diff --git a/.changelog/5059.txt b/.changelog/5059.txt new file mode 100644 index 00000000000..c60939ee614 --- /dev/null +++ b/.changelog/5059.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +compute: added support for `L3_DEFAULT` as `ip_protocol` for `google_compute_forwarding_rule` and `UNSPECIFIED` as `protocol` for `google_compute_region_backend_service` to support network load balancers that forward all protocols and ports. +``` diff --git a/google/resource_compute_forwarding_rule.go b/google/resource_compute_forwarding_rule.go index 8da0fae80b5..0b19c34b5d6 100644 --- a/google/resource_compute_forwarding_rule.go +++ b/google/resource_compute_forwarding_rule.go @@ -83,22 +83,24 @@ Google APIs, IP address must be provided.`, Computed: true, Optional: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", ""}, false), + ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT", ""}, false), DiffSuppressFunc: caseDiffSuppress, Description: `The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are -valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`, +valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]`, }, "all_ports": { Type: schema.TypeBool, Optional: true, ForceNew: true, - Description: `For internal TCP/UDP load balancing (i.e. load balancing scheme is -INTERNAL and protocol is TCP/UDP), set this to true to allow packets -addressed to any ports to be forwarded to the backends configured -with this forwarding rule. Used with backend service. Cannot be set -if port or portRange are set.`, + Description: `This field can be used with internal load balancer or network load balancer +when the forwarding rule references a backend service, or with the target +field when it references a TargetInstance. Set this to true to +allow packets addressed to any ports to be forwarded to the backends configured +with this forwarding rule. This can be used when the protocol is TCP/UDP, and it +must be set to true when the protocol is set to L3_DEFAULT. +Cannot be set if port or portRange are set.`, }, "allow_global_access": { Type: schema.TypeBool, @@ -195,15 +197,18 @@ ports: Type: schema.TypeSet, Optional: true, ForceNew: true, - Description: `This field is used along with the backend_service field for internal -load balancing. + Description: `This field is used along with internal load balancing and network +load balancer when the forwarding rule references a backend service +and when protocol is not L3_DEFAULT. -When the load balancing scheme is INTERNAL, a single port or a comma -separated list of ports can be configured. Only packets addressed to -these ports will be forwarded to the backends configured with this -forwarding rule. +A single port or a comma separated list of ports can be configured. +Only packets addressed to these ports will be forwarded to the backends +configured with this forwarding rule. -You may specify a maximum of up to 5 ports.`, +You can only use one of ports and portRange, or allPorts. +The three are mutually exclusive. + +You may specify a maximum of up to 5 ports, which can be non-contiguous.`, MaxItems: 5, Elem: &schema.Schema{ Type: schema.TypeString, diff --git a/google/resource_compute_region_backend_service.go b/google/resource_compute_region_backend_service.go index 0133cc61c6a..1982a417d05 100644 --- a/google/resource_compute_region_backend_service.go +++ b/google/resource_compute_region_backend_service.go @@ -776,10 +776,10 @@ Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Type: schema.TypeString, Computed: true, Optional: true, - ValidateFunc: validation.StringInSlice([]string{"HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", ""}, false), + ValidateFunc: validation.StringInSlice([]string{"HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", "UNSPECIFIED", ""}, false), Description: `The protocol this RegionBackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer -types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC"]`, +types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", "UNSPECIFIED"]`, }, "region": { Type: schema.TypeString, diff --git a/website/docs/r/compute_forwarding_rule.html.markdown b/website/docs/r/compute_forwarding_rule.html.markdown index ab0288277f1..98d53919324 100644 --- a/website/docs/r/compute_forwarding_rule.html.markdown +++ b/website/docs/r/compute_forwarding_rule.html.markdown @@ -132,6 +132,42 @@ resource "google_compute_target_pool" "default" { name = "website-target-pool" } ``` +
+## Example Usage - Forwarding Rule L3 Default + + +```hcl +resource "google_compute_forwarding_rule" "fwd_rule" { + provider = google-beta + name = "l3-forwarding-rule" + backend_service = google_compute_region_backend_service.service.id + ip_protocol = "L3_DEFAULT" + all_ports = true +} + +resource "google_compute_region_backend_service" "service" { + provider = google-beta + region = "us-central1" + name = "service" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UNSPECIFIED" + load_balancing_scheme = "EXTERNAL" +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "health-check" + region = "us-central1" + + tcp_health_check { + port = 80 + } +} +```