Merge branch 'example-wordpress' of https://github.com/skalolazka/cloud-foundation-fabric into example-wordpress
This commit is contained in:
commit
c886fe150d
|
@ -481,6 +481,40 @@ resource "tls_self_signed_cert" "self_signed_cert" {
|
||||||
# tftest modules=1 resources=6
|
# tftest modules=1 resources=6
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Regional Load Balancing
|
||||||
|
|
||||||
|
You can also use regional load balancing by specifying a `region` parameter:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "glb" {
|
||||||
|
source = "./modules/net-glb"
|
||||||
|
name = "glb-test"
|
||||||
|
project_id = var.project_id
|
||||||
|
region = var.region
|
||||||
|
|
||||||
|
backend_services_config = {
|
||||||
|
my-group-backend = {
|
||||||
|
bucket_config = null
|
||||||
|
enable_cdn = false
|
||||||
|
cdn_config = null
|
||||||
|
group_config = {
|
||||||
|
backends = [
|
||||||
|
{
|
||||||
|
group = "my_test_group"
|
||||||
|
options = null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
health_checks = []
|
||||||
|
log_config = null
|
||||||
|
options = null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# tftest modules=1 resources=5
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Components And Files Mapping
|
## Components And Files Mapping
|
||||||
|
|
||||||
An External Global Load Balancer is made of multiple components, that change depending on the configurations. Sometimes, it may be tricky to understand what they are, and how they relate to each other. Following, we provide a very brief overview to become more familiar with them.
|
An External Global Load Balancer is made of multiple components, that change depending on the configurations. Sometimes, it may be tricky to understand what they are, and how they relate to each other. Following, we provide a very brief overview to become more familiar with them.
|
||||||
|
@ -500,10 +534,13 @@ Target proxies leverage [url-maps](url-map.tf): set of L7 rules, which create a
|
||||||
|---|---|---|
|
|---|---|---|
|
||||||
| [backend-services.tf](./backend-services.tf) | Bucket and group backend services. | <code>google_compute_backend_bucket</code> · <code>google_compute_backend_service</code> |
|
| [backend-services.tf](./backend-services.tf) | Bucket and group backend services. | <code>google_compute_backend_bucket</code> · <code>google_compute_backend_service</code> |
|
||||||
| [global-forwarding-rule.tf](./global-forwarding-rule.tf) | Global address and forwarding rule. | <code>google_compute_global_address</code> · <code>google_compute_global_forwarding_rule</code> |
|
| [global-forwarding-rule.tf](./global-forwarding-rule.tf) | Global address and forwarding rule. | <code>google_compute_global_address</code> · <code>google_compute_global_forwarding_rule</code> |
|
||||||
| [health-checks.tf](./health-checks.tf) | Health checks. | <code>google_compute_health_check</code> |
|
| [health-checks.tf](./health-checks.tf) | Health checks. | <code>google_compute_health_check</code> · <code>google_compute_region_health_check</code> |
|
||||||
| [outputs.tf](./outputs.tf) | Module outputs. | |
|
| [outputs.tf](./outputs.tf) | Module outputs. | |
|
||||||
|
| [regional-backend-services.tf](./regional-backend-services.tf) | Bucket and group backend services for regional load balancers. | <code>google_compute_region_backend_service</code> |
|
||||||
|
| [regional-forwarding-rule.tf](./regional-forwarding-rule.tf) | Global address and forwarding rule. | <code>google_compute_address</code> · <code>google_compute_forwarding_rule</code> |
|
||||||
|
| [regional-url-map.tf](./regional-url-map.tf) | regional URL maps. | <code>google_compute_region_url_map</code> |
|
||||||
| [ssl-certificates.tf](./ssl-certificates.tf) | SSL certificates. | <code>google_compute_managed_ssl_certificate</code> · <code>google_compute_ssl_certificate</code> |
|
| [ssl-certificates.tf](./ssl-certificates.tf) | SSL certificates. | <code>google_compute_managed_ssl_certificate</code> · <code>google_compute_ssl_certificate</code> |
|
||||||
| [target-proxy.tf](./target-proxy.tf) | HTTP and HTTPS target proxies. | <code>google_compute_target_http_proxy</code> · <code>google_compute_target_https_proxy</code> |
|
| [target-proxy.tf](./target-proxy.tf) | HTTP and HTTPS target proxies. | <code>google_compute_region_target_http_proxy</code> · <code>google_compute_region_target_https_proxy</code> · <code>google_compute_target_http_proxy</code> · <code>google_compute_target_https_proxy</code> |
|
||||||
| [url-map.tf](./url-map.tf) | URL maps. | <code>google_compute_url_map</code> |
|
| [url-map.tf](./url-map.tf) | URL maps. | <code>google_compute_url_map</code> |
|
||||||
| [variables.tf](./variables.tf) | Module variables. | |
|
| [variables.tf](./variables.tf) | Module variables. | |
|
||||||
| [versions.tf](./versions.tf) | Version pins. | |
|
| [versions.tf](./versions.tf) | Version pins. | |
|
||||||
|
@ -514,22 +551,25 @@ Target proxies leverage [url-maps](url-map.tf): set of L7 rules, which create a
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L17) | Load balancer name. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L17) | Load balancer name. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L22) | Project id. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L22) | Project id. | <code>string</code> | ✓ | |
|
||||||
| [backend_services_config](variables.tf#L56) | The backends services configuration. | <code title="map(object({ enable_cdn = bool cdn_config = object({ cache_mode = string client_ttl = number default_ttl = number max_ttl = number negative_caching = bool negative_caching_policy = map(number) serve_while_stale = bool signed_url_cache_max_age_sec = string }) bucket_config = object({ bucket_name = string options = object({ custom_response_headers = list(string) }) }) group_config = object({ backends = list(object({ group = string # IG or NEG FQDN address options = object({ balancing_mode = string # Can be UTILIZATION, RATE, CONNECTION capacity_scaler = number # Valid range is [0.0,1.0] max_connections = number max_connections_per_instance = number max_connections_per_endpoint = number max_rate = number max_rate_per_instance = number max_rate_per_endpoint = number max_utilization = number }) })) health_checks = list(string) log_config = object({ enable = bool sample_rate = number # must be in [0, 1] }) options = object({ affinity_cookie_ttl_sec = number custom_request_headers = list(string) custom_response_headers = list(string) connection_draining_timeout_sec = number load_balancing_scheme = string # only EXTERNAL (default) makes sense here locality_lb_policy = string port_name = string protocol = string security_policy = string session_affinity = string timeout_sec = number circuits_breakers = object({ max_requests_per_connection = number # Set to 1 to disable keep-alive max_connections = number # Defaults to 1024 max_pending_requests = number # Defaults to 1024 max_requests = number # Defaults to 1024 max_retries = number # Defaults to 3 }) consistent_hash = object({ http_header_name = string minimum_ring_size = string http_cookie = object({ name = string path = string ttl = object({ seconds = number nanos = number }) }) }) iap = object({ oauth2_client_id = string oauth2_client_secret = string oauth2_client_secret_sha256 = string }) }) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [backend_services_config](variables.tf#L62) | The backends services configuration. | <code title="map(object({ enable_cdn = bool cdn_config = object({ cache_mode = string client_ttl = number default_ttl = number max_ttl = number negative_caching = bool negative_caching_policy = map(number) serve_while_stale = bool signed_url_cache_max_age_sec = string }) bucket_config = object({ bucket_name = string options = object({ custom_response_headers = list(string) }) }) group_config = object({ backends = list(object({ group = string # IG or