Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Set edge_security_policy optional and add session_affinity in variables #333

Merged
merged 4 commits into from
May 24, 2023
Merged

feat: Set edge_security_policy optional and add session_affinity in variables #333

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
103d223
fixed: set edge_security_policy optional and add ession_affinity in v…
imrannayer May 20, 2023
95f6082
set null as default value for security_policy and edge_security_polic…
imrannayer May 23, 2023
b1945e6
removed comments
imrannayer May 23, 2023
3adcaad
fixed linter
imrannayer May 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 14 additions & 13 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,28 @@ Modular Global HTTP Load Balancer for GCE using forwarding rules.

## Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't
This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3. If you find incompatibilities using Terraform >=1.3, please open an issue. If you haven't
[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
0.12.x-compatible version of this module, the last released version
intended for Terraform 0.12.x is [v4.5.0](https://registry.terraform.io/modules/GoogleCloudPlatform/lb-http/google/4.5.0).

## Version

Current version is 9.0. Upgrade guides:

- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)


## Usage

```HCL
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 4.4"
version = "~> 9.0"

project = "my-project-id"
name = "group-http-lb"
Expand Down Expand Up @@ -102,24 +113,14 @@ module "gce-lb-http" {

![architecture diagram](/diagram.png)

## Version

Current version is 9.0. Upgrade guides:

- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)


<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
| backends | Map backend indices to list of backend maps. | <pre>map(object({<br> port = number<br> protocol = string<br> port_name = string<br> description = string<br> enable_cdn = bool<br> compression_mode = string<br> security_policy = string<br> edge_security_policy = string<br> custom_request_headers = list(string)<br> custom_response_headers = list(string)<br><br> timeout_sec = number<br> connection_draining_timeout_sec = number<br> session_affinity = string<br> affinity_cookie_ttl_sec = number<br><br> health_check = object({<br> check_interval_sec = number<br> timeout_sec = number<br> healthy_threshold = number<br> unhealthy_threshold = number<br> request_path = string<br> port = number<br> host = string<br> logging = bool<br> })<br><br> log_config = object({<br> enable = bool<br> sample_rate = number<br> })<br><br> groups = list(object({<br> group = string<br><br> balancing_mode = string<br> capacity_scaler = number<br> description = string<br> max_connections = number<br> max_connections_per_instance = number<br> max_connections_per_endpoint = number<br> max_rate = number<br> max_rate_per_instance = number<br> max_rate_per_endpoint = number<br> max_utilization = number<br> }))<br> iap_config = object({<br> enable = bool<br> oauth2_client_id = string<br> oauth2_client_secret = string<br> })<br> cdn_policy = optional(object({<br> cache_mode = optional(string)<br> signed_url_cache_max_age_sec = optional(string)<br> default_ttl = optional(number)<br> max_ttl = optional(number)<br> client_ttl = optional(number)<br> negative_caching = optional(bool)<br> negative_caching_policy = optional(object({<br> code = optional(number)<br> ttl = optional(number)<br> }))<br> serve_while_stale = optional(number)<br> cache_key_policy = optional(object({<br> include_host = optional(bool)<br> include_protocol = optional(bool)<br> include_query_string = optional(bool)<br> query_string_blacklist = optional(list(string))<br> query_string_whitelist = optional(list(string))<br> include_http_headers = optional(list(string))<br> include_named_cookies = optional(list(string))<br> }))<br> }))<br> }))</pre> | n/a | yes |
| backends | Map backend indices to list of backend maps. | <pre>map(object({<br> port = optional(number)<br> protocol = optional(string)<br> port_name = optional(string)<br> description = optional(string)<br> enable_cdn = optional(bool)<br> compression_mode = optional(string)<br> security_policy = optional(string, null)<br> edge_security_policy = optional(string, null)<br> custom_request_headers = optional(list(string))<br> custom_response_headers = optional(list(string))<br><br> timeout_sec = optional(number)<br> connection_draining_timeout_sec = optional(number)<br> session_affinity = optional(string)<br> affinity_cookie_ttl_sec = optional(number)<br><br> health_check = object({<br> check_interval_sec = optional(number)<br> timeout_sec = optional(number)<br> healthy_threshold = optional(number)<br> unhealthy_threshold = optional(number)<br> request_path = optional(string)<br> port = optional(number)<br> host = optional(string)<br> logging = optional(bool)<br> })<br><br> log_config = object({<br> enable = optional(bool)<br> sample_rate = optional(number)<br> })<br><br> groups = list(object({<br> group = string<br><br> balancing_mode = optional(string)<br> capacity_scaler = optional(number)<br> description = optional(string)<br> max_connections = optional(number)<br> max_connections_per_instance = optional(number)<br> max_connections_per_endpoint = optional(number)<br> max_rate = optional(number)<br> max_rate_per_instance = optional(number)<br> max_rate_per_endpoint = optional(number)<br> max_utilization = optional(number)<br> }))<br> iap_config = object({<br> enable = bool<br> oauth2_client_id = optional(string)<br> oauth2_client_secret = optional(string)<br> })<br> cdn_policy = optional(object({<br> cache_mode = optional(string)<br> signed_url_cache_max_age_sec = optional(string)<br> default_ttl = optional(number)<br> max_ttl = optional(number)<br> client_ttl = optional(number)<br> negative_caching = optional(bool)<br> negative_caching_policy = optional(object({<br> code = optional(number)<br> ttl = optional(number)<br> }))<br> serve_while_stale = optional(number)<br> cache_key_policy = optional(object({<br> include_host = optional(bool)<br> include_protocol = optional(bool)<br> include_query_string = optional(bool)<br> query_string_blacklist = optional(list(string))<br> query_string_whitelist = optional(list(string))<br> include_http_headers = optional(list(string))<br> include_named_cookies = optional(list(string))<br> }))<br> }))<br> }))</pre> | n/a | yes |
| certificate | Content of the SSL certificate. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
| certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy | `string` | `null` | no |
| create\_address | Create a new global IPv4 address | `bool` | `true` | no |
Expand Down
25 changes: 13 additions & 12 deletions autogen/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,22 @@ behind a Cloud Load Balancer.

## Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't
This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3. If you find incompatibilities using Terraform >=1.3, please open an issue. If you haven't
[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
0.12.x-compatible version of this module, the last released version
intended for Terraform 0.12.x is [v4.5.0](https://registry.terraform.io/modules/GoogleCloudPlatform/lb-http/google/4.5.0).

## Version

Current version is 9.0. Upgrade guides:

- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)


## Usage

```HCL
Expand All @@ -50,7 +61,7 @@ module "gce-lb-http" {
module "lb-http" {
{% endif %}
source = "GoogleCloudPlatform/lb-http/google{{ module_path }}"
version = "~> 4.4"
version = "~> 9.0"

project = "my-project-id"
{% if serverless %}
Expand Down Expand Up @@ -147,16 +158,6 @@ module "lb-http" {
![architecture diagram](/diagram.png)
{% endif %}

## Version

Current version is 9.0. Upgrade guides:

- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)


<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Expand Down
72 changes: 36 additions & 36 deletions autogen/variables.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,65 +85,65 @@ variable "backends" {
description = "Map backend indices to list of backend maps."
type = map(object({
{% if not serverless %}{# not necessary for serverless as default port_name=http, protocol=HTTP #}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the fields are all optional now, do we need this template check? Does it matter if this var exists in all modules generated for this template?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although fields are optional now but I am worried people will provide value and get error. In order to avoid it I just wanted to remove it from Serverless NEG. Since these are all optional people can use main module to deploy serverless NEG.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fair. I would suggest tracking that as an issue, if not already present.

port = number
port = optional(number)
{% endif %}
protocol = string
port_name = string
description = string
enable_cdn = bool
compression_mode = string
security_policy = string
edge_security_policy = string
custom_request_headers = list(string)
custom_response_headers = list(string)
protocol = optional(string)
port_name = optional(string)
description = optional(string)
enable_cdn = optional(bool)
compression_mode = optional(string)
security_policy = optional(string,null)
edge_security_policy = optional(string,null)
custom_request_headers = optional(list(string))
custom_response_headers = optional(list(string))

{% if not serverless %}
{# options do not apply to serverless backends #}
timeout_sec = number
connection_draining_timeout_sec = number
session_affinity = string
affinity_cookie_ttl_sec = number
timeout_sec = optional(number)
{% endif %}
connection_draining_timeout_sec = optional(number)
session_affinity = optional(string)
affinity_cookie_ttl_sec = optional(number)

{% if not serverless %}
{# Serverless NEGs don't support health checks #}
health_check = object({
check_interval_sec = number
timeout_sec = number
healthy_threshold = number
unhealthy_threshold = number
request_path = string
port = number
host = string
logging = bool
check_interval_sec = optional(number)
timeout_sec = optional(number)
healthy_threshold = optional(number)
unhealthy_threshold = optional(number)
request_path = optional(string)
port = optional(number)
host = optional(string)
logging = optional(bool)
})
{% endif %}

log_config = object({
enable = bool
sample_rate = number
enable = optional(bool)
sample_rate = optional(number)
})

groups = list(object({
group = string

{% if not serverless %}
balancing_mode = string
capacity_scaler = number
description = string
max_connections = number
max_connections_per_instance = number
max_connections_per_endpoint = number
max_rate = number
max_rate_per_instance = number
max_rate_per_endpoint = number
max_utilization = number
balancing_mode = optional(string)
capacity_scaler = optional(number)
description = optional(string)
max_connections = optional(number)
max_connections_per_instance = optional(number)
max_connections_per_endpoint = optional(number)
max_rate = optional(number)
max_rate_per_instance = optional(number)
max_rate_per_endpoint = optional(number)
max_utilization = optional(number)
{% endif %}
}))
iap_config = object({
enable = bool
oauth2_client_id = string
oauth2_client_secret = string
oauth2_client_id = optional(string)
oauth2_client_secret = optional(string)
})
cdn_policy = optional(object({
cache_mode = optional(string)
Expand Down
2 changes: 1 addition & 1 deletion build/int.cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

timeout: 3600s
timeout: 4200s
steps:
- id: swap-module-refs
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
Expand Down
47 changes: 9 additions & 38 deletions examples/cdn-policy/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,35 +91,18 @@ module "gce-lb-http" {

backends = {
default = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = true
compression_mode = null
edge_security_policy = null
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
protocol = "HTTP"
port_name = "http"
timeout_sec = 10
enable_cdn = true

health_check = {
check_interval_sec = null
timeout_sec = null
healthy_threshold = null
unhealthy_threshold = null
request_path = "/"
port = 80
host = null
logging = null
request_path = "/"
port = 80
}

log_config = {
enable = false
sample_rate = null
enable = false
}

cdn_policy = {
Expand All @@ -137,24 +120,12 @@ module "gce-lb-http" {

groups = [
{
group = module.mig.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
group = module.mig.instance_group
}
]

iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
enable = false
}
}
}
Expand Down
19 changes: 4 additions & 15 deletions examples/cloudrun/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ provider "google-beta" {

# [START cloudloadbalancing_ext_http_cloudrun]
module "lb-http" {
source = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
version = "~> 6.3"
source = "../../modules/serverless_negs"
name = var.lb_name
project = var.project_id

Expand All @@ -42,24 +41,14 @@ module "lb-http" {
group = google_compute_region_network_endpoint_group.serverless_neg.id
}
]
enable_cdn = false
edge_security_policy = null
security_policy = null
custom_request_headers = null
custom_response_headers = null
enable_cdn = false

iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
enable = false
}
log_config = {
enable = false
sample_rate = null
enable = false
}
protocol = null
port_name = null
compression_mode = null
}
}
}
Expand Down
13 changes: 1 addition & 12 deletions examples/dynamic-backend/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,20 +49,12 @@ module "load_balancer" {

backends = {
default = {
description = null
protocol = "HTTPS"
port = 443
port_name = "https"
timeout_sec = 30
connection_draining_timeout_sec = 0
enable_cdn = false
edge_security_policy = null
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
compression_mode = null

health_check = {
check_interval_sec = 15
Expand All @@ -71,7 +63,6 @@ module "load_balancer" {
unhealthy_threshold = 4
request_path = "/api/health"
port = 443
host = null
logging = true
}

Expand All @@ -84,9 +75,7 @@ module "load_balancer" {
groups = []

iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
enable = false
}
}
}
Expand Down
Loading