diff --git a/.gitignore b/.gitignore
index 0af2c504..543bc870 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
venv/*
*/venv/*
+**/.python-version
**/.terraform
**/terraform.tfstate*
**/terraform.tfvars
diff --git a/modules/net-lb-app-ext/README.md b/modules/net-lb-app-ext/README.md
index 5939043c..0b41892a 100644
--- a/modules/net-lb-app-ext/README.md
+++ b/modules/net-lb-app-ext/README.md
@@ -876,22 +876,22 @@ module "glb-0" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L91) | Load balancer name. | string
| ✓ | |
-| [project_id](variables.tf#L193) | Project id. | string
| ✓ | |
+| [name](variables.tf#L92) | Load balancer name. | string
| ✓ | |
+| [project_id](variables.tf#L194) | Project id. | string
| ✓ | |
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string
| | null
|
| [backend_buckets_config](variables.tf#L23) | Backend buckets configuration. | map(object({…}))
| | {}
|
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | map(object({…}))
| | {}
|
| [description](variables.tf#L56) | Optional description used for resources. | string
| | "Terraform managed."
|
| [group_configs](variables.tf#L62) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | map(object({…}))
| | {}
|
| [health_check_configs](variables-health-check.tf#L19) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | map(object({…}))
| | {…}
|
-| [https_proxy_config](variables.tf#L74) | HTTPS proxy connfiguration. | object({…})
| | {}
|
-| [labels](variables.tf#L85) | Labels set on resources. | map(string)
| | {}
|
-| [neg_configs](variables.tf#L96) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…}))
| | {}
|
-| [ports](variables.tf#L187) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string)
| | null
|
-| [protocol](variables.tf#L198) | Protocol supported by this load balancer. | string
| | "HTTP"
|
-| [ssl_certificates](variables.tf#L211) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | object({…})
| | {}
|
+| [https_proxy_config](variables.tf#L74) | HTTPS proxy connfiguration. | object({…})
| | {}
|
+| [labels](variables.tf#L86) | Labels set on resources. | map(string)
| | {}
|
+| [neg_configs](variables.tf#L97) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…}))
| | {}
|
+| [ports](variables.tf#L188) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string)
| | null
|
+| [protocol](variables.tf#L199) | Protocol supported by this load balancer. | string
| | "HTTP"
|
+| [ssl_certificates](variables.tf#L212) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | object({…})
| | {}
|
| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…})
| | {…}
|
-| [use_classic_version](variables.tf#L228) | Use classic Global Load Balancer. | bool
| | true
|
+| [use_classic_version](variables.tf#L229) | Use classic Global Load Balancer. | bool
| | true
|
## Outputs
diff --git a/modules/net-lb-app-ext/main.tf b/modules/net-lb-app-ext/main.tf
index 94a79d99..26d57578 100644
--- a/modules/net-lb-app-ext/main.tf
+++ b/modules/net-lb-app-ext/main.tf
@@ -82,13 +82,14 @@ resource "google_compute_target_http_proxy" "default" {
}
resource "google_compute_target_https_proxy" "default" {
- count = var.protocol == "HTTPS" ? 1 : 0
- project = var.project_id
- name = var.name
- description = var.description
- certificate_map = var.https_proxy_config.certificate_map
- quic_override = var.https_proxy_config.quic_override
- ssl_certificates = local.proxy_ssl_certificates
- ssl_policy = var.https_proxy_config.ssl_policy
- url_map = google_compute_url_map.default.id
+ count = var.protocol == "HTTPS" ? 1 : 0
+ project = var.project_id
+ name = var.name
+ description = var.description
+ certificate_map = var.https_proxy_config.certificate_map
+ quic_override = var.https_proxy_config.quic_override
+ ssl_certificates = local.proxy_ssl_certificates
+ ssl_policy = var.https_proxy_config.ssl_policy
+ url_map = google_compute_url_map.default.id
+ server_tls_policy = var.https_proxy_config.mtls_policy
}
diff --git a/modules/net-lb-app-ext/variables.tf b/modules/net-lb-app-ext/variables.tf
index bc254091..2b327c8c 100644
--- a/modules/net-lb-app-ext/variables.tf
+++ b/modules/net-lb-app-ext/variables.tf
@@ -77,6 +77,7 @@ variable "https_proxy_config" {
certificate_map = optional(string)
quic_override = optional(string)
ssl_policy = optional(string)
+ mtls_policy = optional(string) # id of the mTLS policy to use for the target proxy.
})
default = {}
nullable = false