From 1c86f6a2cf1fecb7fb55c2c26ba9bba711a6ef72 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Sun, 17 Nov 2024 18:26:24 +0000 Subject: [PATCH] chore: update connection metadata --- metadata.yaml | 189 ++++++++++++------------ modules/backend/metadata.yaml | 30 ++-- modules/dynamic_backends/metadata.yaml | 191 +++++++++++++------------ modules/frontend/main.tf | 11 +- modules/serverless_negs/metadata.yaml | 155 ++++++++++---------- 5 files changed, 303 insertions(+), 273 deletions(-) diff --git a/metadata.yaml b/metadata.yaml index 5736d573..5a6b3f37 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -76,9 +76,50 @@ spec: location: examples/user-managed-google-managed-ssl interfaces: variables: + - name: project + description: The project to deploy to, if not set the default provider project is used. + varType: string + required: true + - name: name + description: Name for the forwarding rule and prefix for supporting resources + varType: string + required: true + - name: create_address + description: Create a new global IPv4 address + varType: bool + defaultValue: true - name: address description: Existing IPv4 address to use (the actual IP address value) varType: string + - name: enable_ipv6 + description: Enable IPv6 address on the CDN load-balancer + varType: bool + defaultValue: false + - name: create_ipv6_address + description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + varType: bool + defaultValue: false + - name: ipv6_address + description: An existing IPv6 address to use (the actual IP address value) + varType: string + - name: firewall_networks + description: Names of the networks to create firewall rules in + varType: list(string) + defaultValue: + - default + - name: firewall_projects + description: Names of the projects to create firewall rules in + varType: list(string) + defaultValue: + - default + - name: target_tags + description: List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. + varType: list(string) + defaultValue: [] + - name: target_service_accounts + description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. + varType: list(string) + defaultValue: [] - name: backends description: Map backend indices to list of backend maps. varType: |- @@ -186,67 +227,62 @@ spec: })) })) required: true - - name: certificate - description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: certificate_map - description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + - name: create_url_map + description: Set to `false` if url_map variable is provided. + varType: bool + defaultValue: true + - name: url_map + description: The url_map resource to use. Default is to send all traffic to first backend. varType: string - - name: create_address - description: Create a new global IPv4 address + - name: http_forward + description: Set to `false` to disable HTTP port 80 forward varType: bool defaultValue: true - - name: create_ipv6_address - description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + - name: ssl + description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" varType: bool defaultValue: false - name: create_ssl_certificate description: If `true`, Create certificate using `private_key/certificate` varType: bool defaultValue: false - - name: create_url_map - description: Set to `false` if url_map variable is provided. + - name: ssl_certificates + description: SSL cert self_link list. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: private_key + description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: certificate + description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: managed_ssl_certificate_domains + description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: certificate_map + description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + varType: string + - name: ssl_policy + description: Selfink to SSL Policy + varType: string + - name: quic + description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. varType: bool - defaultValue: true - name: edge_security_policy description: The resource URL for the edge security policy to associate with the backend service varType: string - - name: enable_ipv6 - description: Enable IPv6 address on the CDN load-balancer - varType: bool - defaultValue: false - - name: firewall_networks - description: Names of the networks to create firewall rules in - varType: list(string) - defaultValue: - - default - - name: firewall_projects - description: Names of the projects to create firewall rules in - varType: list(string) - defaultValue: - - default - - name: http_forward - description: Set to `false` to disable HTTP port 80 forward - varType: bool - defaultValue: true - - name: http_keep_alive_timeout_sec - description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). - varType: number - - name: http_port - description: The port for the HTTP load balancer - varType: number - defaultValue: 80 - - name: https_port - description: The port for the HTTPS load balancer - varType: number - defaultValue: 443 + - name: security_policy + description: The resource URL for the security policy to associate with the backend service + varType: string - name: https_redirect description: Set to `true` to enable https redirect on the lb. varType: bool defaultValue: false - - name: ipv6_address - description: An existing IPv6 address to use (the actual IP address value) - varType: string + - name: random_certificate_suffix + description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. + varType: bool + defaultValue: false - name: labels description: The labels to attach to resources created by this module varType: map(string) @@ -255,60 +291,24 @@ spec: description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director) varType: string defaultValue: EXTERNAL - - name: managed_ssl_certificate_domains - description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: name - description: Name for the forwarding rule and prefix for supporting resources - varType: string - required: true - name: network description: Network for INTERNAL_SELF_MANAGED load balancing scheme varType: string defaultValue: default - - name: private_key - description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: project - description: The project to deploy to, if not set the default provider project is used. - varType: string - required: true - - name: quic - description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. - varType: bool - - name: random_certificate_suffix - description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. - varType: bool - defaultValue: false - - name: security_policy - description: The resource URL for the security policy to associate with the backend service - varType: string - name: server_tls_policy description: The resource URL for the server TLS policy to associate with the https proxy service varType: string - - name: ssl - description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" - varType: bool - defaultValue: false - - name: ssl_certificates - description: SSL cert self_link list. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: ssl_policy - description: Selfink to SSL Policy - varType: string - - name: target_service_accounts - description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. - varType: list(string) - defaultValue: [] - - name: target_tags - description: List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. - varType: list(string) - defaultValue: [] - - name: url_map - description: The url_map resource to use. Default is to send all traffic to first backend. - varType: string + - name: http_port + description: The port for the HTTP load balancer + varType: number + defaultValue: 80 + - name: https_port + description: The port for the HTTPS load balancer + varType: number + defaultValue: 443 + - name: http_keep_alive_timeout_sec + description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). + varType: number outputs: - name: backend_services description: The backend service resources. @@ -343,3 +343,10 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + providerVersions: + - source: hashicorp/google + version: ">= 6.0, < 7" + - source: hashicorp/google-beta + version: ">= 6.0, < 7" + - source: hashicorp/random + version: ">= 2.1" diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index f6ba6417..6e931a53 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -151,11 +151,11 @@ spec: })) defaultValue: [] connections: - - source: - source: github.com/terraform-google-modules/terraform-google-vm//modules/mig - version: ~> 12.0 - spec: - outputExpr: '{"group": instance_group}' + - source: + source: github.com/terraform-google-modules/terraform-google-vm//modules/mig + version: ">= 12.0" + spec: + outputExpr: "{\"group\": instance_group, \"description\": \"Input created by connection\", \"balancing_mode\": \"UTILIZATION\", \"capacity_scaler\": 1.0, \"max_connections\": 1000, \"max_connections_per_instance\": 1000, \"max_connections_per_endpoint\": 1000, \"max_rate\": 1000, \"max_rate_per_instance\": 100, \"max_rate_per_endpoint\": 100, \"max_utilization\": 0.8}" - name: serverless_neg_backends description: The list of serverless backend which serves the traffic. varType: |- @@ -167,11 +167,11 @@ spec: })) defaultValue: [] connections: - - source: - source: github.com/GoogleCloudPlatform/terraform-google-cloud-run//modules/v2 - version: ~> 0.13 - spec: - outputExpr: '{"region": location, "service_name": service_name, "type": "cloud-run", "service_version": ""}' + - source: + source: github.com/GoogleCloudPlatform/terraform-google-cloud-run//modules/v2 + version: ">= 0.13" + spec: + outputExpr: "{\"region\": location, \"service_name\": service_name, \"type\": \"cloud-run\", \"service_version\": \"\"}" - name: iap_config description: Settings for enabling Cloud Identity Aware Proxy Structure. varType: |- @@ -290,18 +290,18 @@ spec: type: - list - - object - - host: string + - backend_service: string + host: string path: string - backend_service: string requirements: roles: - level: Project roles: - - roles/owner - - roles/storage.admin + - roles/compute.xpnAdmin - level: Project roles: - - roles/compute.xpnAdmin + - roles/owner + - roles/storage.admin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index 6f0e1cda..d9b9d071 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: lb-http-separate-frontend-and-backend + location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb location: examples/mig-nat-http-lb - name: multi-backend-multi-mig-bucket-https-lb @@ -66,9 +68,50 @@ spec: location: examples/user-managed-google-managed-ssl interfaces: variables: + - name: project + description: The project to deploy to, if not set the default provider project is used. + varType: string + required: true + - name: name + description: Name for the forwarding rule and prefix for supporting resources + varType: string + required: true + - name: create_address + description: Create a new global IPv4 address + varType: bool + defaultValue: true - name: address description: Existing IPv4 address to use (the actual IP address value) varType: string + - name: enable_ipv6 + description: Enable IPv6 address on the CDN load-balancer + varType: bool + defaultValue: false + - name: create_ipv6_address + description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + varType: bool + defaultValue: false + - name: ipv6_address + description: An existing IPv6 address to use (the actual IP address value) + varType: string + - name: firewall_networks + description: Names of the networks to create firewall rules in + varType: list(string) + defaultValue: + - default + - name: firewall_projects + description: Names of the projects to create firewall rules in + varType: list(string) + defaultValue: + - default + - name: target_tags + description: List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. + varType: list(string) + defaultValue: [] + - name: target_service_accounts + description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. + varType: list(string) + defaultValue: [] - name: backends description: Map backend indices to list of backend maps. varType: |- @@ -176,67 +219,62 @@ spec: })) })) required: true - - name: certificate - description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: certificate_map - description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + - name: create_url_map + description: Set to `false` if url_map variable is provided. + varType: bool + defaultValue: true + - name: url_map + description: The url_map resource to use. Default is to send all traffic to first backend. varType: string - - name: create_address - description: Create a new global IPv4 address + - name: http_forward + description: Set to `false` to disable HTTP port 80 forward varType: bool defaultValue: true - - name: create_ipv6_address - description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + - name: ssl + description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" varType: bool defaultValue: false - name: create_ssl_certificate description: If `true`, Create certificate using `private_key/certificate` varType: bool defaultValue: false - - name: create_url_map - description: Set to `false` if url_map variable is provided. + - name: ssl_certificates + description: SSL cert self_link list. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: private_key + description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: certificate + description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: managed_ssl_certificate_domains + description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: certificate_map + description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + varType: string + - name: ssl_policy + description: Selfink to SSL Policy + varType: string + - name: quic + description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. varType: bool - defaultValue: true - name: edge_security_policy description: The resource URL for the edge security policy to associate with the backend service varType: string - - name: enable_ipv6 - description: Enable IPv6 address on the CDN load-balancer - varType: bool - defaultValue: false - - name: firewall_networks - description: Names of the networks to create firewall rules in - varType: list(string) - defaultValue: - - default - - name: firewall_projects - description: Names of the projects to create firewall rules in - varType: list(string) - defaultValue: - - default - - name: http_forward - description: Set to `false` to disable HTTP port 80 forward - varType: bool - defaultValue: true - - name: http_keep_alive_timeout_sec - description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). - varType: number - - name: http_port - description: The port for the HTTP load balancer - varType: number - defaultValue: 80 - - name: https_port - description: The port for the HTTPS load balancer - varType: number - defaultValue: 443 + - name: security_policy + description: The resource URL for the security policy to associate with the backend service + varType: string - name: https_redirect description: Set to `true` to enable https redirect on the lb. varType: bool defaultValue: false - - name: ipv6_address - description: An existing IPv6 address to use (the actual IP address value) - varType: string + - name: random_certificate_suffix + description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. + varType: bool + defaultValue: false - name: labels description: The labels to attach to resources created by this module varType: map(string) @@ -245,60 +283,24 @@ spec: description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director) varType: string defaultValue: EXTERNAL - - name: managed_ssl_certificate_domains - description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: name - description: Name for the forwarding rule and prefix for supporting resources - varType: string - required: true - name: network description: Network for INTERNAL_SELF_MANAGED load balancing scheme varType: string defaultValue: default - - name: private_key - description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: project - description: The project to deploy to, if not set the default provider project is used. - varType: string - required: true - - name: quic - description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. - varType: bool - - name: random_certificate_suffix - description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. - varType: bool - defaultValue: false - - name: security_policy - description: The resource URL for the security policy to associate with the backend service - varType: string - name: server_tls_policy description: The resource URL for the server TLS policy to associate with the https proxy service varType: string - - name: ssl - description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" - varType: bool - defaultValue: false - - name: ssl_certificates - description: SSL cert self_link list. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: ssl_policy - description: Selfink to SSL Policy - varType: string - - name: target_service_accounts - description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. - varType: list(string) - defaultValue: [] - - name: target_tags - description: List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. - varType: list(string) - defaultValue: [] - - name: url_map - description: The url_map resource to use. Default is to send all traffic to first backend. - varType: string + - name: http_port + description: The port for the HTTP load balancer + varType: number + defaultValue: 80 + - name: https_port + description: The port for the HTTPS load balancer + varType: number + defaultValue: 443 + - name: http_keep_alive_timeout_sec + description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). + varType: number outputs: - name: backend_services description: The backend service resources. @@ -333,3 +335,10 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + providerVersions: + - source: hashicorp/google + version: ">= 6.0, < 7" + - source: hashicorp/google-beta + version: ">= 6.0, < 7" + - source: hashicorp/random + version: ">= 2.1" diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index f17d1966..e511a4f0 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -35,6 +35,11 @@ locals { s.path => s.backend_service if s.host == host } } + + # Find a backend service to be used for url_map in absence of host "*" and path "/*" + first_host = keys(local.backend_services_by_host)[0] + first_path = keys(local.backend_services_by_host[local.first_host])[0] + first_backend_service = local.backend_services_by_host[local.first_host][local.first_path] } ### IPv4 block ### @@ -187,7 +192,7 @@ resource "google_compute_url_map" "default" { provider = google-beta project = var.project_id name = "${var.name}-url-map" - default_service = local.backend_services_by_host["*"]["/*"] + default_service = lookup(lookup(local.backend_services_by_host, "*", {}), "/*", local.first_backend_service) dynamic "host_rule" { for_each = local.backend_services_by_host @@ -201,10 +206,10 @@ resource "google_compute_url_map" "default" { for_each = local.backend_services_by_host content { name = path_matcher.key == "*" ? "default" : replace(path_matcher.key, ".", "") - default_service = path_matcher.value["/*"] + default_service = path_matcher.value[contains(keys(path_matcher.value), "/*") ? "/*" : keys(path_matcher.value)[0]] dynamic "path_rule" { - for_each = path_matcher.value + for_each = { for k, v in path_matcher.value : k => v if k != "/*" } content { paths = [path_rule.key] service = path_rule.value diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index 832eaa8c..44699120 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: lb-http-separate-frontend-and-backend + location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb location: examples/mig-nat-http-lb - name: multi-backend-multi-mig-bucket-https-lb @@ -66,9 +68,32 @@ spec: location: examples/user-managed-google-managed-ssl interfaces: variables: + - name: project + description: The project to deploy to, if not set the default provider project is used. + varType: string + required: true + - name: name + description: Name for the forwarding rule and prefix for supporting resources + varType: string + required: true + - name: create_address + description: Create a new global IPv4 address + varType: bool + defaultValue: true - name: address description: Existing IPv4 address to use (the actual IP address value) varType: string + - name: enable_ipv6 + description: Enable IPv6 address on the CDN load-balancer + varType: bool + defaultValue: false + - name: create_ipv6_address + description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + varType: bool + defaultValue: false + - name: ipv6_address + description: An existing IPv6 address to use (the actual IP address value) + varType: string - name: backends description: Map backend indices to list of backend maps. varType: |- @@ -158,57 +183,62 @@ spec: })) })) required: true - - name: certificate - description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: certificate_map - description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + - name: create_url_map + description: Set to `false` if url_map variable is provided. + varType: bool + defaultValue: true + - name: url_map + description: The url_map resource to use. Default is to send all traffic to first backend. varType: string - - name: create_address - description: Create a new global IPv4 address + - name: http_forward + description: Set to `false` to disable HTTP port 80 forward varType: bool defaultValue: true - - name: create_ipv6_address - description: Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. + - name: ssl + description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" varType: bool defaultValue: false - name: create_ssl_certificate description: If `true`, Create certificate using `private_key/certificate` varType: bool defaultValue: false - - name: create_url_map - description: Set to `false` if url_map variable is provided. + - name: ssl_certificates + description: SSL cert self_link list. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: private_key + description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: certificate + description: Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` + varType: string + - name: managed_ssl_certificate_domains + description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` + varType: list(string) + defaultValue: [] + - name: certificate_map + description: Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` + varType: string + - name: ssl_policy + description: Selfink to SSL Policy + varType: string + - name: quic + description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. varType: bool - defaultValue: true - name: edge_security_policy description: The resource URL for the edge security policy to associate with the backend service varType: string - - name: enable_ipv6 - description: Enable IPv6 address on the CDN load-balancer - varType: bool - defaultValue: false - - name: http_forward - description: Set to `false` to disable HTTP port 80 forward - varType: bool - defaultValue: true - - name: http_keep_alive_timeout_sec - description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). - varType: number - - name: http_port - description: The port for the HTTP load balancer - varType: number - defaultValue: 80 - - name: https_port - description: The port for the HTTPS load balancer - varType: number - defaultValue: 443 + - name: security_policy + description: The resource URL for the security policy to associate with the backend service + varType: string - name: https_redirect description: Set to `true` to enable https redirect on the lb. varType: bool defaultValue: false - - name: ipv6_address - description: An existing IPv6 address to use (the actual IP address value) - varType: string + - name: random_certificate_suffix + description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. + varType: bool + defaultValue: false - name: labels description: The labels to attach to resources created by this module varType: map(string) @@ -217,52 +247,24 @@ spec: description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director) varType: string defaultValue: EXTERNAL - - name: managed_ssl_certificate_domains - description: Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: name - description: Name for the forwarding rule and prefix for supporting resources - varType: string - required: true - name: network description: Network for INTERNAL_SELF_MANAGED load balancing scheme varType: string defaultValue: default - - name: private_key - description: Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` - varType: string - - name: project - description: The project to deploy to, if not set the default provider project is used. - varType: string - required: true - - name: quic - description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. - varType: bool - - name: random_certificate_suffix - description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. - varType: bool - defaultValue: false - - name: security_policy - description: The resource URL for the security policy to associate with the backend service - varType: string - name: server_tls_policy description: The resource URL for the server TLS policy to associate with the https proxy service varType: string - - name: ssl - description: "Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map`" - varType: bool - defaultValue: false - - name: ssl_certificates - description: SSL cert self_link list. Requires `ssl` to be set to `true` - varType: list(string) - defaultValue: [] - - name: ssl_policy - description: Selfink to SSL Policy - varType: string - - name: url_map - description: The url_map resource to use. Default is to send all traffic to first backend. - varType: string + - name: http_port + description: The port for the HTTP load balancer + varType: number + defaultValue: 80 + - name: https_port + description: The port for the HTTPS load balancer + varType: number + defaultValue: 443 + - name: http_keep_alive_timeout_sec + description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). + varType: number outputs: - name: backend_services description: The backend service resources. @@ -297,3 +299,10 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + providerVersions: + - source: hashicorp/google + version: ">= 6.0, < 7" + - source: hashicorp/google-beta + version: ">= 6.0, < 7" + - source: hashicorp/random + version: ">= 2.1"