NEG FQDN address options = object({ balancing_mode = string # Can be UTILIZATION, RATE, CONNECTION capacity_scaler = number # Valid range is [0.0,1.0] max_connections = number max_connections_per_instance = number max_connections_per_endpoint = number max_rate = number max_rate_per_instance = number max_rate_per_endpoint = number max_utilization = number }) })) health_checks = list(string) log_config = object({ enable = bool sample_rate = number # must be in [0, 1] }) options = object({ affinity_cookie_ttl_sec = number custom_request_headers = list(string) custom_response_headers = list(string) connection_draining_timeout_sec = number load_balancing_scheme = string # only EXTERNAL (default) makes sense here locality_lb_policy = string port_name = string protocol = string security_policy = string session_affinity = string timeout_sec = number circuits_breakers = object({ max_requests_per_connection = number # Set to 1 to disable keep-alive max_connections = number # Defaults to 1024 max_pending_requests = number # Defaults to 1024 max_requests = number # Defaults to 1024 max_retries = number # Defaults to 3 }) consistent_hash = object({ http_header_name = string minimum_ring_size = string http_cookie = object({ name = string path = string ttl = object({ seconds = number nanos = number }) }) }) iap = object({ oauth2_client_id = string oauth2_client_secret = string oauth2_client_secret_sha256 = string }) }) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [global_forwarding_rule_config](variables.tf#L202) | Global forwarding rule configurations. | <code title="object({ ip_protocol = string ip_version = string load_balancing_scheme = string port_range = string })">object({…})</code> | | <code title="{ load_balancing_scheme = "EXTERNAL" ip_protocol = "TCP" ip_version = "IPV4" port_range = null }">{…}</code> |
|
| [forwarding_rule_config](variables.tf#L226) | Regional forwarding rule configurations. | <code title="object({ ip_protocol = string ip_version = string load_balancing_scheme = string port_range = string network_tier = string network = string })">object({…})</code> | | <code title="{ load_balancing_scheme = "EXTERNAL_MANAGED" ip_protocol = "TCP" ip_version = "IPV4" network_tier = "STANDARD" network = "default" port_range = null }">{…}</code> |
|
||||||
| [health_checks_config](variables.tf#L45) | Custom health checks configuration. | <code title="map(object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
| [global_forwarding_rule_config](variables.tf#L208) | Global forwarding rule configurations. | <code title="object({ ip_protocol = string ip_version = string load_balancing_scheme = string port_range = string })">object({…})</code> | | <code title="{ load_balancing_scheme = "EXTERNAL" ip_protocol = "TCP" ip_version = "IPV4" port_range = null }">{…}</code> |
|
||||||
| [health_checks_config_defaults](variables.tf#L27) | Auto-created health check default configuration. | <code title="object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool })">object({…})</code> | | <code title="{ type = "http" logging = false options = {} check = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
| [health_checks_config](variables.tf#L51) | Custom health checks configuration. | <code title="map(object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [https](variables.tf#L220) | Whether to enable HTTPS. | <code>bool</code> | | <code>false</code> |
|
| [health_checks_config_defaults](variables.tf#L33) | Auto-created health check default configuration. | <code title="object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool })">object({…})</code> | | <code title="{ type = "http" logging = false options = {} check = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
||||||
| [reserve_ip_address](variables.tf#L226) | Whether to reserve a static global IP address. | <code>bool</code> | | <code>false</code> |
|
| [https](variables.tf#L247) | Whether to enable HTTPS. | <code>bool</code> | | <code>false</code> |
|
||||||
| [ssl_certificates_config](variables.tf#L165) | The SSL certificate configuration. | <code title="map(object({ domains = list(string) unmanaged_config = object({ tls_private_key = string tls_self_signed_cert = string }) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [region](variables.tf#L27) | Create a regional load balancer in this region. | <code>string</code> | | <code>null</code> |
|
||||||
| [ssl_certificates_config_defaults](variables.tf#L178) | The SSL certificate default configuration. | <code title="object({ domains = list(string) unmanaged_config = object({ tls_private_key = string tls_self_signed_cert = string }) })">object({…})</code> | | <code title="{ domains = ["example.com"], unmanaged_config = null }">{…}</code> |
|
| [reserve_ip_address](variables.tf#L253) | Whether to reserve a static global IP address. | <code>bool</code> | | <code>false</code> |
|
||||||
| [target_proxy_https_config](variables.tf#L194) | The HTTPS target proxy configuration. | <code title="object({ ssl_certificates = list(string) })">object({…})</code> | | <code>null</code> |
|
| [ssl_certificates_config](variables.tf#L171) | The SSL certificate configuration. | <code title="map(object({ domains = list(string) unmanaged_config = object({ tls_private_key = string tls_self_signed_cert = string }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [url_map_config](variables.tf#L151) | The url-map configuration. | <code title="object({ default_service = string default_route_action = any default_url_redirect = map(any) header_action = any host_rules = list(any) path_matchers = list(any) tests = list(map(string)) })">object({…})</code> | | <code>null</code> |
|
| [ssl_certificates_config_defaults](variables.tf#L184) | The SSL certificate default configuration. | <code title="object({ domains = list(string) unmanaged_config = object({ tls_private_key = string tls_self_signed_cert = string }) })">object({…})</code> | | <code title="{ domains = ["example.com"], unmanaged_config = null }">{…}</code> |
|
||||||
|
| [target_proxy_https_config](variables.tf#L200) | The HTTPS target proxy configuration. | <code title="object({ ssl_certificates = list(string) })">object({…})</code> | | <code>null</code> |
|
||||||
|
| [url_map_config](variables.tf#L157) | The url-map configuration. | <code title="object({ default_service = string default_route_action = any default_url_redirect = map(any) header_action = any host_rules = list(any) path_matchers = list(any) tests = list(map(string)) })">object({…})</code> | | <code>null</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [backend_services](outputs.tf#L22) | Backend service resources. | |
|
| [backend_services](outputs.tf#L22) | Backend service resources. | |
|
||||||
|
| [forwarding_rule](outputs.tf#L67) | The regional forwarding rule. | |
|
||||||
| [global_forwarding_rule](outputs.tf#L62) | The global forwarding rule. | |
|
| [global_forwarding_rule](outputs.tf#L62) | The global forwarding rule. | |
|
||||||
| [health_checks](outputs.tf#L17) | Health-check resources. | |
|
| [health_checks](outputs.tf#L17) | Health-check resources. | |
|
||||||
| [ip_address](outputs.tf#L44) | The reserved global IP address. | |
|
| [ip_address](outputs.tf#L44) | The reserved global IP address. | |
|
||||||
|
|
|
@ -60,7 +60,7 @@ resource "google_compute_backend_bucket" "bucket" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_backend_service" "group" {
|
resource "google_compute_backend_service" "group" {
|
||||||
for_each = local.backend_services_group
|
for_each = var.region == null ? local.backend_services_group : {}
|
||||||
name = "${var.name}-${each.key}"
|
name = "${var.name}-${each.key}"
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
description = "Terraform managed."
|
description = "Terraform managed."
|
||||||
|
@ -208,3 +208,4 @@ resource "google_compute_backend_service" "group" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,26 +17,26 @@
