Compare revisions

Roy Harrington · Dmitrii Unterov · terraform-bot · efc64386 · efc64386 · efc64386
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@
 .terraform/
 terraform.*
 .terraform.lock.hcl
+
+builds/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+## [9.1.0](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-cloud-run-app/compare/9.0.1...9.1.0) (2024-07-15)
+
+
+### Features
+
+* added load_balancer_backend variable to provide any custom options ([80605d8](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-cloud-run-app/commit/80605d893a34c4d7b27e23fc4b1e42487fe709bf))
+
 ## [9.0.1](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-cloud-run-app/compare/9.0.0...9.0.1) (2024-06-13)



--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@ For more information on how the pre-deploy Cloud Run job works see the
 | <a name="input_grant_sql_client_role_to_webapp_sa"></a> [grant\_sql\_client\_role\_to\_webapp\_sa](#input\_grant\_sql\_client\_role\_to\_webapp\_sa) | When set to true the roles/cloudsql.client role will be granted to the webapp<br>service account at the project level to allow it to connect to Cloud SQL. | `bool` | `false` | no |
 | <a name="input_ingress"></a> [ingress](#input\_ingress) | The ingress setting for the Cloud Run service. Possible values are<br>INGRESS\_TRAFFIC\_ALL, INGRESS\_TRAFFIC\_INTERNAL\_ONLY, and<br>INGRESS\_TRAFFIC\_INTERNAL\_LOAD\_BALANCER. | `string` | `null` | no |
 | <a name="input_launch_stage"></a> [launch\_stage](#input\_launch\_stage) | The launch stage for the Cloud Run service. Possible values are UNIMPLEMENTED,<br>PRELAUNCH, EARLY\_ACCESS, ALPHA, BETA, GA, and DEPRECATED. | `string` | `"GA"` | no |
+| <a name="input_load_balancer_backend"></a> [load\_balancer\_backend](#input\_load\_balancer\_backend) | Optional. Custom options for the backend load balancer.<br>Defaults to {}. | <pre>object({<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool, false)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br>    locality_lb_policy              = optional(string)<br><br>    log_config = optional(object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    }))<br><br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>      bypass_cache_on_request_headers = optional(list(string))<br>    }))<br><br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  })</pre> | `{}` | no |
 | <a name="input_max_instance_request_concurrency"></a> [max\_instance\_request\_concurrency](#input\_max\_instance\_request\_concurrency) | Sets the maximum number of requests that each serving instance can receive. | `number` | `null` | no |
 | <a name="input_min_ports_per_vm"></a> [min\_ports\_per\_vm](#input\_min\_ports\_per\_vm) | When using Cloud NAT to provide an egress route, Cloud NAT's minimum ports per<br>VM can be configured to determine how many concurrent connections can be<br>established to the same destination IP address and port. | `number` | `64` | no |
 | <a name="input_monitoring_path"></a> [monitoring\_path](#input\_monitoring\_path) | Path component of url to be monitored. | `string` | `"/"` | no |

--- a/load_balancer.tf
+++ b/load_balancer.tf
@@ -52,18 +52,7 @@ module "webapp_http_load_balancer" {

  backends = {
    default = {
-      description             = null
-      protocol                = "HTTP"
-      enable_cdn              = false
-      custom_request_headers  = null
-      custom_response_headers = null
-      security_policy         = null
-      compression_mode        = null
-
-      log_config = {
-        enable      = true
-        sample_rate = 1.0
-      }
+      protocol = "HTTP"

      groups = [
        {
@@ -78,6 +67,33 @@ module "webapp_http_load_balancer" {
        oauth2_client_id     = null
        oauth2_client_secret = null
      }
+
+      #
+      # Optional settings for the backend service.
+      #
+      port_name               = var.load_balancer_backend.port_name
+      description             = var.load_balancer_backend.description
+      enable_cdn              = var.load_balancer_backend.enable_cdn
+      compression_mode        = var.load_balancer_backend.compression_mode
+      security_policy         = var.load_balancer_backend.security_policy
+      edge_security_policy    = var.load_balancer_backend.edge_security_policy
+      custom_request_headers  = var.load_balancer_backend.custom_request_headers
+      custom_response_headers = var.load_balancer_backend.custom_response_headers
+
+      connection_draining_timeout_sec = var.load_balancer_backend.connection_draining_timeout_sec
+      session_affinity                = var.load_balancer_backend.session_affinity
+      affinity_cookie_ttl_sec         = var.load_balancer_backend.affinity_cookie_ttl_sec
+      locality_lb_policy              = var.load_balancer_backend.locality_lb_policy
+
+      log_config = coalesce(var.load_balancer_backend.log_config,
+        {
+          enable      = true
+          sample_rate = 1.0
+        }
+      )
+
+      cdn_policy        = var.load_balancer_backend.cdn_policy
+      outlier_detection = var.load_balancer_backend.outlier_detection
    }
  }
 }
--- a/tests/load_balancer.tftest.hcl
+++ b/tests/load_balancer.tftest.hcl
@@ -122,3 +122,34 @@ run "test_service_with_load_balancer_enabled_and_ingress_set_to_allow_all" {
    error_message = "Ingress should be 'INGRESS_TRAFFIC_ALL'."
  }
 }
+
+run "test_service_with_load_balancer_enabled_and_load_balancer_backend_overrides" {
+  variables {
+    name                 = run.setup.random_name
+    enable_load_balancer = true
+    dns_names = {
+      webapp = "${run.setup.random_name}.test.example.gcp.uis.cam.ac.uk"
+    }
+    load_balancer_backend = {
+      description = "Lift, Load, Balance!"
+      log_config = {
+        enable      = true
+        sample_rate = 0.5
+      }
+    }
+    containers = {
+      webapp = {
+        image = "us-docker.pkg.dev/cloudrun/container/hello"
+      }
+    }
+  }
+
+  assert {
+    condition     = module.webapp_http_load_balancer[0].backend_services["default"].log_config[0].sample_rate == 0.5
+    error_message = "The default backend service log sample rate should be '0.5'."
+  }
+  assert {
+    condition     = module.webapp_http_load_balancer[0].backend_services["default"].description == "Lift, Load, Balance!"
+    error_message = "The default backend service description should be 'Lift, Load, Balance!'."
+  }
+}
--- a/variables.tf
+++ b/variables.tf
@@ -725,3 +725,75 @@ Optional. The maximum throughput of the connector in megabytes per second.
 Defaults to 300.
 EOI
 }
+
+variable "load_balancer_backend" {
+  type = object({
+    port_name               = optional(string)
+    description             = optional(string)
+    enable_cdn              = optional(bool, false)
+    compression_mode        = optional(string)
+    security_policy         = optional(string, null)
+    edge_security_policy    = optional(string, null)
+    custom_request_headers  = optional(list(string))
+    custom_response_headers = optional(list(string))
+
+    connection_draining_timeout_sec = optional(number)
+    session_affinity                = optional(string)
+    affinity_cookie_ttl_sec         = optional(number)
+    locality_lb_policy              = optional(string)
+
+    log_config = optional(object({
+      enable      = optional(bool)
+      sample_rate = optional(number)
+    }))
+
+    cdn_policy = optional(object({
+      cache_mode                   = optional(string)
+      signed_url_cache_max_age_sec = optional(string)
+      default_ttl                  = optional(number)
+      max_ttl                      = optional(number)
+      client_ttl                   = optional(number)
+      negative_caching             = optional(bool)
+      negative_caching_policy = optional(object({
+        code = optional(number)
+        ttl  = optional(number)
+      }))
+      serve_while_stale = optional(number)
+      cache_key_policy = optional(object({
+        include_host           = optional(bool)
+        include_protocol       = optional(bool)
+        include_query_string   = optional(bool)
+        query_string_blacklist = optional(list(string))
+        query_string_whitelist = optional(list(string))
+        include_http_headers   = optional(list(string))
+        include_named_cookies  = optional(list(string))
+      }))
+      bypass_cache_on_request_headers = optional(list(string))
+    }))
+
+    outlier_detection = optional(object({
+      base_ejection_time = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      consecutive_errors                    = optional(number)
+      consecutive_gateway_failure           = optional(number)
+      enforcing_consecutive_errors          = optional(number)
+      enforcing_consecutive_gateway_failure = optional(number)
+      enforcing_success_rate                = optional(number)
+      interval = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      max_ejection_percent        = optional(number)
+      success_rate_minimum_hosts  = optional(number)
+      success_rate_request_volume = optional(number)
+      success_rate_stdev_factor   = optional(number)
+    }))
+  })
+  default     = {}
+  description = <<EOI
+Optional. Custom options for the backend load balancer.
+Defaults to {}.
+EOI
+}
No results found