-| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
-
+| [instructions](outputs.tf#L22) | List of steps to follow after applying. | |
-
## Test
```hcl
diff --git a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
index 1856f823c1..c9722b11c8 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,7 +13,10 @@
# limitations under the License.
locals {
- loadbalancer_outputs = [for aog in var.always_on_groups : format("%s (%s)", module.listener-ilb[aog].forwarding_rule_address, aog)]
+ loadbalancer_outputs = [
+ for aog, ilb in module.listener-ilb
+ : format("%s (%s)", ilb.forwarding_rule_addresses[""], aog)
+ ]
}
output "instructions" {
diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
index 5c4a15b01a..d250065226 100644
--- a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
+++ b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
@@ -141,7 +141,11 @@ module "listener-ilb" {
region = var.region
name = "${var.prefix}-${each.value}-ilb"
service_label = "${var.prefix}-${each.value}-ilb"
- address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+ forwarding_rules_config = {
+ "" = {
+ address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+ }
+ }
vpc_config = {
network = local.network
subnetwork = local.subnetwork
diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/filtering-proxy-psc/main.tf
index 319217cd1a..6908197fe3 100644
--- a/blueprints/networking/filtering-proxy-psc/main.tf
+++ b/blueprints/networking/filtering-proxy-psc/main.tf
@@ -106,7 +106,7 @@ resource "google_compute_service_attachment" "service_attachment" {
enable_proxy_protocol = true
connection_preference = "ACCEPT_MANUAL"
nat_subnets = [module.vpc.subnets_psc["${var.region}/psc"].self_link]
- target_service = module.squid-ilb.forwarding_rule_self_link
+ target_service = module.squid-ilb.forwarding_rule_self_links[""]
consumer_accept_lists {
project_id_or_num = module.project.project_id
connection_limit = 10
@@ -206,8 +206,12 @@ module "squid-ilb" {
project_id = module.project.project_id
region = var.region
name = "squid-ilb"
- ports = [3128]
service_label = "squid-ilb"
+ forwarding_rules_config = {
+ "" = {
+ ports = [3128]
+ }
+ }
vpc_config = {
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/filtering-proxy/main.tf
index b9072a21d7..107ca1f785 100644
--- a/blueprints/networking/filtering-proxy/main.tf
+++ b/blueprints/networking/filtering-proxy/main.tf
@@ -17,7 +17,7 @@
locals {
squid_address = (
var.mig
- ? module.squid-ilb.0.forwarding_rule_address
+ ? module.squid-ilb.0.forwarding_rule_addresses[""]
: module.squid-vm.internal_ip
)
}
@@ -210,8 +210,12 @@ module "squid-ilb" {
project_id = module.project-host.project_id
region = var.region
name = "squid-ilb"
- ports = [3128]
service_label = "squid-ilb"
+ forwarding_rules_config = {
+ "" = {
+ ports = [3128]
+ }
+ }
vpc_config = {
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
diff --git a/blueprints/networking/glb-hybrid-neg-internal/glb.tf b/blueprints/networking/glb-hybrid-neg-internal/glb.tf
index e071e7e6c8..b8edd35a85 100644
--- a/blueprints/networking/glb-hybrid-neg-internal/glb.tf
+++ b/blueprints/networking/glb-hybrid-neg-internal/glb.tf
@@ -44,7 +44,7 @@ module "hybrid-glb" {
endpoints = {
primary = {
ip_address = (var.ilb_create
- ? module.test_vm_ilbs["primary"].forwarding_rule_address
+ ? module.test_vm_ilbs["primary"].forwarding_rule_addresses[""]
: module.test_vms["primary"].internal_ip
)
port = 80
@@ -59,7 +59,7 @@ module "hybrid-glb" {
endpoints = {
secondary = {
ip_address = (var.ilb_create
- ? module.test_vm_ilbs["secondary"].forwarding_rule_address
+ ? module.test_vm_ilbs["secondary"].forwarding_rule_addresses[""]
: module.test_vms["secondary"].internal_ip
)
port = 80
diff --git a/blueprints/networking/glb-hybrid-neg-internal/main.tf b/blueprints/networking/glb-hybrid-neg-internal/main.tf