|
||||||
# tfdoc:file:description Global address and forwarding rule.
|
# tfdoc:file:description Global address and forwarding rule.
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
ip_address = (
|
ip_address = var.region == null ? (
|
||||||
var.reserve_ip_address
|
var.region == null && var.reserve_ip_address
|
||||||
? google_compute_global_address.static_ip.0.id
|
? google_compute_global_address.static_ip.0.id
|
||||||
: null
|
: null
|
||||||
)
|
) : null
|
||||||
|
|
||||||
port_range = coalesce(
|
port_range = coalesce(
|
||||||
var.global_forwarding_rule_config.port_range,
|
var.global_forwarding_rule_config.port_range,
|
||||||
var.https ? "443" : "80"
|
var.https ? "443" : "80"
|
||||||
)
|
)
|
||||||
|
|
||||||
target = (
|
target = var.region == null ? (
|
||||||
var.https
|
var.https
|
||||||
? google_compute_target_https_proxy.https.0.id
|
? google_compute_target_https_proxy.https.0.id
|
||||||
: google_compute_target_http_proxy.http.0.id
|
: google_compute_target_http_proxy.http.0.id
|
||||||
)
|
) : null
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_global_address" "static_ip" {
|
resource "google_compute_global_address" "static_ip" {
|
||||||
count = var.reserve_ip_address ? 1 : 0
|
count = var.region == null && var.reserve_ip_address ? 1 : 0
|
||||||
provider = google-beta
|
provider = google-beta
|
||||||
name = var.name
|
name = var.name
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
|
@ -44,6 +44,7 @@ resource "google_compute_global_address" "static_ip" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_global_forwarding_rule" "forwarding_rule" {
|
resource "google_compute_global_forwarding_rule" "forwarding_rule" {
|
||||||
|
count = var.region == null ? 1 : 0
|
||||||
provider = google-beta
|
provider = google-beta
|
||||||
name = var.name
|
name = var.name
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
|
|
|
@ -48,7 +48,7 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_health_check" "health_check" {
|
resource "google_compute_health_check" "health_check" {
|
||||||
for_each = local.health_checks_config
|
for_each = var.region == null ? local.health_checks_config : {}
|
||||||
provider = google-beta
|
provider = google-beta
|
||||||
name = "${var.name}-${each.key}"
|
name = "${var.name}-${each.key}"
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
|
@ -148,3 +148,106 @@ resource "google_compute_health_check" "health_check" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_health_check" "health_check" {
|
||||||
|
for_each = var.region != null ? local.health_checks_config : {}
|
||||||
|
provider = google-beta
|
||||||
|
name = "${var.name}-${each.key}"
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
check_interval_sec = try(each.value.options.check_interval_sec, null)
|
||||||
|
healthy_threshold = try(each.value.options.healthy_threshold, null)
|
||||||
|
timeout_sec = try(each.value.options.timeout_sec, null)
|
||||||
|
unhealthy_threshold = try(each.value.options.unhealthy_threshold, null)
|
||||||
|
|
||||||
|
dynamic "http_health_check" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.type, null) == "http" || try(each.value.type, null) == null
|
||||||
|
? { 1 = 1 }
|
||||||
|
: {}
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host = try(each.value.check.host, null)
|
||||||
|
port = try(each.value.check.port, null)
|
||||||
|
port_name = try(each.value.check.port_name, null)
|
||||||
|
port_specification = try(each.value.check.port_specification, null)
|
||||||
|
proxy_header = try(each.value.check.proxy_header, null)
|
||||||
|
request_path = try(each.value.check.request_path, null)
|
||||||
|
response = try(each.value.check.response, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "https_health_check" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.type, null) == "https" || try(each.value.type, null) == null
|
||||||
|
? { 1 = 1 }
|
||||||
|
: {}
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host = try(each.value.check.host, null)
|
||||||
|
port = try(each.value.check.port, null)
|
||||||
|
port_name = try(each.value.check.port_name, null)
|
||||||
|
port_specification = try(each.value.check.port_specification, null)
|
||||||
|
proxy_header = try(each.value.check.proxy_header, null)
|
||||||
|
request_path = try(each.value.check.request_path, null)
|
||||||
|
response = try(each.value.check.response, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "tcp_health_check" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.type, null) == "tcp" || try(each.value.type, null) == null
|
||||||
|
? { 1 = 1 }
|
||||||
|
: {}
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
port = try(each.value.check.port, null)
|
||||||
|
port_name = try(each.value.check.port_name, null)
|
||||||
|
port_specification = try(each.value.check.port_specification, null)
|
||||||
|
proxy_header = try(each.value.check.proxy_header, null)
|
||||||
|
request = try(each.value.check.request, null)
|
||||||
|
response = try(each.value.check.response, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "ssl_health_check" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.type, null) == "ssl" || try(each.value.type, null) == null
|
||||||
|
? { 1 = 1 }
|
||||||
|
: {}
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
port = try(each.value.check.port, null)
|
||||||
|
port_name = try(each.value.check.port_name, null)
|
||||||
|
port_specification = try(each.value.check.port_specification, null)
|
||||||
|
proxy_header = try(each.value.check.proxy_header, null)
|
||||||
|
request = try(each.value.check.request, null)
|
||||||
|
response = try(each.value.check.response, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "http2_health_check" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.type, null) == "http2" || try(each.value.type, null) == null
|
||||||
|
? { 1 = 1 }
|
||||||
|
: {}
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host = try(each.value.check.host, null)
|
||||||
|
port = try(each.value.check.port, null)
|
||||||
|
port_name = try(each.value.check.port_name, null)
|
||||||
|
port_specification = try(each.value.check.port_specification, null)
|
||||||
|
proxy_header = try(each.value.check.proxy_header, null)
|
||||||
|
request_path = try(each.value.check.request_path, null)
|
||||||
|
response = try(each.value.check.response, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "log_config" {
|
||||||
|
for_each = try(each.value.logging, false) ? { 0 = 0 } : {}
|
||||||
|
content {
|
||||||
|
enable = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -43,12 +43,12 @@ output "ssl_certificates" {
|
||||||
|
|
||||||
output "ip_address" {
|
output "ip_address" {
|
||||||
description = "The reserved global IP address."
|
description = "The reserved global IP address."
|
||||||
value = try(google_compute_global_address.static_ip[0].address, null)
|
value = var.region == null ? try(google_compute_global_address.static_ip.0.address, null) : try(google_compute_address.static_ip.0.address, null)
|
||||||
}
|
}
|
||||||
|
|
||||||
output "ip_address_self_link" {
|
output "ip_address_self_link" {
|
||||||
description = "The URI of the reserved global IP address."
|
description = "The URI of the reserved global IP address."
|
||||||
value = google_compute_global_forwarding_rule.forwarding_rule.ip_address
|
value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0.ip_address : google_compute_forwarding_rule.forwarding_rule.0.ip_address
|
||||||
}
|
}
|
||||||
|
|
||||||
output "target_proxy" {
|
output "target_proxy" {
|
||||||
|
@ -61,5 +61,10 @@ output "target_proxy" {
|
||||||
|
|
||||||
output "global_forwarding_rule" {
|
output "global_forwarding_rule" {
|
||||||
description = "The global forwarding rule."
|
description = "The global forwarding rule."
|
||||||
value = google_compute_global_forwarding_rule.forwarding_rule
|
value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : null
|
||||||
|
}
|
||||||
|
|
||||||
|
output "forwarding_rule" {
|
||||||
|
description = "The regional forwarding rule."
|
||||||
|
value = var.region == null ? google_compute_global_forwarding_rule.forwarding_rule.0 : google_compute_forwarding_rule.forwarding_rule.0
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,164 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
# tfdoc:file:description Bucket and group backend services for regional load balancers.
|
||||||
|
|
||||||
|
resource "google_compute_region_backend_service" "group" {
|
||||||
|
for_each = var.region != null ? local.backend_services_group : {}
|
||||||
|
name = "${var.name}-${each.key}"
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
affinity_cookie_ttl_sec = try(each.value.group_config.options.affinity_cookie_ttl_sec, null)
|
||||||
|
enable_cdn = try(each.value.enable_cdn, null)
|
||||||
|
connection_draining_timeout_sec = try(each.value.group_config.options.connection_draining_timeout_sec, null)
|
||||||
|
load_balancing_scheme = try(each.value.group_config.options.load_balancing_scheme, null)
|
||||||
|
locality_lb_policy = try(each.value.group_config.options.locality_lb_policy, null)
|
||||||
|
port_name = try(each.value.group_config.options.port_name, null)
|
||||||
|
protocol = try(each.value.group_config.options.protocol, null)
|
||||||
|
session_affinity = try(each.value.group_config.options.session_affinity, null)
|
||||||
|
timeout_sec = try(each.value.group_config.options.timeout_sec, null)
