Dave Hart · Dave Hart · Dave Hart · terraform-bot · 2f86e06a · 2f86e06a
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+## [4.0.2](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/compare/4.0.1...4.0.2) (2024-08-08)
+
+
+### Bug Fixes
+
+* correct types of `map` variables ([2facca0](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/2facca0a12c8a8658d6fef0beddcf3e2e100b7a7))
+* set default TLS min age check to 30s (to match the README) ([852873d](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/852873dd6ae2d55b6fe0ddc2f6f4385025079556))
+
 ## [4.0.1](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/compare/4.0.0...4.0.1) (2024-07-24)

 ## [4.0.0](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/compare/3.2.0...4.0.0) (2024-07-17)

--- a/README.md
+++ b/README.md
@@ -86,9 +86,11 @@ module "monitoring" {
    json_matcher = "EXACT_MATCH"
  }

-  # Optional. Parameters to customise TLS certificate checks.
+  # Optional. Parameters to customise TLS certificate checks. Ignored when an
+  # authentication proxy is used (TLS checks are disabled automatically).
  tls_check = {
-    # Enable alerting. Default: true
+    # Enable alerting. Default: true without authentication proxy,
+    # otherwise false
    alert_enabled = true

    # Minimum age of certificate. Default is 30 days.
@@ -105,6 +107,7 @@ module "monitoring" {
    enabled                = true

    # The project that contains the cloud run service to proxy to.
+    # Default: the value of the "project" variable
    cloud_run_project      = google_cloud_run_service.webapp.project

    # The region that contains the cloud run service to proxy to.

--- a/locals.tf
+++ b/locals.tf
@@ -13,14 +13,7 @@ locals {

  # Merge authentication_proxy variable with default values.
  authentication_proxy = merge({
-    enabled                     = false
-    cloud_run_project           = local.project
-    cloud_run_region            = ""
-    cloud_run_service_name      = ""
-    timeout                     = 30
-    egress_connector            = ""
-    egress_connector_settings   = null
-    source_bucket_force_destroy = null
+    cloud_run_project = local.project
  }, var.authentication_proxy)

  # Merge uptime_check variable with default values.
@@ -28,13 +21,7 @@ locals {
  # for the host and path of the authentication proxy
  uptime_check = merge(
    {
-      id                        = ""
-      alert_enabled             = true
-      host                      = var.host
-      path                      = "/"
-      timeout                   = 30
-      period                    = 300
-      success_threshold_percent = 75
+      host = var.host
    },
    var.uptime_check,
    merge([
@@ -61,10 +48,7 @@ locals {
      alert_enabled = false
      minimum_age   = 0
    } :
-    merge({
-      alert_enabled = true
-      minimum_age   = 27
-    }, var.tls_check)
+    var.tls_check
  )

  # Use the default provider project if not provided in var.project.

--- a/variables.tf
+++ b/variables.tf
@@ -62,25 +62,58 @@ variable "local_files_dir" {
 }

 variable "uptime_check" {
-  type        = map(any)
+  type = object({
+    id                        = optional(string, "")
+    alert_enabled             = optional(bool, true)
+    path                      = optional(string, "/")
+    timeout                   = optional(number, 30)
+    period                    = optional(number, 300)
+    success_threshold_percent = optional(number, 75)
+  })
  default     = {}
  description = "Optional. Configuration for uptime checks. See README."
 }

 variable "content_matchers" {
-  type        = map(string)
+  type = object({
+    content      = optional(string)
+    matcher      = optional(string)
+    json_path    = optional(string)
+    json_matcher = optional(string)
+  })
  default     = {}
  description = "Optional. Configuration for content matching. See README."
 }

 variable "tls_check" {
-  type        = map(any)
+  type = object({
+    alert_enabled = optional(bool, true)
+    minimum_age   = optional(number, 30)
+  })
  default     = {}
  description = "Optional. Configuration for TLS checks. See README."
 }

 variable "authentication_proxy" {
-  type        = map(any)
+  type = object({
+    enabled = optional(bool, false)
+
+    # Default is set in `locals.tf` as the default is calculated when
+    # generating the plan
+    cloud_run_project = optional(string)
+
+    # The following two elements must be assigned non-empty string values
+    # when the authentication proxy is enabled.
+    cloud_run_region       = optional(string, "")
+    cloud_run_service_name = optional(string, "")
+
+    timeout          = optional(number, 30)
+    egress_connector = optional(string, "")
+    # Default null value of `egress_connector_settings` corresponds to
+    # `PRIVATE_RANGES_ONLY`.
+    egress_connector_settings   = optional(string)
+    source_bucket_force_destroy = optional(bool)
+  })
  default     = {}
  description = "Optional. Configuration for an authentication proxy. See README."
 }