index 55600156bd..3a7551ffbb 100644
--- a/blueprints/networking/glb-hybrid-neg-internal/main.tf
+++ b/blueprints/networking/glb-hybrid-neg-internal/main.tf
@@ -53,12 +53,12 @@ module "vpc_landing_untrusted" {
spoke1-primary = {
dest_range = var.ip_config.spoke_primary
next_hop_type = "ilb"
- next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_link
+ next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_links[""]
}
spoke1-secondary = {
dest_range = var.ip_config.spoke_secondary
next_hop_type = "ilb"
- next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_link
+ next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_links[""]
}
}
diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf
index 458b995de0..2e99956e22 100644
--- a/blueprints/networking/ilb-next-hop/gateways.tf
+++ b/blueprints/networking/ilb-next-hop/gateways.tf
@@ -67,7 +67,11 @@ module "ilb-left" {
network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0]
}
- address = local.addresses.ilb-left
+ forwarding_rules_config = {
+ "" = {
+ address = local.addresses.ilb-left
+ }
+ }
backend_service_config = {
session_affinity = var.ilb_session_affinity
}
@@ -91,7 +95,11 @@ module "ilb-right" {
network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0]
}
- address = local.addresses.ilb-right
+ forwarding_rules_config = {
+ "" = {
+ address = local.addresses.ilb-right
+ }
+ }
backend_service_config = {
session_affinity = var.ilb_session_affinity
}
diff --git a/blueprints/networking/ilb-next-hop/outputs.tf b/blueprints/networking/ilb-next-hop/outputs.tf
index c00282ae8e..c69501d929 100644
--- a/blueprints/networking/ilb-next-hop/outputs.tf
+++ b/blueprints/networking/ilb-next-hop/outputs.tf
@@ -18,8 +18,8 @@ output "addresses" {
description = "IP addresses."
value = {
gw = [for z, mod in module.gw : mod.internal_ip]
- ilb-left = module.ilb-left.forwarding_rule_address
- ilb-right = module.ilb-right.forwarding_rule_address
+ ilb-left = module.ilb-left.forwarding_rule_addresses[""]
+ ilb-right = module.ilb-right.forwarding_rule_addresses[""]
vm-left = [for z, mod in module.vm-left : mod.internal_ip]
vm-right = [for z, mod in module.vm-right : mod.internal_ip]
}
diff --git a/blueprints/networking/ilb-next-hop/vpc-left.tf b/blueprints/networking/ilb-next-hop/vpc-left.tf
index 4cc73159c7..13d4501d18 100644
--- a/blueprints/networking/ilb-next-hop/vpc-left.tf
+++ b/blueprints/networking/ilb-next-hop/vpc-left.tf
@@ -29,7 +29,7 @@ module "vpc-left" {
to-right = {
dest_range = var.ip_ranges.right
next_hop_type = "ilb"
- next_hop = module.ilb-left.forwarding_rule.self_link
+ next_hop = module.ilb-left.forwarding_rule_self_links[""]
}
}
}
diff --git a/blueprints/networking/ilb-next-hop/vpc-right.tf b/blueprints/networking/ilb-next-hop/vpc-right.tf
index 5483d34a5e..e9cd4cd92b 100644
--- a/blueprints/networking/ilb-next-hop/vpc-right.tf
+++ b/blueprints/networking/ilb-next-hop/vpc-right.tf
@@ -30,7 +30,7 @@ module "vpc-right" {
dest_range = var.ip_ranges.left
priority = var.ilb_right_enable ? 900 : 1100
next_hop_type = "ilb"
- next_hop = module.ilb-right.forwarding_rule.self_link
+ next_hop = module.ilb-right.forwarding_rule_self_links[""]
}
to-left-gw-1 = {
dest_range = var.ip_ranges.left
diff --git a/fast/stages/2-networking-c-nva/nva.tf b/fast/stages/2-networking-c-nva/nva.tf
index 9d09928251..595b72b797 100644
--- a/fast/stages/2-networking-c-nva/nva.tf
+++ b/fast/stages/2-networking-c-nva/nva.tf
@@ -129,7 +129,11 @@ module "ilb-nva-untrusted" {
region = each.value.region
name = "nva-untrusted-${each.key}"
service_label = var.prefix
- global_access = true
+ forwarding_rules_config = {
+ "" = {
+ global_access = true
+ }
+ }
vpc_config = {
network = module.landing-untrusted-vpc.self_link
subnetwork = module.landing-untrusted-vpc.subnet_self_links[each.value.subnet]
@@ -160,7 +164,11 @@ module "ilb-nva-trusted" {
region = each.value.region
name = "nva-trusted-${each.key}"
service_label = var.prefix
- global_access = true
+ forwarding_rules_config = {
+ "" = {
+ global_access = true
+ }
+ }
vpc_config = {
network = module.landing-trusted-vpc.self_link
subnetwork = module.landing-trusted-vpc.subnet_self_links[each.value.subnet]
diff --git a/fast/stages/2-networking-c-nva/spoke-dev.tf b/fast/stages/2-networking-c-nva/spoke-dev.tf
index 0f6e8b8f97..b90ed4dca7 100644
--- a/fast/stages/2-networking-c-nva/spoke-dev.tf
+++ b/fast/stages/2-networking-c-nva/spoke-dev.tf
@@ -65,28 +65,28 @@ module "dev-spoke-vpc" {
priority = 1000
tags = ["primary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1000
tags = ["secondary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
}
nva-primary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1001
tags = ["primary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1001
tags = ["secondary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
}
}
}
diff --git a/fast/stages/2-networking-c-nva/spoke-prod.tf b/fast/stages/2-networking-c-nva/spoke-prod.tf
index 9895950933..a4bdb1d23c 100644
--- a/fast/stages/2-networking-c-nva/spoke-prod.tf
+++ b/fast/stages/2-networking-c-nva/spoke-prod.tf
@@ -64,28 +64,28 @@ module "prod-spoke-vpc" {
priority = 1000
tags = ["primary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1000
tags = ["secondary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
}
nva-primary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1001
tags = ["primary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
}
nva-secondary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1001
tags = ["secondary"]
next_hop_type = "ilb"
- next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
+ next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
}
}
}
diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md
index 02c4fbc847..f8f454ff7c 100644
--- a/modules/net-lb-int/README.md
+++ b/modules/net-lb-int/README.md
@@ -119,12 +119,16 @@ module "ilb" {
project_id = var.project_id
region = "europe-west1"
name = "ilb-test"
- protocol = "L3_DEFAULT"
service_label = "ilb-test"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
+ forwarding_rules_config = {
+ "" = {
+ protocol = "L3_DEFAULT"
+ }
+ }
group_configs = {
my-group = {
zone = "europe-west1-b"
@@ -141,6 +145,90 @@ module "ilb" {
# tftest modules=1 resources=4
```
+### Mutiple forwarding rules
+
+You can add more forwarding rules to your load balancer and override some forwarding rules defaults, including the global access policy, the IP protocol, the IP version and ports.
+
+The example adds two forwarding rules:
+
+- the first one, called `ilb-test-vip-one` exposes an IPv4 address, it listens on all ports, and allows connections from any region.
+- the second one, called `ilb-test-vip-two` exposes an IPv4 address, it listens on port 80 and allows connections from the same region only.
+
+
+```hcl
+module "ilb" {
+ source = "./fabric/modules/net-lb-int"
+ project_id = var.project_id
+ region = "europe-west1"
+ name = "ilb-test"
+ service_label = "ilb-test"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ forwarding_rules_config = {
+ vip-one = {}
+ vip-two = {
+ global_access = false
+ ports = [80]
+ }
+ }
+ group_configs = {
+ my-group = {
+ zone = "europe-west1-b"
+ instances = [
+ "instance-1-self-link",
+ "instance-2-self-link"
+ ]
+ }
+ }
+ backends = [{
+ group = module.ilb.groups.my-group.self_link
+ }]
+}
+# tftest modules=1 resources=5
+```
+
+### Dual stack (IPv4 and IPv6)
+
+Your load balancer can use a combination of either or both IPv4 and IPv6 forwarding rules.
+In this example we set the load balancer to work as dual stack, meaning it exposes both an IPv4 and an IPv6 address.
+
+```hcl
+module "ilb" {
+ source = "./fabric/modules/net-lb-int"
+ project_id = var.project_id
+ region = "europe-west1"
+ name = "ilb-test"
+ service_label = "ilb-test"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ forwarding_rules_config = {
+ ipv4 = {
+ version = "IPV4"
+ }
+ ipv6 = {
+ version = "IPV6"
+ }
+ }
+ group_configs = {
+ my-group = {
+ zone = "europe-west1-b"
+ instances = [
+ "instance-1-self-link",
+ "instance-2-self-link"
+ ]
+ }
+ }
+ backends = [{
+ group = module.ilb.groups.my-group.self_link
+ }]
+}
+# tftest modules=1 resources=5
+```
+
### End to end example
This example spins up a simple HTTP server and combines four modules:
@@ -192,7 +280,11 @@ module "ilb" {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
- ports = [80]
+ forwarding_rules_config = {
+ "" = {
+ ports = [80]
+ }
+ }
backends = [
for z, mod in module.instance-group : {
group = mod.group.self_link
@@ -212,22 +304,20 @@ module "ilb" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L189) | Name used for all resources. | string | ✓ | |
-| [project_id](variables.tf#L200) | Project id where resources will be created. | string | ✓ | |
-| [region](variables.tf#L211) | GCP region. | string | ✓ | |
-| [vpc_config](variables.tf#L222) | VPC-level configuration. | object({…}) | ✓ | |
-| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null |
-| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} |
-| [backends](variables.tf#L57) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] |
-| [description](variables.tf#L76) | Optional description used for resources. | string | | "Terraform managed." |
-| [global_access](variables.tf#L82) | Global access, defaults to false if not set. | bool | | null |
-| [group_configs](variables.tf#L88) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} |
-| [health_check](variables.tf#L100) | Name of existing health check to use, disables auto-created health check. | string | | null |
-| [health_check_config](variables.tf#L106) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} |
-| [labels](variables.tf#L183) | Labels set on resources. | map(string) | | {} |
-| [ports](variables.tf#L194) | Comma-separated ports, leave null to use all ports. | list(string) | | null |
-| [protocol](variables.tf#L205) | Forwarding rule protocol used, defaults to TCP. | string | | "TCP" |
-| [service_label](variables.tf#L216) | Optional prefix of the fully qualified forwarding rule name. | string | | null |
+| [name](variables.tf#L192) | Name used for all resources. | string | ✓ | |
+| [project_id](variables.tf#L197) | Project id where resources will be created. | string | ✓ | |
+| [region](variables.tf#L208) | GCP region. | string | ✓ | |
+| [vpc_config](variables.tf#L219) | VPC-level configuration. | object({…}) | ✓ | |
+| [backend_service_config](variables.tf#L17) | Backend service level configuration. | object({…}) | | {} |
+| [backends](variables.tf#L51) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] |
+| [description](variables.tf#L70) | Optional description used for resources. | string | | "Terraform managed." |
+| [forwarding_rules_config](variables.tf#L76) | The optional forwarding rules configuration. | map(object({…})) | | {…} |
+| [group_configs](variables.tf#L91) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} |
+| [health_check](variables.tf#L103) | Name of existing health check to use, disables auto-created health check. | string | | null |
+| [health_check_config](variables.tf#L109) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} |
+| [labels](variables.tf#L186) | Labels set on resources. | map(string) | | {} |
+| [protocol](variables.tf#L202) | Forwarding rule protocol used, defaults to TCP. | string | | "TCP" |
+| [service_label](variables.tf#L213) | Optional prefix of the fully qualified forwarding rule name. | string | | null |