|
||||||
|
|
||||||
|
# If no health checks are defined, use the default one.
|
||||||
|
# Otherwise, look in the health_checks_config map.
|
||||||
|
# Otherwise, use the health_check id as is (already existing).
|
||||||
|
health_checks = (
|
||||||
|
try(length(each.value.group_config.health_checks), 0) == 0
|
||||||
|
? try(
|
||||||
|
[google_compute_region_health_check.health_check["default"].id],
|
||||||
|
null
|
||||||
|
)
|
||||||
|
: [
|
||||||
|
for hc in each.value.group_config.health_checks :
|
||||||
|
try(google_compute_region_health_check.health_check[hc].id, hc)
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
dynamic "backend" {
|
||||||
|
for_each = try(each.value.group_config.backends, [])
|
||||||
|
content {
|
||||||
|
balancing_mode = try(backend.value.options.balancing_mode, null)
|
||||||
|
capacity_scaler = try(backend.value.options.capacity_scaler, null)
|
||||||
|
group = try(backend.value.group, null)
|
||||||
|
max_connections = try(backend.value.options.max_connections, null)
|
||||||
|
max_connections_per_instance = try(backend.value.options.max_connections_per_instance, null)
|
||||||
|
max_connections_per_endpoint = try(backend.value.options.max_connections_per_endpoint, null)
|
||||||
|
max_rate = try(backend.value.options.max_rate, null)
|
||||||
|
max_rate_per_instance = try(backend.value.options.max_rate_per_instance, null)
|
||||||
|
max_rate_per_endpoint = try(backend.value.options.max_rate_per_endpoint, null)
|
||||||
|
max_utilization = try(backend.value.options.max_utilization, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "circuit_breakers" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.group_config.options.circuit_breakers, null) == null
|
||||||
|
? []
|
||||||
|
: [each.value.group_config.options.circuit_breakers]
|
||||||
|
)
|
||||||
|
iterator = cb
|
||||||
|
content {
|
||||||
|
max_requests_per_connection = try(cb.value.max_requests_per_connection, null)
|
||||||
|
max_connections = try(cb.value.max_connections, null)
|
||||||
|
max_pending_requests = try(cb.value.max_pending_requests, null)
|
||||||
|
max_requests = try(cb.value.max_requests, null)
|
||||||
|
max_retries = try(cb.value.max_retries, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "consistent_hash" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.group_config.options.consistent_hash, null) == null
|
||||||
|
? []
|
||||||
|
: [each.value.group_config.options.consistent_hash]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
http_header_name = try(consistent_hash.value.http_header_name, null)
|
||||||
|
minimum_ring_size = try(consistent_hash.value.minimum_ring_size, null)
|
||||||
|
|
||||||
|
dynamic "http_cookie" {
|
||||||
|
for_each = try(consistent_hash.value.http_cookie, null) == null ? [] : [consistent_hash.value.http_cookie]
|
||||||
|
content {
|
||||||
|
name = try(http_cookie.value.name, null)
|
||||||
|
path = try(http_cookie.value.path, null)
|
||||||
|
|
||||||
|
dynamic "ttl" {
|
||||||
|
for_each = try(consistent_hash.value.ttl, null) == null ? [] : [consistent_hash.value.ttl]
|
||||||
|
content {
|
||||||
|
seconds = try(ttl.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
nanos = try(ttl.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "cdn_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.cdn_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [each.value.cdn_policy]
|
||||||
|
)
|
||||||
|
iterator = cdn_policy
|
||||||
|
content {
|
||||||
|
signed_url_cache_max_age_sec = try(cdn_policy.value.signed_url_cache_max_age_sec, null)
|
||||||
|
default_ttl = try(cdn_policy.value.default_ttl, null)
|
||||||
|
max_ttl = try(cdn_policy.value.max_ttl, null)
|
||||||
|
client_ttl = try(cdn_policy.value.client_ttl, null)
|
||||||
|
negative_caching = try(cdn_policy.value.negative_caching, null)
|
||||||
|
cache_mode = try(cdn_policy.value.cache_mode, null)
|
||||||
|
serve_while_stale = try(cdn_policy.value.serve_while_stale, null)
|
||||||
|
|
||||||
|
dynamic "negative_caching_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(cdn_policy.value.negative_caching_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [cdn_policy.value.negative_caching_policy]
|
||||||
|
)
|
||||||
|
iterator = ncp
|
||||||
|
content {
|
||||||
|
code = try(ncp.value.code, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "iap" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.group_config.options.iap, null) == null
|
||||||
|
? []
|
||||||
|
: [each.value.group_config.options.iap]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
oauth2_client_id = try(iap.value.oauth2_client_id, null)
|
||||||
|
oauth2_client_secret = try(iap.value.oauth2_client_secret, null) # sensitive
|
||||||
|
oauth2_client_secret_sha256 = try(iap.value.oauth2_client_secret_sha256, null) # sensitive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "log_config" {
|
||||||
|
for_each = (
|
||||||
|
try(each.value.group_config.log_config, null) == null
|
||||||
|
? []
|
||||||
|
: [each.value.group_config.log_config]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
enable = try(log_config.value.enable, null)
|
||||||
|
sample_rate = try(log_config.value.sample_rate, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,62 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
# tfdoc:file:description Global address and forwarding rule.
|
||||||
|
|
||||||
|
locals {
|
||||||
|
regional_ip_address = var.region != null ? (
|
||||||
|
var.reserve_ip_address
|
||||||
|
? google_compute_address.static_ip.0.id
|
||||||
|
: null
|
||||||
|
) : null
|
||||||
|
|
||||||
|
regional_port_range = coalesce(
|
||||||
|
var.forwarding_rule_config.port_range,
|
||||||
|
var.https ? "443" : "80"
|
||||||
|
)
|
||||||
|
|
||||||
|
regional_target = var.region != null ? (
|
||||||
|
var.https
|
||||||
|
? google_compute_region_target_https_proxy.https.0.id
|
||||||
|
: google_compute_region_target_http_proxy.http.0.id
|
||||||
|
) : null
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_address" "static_ip" {
|
||||||
|
count = var.region != null && var.reserve_ip_address ? 1 : 0
|
||||||
|
provider = google-beta
|
||||||
|
name = var.name
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
address_type = "EXTERNAL"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "forwarding_rule" {
|
||||||
|
count = var.region != null ? 1 : 0
|
||||||
|
provider = google-beta
|
||||||
|
name = var.name
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
ip_protocol = var.forwarding_rule_config.ip_protocol
|
||||||
|
load_balancing_scheme = var.forwarding_rule_config.load_balancing_scheme
|
||||||
|
port_range = local.regional_port_range
|
||||||
|
target = local.regional_target
|
||||||
|
ip_address = local.regional_ip_address
|
||||||
|
network_tier = var.forwarding_rule_config.network_tier
|
||||||
|
network = var.forwarding_rule_config.network
|
||||||
|
}
|
|
@ -0,0 +1,717 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
# tfdoc:file:description regional URL maps.
|
||||||
|
locals {
|
||||||
|
# Look for a backend services in the config whose id is
|
||||||
|
# the default_service given in the url-map.
|
||||||
|
# If not found, use the default_service id as given
|
||||||
|
# (assuming it's already existing).
|
||||||
|
# If the variable is null, will be set to null.
|
||||||
|
_regional_default_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[var.url_map_config.default_service].id,
|
||||||
|
google_compute_region_backend_service.group[var.url_map_config.default_service].id,
|
||||||
|
var.url_map_config.default_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
|
||||||
|
# If no backend services are specified,
|
||||||
|
# the first backend service defined is associated
|
||||||
|
regional_default_service = (
|
||||||
|
try(local._regional_default_service, null) == null
|
||||||
|
&& try(var.url_map_config.default_route_action.weighted_backend_services, null) == null
|
||||||
|
&& try(var.url_map_config.default_url_redirect, null) == null
|
||||||
|
? try(
|
||||||
|
google_compute_backend_bucket.bucket[keys(google_compute_backend_bucket.bucket)[0]].id,
|
||||||
|
google_compute_region_backend_service.group[keys(google_compute_region_backend_service.group)[0]].id,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
: null
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_url_map" "url_map" {
|
||||||
|
count = var.region != null ? 1 : 0
|
||||||
|
name = var.name
|
||||||
|
description = "Terraform managed."
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
default_service = local.regional_default_service
|
||||||
|
|
||||||
|
dynamic "host_rule" {
|
||||||
|
for_each = (
|
||||||
|
try(var.url_map_config.host_rules, null) == null
|
||||||
|
? []
|
||||||
|
: var.url_map_config.host_rules
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
description = try(host_rule.value.description, null)
|
||||||
|
hosts = try(host_rule.value.hosts, null)
|
||||||
|
path_matcher = try(host_rule.value.path_matcher, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "path_matcher" {
|
||||||
|
for_each = (
|
||||||
|
try(var.url_map_config.path_matchers, null) == null
|
||||||
|
? []
|
||||||
|
: var.url_map_config.path_matchers
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
name = try(path_matcher.value.name, null)
|
||||||
|
description = try(path_matcher.value.description, null)
|
||||||
|
default_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[var.url_map_config.default_service].id,
|
||||||
|
google_compute_region_backend_service.group[var.url_map_config.default_service].id,
|
||||||
|
path_matcher.value.default_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
|
||||||
|
dynamic "path_rule" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.path_rules, null) == null
|
||||||
|
? []
|
||||||
|
: path_matcher.value.path_rules
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
paths = try(path_rule.value.paths, null)
|
||||||
|
service = try(
|
||||||
|
google_compute_backend_bucket.bucket[path_rule.value.service].id,
|
||||||
|
google_compute_region_backend_service.group[path_rule.value.service].id,
|
||||||
|
path_rule.value.service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
|
||||||
|
dynamic "route_action" {
|
||||||
|
for_each = (
|
||||||
|
try(path_rule.value.route_action, null) == null
|
||||||
|
? []
|
||||||
|
: [path_rule.value.route_action]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
|
||||||
|
dynamic "cors_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.cors_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.cors_policy]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
allow_credentials = try(cors_policy.value.allow_credentials, null)
|
||||||
|
allow_headers = try(cors_policy.value.allow_headers, null)
|
||||||
|
allow_methods = try(cors_policy.value.allow_methods, null)
|
||||||
|
allow_origin_regexes = try(cors_policy.value.allow_origin_regexes, null)
|
||||||
|
allow_origins = try(cors_policy.value.allow_origins, null)
|
||||||
|
disabled = try(cors_policy.value.disabled, null)
|
||||||
|
expose_headers = try(cors_policy.value.expose_headers, null)
|
||||||
|
max_age = try(cors_policy.value.max_age, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "fault_injection_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.fault_injection_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.fault_injection_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
|
||||||
|
dynamic "abort" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.abort, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.abort]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
http_status = try(abort.value.http_status, null) # Must be between 200 and 599 inclusive
|
||||||
|
percentage = try(abort.value.percentage, null) # Must be between 0.0 and 100.0 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "delay" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.delay, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.delay]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
percentage = try(delay.value.percentage, null) # Must be between 0.0 and 100.0 inclusive
|
||||||
|
|
||||||
|
dynamic "fixed_delay" {
|
||||||
|
for_each = (
|
||||||
|
try(delay.value.fixed_delay, null) == null
|
||||||
|
? []
|
||||||
|
: [delay.value.fixed_delay]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
nanos = try(fixed_delay.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(fixed_delay.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "request_mirror_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.request_mirror_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.request_mirror_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
backend_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[policy.value.backend_service].id,
|
||||||
|
google_compute_region_backend_service.group[policy.value.backend_service].id,
|
||||||
|
policy.value.backend_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "retry_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.retry_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.retry_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
num_retries = try(policy.num_retries, null) # Must be > 0
|
||||||
|
# Valid values at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#retry_conditions
|
||||||
|
retry_conditions = try(policy.retry_conditions, null)
|
||||||
|
|
||||||
|
dynamic "per_try_timeout" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.per_try_timeout, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.per_try_timeout]
|
||||||
|
)
|
||||||
|
iterator = timeout
|
||||||
|
content {
|
||||||
|
nanos = try(timeout.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(timeout.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "timeout" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.timeout, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.timeout]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
nanos = try(timeout.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(timeout.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "url_rewrite" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.url_rewrite, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.url_rewrite]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_rewrite = try(url_rewrite.value.host_rewrite, null) # Must be between 1 and 255 characters
|
||||||
|
path_prefix_rewrite = try(url_rewrite.value.path_prefix_rewrite, null) # Must be between 1 and 1024 characters
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "weighted_backend_services" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.weighted_backend_services, null) == null
|
||||||
|
? []
|
||||||
|
: route_action.value.weighted_backend_services
|
||||||
|
)
|
||||||
|
iterator = weighted
|
||||||
|
content {
|
||||||
|
weight = try(weighted.value.weigth, null)
|
||||||
|
backend_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[weighted.value.backend_service].id,
|
||||||
|
google_compute_backend_service.group[weighted.value.backend_service].id,
|
||||||
|
policy.value.backend_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
dynamic "header_action" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.header_action, null) == null
|
||||||
|
? []
|
||||||
|
: [path_matcher.value.header_action]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
request_headers_to_remove = try(header_action.value.request_headers_to_remove, null)
|
||||||
|
response_headers_to_remove = try(header_action.value.response_headers_to_remove, null)
|
||||||
|
|
||||||
|
dynamic "request_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.value.request_headers_to_add, null) == null
|
||||||
|
? [] :
|
||||||
|
[header_action.value.request_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(request_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(request_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(request_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "response_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.response_headers_to_add, null) == null
|
||||||
|
? []
|
||||||
|
: [header_action.response_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(response_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(response_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(response_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "url_redirect" {
|
||||||
|
for_each = (
|
||||||
|
try(path_rule.value.url_redirect, null) == null
|
||||||
|
? []
|
||||||
|
: path_rule.value.url_redirect
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_redirect = try(url_redirect.value.host_redirect, null) # Must be between 1 and 255 characters
|
||||||
|
https_redirect = try(url_redirect.value.https_redirect, null)
|
||||||
|
path_redirect = try(url_redirect.value.path_redirect, null)
|
||||||
|
prefix_redirect = try(url_redirect.value.prefix_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
# Valid valus at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#redirect_response_code
|
||||||
|
redirect_response_code = try(url_redirect.value.redirect_response_code, null)
|
||||||
|
strip_query = try(url_redirect.value.strip_query, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "route_rules" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.route_rules, null) == null
|
||||||
|
? []
|
||||||
|
: path_matcher.value.route_rules
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
priority = try(route_rules.value.priority, null)
|
||||||
|
service = try(
|
||||||
|
google_compute_backend_bucket.bucket[route_rules.value.service].id,
|
||||||
|
google_compute_backend_service.group[route_rules.value.service].id,
|
||||||
|
route_rules.value.service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
|
||||||
|
dynamic "header_action" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.header_action, null) == null
|
||||||
|
? []
|
||||||
|
: [path_matcher.value.header_action]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
request_headers_to_remove = try(header_action.value.request_headers_to_remove, null)
|
||||||
|
response_headers_to_remove = try(header_action.value.response_headers_to_remove, null)
|
||||||
|
|
||||||
|
dynamic "request_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.value.request_headers_to_add, null) == null
|
||||||
|
? []
|
||||||
|
: [header_action.value.request_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(request_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(request_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(request_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "response_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.response_headers_to_add, null) == null
|
||||||
|
? []
|
||||||
|
: [header_action.response_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(response_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(response_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(response_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "match_rules" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.match_rules, null) == null
|
||||||
|
? []
|
||||||
|
: path_matcher.value.match_rules
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
full_path_match = try(match_rules.value.full_path_match, null) # Must be between 1 and 1024 characters
|
||||||
|
ignore_case = try(match_rules.value.ignore_case, null)
|
||||||
|
prefix_match = try(match_rules.value.prefix_match, null)
|
||||||
|
regex_match = try(match_rules.value.regex_match, null)
|
||||||
|
|
||||||
|
dynamic "header_matches" {
|
||||||
|
for_each = (
|
||||||
|
try(match_rules.value.header_matches, null) == null
|
||||||
|
? []
|
||||||
|
: [match_rules.value.header_matches]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
exact_match = try(header_matches.value.exact_match, null)
|
||||||
|
header_name = try(header_matches.value.header_name, null)
|
||||||
|
invert_match = try(header_matches.value.invert_match, null)
|
||||||
|
prefix_match = try(header_matches.value.prefix_match, null)
|
||||||
|
present_match = try(header_matches.value.present_match, null)
|
||||||
|
regex_match = try(header_matches.value.regex_match, null)
|
||||||
|
suffix_match = try(header_matches.value, null)
|
||||||
|
|
||||||
|
dynamic "range_match" {
|
||||||
|
for_each = try(header_matches.value.range_match, null) == null ? [] : [header_matches.value.range_match]
