fix: updated iap_config behavior to match TPG 6.0 (#469)

imrannayer · web-flow · commit 279c8e877f85 · 2024-11-11T16:36:14.000-06:00
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
@@ -256,13 +256,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/examples/user-managed-google-managed-ssl/main.tf b/examples/user-managed-google-managed-ssl/main.tf
@@ -65,7 +65,7 @@ locals {
 
 module "gce-lb-https" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 11.0"
+  version = "~> 12.0"
 
   name                            = var.network_name
   project                         = var.project_id
diff --git a/main.tf b/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
@@ -233,13 +233,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -26,6 +26,7 @@ module "project-ci-lb-http" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
@@ -50,6 +51,7 @@ module "project-ci-lb-http-1" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",

Original file line number	Diff line number	Diff line change
`@@ -256,13 +256,10 @@ resource "google_compute_backend_service" "default" {`
`256`	`256`	`}`
`257`	`257`	`}`
`258`	`258`
`259`		`- dynamic "iap" {`
`260`		`- for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []`
`261`		`- content {`
`262`		`- enabled = lookup(each.value["iap_config"], "enable", false)`
`263`		`- oauth2_client_id = lookup(each.value["iap_config"], "oauth2_client_id")`
`264`		`- oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")`
`265`		`- }`
	`259`	`+ iap {`
	`260`	`+ enabled = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)`
	`261`	`+ oauth2_client_id = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")`
	`262`	`+ oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")`
`266`	`263`	`}`
`267`	`264`
`268`	`265`	`dynamic "cdn_policy" {`
Original file line number	Diff line number	Diff line change
`@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {`
`238`	`238`	`}`
`239`	`239`	`}`
`240`	`240`
`241`		`- dynamic "iap" {`
`242`		`- for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []`
`243`		`- content {`
`244`		`- enabled = lookup(each.value["iap_config"], "enable", false)`
`245`		`- oauth2_client_id = lookup(each.value["iap_config"], "oauth2_client_id")`
`246`		`- oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")`
`247`		`- }`
	`241`	`+ iap {`
	`242`	`+ enabled = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)`
	`243`	`+ oauth2_client_id = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")`
	`244`	`+ oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")`
`248`	`245`	`}`
`249`	`246`
`250`	`247`	`dynamic "cdn_policy" {`
Original file line number	Diff line number	Diff line change
`@@ -233,13 +233,10 @@ resource "google_compute_backend_service" "default" {`
`233`	`233`	`}`
`234`	`234`	`}`
`235`	`235`
`236`		`- dynamic "iap" {`
`237`		`- for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []`
`238`		`- content {`
`239`		`- enabled = lookup(each.value["iap_config"], "enable", false)`
`240`		`- oauth2_client_id = lookup(each.value["iap_config"], "oauth2_client_id")`
`241`		`- oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")`
`242`		`- }`
	`236`	`+ iap {`
	`237`	`+ enabled = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)`
	`238`	`+ oauth2_client_id = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")`
	`239`	`+ oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")`
`243`	`240`	`}`
`244`	`241`
`245`	`242`	`dynamic "cdn_policy" {`