From 175c5f45d63c20051a9fba8ed5c21cf7d288060c Mon Sep 17 00:00:00 2001
From: Rich Wareham <rjw57@cam.ac.uk>
Date: Fri, 8 Jan 2021 16:55:16 +0000
Subject: [PATCH] fix idempotent behaviour of allow_ingress [REVIEW]

It would appear that the "run.googleapis.com/ingress" annotation can be
set to "all" without having to enable the beta launch stage. Indeed it
*has* to be set to "all" since attempting to unset it causes Cloud Run
to immediately reset it.
---
 main.tf      | 17 +++++++++--------
 variables.tf |  8 ++++----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/main.tf b/main.tf
index 741ac8c..a70a41d 100644
--- a/main.tf
+++ b/main.tf
@@ -37,15 +37,16 @@ resource "google_cloud_run_service" "webapp" {
         "run.googleapis.com/ingress-status" : "placeholder",
       },
 
-      var.allowed_ingress != "" ? (
-        {
-          # Required to be able to set ingress type.
-          "run.googleapis.com/launch-stage" : "BETA",
+      # Add the beta launch stage if required.
+      var.allowed_ingress != "all" ? {
+        # Required to be able to set ingress type.
+        "run.googleapis.com/launch-stage" : "BETA",
+      } : {},
 
-          # Specify the allowable ingress types.
-          "run.googleapis.com/ingress" : var.allowed_ingress,
-        }
-      ) : {},
+      # Specify the allowable ingress types.
+      {
+        "run.googleapis.com/ingress" : var.allowed_ingress,
+      },
 
       var.service_annotations,
     )
diff --git a/variables.tf b/variables.tf
index 777db31..77d8401 100644
--- a/variables.tf
+++ b/variables.tf
@@ -124,13 +124,13 @@ variable "monitoring_path" {
 }
 
 variable "allowed_ingress" {
-  default     = ""
+  default     = "all"
   description = <<EOL
     Specify the allowed ingress to the service. Should be one of:
-    "", "all", "internal" or "internal-and-cloud-load-balancing".
+    "all", "internal" or "internal-and-cloud-load-balancing".
 
-    Setting this to a non-empty value implies that the service will be moved to
-    the "beta" launch stage. See
+    Setting this to a value other than "all" implies that the service will be
+    moved to the "beta" launch stage. See
     https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation.
   EOL
 }
-- 
GitLab