Added new resource "LbEdgeExtension" (#15456)

matheusaleixo-cit · melinath · web-flow · commit ce790e63b774 · 2025-11-25T00:16:24.000Z
Co-authored-by: Stephen Lewis (Burrows) &lt;stephen.r.burrows@gmail.com&gt;
diff --git a/mmv1/products/networkservices/LbEdgeExtension.yaml b/mmv1/products/networkservices/LbEdgeExtension.yaml
@@ -0,0 +1,178 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'LbEdgeExtension'
+description: |
+  LbEdgeExtension is a resource that lets the extension service influence the selection of backend services and Cloud CDN cache keys by modifying request headers.
+references:
+  guides:
+    'Configure a edge extension': 'https://cloud.google.com/service-extensions/docs/configure-edge-extensions'
+  api: 'https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbEdgeExtensions'
+docs:
+base_url: 'projects/{{project}}/locations/{{location}}/lbEdgeExtensions'
+self_link: 'projects/{{project}}/locations/{{location}}/lbEdgeExtensions/{{name}}'
+create_url: 'projects/{{project}}/locations/{{location}}/lbEdgeExtensions?lbEdgeExtensionId={{name}}'
+update_verb: 'PATCH'
+update_mask: true
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+autogen_async: true
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+  result:
+    resource_inside_response: false
+custom_code:
+sweeper:
+  url_substitutions:
+    - location: 'global'
+examples:
+  - name: 'network_services_lb_edge_extension_basic'
+    primary_resource_id: 'default'
+    test_env_vars:
+      project: 'PROJECT_NAME'
+    vars:
+      forwarding_rule_name: 'elb-forwarding-rule'
+      target_http_proxy_name: 'elb-target-http-proxy'
+      url_map_name: 'elb-url-map'
+      backend_service_name: 'elb-backend-subnet'
+      lb_edge_extension_name: 'elb-edge-ext'
+      wasm_plugin_name: 'elb-wasm-plugin-data'
+      repository_name: 'repository-standard'
+    exclude_test: true
+parameters:
+  - name: 'location'
+    type: String
+    description: |
+      The location of the edge extension
+    url_param_only: true
+    required: true
+    immutable: true
+  - name: 'name'
+    type: String
+    description: |
+      Name of the LbEdgeExtension resource in the following format: projects/{project}/locations/{location}/lbEdgeExtensions/{lbEdgeExtensions}
+    url_param_only: true
+    required: true
+    immutable: true
+properties:
+  - name: 'description'
+    type: String
+    description: |
+      A human-readable description of the resource.
+  - name: 'labels'
+    type: KeyValueLabels
+    description: 'Set of labels associated with the LbEdgeExtension resource.'
+  - name: 'forwardingRules'
+    type: Array
+    description: |
+      A list of references to the forwarding rules to which this service extension is attached.
+      At least one forwarding rule is required. Only one LbEdgeExtension resource can be associated with a forwarding rule.
+    required: true
+    diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress'
+    item_type:
+      type: String
+  - name: 'extensionChains'
+    type: Array
+    description: |
+      A set of ordered extension chains that contain the match conditions and extensions to execute.
+      Match conditions for each extension chain are evaluated in sequence for a given request.
+      The first extension chain that has a condition that matches the request is executed.
+      Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
+    required: true
+    item_type:
+      type: NestedObject
+      properties:
+        - name: 'name'
+          type: String
+          description: |
+            The name for this extension chain. The name is logged as part of the HTTP request logs.
+            The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,
+            and can have a maximum length of 63 characters. Additionally, the first character must be a letter
+            and the last character must be a letter or a number.
+          required: true
+        - name: 'matchCondition'
+          type: NestedObject
+          description: |
+             Conditions under which this chain is invoked for a request.
+          required: true
+          properties:
+            - name: 'celExpression'
+              type: String
+              description: |
+                A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed.
+              required: true
+        - name: 'extensions'
+          type: Array
+          description: |
+            A set of extensions to execute for the matching request.
+            At least one extension is required. Up to 3 extensions can be defined for each extension chain for
+            LbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain.
+          required: true
+          item_type:
+            type: NestedObject
+            properties:
+              - name: 'name'
+                type: String
+                description: |
+                  The name for this extension. The name is logged as part of the HTTP request logs.
+                  The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,
+                  and can have a maximum length of 63 characters. Additionally, the first character must be a letter
+                  and the last a letter or a number.
+                required: true
+              - name: 'service'
+                type: String
+                description: |
+                  The reference to the service that runs the extension.
+
+                  * To configure a callout extension, service must be a fully-qualified reference to a backend service.
+                  * To configure a plugin extension, service must be a reference to a WasmPlugin resource.
+                required: true
+                diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress'
+              - name: 'failOpen'
+                type: Boolean
+                description: |
+                   Determines how the proxy behaves if the call to the extension fails or times out.
+                   When set to TRUE, request or response processing continues without error.
+                   Any subsequent extensions in the extension chain are also executed.
+                   When set to FALSE: * If response headers have not been delivered to the downstream client,
+                   a generic 500 error is returned to the client. The error response can be tailored by
+                   configuring a custom error response in the load balancer.
+              - name: 'supportedEvents'
+                type: Array
+                description: |
+                  A set of events during request or response processing for which this extension is called.
+                  This field is required for the LbEdgeExtension resource and only supports the value `REQUEST_HEADERS`.
+                item_type:
+                  type: String
+                min_size: 1
+              - name: 'forwardHeaders'
+                type: Array
+                description: |
+                  List of the HTTP headers to forward to the extension (from the client or backend).
+                  If omitted, all headers are sent. Each element is a string indicating the header name.
+                item_type:
+                  type: String
+  - name: 'loadBalancingScheme'
+    type: Enum
+    description: |
+      All forwarding rules referenced by this extension must share the same load balancing scheme.
+    required: true
+    immutable: true
+    enum_values:
+      - 'EXTERNAL_MANAGED'
diff --git a/mmv1/templates/terraform/examples/network_services_lb_edge_extension_basic.tf.tmpl b/mmv1/templates/terraform/examples/network_services_lb_edge_extension_basic.tf.tmpl
@@ -0,0 +1,98 @@
+# forwarding rule
+resource "google_compute_global_forwarding_rule" "default" {
+  name                  = "{{index $.Vars "forwarding_rule_name"}}"
+  target                = google_compute_target_http_proxy.default.id
+  port_range            = "80"
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  network_tier          = "PREMIUM"
+}
+
+resource "google_compute_target_http_proxy" "default" {
+  name        = "{{index $.Vars "target_http_proxy_name"}}"
+  description = "a description"
+  url_map     = google_compute_url_map.default.id
+}
+
+resource "google_compute_url_map" "default" {
+  name            = "{{index $.Vars "url_map_name"}}"
+  description     = "a description"
+  default_service = google_compute_backend_service.default.id
+
+  host_rule {
+    hosts        = ["mysite.com"]
+    path_matcher = "allpaths"
+  }
+
+  path_matcher {
+    name            = "allpaths"
+    default_service = google_compute_backend_service.default.id
+
+    path_rule {
+      paths   = ["/*"]
+      service = google_compute_backend_service.default.id
+    }
+  }
+}
+
+resource "google_compute_backend_service" "default" {
+  name                  = "{{index $.Vars "backend_service_name"}}"
+  port_name             = "http"
+  protocol              = "HTTP"
+  timeout_sec           = 10
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+}
+
+resource "google_network_services_lb_edge_extension" "{{$.PrimaryResourceId}}" {
+  name        = "{{index $.Vars "lb_edge_extension_name"}}"
+  description = "my edge extension"
+  location    = "global"
+
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  forwarding_rules      = [google_compute_global_forwarding_rule.default.self_link]
+
+  extension_chains {
+    name = "chain1"
+
+    match_condition {
+      cel_expression = "request.host == 'example.com'"
+    }
+
+    extensions {
+      name      = "ext11"
+      service   = google_network_services_wasm_plugin.wasm-plugin.id
+      fail_open = false
+      supported_events = ["REQUEST_HEADERS"]
+      forward_headers  = ["custom-header"]
+    }
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+
+resource "google_network_services_wasm_plugin" "wasm-plugin" {
+  name        = "{{index $.Vars "wasm_plugin_name"}}"
+  description = "my wasm plugin"
+
+  main_version_id = "v1"
+
+  labels = {
+    test_label =  "test_value"
+  }
+  log_config {
+    enable =  true
+    sample_rate = 1
+    min_log_level =  "WARN"
+  }
+
+  versions {
+    version_name = "v1"
+    description = "v1 version of my wasm plugin"
+    image_uri = "projects/{{index $.TestEnvVars "project"}}/locations/us-central1/repositories/{{index $.Vars "repository_name"}}/genericArtifacts/my-wasm-plugin:v1"
+
+    labels = {
+      test_label =  "test_value"
+    }
+  }
+}
diff --git a/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_edge_extension_test.go b/mmv1/third_party/terraform/services/networkservices/resource_network_services_lb_edge_extension_test.go
