feat: add support for backend bucket to modules/backend

Author: q2w

modules/backend/README.md

@@ -7,6 +7,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | affinity\_cookie\_ttl\_sec | Lifetime of cookies in seconds if session\_affinity is GENERATED\_COOKIE. | `number` | `null` | no |
+| backend\_bucket\_name | The name of GCS bucket which serves the traffic. | `string` | `""` | no |
 | cdn\_policy | Cloud CDN configuration for this BackendService. | <pre>object({<br>    cache_mode                      = optional(string)<br>    signed_url_cache_max_age_sec    = optional(string)<br>    default_ttl                     = optional(number)<br>    max_ttl                         = optional(number)<br>    client_ttl                      = optional(number)<br>    negative_caching                = optional(bool)<br>    serve_while_stale               = optional(number)<br>    bypass_cache_on_request_headers = optional(list(string))<br>    negative_caching_policy = optional(object({<br>      code = optional(number)<br>      ttl  = optional(number)<br>    }))<br>    cache_key_policy = optional(object({<br>      include_host           = optional(bool)<br>      include_protocol       = optional(bool)<br>      include_query_string   = optional(bool)<br>      query_string_blacklist = optional(list(string))<br>      query_string_whitelist = optional(list(string))<br>      include_http_headers   = optional(list(string))<br>      include_named_cookies  = optional(list(string))<br>    }))<br>  })</pre> | `{}` | no |
 | compression\_mode | Compress text responses using Brotli or gzip compression. | `string` | `"DISABLED"` | no |
 | connection\_draining\_timeout\_sec | Time for which instance will be drained (not accept new connections, but still work to finish started). | `number` | `null` | no |

modules/backend/main.tf

@@ -14,8 +14,13 @@
  * limitations under the License.
  */
 
+locals {
+  is_backend_bucket = var.backend_bucket_name != null && var.backend_bucket_name != ""
+}
+
 resource "google_compute_backend_service" "default" {
   provider = google-beta
+  count    = !local.is_backend_bucket ? 1 : 0
 
   project = var.project_id
   name    = var.name
@@ -310,3 +315,52 @@ resource "google_compute_firewall" "allow_proxy" {
     protocol = "tcp"
   }
 }
+
+resource "google_compute_backend_bucket" "default" {
+  provider = google-beta
+  count    = local.is_backend_bucket ? 1 : 0
+
+  project     = var.project_id
+  name        = var.name
+  bucket_name = var.backend_bucket_name
+  enable_cdn  = var.enable_cdn
+
+  description = var.description
+
+  # CDN policy configuration, if CDN is enabled
+  dynamic "cdn_policy" {
+    for_each = var.enable_cdn ? [1] : []
+    content {
+      cache_mode                   = var.cdn_policy.cache_mode
+      signed_url_cache_max_age_sec = var.cdn_policy.signed_url_cache_max_age_sec
+      default_ttl                  = var.cdn_policy.default_ttl
+      max_ttl                      = var.cdn_policy.max_ttl
+      client_ttl                   = var.cdn_policy.client_ttl
+      negative_caching             = var.cdn_policy.negative_caching
+      serve_while_stale            = var.cdn_policy.serve_while_stale
+
+      dynamic "negative_caching_policy" {
+        for_each = var.cdn_policy.negative_caching_policy != null ? [1] : []
+        content {
+          code = var.cdn_policy.negative_caching_policy.code
+          ttl  = var.cdn_policy.negative_caching_policy.ttl
+        }
+      }
+
+      dynamic "cache_key_policy" {
+        for_each = var.cdn_policy.cache_key_policy != null ? [1] : []
+        content {
+          query_string_whitelist = var.cdn_policy.cache_key_policy.query_string_whitelist
+          include_http_headers   = var.cdn_policy.cache_key_policy.include_http_headers
+        }
+      }
+
+      dynamic "bypass_cache_on_request_headers" {
+        for_each = var.cdn_policy.bypass_cache_on_request_headers != null && length(var.cdn_policy.bypass_cache_on_request_headers) > 0 ? toset(var.cdn_policy.bypass_cache_on_request_headers) : []
+        content {
+          header_name = bypass_cache_on_request_headers.value
+        }
+      }
+    }
+  }
+}

modules/backend/metadata.yaml

@@ -176,6 +176,10 @@ spec:
               version: ">= 0.13"
             spec:
               outputExpr: "{\"region\": location, \"service_name\": service_name, \"type\": \"cloud-run\", \"service_version\": \"\"}"
+      - name: backend_bucket_name
+        description: The name of GCS bucket which serves the traffic.
+        varType: string
+        defaultValue: ""
       - name: iap_config
         description: Settings for enabling Cloud Identity Aware Proxy Structure.
         varType: |-

modules/backend/outputs.tf

@@ -16,11 +16,17 @@
 
 output "backend_service_info" {
   description = "Host, path and backend service mapping"
-  value = [
+  value = concat(!local.is_backend_bucket ? [
     for mapping in var.host_path_mappings : {
       host            = mapping.host
       path            = mapping.path
-      backend_service = google_compute_backend_service.default.self_link
+      backend_service = google_compute_backend_service.default[0].self_link
     }
-  ]
+    ] : [], local.is_backend_bucket ? [for mapping in var.host_path_mappings : {
+      host            = mapping.host
+      path            = mapping.path
+      backend_service = google_compute_backend_bucket.default[0].self_link
+    }
+    ] : []
+  )
 }

modules/backend/variables.tf

@@ -147,6 +147,12 @@ variable "serverless_neg_backends" {
   }
 }
 
+variable "backend_bucket_name" {
+  description = "The name of GCS bucket which serves the traffic."
+  type        = string
+  default     = ""
+}
+
 variable "iap_config" {
   description = "Settings for enabling Cloud Identity Aware Proxy Structure."
   type = object({