|
||||||
|
content {
|
||||||
|
range_end = try(range_match.value.range_end, null)
|
||||||
|
range_start = try(range_match.value.range_start, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "metadata_filters" {
|
||||||
|
for_each = (
|
||||||
|
try(match_rules.value.metadata_filters, null) == null
|
||||||
|
? []
|
||||||
|
: [match_rules.value.metadata_filters]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
# Valid values at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#filter_match_criteria
|
||||||
|
filter_match_criteria = try(metadata_filters.value.filter_match_criteria, null)
|
||||||
|
|
||||||
|
dynamic "filter_labels" {
|
||||||
|
for_each = (
|
||||||
|
try(metadata_filters.value.filter_labels, null) == null
|
||||||
|
? []
|
||||||
|
: metadata_filters.value.filter_labels
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
name = try(filter_labels.value.name, null) # Must be between 1 and 1024 characters
|
||||||
|
value = try(filter_labels.value.value, null) # Must be between 1 and 1024 characters
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "query_parameter_matches" {
|
||||||
|
for_each = (
|
||||||
|
try(match_rules.value.query_parameter_matches, null) == null
|
||||||
|
? []
|
||||||
|
: [match_rules.value.query_parameter_matches]
|
||||||
|
)
|
||||||
|
iterator = query
|
||||||
|
content {
|
||||||
|
exact_match = try(query.value.exact_match, null)
|
||||||
|
name = try(query.value.name, null)
|
||||||
|
present_match = try(query.value.present_match, null)
|
||||||
|
regex_match = try(query.value.regex_match, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "route_action" {
|
||||||
|
for_each = (
|
||||||
|
try(route_rules.value.route_action, null) == null
|
||||||
|
? []
|
||||||
|
: [route_rules.value.route_action]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
|
||||||
|
dynamic "cors_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.cors_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.cors_policy]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
allow_credentials = try(cors_policy.value.allow_credentials, null)
|
||||||
|
allow_headers = try(cors_policy.value.allow_headers, null)
|
||||||
|
allow_methods = try(cors_policy.value.allow_methods, null)
|
||||||
|
allow_origin_regexes = try(cors_policy.value.allow_origin_regexes, null)
|
||||||
|
allow_origins = try(cors_policy.value.allow_origins, null)
|
||||||
|
disabled = try(cors_policy.value.disabled, null)
|
||||||
|
expose_headers = try(cors_policy.value.expose_headers, null)
|
||||||
|
max_age = try(cors_policy.value.max_age, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "fault_injection_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.fault_injection_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.fault_injection_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
|
||||||
|
dynamic "abort" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.abort, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.abort]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
http_status = try(abort.value.http_status, null) # Must be between 200 and 599 inclusive
|
||||||
|
percentage = try(abort.value.percentage, null) # Must be between 0.0 and 100.0 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "delay" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.delay, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.delay]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
percentage = try(delay.value.percentage, null) # Must be between 0.0 and 100.0 inclusive
|
||||||
|
|
||||||
|
dynamic "fixed_delay" {
|
||||||
|
for_each = (
|
||||||
|
try(delay.value.fixed_delay, null) == null
|
||||||
|
? []
|
||||||
|
: [delay.value.fixed_delay]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
nanos = try(fixed_delay.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(fixed_delay.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "request_mirror_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.request_mirror_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.request_mirror_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
backend_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[policy.value.backend_service].id,
|
||||||
|
google_compute_backend_service.group[policy.value.backend_service].id,
|
||||||
|
policy.value.backend_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "retry_policy" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.retry_policy, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.retry_policy]
|
||||||
|
)
|
||||||
|
iterator = policy
|
||||||
|
content {
|
||||||
|
num_retries = try(policy.num_retries, null) # Must be > 0
|
||||||
|
# Valid values at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#retry_conditions
|
||||||
|
retry_conditions = try(policy.retry_conditions, null)
|
||||||
|
|
||||||
|
dynamic "per_try_timeout" {
|
||||||
|
for_each = (
|
||||||
|
try(policy.value.per_try_timeout, null) == null
|
||||||
|
? []
|
||||||
|
: [policy.value.per_try_timeout]
|
||||||
|
)
|
||||||
|
iterator = timeout
|
||||||
|
content {
|
||||||
|
nanos = try(timeout.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(timeout.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "timeout" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.timeout, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.timeout]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
nanos = try(timeout.value.nanos, null) # Must be from 0 to 999,999,999 inclusive
|
||||||
|
seconds = try(timeout.value.seconds, null) # Must be from 0 to 315,576,000,000 inclusive
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "url_rewrite" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.url_rewrite, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.url_rewrite]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_rewrite = try(url_rewrite.value.host_rewrite, null) # Must be between 1 and 255 characters
|
||||||
|
path_prefix_rewrite = try(url_rewrite.value.path_prefix_rewrite, null) # Must be between 1 and 1024 characters
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "weighted_backend_services" {
|
||||||
|
for_each = (
|
||||||
|
try(route_action.value.weighted_backend_services, null) == null
|
||||||
|
? []
|
||||||
|
: [route_action.value.url_rewrite]
|
||||||
|
)
|
||||||
|
iterator = weighted
|
||||||
|
content {
|
||||||
|
weight = try(weighted.value.weigth, null)
|
||||||
|
backend_service = try(
|
||||||
|
google_compute_backend_bucket.bucket[weighted.value.backend_service].id,
|
||||||
|
google_compute_backend_service.group[weighted.value.backend_service].id,
|
||||||
|
weighted.value.backend_service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
|
||||||
|
dynamic "header_action" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.header_action, null) == null
|
||||||
|
? [] :
|
||||||
|
[path_matcher.value.header_action]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
request_headers_to_remove = try(header_action.value.request_headers_to_remove, null)
|
||||||
|
response_headers_to_remove = try(header_action.value.response_headers_to_remove, null)
|
||||||
|
|
||||||
|
dynamic "request_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.value.request_headers_to_add, null) == null
|
||||||
|
? []
|
||||||
|
: [header_action.value.request_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(request_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(request_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(request_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "response_headers_to_add" {
|
||||||
|
for_each = (
|
||||||
|
try(header_action.response_headers_to_add, null) == null
|
||||||
|
? []
|
||||||
|
: [header_action.response_headers_to_add]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
header_name = try(response_headers_to_add.value.header_name, null)
|
||||||
|
header_value = try(response_headers_to_add.value.header_value, null)
|
||||||
|
replace = try(response_headers_to_add.value.replace, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "url_redirect" {
|
||||||
|
for_each = (
|
||||||
|
try(route_rules.value.url_redirect, null) == null
|
||||||
|
? []
|
||||||
|
: route_rules.value.url_redirect
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_redirect = try(url_redirect.value.host_redirect, null) # Must be between 1 and 255 characters
|
||||||
|
https_redirect = try(url_redirect.value.https_redirect, null)
|
||||||
|
path_redirect = try(url_redirect.value.path_redirect, null)
|
||||||
|
prefix_redirect = try(url_redirect.value.prefix_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
# Valid valus at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#redirect_response_code
|
||||||
|
redirect_response_code = try(url_redirect.value.redirect_response_code, null)
|
||||||
|
strip_query = try(url_redirect.value.strip_query, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "default_url_redirect" {
|
||||||
|
for_each = (
|
||||||
|
try(path_matcher.value.default_url_redirect, null) == null
|
||||||
|
? []
|
||||||
|
: path_matcher.value.default_url_redirect
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_redirect = try(default_url_redirect.value.host_redirect, null) # Must be between 1 and 255 characters
|
||||||
|
https_redirect = try(default_url_redirect.value.https_redirect, null)
|
||||||
|
path_redirect = try(default_url_redirect.value.path_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
prefix_redirect = try(default_url_redirect.value.prefix_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
# Valid values at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#redirect_response_code
|
||||||
|
redirect_response_code = try(default_url_redirect.value.redirect_response_code, null)
|
||||||
|
strip_query = try(default_url_redirect.value.strip_query, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Up to 100 tests per url_map
|
||||||
|
dynamic "test" {
|
||||||
|
for_each = (
|
||||||
|
try(var.url_map_config.tests, null) == null
|
||||||
|
? []
|
||||||
|
: var.url_map_config.tests
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
description = try(test.value.description, null)
|
||||||
|
host = try(test.value.host, null)
|
||||||
|
path = try(test.value.path, null)
|
||||||
|
service = try(
|
||||||
|
google_compute_backend_bucket.bucket[test.value.service].id,
|
||||||
|
google_compute_backend_service.group[test.value.service].id,
|
||||||
|
test.value.service,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "default_url_redirect" {
|
||||||
|
for_each = (
|
||||||
|
try(var.url_map_config.default_url_redirect, null) == null
|
||||||
|
? []
|
||||||
|
: [var.url_map_config.default_url_redirect]
|
||||||
|
)
|
||||||
|
content {
|
||||||
|
host_redirect = try(default_url_redirect.value.host_redirect, null) # Must be between 1 and 255 characters
|
||||||
|
https_redirect = try(default_url_redirect.value.https_redirect, null)
|
||||||
|
path_redirect = try(default_url_redirect.value.path_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
prefix_redirect = try(default_url_redirect.value.prefix_redirect, null) # Must be between 1 and 1024 characters
|
||||||
|
# Valid values at https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map#redirect_response_code
|
||||||
|
redirect_response_code = try(default_url_redirect.value.redirect_response_code, null)
|
||||||
|
strip_query = try(default_url_redirect.value.strip_query, null)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -40,18 +40,37 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_target_http_proxy" "http" {
|
resource "google_compute_target_http_proxy" "http" {
|
||||||
count = var.https ? 0 : 1
|
count = var.https ? 0 : (var.region == null ? 1 : 0)
|
||||||
name = var.name
|
name = var.name
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
description = "Terraform managed."
|
description = "Terraform managed."
|
||||||
url_map = google_compute_url_map.url_map.id
|
url_map = google_compute_url_map.url_map.0.id
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_target_https_proxy" "https" {
|
resource "google_compute_target_https_proxy" "https" {
|
||||||
count = var.https ? 1 : 0
|
count = var.https ? (var.region == null ? 1 : 0) : 0
|
||||||
name = var.name
|
name = var.name
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
description = "Terraform managed."
|
description = "Terraform managed."
|
||||||
url_map = google_compute_url_map.url_map.id
|
url_map = google_compute_url_map.url_map.0.id
|
||||||
|
ssl_certificates = local.ssl_certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_target_http_proxy" "http" {
|
||||||
|
count = var.https ? 0 : (var.region != null ? 1 : 0)
|
||||||
|
name = var.name
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
url_map = google_compute_region_url_map.url_map.0.id
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_target_https_proxy" "https" {
|
||||||
|
count = var.https ? (var.region != null ? 1 : 0) : 0
|
||||||
|
name = var.name
|
||||||
|
project = var.project_id
|
||||||
|
region = var.region
|
||||||
|
description = "Terraform managed."
|
||||||
|
url_map = google_compute_region_url_map.url_map.0.id
|
||||||
ssl_certificates = local.ssl_certificates
|
ssl_certificates = local.ssl_certificates
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,6 +45,7 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_url_map" "url_map" {
|
resource "google_compute_url_map" "url_map" {
|
||||||
|
count = var.region == null ? 1 : 0
|
||||||
name = var.name
|
name = var.name
|
||||||
description = "Terraform managed."
|
description = "Terraform managed."
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
|
@ -1180,3 +1181,4 @@ resource "google_compute_url_map" "url_map" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,12 @@ variable "project_id" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "region" {
|
||||||
|
description = "Create a regional load balancer in this region."
|
||||||
|
type = string
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "health_checks_config_defaults" {
|
variable "health_checks_config_defaults" {
|
||||||
description = "Auto-created health check default configuration."
|
description = "Auto-created health check default configuration."
|
||||||
type = object({
|
type = object({
|
||||||
|
@ -217,6 +223,27 @@ variable "global_forwarding_rule_config" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "forwarding_rule_config" {
|
||||||
|
description = "Regional forwarding rule configurations."
|
||||||
|
type = object({
|
||||||
|
ip_protocol = string
|
||||||
|
ip_version = string
|
||||||
|
load_balancing_scheme = string
|
||||||
|
port_range = string
|
||||||
|
network_tier = string
|
||||||
|
network = string
|
||||||
|
})
|
||||||
|
default = {
|
||||||
|
load_balancing_scheme = "EXTERNAL_MANAGED"
|
||||||
|
ip_protocol = "TCP"
|
||||||
|
ip_version = "IPV4"
|
||||||
|
network_tier = "STANDARD"
|
||||||
|
network = "default"
|
||||||
|
# If not specified, 80 for https = false, 443 otherwise
|
||||||
|
port_range = null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
variable "https" {
|
variable "https" {
|
||||||
description = "Whether to enable HTTPS."
|
description = "Whether to enable HTTPS."
|
||||||
type = bool
|
type = bool
|
||||||
|
|
|
@ -91,7 +91,7 @@ module "secret-manager" {
|
||||||
| [ids](outputs.tf#L17) | Secret ids keyed by secret_ids (names). | |
|
| [ids](outputs.tf#L17) | Secret ids keyed by secret_ids (names). | |
|
||||||
| [secrets](outputs.tf#L24) | Secret resources. | |
|
| [secrets](outputs.tf#L24) | Secret resources. | |
|
||||||
| [version_ids](outputs.tf#L29) | Version ids keyed by secret name : version name. | |
|
| [version_ids](outputs.tf#L29) | Version ids keyed by secret name : version name. | |
|
||||||
| [versions](outputs.tf#L36) | Secret versions. | |
|
| [versions](outputs.tf#L36) | Secret versions. | ✓ |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
|
@ -36,4 +36,5 @@ output "version_ids" {
|
||||||
output "versions" {
|
output "versions" {
|
||||||
description = "Secret versions."
|
description = "Secret versions."
|
||||||
value = google_secret_manager_secret_version.default
|
value = google_secret_manager_secret_version.default
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@ module "test" {
|
||||||
source = "../../../../modules/net-glb"
|
source = "../../../../modules/net-glb"
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
name = "glb-test"
|
name = "glb-test"
|
||||||
|
region = var.region
|
||||||
health_checks_config_defaults = var.health_checks_config_defaults
|
health_checks_config_defaults = var.health_checks_config_defaults
|
||||||
health_checks_config = var.health_checks_config
|
health_checks_config = var.health_checks_config
|
||||||
backend_services_config = var.backend_services_config
|
backend_services_config = var.backend_services_config
|
||||||
|
@ -28,4 +29,6 @@ module "test" {
|
||||||
target_proxy_https_config = var.target_proxy_https_config
|
target_proxy_https_config = var.target_proxy_https_config
|
||||||
reserve_ip_address = var.reserve_ip_address
|
reserve_ip_address = var.reserve_ip_address
|
||||||
global_forwarding_rule_config = var.global_forwarding_rule_config
|
global_forwarding_rule_config = var.global_forwarding_rule_config
|
||||||
|
forwarding_rule_config = var.forwarding_rule_config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,12 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
variable "region" {
|
||||||
|
description = "Create a regional load balancer."
|
||||||
|
type = string
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "health_checks_config_defaults" {
|
variable "health_checks_config_defaults" {
|
||||||
description = "Auto-created health check default configuration."
|
description = "Auto-created health check default configuration."
|
||||||
type = object({
|
type = object({
|
||||||
|
@ -207,6 +213,27 @@ variable "global_forwarding_rule_config" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "forwarding_rule_config" {
|
||||||
|
description = "Global forwarding rule configurations."
|
||||||
|
type = object({
|
||||||
|
ip_protocol = string
|
||||||
|
ip_version = string
|
||||||
|
load_balancing_scheme = string
|
||||||
|
port_range = string
|
||||||
|
network_tier = string
|
||||||
|
network = string
|
||||||
|
})
|
||||||
|
default = {
|
||||||
|
load_balancing_scheme = "EXTERNAL_MANAGED"
|
||||||
|
ip_protocol = "TCP"
|
||||||
|
ip_version = "IPV4"
|
||||||
|
# If not specified, 80 for https = false, 443 otherwise
|
||||||
|
port_range = null
|
||||||
|
network_tier = "STANDARD"
|
||||||
|
network = "default"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
variable "https" {
|
variable "https" {
|
||||||
description = "Whether to enable HTTPS."
|
description = "Whether to enable HTTPS."
|
||||||
type = bool
|
type = bool
|
||||||
|
|
|
@ -12,7 +12,6 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
|
||||||
_BACKEND_BUCKET = '''{
|
_BACKEND_BUCKET = '''{
|
||||||
my-bucket = {
|
my-bucket = {
|
||||||
bucket_config = {
|
bucket_config = {
|
||||||
|
@ -134,7 +133,8 @@ def test_group_default_hc(plan_runner):
|
||||||
assert len(health_check['https_health_check']) == 0
|
assert len(health_check['https_health_check']) == 0
|
||||||
assert len(health_check['http2_health_check']) == 0
|
assert len(health_check['http2_health_check']) == 0
|
||||||
assert len(health_check['tcp_health_check']) == 0
|
assert len(health_check['tcp_health_check']) == 0
|
||||||
assert health_check['http_health_check'][0]['port_specification'] == 'USE_SERVING_PORT'
|
assert health_check['http_health_check'][0][
|
||||||
|
'port_specification'] == 'USE_SERVING_PORT'
|
||||||
assert health_check['http_health_check'][0]['proxy_header'] == 'NONE'
|
assert health_check['http_health_check'][0]['proxy_header'] == 'NONE'
|
||||||
assert health_check['http_health_check'][0]['request_path'] == '/'
|
assert health_check['http_health_check'][0]['request_path'] == '/'
|
||||||
|
|
||||||
|
@ -143,6 +143,38 @@ def test_group_default_hc(plan_runner):
|
||||||
assert 'google_compute_url_map' in resources
|
assert 'google_compute_url_map' in resources
|
||||||
|
|
||||||
|
|
||||||
|
def test_group_default_hc_regional(plan_runner):
|
||||||
|
"Tests a group backend service with no HC specified."
|
||||||
|
_, resources = plan_runner(backend_services_config=_BACKEND_GROUP,
|
||||||
|
region="europe-west4")
|
||||||
|
assert len(resources) == 5
|
||||||
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
fwd_rule = resources['google_compute_forwarding_rule']
|
||||||
|
assert fwd_rule['load_balancing_scheme'] == 'EXTERNAL_MANAGED'
|
||||||
|
assert fwd_rule['port_range'] == '80'
|
||||||
|
assert fwd_rule['ip_protocol'] == 'TCP'
|
||||||
|
|
||||||
|
group = resources['google_compute_region_backend_service']
|
||||||
|
assert len(group['backend']) == 1
|
||||||
|
assert group['backend'][0]['group'] == 'my_group'
|
||||||
|
|
||||||
|
health_check = resources['google_compute_region_health_check']
|
||||||
|
assert health_check['name'] == _NAME + '-default'
|
||||||
|
assert len(health_check['http_health_check']) > 0
|
||||||
|
assert len(health_check['https_health_check']) == 0
|
||||||
|
assert len(health_check['http2_health_check']) == 0
|
||||||
|
assert len(health_check['tcp_health_check']) == 0
|
||||||
|
assert health_check['http_health_check'][0][
|
||||||
|
'port_specification'] == 'USE_SERVING_PORT'
|
||||||
|
assert health_check['http_health_check'][0]['proxy_header'] == 'NONE'
|
||||||
|
assert health_check['http_health_check'][0]['request_path'] == '/'
|
||||||
|
|
||||||
|
assert 'google_compute_region_target_http_proxy' in resources
|
||||||
|
assert 'google_compute_region_target_https_proxy' not in resources
|
||||||
|
assert 'google_compute_region_url_map' in resources
|
||||||
|
|
||||||
|
|
||||||
def test_group_no_hc(plan_runner):
|
def test_group_no_hc(plan_runner):
|
||||||
"Tests a group backend service without HCs (including no default HC)."
|
"Tests a group backend service without HCs (including no default HC)."
|
||||||
_, resources = plan_runner(backend_services_config=_BACKEND_GROUP,
|
_, resources = plan_runner(backend_services_config=_BACKEND_GROUP,
|
||||||
|
@ -173,12 +205,25 @@ def test_group_existing_hc(plan_runner):
|
||||||
assert 'google_compute_url_map' in resources
|
assert 'google_compute_url_map' in resources
|
||||||
|
|
||||||
|
|
||||||
|
def test_group_existing_hc_regional(plan_runner):
|
||||||
|
"Tests a group backend service with referencing an existing HC."
|
||||||
|
_, resources = plan_runner(backend_services_config=_BACKEND_GROUP_HC,
|
||||||
|
region="europe-west4")
|
||||||
|
assert len(resources) == 4
|
||||||
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
assert 'google_compute_region_backend_service' in resources
|
||||||
|
assert 'google_compute_forwarding_rule' in resources
|
||||||
|
assert 'google_compute_region_health_check' not in resources
|
||||||
|
assert 'google_compute_region_target_http_proxy' in resources
|
||||||
|
assert 'google_compute_region_target_https_proxy' not in resources
|
||||||
|
assert 'google_compute_region_url_map' in resources
|
||||||
|
|
||||||
|
|
||||||
def test_reserved_ip(plan_runner):
|
def test_reserved_ip(plan_runner):
|
||||||
"Tests an IP reservation with a group backend service."
|
"Tests an IP reservation with a group backend service."
|
||||||
_, resources = plan_runner(
|
_, resources = plan_runner(backend_services_config=_BACKEND_GROUP,
|
||||||
backend_services_config=_BACKEND_GROUP,
|
reserve_ip_address="true")
|
||||||
reserve_ip_address="true"
|
|
||||||
)
|
|
||||||
assert len(resources) == 6
|
assert len(resources) == 6
|
||||||
resources = dict((r['type'], r['values']) for r in resources)
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
@ -196,8 +241,7 @@ def test_ssl_managed(plan_runner):
|
||||||
backend_services_config=_BACKEND_GROUP,
|
backend_services_config=_BACKEND_GROUP,
|
||||||
https='true',
|
https='true',
|
||||||
ssl_certificates_config=_SSL_CERTIFICATES_CONFIG_MANAGED,
|
ssl_certificates_config=_SSL_CERTIFICATES_CONFIG_MANAGED,
|
||||||
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG
|
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG)
|
||||||
)
|
|
||||||
assert len(resources) == 6
|
assert len(resources) == 6
|
||||||
resources = dict((r['type'], r['values']) for r in resources)
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
@ -222,8 +266,7 @@ def test_ssl_unmanaged(plan_runner):
|
||||||
backend_services_config=_BACKEND_GROUP,
|
backend_services_config=_BACKEND_GROUP,
|
||||||
https="true",
|
https="true",
|
||||||
ssl_certificates_config=_SSL_CERTIFICATES_CONFIG_UNMANAGED,
|
ssl_certificates_config=_SSL_CERTIFICATES_CONFIG_UNMANAGED,
|
||||||
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG
|
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG)
|
||||||
)
|
|
||||||
assert len(resources) == 6
|
assert len(resources) == 6
|
||||||
resources = dict((r['type'], r['values']) for r in resources)
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
@ -244,8 +287,7 @@ def test_ssl_existing_cert(plan_runner):
|
||||||
_, resources = plan_runner(
|
_, resources = plan_runner(
|
||||||
backend_services_config=_BACKEND_GROUP,
|
backend_services_config=_BACKEND_GROUP,
|
||||||
https="true",
|
https="true",
|
||||||
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG
|
target_proxy_https_config=_TARGET_PROXY_HTTPS_CONFIG)
|
||||||
)
|
|
||||||
assert len(resources) == 5
|
assert len(resources) == 5
|
||||||
resources = dict((r['type'], r['values']) for r in resources)
|
resources = dict((r['type'], r['values']) for r in resources)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue