GoogleCloudPlatform · LucaPrete · Oct 17, 2023 · Oct 16, 2023 · Oct 16, 2023 · Oct 16, 2023
diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
@@ -141,7 +141,11 @@ module "listener-ilb" {
   region        = var.region
   name          = "${var.prefix}-${each.value}-ilb"
   service_label = "${var.prefix}-${each.value}-ilb"
-  address       = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+  forwarding_rules_config = {
+    default = {
+      ip_address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+    }
+  }
   vpc_config = {
     network    = local.network
     subnetwork = local.subnetwork

diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/filtering-proxy-psc/main.tf
@@ -206,8 +206,12 @@ module "squid-ilb" {
   project_id    = module.project.project_id
   region        = var.region
   name          = "squid-ilb"
-  ports         = [3128]
   service_label = "squid-ilb"
+  forwarding_rules_config = {
+    default = {
+      ports = [3128]
+    }
+  }
   vpc_config = {
     network    = module.vpc.self_link
     subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]

diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/filtering-proxy/main.tf
@@ -210,8 +210,12 @@ module "squid-ilb" {
   project_id    = module.project-host.project_id
   region        = var.region
   name          = "squid-ilb"
-  ports         = [3128]
   service_label = "squid-ilb"
+  forwarding_rules_config = {
+    default = {
+      ports = [3128]
+    }
+  }
   vpc_config = {
     network    = module.vpc.self_link
     subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]

diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf
@@ -67,7 +67,11 @@ module "ilb-left" {
     network    = module.vpc-left.self_link
     subnetwork = values(module.vpc-left.subnet_self_links)[0]
   }
-  address = local.addresses.ilb-left
+  forwarding_rules_config = {
+    default = {
+      address = local.addresses.ilb-left
+    }
+  }
   backend_service_config = {
     session_affinity = var.ilb_session_affinity
   }
@@ -91,7 +95,11 @@ module "ilb-right" {
     network    = module.vpc-right.self_link
     subnetwork = values(module.vpc-right.subnet_self_links)[0]
   }
-  address = local.addresses.ilb-right
+  forwarding_rules_config = {
+    default = {
+      address = local.addresses.ilb-right
+    }
+  }
   backend_service_config = {
     session_affinity = var.ilb_session_affinity
   }

diff --git a/fast/stages/2-networking-c-nva/nva.tf b/fast/stages/2-networking-c-nva/nva.tf
@@ -129,7 +129,11 @@ module "ilb-nva-untrusted" {
   region        = each.value.region
   name          = "nva-untrusted-${each.key}"
   service_label = var.prefix
-  global_access = true
+  forwarding_rules_config = {
+    default = {
+      global_access = true
+    }
+  }
   vpc_config = {
     network    = module.landing-untrusted-vpc.self_link
     subnetwork = module.landing-untrusted-vpc.subnet_self_links[each.value.subnet]
@@ -160,7 +164,11 @@ module "ilb-nva-trusted" {
   region        = each.value.region
   name          = "nva-trusted-${each.key}"
   service_label = var.prefix
-  global_access = true
+  forwarding_rules_config = {
+    default = {
+      global_access = true
+    }
+  }
   vpc_config = {
     network    = module.landing-trusted-vpc.self_link
     subnetwork = module.landing-trusted-vpc.subnet_self_links[each.value.subnet]

diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md
diff --git a/modules/net-lb-int/main.tf b/modules/net-lb-int/main.tf
@@ -25,24 +25,26 @@ locals {
   )
 }
 
-resource "google_compute_forwarding_rule" "default" {
+resource "google_compute_forwarding_rule" "forwarding_rules" {
+  for_each    = var.forwarding_rules_config
   provider    = google-beta
   project     = var.project_id
   region      = var.region
-  name        = var.name
-  description = var.description
-  ip_address  = var.address
-  ip_protocol = var.protocol
+  name        = "${var.name}-${each.key}"
+  description = each.value.description
+  ip_address  = each.value.ip_address
+  ip_protocol = each.value.ip_protocol
+  ip_version  = each.value.ip_version
   backend_service = (
     google_compute_region_backend_service.default.self_link
   )
   load_balancing_scheme = "INTERNAL"
   network               = var.vpc_config.network
-  ports                 = var.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
+  ports                 = each.value.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
   subnetwork            = var.vpc_config.subnetwork
-  allow_global_access   = var.global_access
+  allow_global_access   = each.value.global_access
   labels                = var.labels
-  all_ports             = var.ports == null ? true : null
+  all_ports             = each.value.ports == null ? true : null
   service_label         = var.service_label
   # is_mirroring_collector = false
 }

diff --git a/modules/net-lb-int/outputs.tf b/modules/net-lb-int/outputs.tf
@@ -29,19 +29,28 @@ output "backend_service_self_link" {
   value       = google_compute_region_backend_service.default.self_link
 }
 
-output "forwarding_rule" {
-  description = "Forwarding rule resource."
-  value       = google_compute_forwarding_rule.default
-}
-
-output "forwarding_rule_address" {
+output "forwarding_rule_addresses" {
   description = "Forwarding rule address."
-  value       = google_compute_forwarding_rule.default.ip_address
+  value = [
+    for fwr in google_compute_forwarding_rule.forwarding_rules
+    : fwr.ip_address
+  ]
 }
 
 output "forwarding_rule_self_link" {
-  description = "Forwarding rule self link."
-  value       = google_compute_forwarding_rule.default.self_link
+  description = "Forwarding rule self links."
+  value = [
+    for fwr in google_compute_forwarding_rule.forwarding_rules
+    : fwr.self_link
+  ]
+}
+
+output "forwarding_rules" {
+  description = "Forwarding rule resources."
+  value = [
+    for fwr in google_compute_forwarding_rule.forwarding_rules
+    : fwr
+  ]
 }
 
 output "group_self_links" {
@@ -72,6 +81,9 @@ output "health_check_self_link" {
 }
 
 output "id" {
-  description = "Fully qualified forwarding rule id."
-  value       = google_compute_forwarding_rule.default.id
+  description = "Fully qualified forwarding rule ids."
+  value = [
+    for fwr in google_compute_forwarding_rule.forwarding_rules
+    : fwr.id
+  ]
 }
diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf
@@ -14,12 +14,6 @@
  * limitations under the License.
  */
 
-variable "address" {
-  description = "Optional IP address used for the forwarding rule."
-  type        = string
-  default     = null
-}
-
 variable "backend_service_config" {
   description = "Backend service level configuration."
   type = object({
@@ -79,10 +73,20 @@ variable "description" {
   default     = "Terraform managed."
 }
 
-variable "global_access" {
-  description = "Global access, defaults to false if not set."
-  type        = bool
-  default     = null
+variable "forwarding_rules_config" {
+  description = "The optional forwarding rules configuration."
+  type = map(object({
+    description   = optional(string)
+    global_access = optional(bool, true)
+    ip_address    = optional(string)
+    ip_protocol   = optional(string, "TCP")
+    ip_version    = optional(string)
+    ports         = optional(list(string), null)
+
+  }))
+  default = {
+    default = {}
+  }
 }
 
 variable "group_configs" {
@@ -191,12 +195,6 @@ variable "name" {
   type        = string
 }
 
-variable "ports" {
-  description = "Comma-separated ports, leave null to use all ports."
-  type        = list(string)
-  default     = null
-}
-
 variable "project_id" {
   description = "Project id where resources will be created."
   type        = string

diff --git a/tests/modules/net_lb_int/defaults.yaml b/tests/modules/net_lb_int/defaults.yaml
@@ -13,12 +13,12 @@
 # limitations under the License.
 
 values:
-  google_compute_forwarding_rule.default:
+  google_compute_forwarding_rule.forwarding_rules["default"]:
     all_ports: true
     ip_protocol: TCP
     labels: null
     load_balancing_scheme: INTERNAL
-    name: ilb-test
+    name: ilb-test-default
     network: default
     project: my-project
     region: europe-west1

diff --git a/tests/modules/net_lb_int/forwarding-rule.tfvars b/tests/modules/net_lb_int/forwarding-rule.tfvars
@@ -11,4 +11,10 @@ backends = [{
   failover       = false
 }]
 global_access = true
-ports         = [80]
+
+forwarding_rules_config = {
+  default = {
+    ports = [80]
+  }
+}
+
diff --git a/tests/modules/net_lb_int/forwarding-rule.yaml b/tests/modules/net_lb_int/forwarding-rule.yaml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 values:
-  google_compute_forwarding_rule.default:
+  google_compute_forwarding_rule.forwarding_rules["default"]:
     all_ports: null
     allow_global_access: true
     ports: