feat(TPG >=6.0)!: added iap.enabled for v6 upgrade (#453)

terraform-google-modules · Sep 17, 2024 · c8db02c · c8db02c
1 parent 6726968
commit c8db02c
Show file tree

Hide file tree

Showing 49 changed files with 93 additions and 89 deletions.
diff --git a/README.md b/README.md
@@ -94,7 +94,7 @@ module "gce-lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br>    locality_lb_policy              = optional(string)<br><br>    health_check = optional(object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    }))<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group       = string<br>      description = optional(string)<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>      bypass_cache_on_request_headers = optional(list(string))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br>    locality_lb_policy              = optional(string)<br><br>    health_check = optional(object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    }))<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group       = string<br>      description = optional(string)<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = optional(object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    }))<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>      bypass_cache_on_request_headers = optional(list(string))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy.  Requires `ssl` to be set to `true` | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |

diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
@@ -257,10 +257,11 @@ resource "google_compute_backend_service" "default" {
   }
 
   dynamic "iap" {
-    for_each = lookup(lookup(each.value, "iap_config", {}), "enable", false) ? [1] : []
+    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
     content {
-      oauth2_client_id     = lookup(lookup(each.value, "iap_config", {}), "oauth2_client_id", "")
-      oauth2_client_secret = lookup(lookup(each.value, "iap_config", {}), "oauth2_client_secret", "")
+      enabled              = lookup(each.value["iap_config"], "enable", false)
+      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
+      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
     }
   }
 

diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
@@ -171,11 +171,11 @@ variable "backends" {
     })), [])
 
     {% endif %}
-    iap_config = object({
+    iap_config = optional(object({
       enable               = bool
       oauth2_client_id     = optional(string)
       oauth2_client_secret = optional(string)
-    })
+    }))
     cdn_policy = optional(object({
       cache_mode                   = optional(string)
       signed_url_cache_max_age_sec = optional(string)

diff --git a/autogen/versions.tf.tmpl b/autogen/versions.tf.tmpl
@@ -20,11 +20,11 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.84, < 6"
+      version = ">= 6.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.84, < 6"
+      version = ">= 6.0, < 7"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/examples/cdn-policy/main.tf b/examples/cdn-policy/main.tf
@@ -51,7 +51,7 @@ module "cloud-nat" {
 
 module "mig_template" {
   source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 11.1"
+  version    = "~> 12.0"
   network    = google_compute_network.default.self_link
   subnetwork = google_compute_subnetwork.default.self_link
   project_id = var.project_id
@@ -69,7 +69,7 @@ module "mig_template" {
 
 module "mig" {
   source            = "terraform-google-modules/vm/google//modules/mig"
-  version           = "~> 11.1"
+  version           = "~> 12.0"
   project_id        = var.project_id
   instance_template = module.mig_template.self_link
   region            = local.region
@@ -83,7 +83,7 @@ module "mig" {
 
 module "gce-lb-http" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   name              = "mig-http-lb"
   project           = var.project_id

diff --git a/examples/cdn-policy/versions.tf b/examples/cdn-policy/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/certificate-map/main.tf b/examples/certificate-map/main.tf
@@ -65,7 +65,7 @@ locals {
 
 module "gce-lb-https" {
   source            = "terraform-google-modules/lb-http/google"
-  version           = "~> 10.0"
+  version           = "~> 12.0"
   name              = var.network_name
   project           = var.project_id
   firewall_networks = [google_compute_network.default.self_link]

diff --git a/examples/certificate-map/mig.tf b/examples/certificate-map/mig.tf
@@ -24,7 +24,7 @@ data "template_file" "group1-startup-script" {
 
 module "mig1_template" {
   source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 11.1"
+  version    = "~> 12.0"
   network    = google_compute_network.default.self_link
   subnetwork = google_compute_subnetwork.group1.self_link
   service_account = {
@@ -43,7 +43,7 @@ module "mig1_template" {
 
 module "mig1" {
   source            = "terraform-google-modules/vm/google//modules/mig"
-  version           = "~> 11.1"
+  version           = "~> 12.0"
   instance_template = module.mig1_template.self_link
   region            = var.group1_region
   hostname          = "${var.network_name}-group1"

diff --git a/examples/certificate-map/versions.tf b/examples/certificate-map/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/cloudrun-implicit-serverless-neg/main.tf b/examples/cloudrun-implicit-serverless-neg/main.tf
@@ -16,7 +16,7 @@
 
 module "lb-http" {
   source  = "terraform-google-modules/lb-http/google//modules/serverless_negs"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   name    = "tf-cr-lb-1"
   project = var.project_id

diff --git a/examples/cloudrun/main.tf b/examples/cloudrun/main.tf
@@ -25,7 +25,7 @@ provider "google-beta" {
 # [START cloudloadbalancing_ext_http_cloudrun]
 module "lb-http" {
   source  = "terraform-google-modules/lb-http/google//modules/serverless_negs"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   name    = var.lb_name
   project = var.project_id

diff --git a/examples/cross-project-mig-backend/main.tf b/examples/cross-project-mig-backend/main.tf
@@ -18,7 +18,7 @@
 # [START cloudloadbalancing_ext_http_gce_shared_vpc]
 module "gce-lb-http" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   name                  = "ci-crossproject-lb"
   project               = var.project_id

diff --git a/examples/cross-project-mig-backend/mig.tf b/examples/cross-project-mig-backend/mig.tf
@@ -91,7 +91,7 @@ resource "google_compute_shared_vpc_service_project" "service" {
 
 module "mig_template" {
   source             = "terraform-google-modules/vm/google//modules/instance_template"
-  version            = "~> 11.1"
+  version            = "~> 12.0"
   project_id         = var.project_id_1
   network            = google_compute_network.default.self_link
   subnetwork         = "${var.network_name}-${var.region}"
@@ -111,7 +111,7 @@ module "mig_template" {
 
 module "mig" {
   source            = "terraform-google-modules/vm/google//modules/mig"
-  version           = "~> 11.1"
+  version           = "~> 12.0"
   project_id        = var.project_id_1
   instance_template = module.mig_template.self_link
   region            = var.region

diff --git a/examples/cross-project-mig-backend/versions.tf b/examples/cross-project-mig-backend/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/dynamic-backend/main.tf b/examples/dynamic-backend/main.tf
@@ -32,7 +32,7 @@ resource "google_compute_managed_ssl_certificate" "frontend" {
 
 module "load_balancer" {
   source  = "terraform-google-modules/lb-http/google//modules/dynamic_backends"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   name                        = "dynamic-backend-lb"
   project                     = var.project

diff --git a/examples/https-gke/main.tf b/examples/https-gke/main.tf
@@ -26,7 +26,7 @@ data "google_client_config" "current" {}
 
 module "gce-lb-https" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 10.0"
+  version = "~> 12.0"
 
   project           = var.project
   name              = var.name

diff --git a/examples/https-gke/versions.tf b/examples/https-gke/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/https-redirect/main.tf b/examples/https-redirect/main.tf
@@ -60,7 +60,7 @@ data "template_file" "group-startup-script" {
 
 module "mig_template" {
   source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 11.1"
+  version    = "~> 12.0"
   network    = google_compute_network.default.self_link
   subnetwork = google_compute_subnetwork.default.self_link
   service_account = {
@@ -79,7 +79,7 @@ module "mig_template" {
 
 module "mig" {
   source            = "terraform-google-modules/vm/google//modules/mig"
-  version           = "~> 11.1"
+  version           = "~> 12.0"
   instance_template = module.mig_template.self_link
   region            = var.region
   hostname          = var.network_name
@@ -93,7 +93,7 @@ module "mig" {
 # [START cloudloadbalancing_ext_http_gce_http_redirect]
 module "gce-lb-http" {
   source            = "terraform-google-modules/lb-http/google"
-  version           = "~> 10.0"
+  version           = "~> 12.0"
   name              = "ci-https-redirect"
   project           = var.project
   target_tags       = [var.network_name]

diff --git a/examples/https-redirect/versions.tf b/examples/https-redirect/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/mig-nat-http-lb/main.tf b/examples/mig-nat-http-lb/main.tf
@@ -60,7 +60,7 @@ data "template_file" "group-startup-script" {
 
 module "mig_template" {
   source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 11.1"
+  version    = "~> 12.0"
   network    = google_compute_network.default.self_link
   subnetwork = google_compute_subnetwork.default.self_link
   service_account = {
@@ -77,7 +77,7 @@ module "mig_template" {
 
 module "mig" {
   source            = "terraform-google-modules/vm/google//modules/mig"
-  version           = "~> 11.1"
+  version           = "~> 12.0"
   instance_template = module.mig_template.self_link
   region            = var.region
   hostname          = var.network_name
@@ -90,7 +90,7 @@ module "mig" {
 
 module "gce-lb-http" {
   source            = "terraform-google-modules/lb-http/google"
-  version           = "~> 10.0"
+  version           = "~> 12.0"
   name              = "mig-http-lb"
   project           = var.project
   target_tags       = [var.network_name]

diff --git a/examples/mig-nat-http-lb/versions.tf b/examples/mig-nat-http-lb/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/multi-backend-multi-mig-bucket-https-lb/main.tf b/examples/multi-backend-multi-mig-bucket-https-lb/main.tf
@@ -114,7 +114,7 @@ locals {
 # [START cloudloadbalancing_ext_http_gce_plus_bucket]
 module "gce-lb-https" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 10.0"
+  version = "~> 12.0"
   name    = var.network_name
   project = var.project
   target_tags = [