Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update net-lb-app-ext security_settings variables #2783

Merged
merged 2 commits into from
Dec 25, 2024

Conversation

wenzizone
Copy link
Contributor

@wenzizone wenzizone commented Dec 24, 2024

  • set client_tls_policy as optional
  • set subject_alt_names as optional

GitHub PR Description:

I am following the Medium article Private GCS Bucket Access Through Google Cloud CDN to create a Google Cloud CDN service using Terraform, with the backend being a private GCS bucket. However, I encountered an issue where the variables-backend-service.tf file requires the security_settings attribute to include both client_tls_policy and subject_alt_names.

If I set these two parameters, I receive the following error:

2024-12-23T10:20:23.655Z [DEBUG] provider.terraform-provider-google-beta_v6.14.1_x5:   "error": {
2024-12-23T10:20:23.655Z [DEBUG] provider.terraform-provider-google-beta_v6.14.1_x5:     "code": 400,
2024-12-23T10:20:23.655Z [DEBUG] provider.terraform-provider-google-beta_v6.14.1_x5:     "message": "Invalid value for field 'resource.securitySettings': '{  \"clientTlsPolicy\": \"tls-1-2\",  \"subjectAltNames\": [\"dev1.conviva.com\"],  \"awsV4Authentication\": {...'. Security settings is not supported."

However, according to the Google Cloud Compute Engine API documentationhere, clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. But the created GCS backend is for global internet use, so this parameter should not be required but optional. Similarly, subjectAltNames should also be optional as per the Google Cloud Compute Engine API documentation. This PR aims to address this issue by making client_tls_policy and subject_alt_names optional parameters in the google-beta provider, aligning with the actual usage and requirements of Google Cloud services. For reference, the client_tls_policy and subject_alt_names parameters are also optional in the google-beta provider as documented here.


Checklist

I applicable, I acknowledge that I have:

  • Read the contributing guide
  • Ran terraform fmt on all modified files
  • Regenerated the relevant README.md files using tools/tfdoc.py
  • [] Made sure all relevant tests pass

Sorry, i don't know how to test, but with this change i success create GLB/ENG

- set client_tls_policy as optional
- set subject_alt_names as optional
Copy link

google-cla bot commented Dec 24, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@wenzizone wenzizone changed the title Update Update net-lb-app-ext security_settings variables Dec 24, 2024
run cmd ./tools/tfdoc.py modules/net-lb-app-ext to fix linting error
@ludoo ludoo merged commit 59e3c87 into GoogleCloudPlatform:master Dec 25, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants