feat: enable mtls on external application application load balancer (#1979)

* feat: enable mtls on external application application load balancer

* refactor: move variable inside https_proxy_config block

---------

Co-authored-by: Julio Castillo <jccb@google.com>

.gitignore

@@ -1,5 +1,6 @@
 venv/*
 */venv/*
+**/.python-version
 **/.terraform
 **/terraform.tfstate*
 **/terraform.tfvars

modules/net-lb-app-ext/main.tf

@@ -82,13 +82,14 @@ resource "google_compute_target_http_proxy" "default" {
 }
 
 resource "google_compute_target_https_proxy" "default" {
-  count            = var.protocol == "HTTPS" ? 1 : 0
-  project          = var.project_id
-  name             = var.name
-  description      = var.description
-  certificate_map  = var.https_proxy_config.certificate_map
-  quic_override    = var.https_proxy_config.quic_override
-  ssl_certificates = local.proxy_ssl_certificates
-  ssl_policy       = var.https_proxy_config.ssl_policy
-  url_map          = google_compute_url_map.default.id
+  count             = var.protocol == "HTTPS" ? 1 : 0
+  project           = var.project_id
+  name              = var.name
+  description       = var.description
+  certificate_map   = var.https_proxy_config.certificate_map
+  quic_override     = var.https_proxy_config.quic_override
+  ssl_certificates  = local.proxy_ssl_certificates
+  ssl_policy        = var.https_proxy_config.ssl_policy
+  url_map           = google_compute_url_map.default.id
+  server_tls_policy = var.https_proxy_config.mtls_policy
 }

modules/net-lb-app-ext/variables.tf

@@ -77,6 +77,7 @@ variable "https_proxy_config" {
     certificate_map = optional(string)
     quic_override   = optional(string)
     ssl_policy      = optional(string)
+    mtls_policy     = optional(string) # id of the mTLS policy to use for the target proxy.
   })
   default  = {}
   nullable = false