## Outputs
@@ -236,13 +326,13 @@ module "ilb" {
| [backend_service](outputs.tf#L17) | Backend resource. | |
| [backend_service_id](outputs.tf#L22) | Backend id. | |
| [backend_service_self_link](outputs.tf#L27) | Backend self link. | |
-| [forwarding_rule](outputs.tf#L32) | Forwarding rule resource. | |
-| [forwarding_rule_address](outputs.tf#L37) | Forwarding rule address. | |
-| [forwarding_rule_self_link](outputs.tf#L42) | Forwarding rule self link. | |
-| [group_self_links](outputs.tf#L47) | Optional unmanaged instance group self links. | |
-| [groups](outputs.tf#L54) | Optional unmanaged instance group resources. | |
-| [health_check](outputs.tf#L59) | Auto-created health-check resource. | |
-| [health_check_self_id](outputs.tf#L64) | Auto-created health-check self id. | |
-| [health_check_self_link](outputs.tf#L69) | Auto-created health-check self link. | |
-| [id](outputs.tf#L74) | Fully qualified forwarding rule id. | |
+| [forwarding_rule_addresses](outputs.tf#L32) | Forwarding rule address. | |
+| [forwarding_rule_self_links](outputs.tf#L40) | Forwarding rule self links. | |
+| [forwarding_rules](outputs.tf#L48) | Forwarding rule resources. | |
+| [group_self_links](outputs.tf#L56) | Optional unmanaged instance group self links. | |
+| [groups](outputs.tf#L63) | Optional unmanaged instance group resources. | |
+| [health_check](outputs.tf#L68) | Auto-created health-check resource. | |
+| [health_check_self_id](outputs.tf#L73) | Auto-created health-check self id. | |
+| [health_check_self_link](outputs.tf#L78) | Auto-created health-check self link. | |
+| [id](outputs.tf#L83) | Fully qualified forwarding rule ids. | |
diff --git a/modules/net-lb-int/groups.tf b/modules/net-lb-int/groups.tf
index 5bb71978bc..736dfc6f51 100644
--- a/modules/net-lb-int/groups.tf
+++ b/modules/net-lb-int/groups.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/modules/net-lb-int/health-check.tf b/modules/net-lb-int/health-check.tf
index 88f9f6ea73..c9525878ae 100644
--- a/modules/net-lb-int/health-check.tf
+++ b/modules/net-lb-int/health-check.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/modules/net-lb-int/main.tf b/modules/net-lb-int/main.tf
index eccb536ef4..9a55937d08 100644
--- a/modules/net-lb-int/main.tf
+++ b/modules/net-lb-int/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -25,24 +25,28 @@ locals {
)
}
-resource "google_compute_forwarding_rule" "default" {
- provider = google-beta
- project = var.project_id
+resource "google_compute_forwarding_rule" "forwarding_rules" {
+ for_each = var.forwarding_rules_config
+ provider = google-beta
+ project = var.project_id
+ name = (
+ each.key == "" ? var.name : "${var.name}-${each.key}"
+ )
region = var.region
- name = var.name
- description = var.description
- ip_address = var.address
- ip_protocol = var.protocol
+ description = each.value.description
+ ip_address = each.value.address
+ ip_protocol = each.value.protocol
+ ip_version = each.value.ip_version
backend_service = (
google_compute_region_backend_service.default.self_link
)
load_balancing_scheme = "INTERNAL"
network = var.vpc_config.network
- ports = var.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
+ ports = each.value.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
subnetwork = var.vpc_config.subnetwork
- allow_global_access = var.global_access
+ allow_global_access = each.value.global_access
labels = var.labels
- all_ports = var.ports == null ? true : null
+ all_ports = each.value.ports == null ? true : null
service_label = var.service_label
# is_mirroring_collector = false
}
diff --git a/modules/net-lb-int/outputs.tf b/modules/net-lb-int/outputs.tf
index bab17b9470..c4dabbb743 100644
--- a/modules/net-lb-int/outputs.tf
+++ b/modules/net-lb-int/outputs.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,19 +29,28 @@ output "backend_service_self_link" {
value = google_compute_region_backend_service.default.self_link
}
-output "forwarding_rule" {
- description = "Forwarding rule resource."
- value = google_compute_forwarding_rule.default
+output "forwarding_rule_addresses" {
+ description = "Forwarding rule address."
+ value = {
+ for k, v in google_compute_forwarding_rule.forwarding_rules
+ : k => v.ip_address
+ }
}
-output "forwarding_rule_address" {
- description = "Forwarding rule address."
- value = google_compute_forwarding_rule.default.ip_address
+output "forwarding_rule_self_links" {
+ description = "Forwarding rule self links."
+ value = {
+ for k, v in google_compute_forwarding_rule.forwarding_rules
+ : k => v.self_link
+ }
}
-output "forwarding_rule_self_link" {
- description = "Forwarding rule self link."
- value = google_compute_forwarding_rule.default.self_link
+output "forwarding_rules" {
+ description = "Forwarding rule resources."
+ value = {
+ for k, v in google_compute_forwarding_rule.forwarding_rules
+ : k => v
+ }
}
output "group_self_links" {
@@ -72,6 +81,9 @@ output "health_check_self_link" {
}
output "id" {
- description = "Fully qualified forwarding rule id."
- value = google_compute_forwarding_rule.default.id
+ description = "Fully qualified forwarding rule ids."
+ value = {
+ for k, v in google_compute_forwarding_rule.forwarding_rules
+ : k => v.id
+ }
}
diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf
index d10f6dbd70..644b9f017b 100644
--- a/modules/net-lb-int/variables.tf
+++ b/modules/net-lb-int/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,12 +14,6 @@
* limitations under the License.
*/
-variable "address" {
- description = "Optional IP address used for the forwarding rule."
- type = string
- default = null
-}
-
variable "backend_service_config" {
description = "Backend service level configuration."
type = object({
@@ -79,10 +73,19 @@ variable "description" {
default = "Terraform managed."
}
-variable "global_access" {
- description = "Global access, defaults to false if not set."
- type = bool
- default = null
+variable "forwarding_rules_config" {
+ description = "The optional forwarding rules configuration."
+ type = map(object({
+ address = optional(string)
+ description = optional(string)
+ global_access = optional(bool, true)
+ ip_version = optional(string)
+ ports = optional(list(string), null)
+ protocol = optional(string, "TCP")
+ }))
+ default = {
+ "" = {}
+ }
}
variable "group_configs" {
@@ -191,12 +194,6 @@ variable "name" {
type = string
}
-variable "ports" {
- description = "Comma-separated ports, leave null to use all ports."
- type = list(string)
- default = null
-}
-
variable "project_id" {
description = "Project id where resources will be created."
type = string
diff --git a/tests/modules/net_lb_int/defaults.yaml b/tests/modules/net_lb_int/defaults.yaml
index dcbc12d043..d35fa93598 100644
--- a/tests/modules/net_lb_int/defaults.yaml
+++ b/tests/modules/net_lb_int/defaults.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- google_compute_forwarding_rule.default:
+ google_compute_forwarding_rule.forwarding_rules[""]:
all_ports: true
ip_protocol: TCP
labels: null
diff --git a/tests/modules/net_lb_int/forwarding-rule.tfvars b/tests/modules/net_lb_int/forwarding-rule.tfvars
index c204090e88..492212d026 100644
--- a/tests/modules/net_lb_int/forwarding-rule.tfvars
+++ b/tests/modules/net_lb_int/forwarding-rule.tfvars
@@ -11,4 +11,10 @@ backends = [{
failover = false
}]
global_access = true
-ports = [80]
+
+forwarding_rules_config = {
+ "port-80" = {
+ ports = [80]
+ }
+}
+
diff --git a/tests/modules/net_lb_int/forwarding-rule.yaml b/tests/modules/net_lb_int/forwarding-rule.yaml
index 3608afcd16..c29bda2788 100644
--- a/tests/modules/net_lb_int/forwarding-rule.yaml
+++ b/tests/modules/net_lb_int/forwarding-rule.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- google_compute_forwarding_rule.default:
+ google_compute_forwarding_rule.forwarding_rules["port-80"]:
all_ports: null
allow_global_access: true
ports: