Authentication proxy tries to be created even when disabled
When trying to enable this module with authentication_proxy = { enabled = false } the following terraform error is produced:
╷
│ Error: "-uptime-function-source-3b0658d1" name value must start and end with a number or letter
│
│ with module.webapp_monitoring.module.uptime_check_auth_proxy.google_storage_bucket.function_storage,
│ on /terraform_data/modules/webapp_monitoring.uptime_check_auth_proxy/main.tf line 40, in resource "google_storage_bucket" "function_storage":
│ 40: name = random_id.source_bucket_name.hex
│
╵
╷
│ Error: "account_id" ("-uptime-sa-ed4d") doesn't match regexp "^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$"
│
│ with module.webapp_monitoring.module.uptime_check_auth_proxy.google_service_account.function_invoker,
│ on /terraform_data/modules/webapp_monitoring.uptime_check_auth_proxy/main.tf line 77, in resource "google_service_account" "function_invoker":
│ 77: account_id = random_id.function_invoker_sa.hex
│
╵The root cause is that main.tf will always try to create module.uptime_check_auth_proxy even if it is not required and, in the absence of any uptime proxy configuration, local.short_service_name is empty and so the function name of -uptime is invalid.
Fix:
- Make
module.uptime_check_auth_proxyconditional onlocal.authentication_proxy.enabled.
This would normally necessitate adding a moved block telling terraform that module.uptime_check_auth_proxy has moved to module.uptime_check_auth_proxy[0] but for configurations where there is no auth proxy this would fail since terraform would moan that module.uptime_check_auth_proxy[0] doesn't exist. Dynamic moved blocks would solve this but are not going to be implemented (https://github.com/hashicorp/terraform/issues/33236).
That being said, it is benign for the auth proxy function to just be re-created.