fix!: Adding regex validation for service name and adding apphub (#522)

Author: amrkk123

modules/backend/README.md

@@ -8,7 +8,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 |------|-------------|------|---------|:--------:|
 | affinity\_cookie\_ttl\_sec | Lifetime of cookies in seconds if session\_affinity is GENERATED\_COOKIE. | `number` | `null` | no |
 | backend\_bucket\_name | The name of GCS bucket which serves the traffic. | `string` | `""` | no |
-| cdn\_policy | Cloud CDN configuration for this BackendService. | <pre>object({<br>    cache_mode                      = optional(string)<br>    signed_url_cache_max_age_sec    = optional(string)<br>    default_ttl                     = optional(number)<br>    max_ttl                         = optional(number)<br>    client_ttl                      = optional(number)<br>    negative_caching                = optional(bool)<br>    serve_while_stale               = optional(number)<br>    bypass_cache_on_request_headers = optional(list(string))<br>    negative_caching_policy = optional(object({<br>      code = optional(number)<br>      ttl  = optional(number)<br>    }))<br>    cache_key_policy = optional(object({<br>      include_host           = optional(bool)<br>      include_protocol       = optional(bool)<br>      include_query_string   = optional(bool)<br>      query_string_blacklist = optional(list(string))<br>      query_string_whitelist = optional(list(string))<br>      include_http_headers   = optional(list(string))<br>      include_named_cookies  = optional(list(string))<br>    }))<br>  })</pre> | <pre>{<br>  "cache_mode": "CACHE_ALL_STATIC",<br>  "client_ttl": 3600,<br>  "default_ttl": 3600,<br>  "max_ttl": 86400,<br>  "signed_url_cache_max_age_sec": 0<br>}</pre> | no |
+| cdn\_policy | Cloud CDN configuration for this BackendService. | <pre>object({<br>    cache_mode                      = optional(string)<br>    signed_url_cache_max_age_sec    = optional(string)<br>    default_ttl                     = optional(number)<br>    max_ttl                         = optional(number)<br>    client_ttl                      = optional(number)<br>    negative_caching                = optional(bool)<br>    serve_while_stale               = optional(number)<br>    bypass_cache_on_request_headers = optional(list(string))<br>    negative_caching_policy = optional(object({<br>      code = optional(number)<br>      ttl  = optional(number)<br>    }))<br>    cache_key_policy = optional(object({<br>      include_host           = optional(bool)<br>      include_protocol       = optional(bool)<br>      include_query_string   = optional(bool)<br>      query_string_blacklist = optional(list(string))<br>      query_string_whitelist = optional(list(string))<br>      include_http_headers   = optional(list(string))<br>      include_named_cookies  = optional(list(string))<br>    }))<br>  })</pre> | <pre>{<br>  "cache_mode": "CACHE_ALL_STATIC",<br>  "client_ttl": 3600,<br>  "default_ttl": 3600,<br>  "max_ttl": 86400,<br>  "signed_url_cache_max_age_sec": "0"<br>}</pre> | no |
 | compression\_mode | Compress text responses using Brotli or gzip compression. | `string` | `"DISABLED"` | no |
 | connection\_draining\_timeout\_sec | Time for which instance will be drained (not accept new connections, but still work to finish started). | `number` | `null` | no |
 | custom\_request\_headers | Headers that the HTTP/S load balancer should add to proxied requests. | `list(string)` | `[]` | no |
@@ -42,6 +42,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 
 | Name | Description |
 |------|-------------|
+| apphub\_service\_uri | Service URI in CAIS style to be used by Apphub. |
 | backend\_service\_info | Host, path and backend service mapping |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/backend/main.tf

@@ -67,7 +67,7 @@ resource "google_compute_backend_service" "default" {
   dynamic "backend" {
     for_each = toset(var.serverless_neg_backends)
     content {
-      group = google_compute_region_network_endpoint_group.serverless_negs["neg-${var.name}-${backend.value.service_name}-${backend.value.region}"].id
+      group = google_compute_region_network_endpoint_group.serverless_negs["neg-${var.name}-${backend.value.region}-${substr(md5(backend.value.service_name), 0, 4)}"].id
     }
   }
 
@@ -163,7 +163,7 @@ resource "google_compute_backend_service" "default" {
 
 resource "google_compute_region_network_endpoint_group" "serverless_negs" {
   for_each = { for serverless_neg_backend in local.serverless_neg_backends :
-  "neg-${var.name}-${serverless_neg_backend.service_name}-${serverless_neg_backend.region}" => serverless_neg_backend }
+  "neg-${var.name}-${serverless_neg_backend.region}-${substr(md5(serverless_neg_backend.service_name), 0, 4)}" => serverless_neg_backend }
 
 
   provider              = google-beta

modules/backend/metadata.display.yaml

@@ -96,8 +96,8 @@ spec:
         name:
           name: name
           title: Name
-          regexValidation: ^[a-z][a-z0-9-]{0,40}[a-z0-9]$
-          validation: Use lowercase letters, numbers, and hyphens. Start with a letter and end with letter/number. Must be 42 characters or fewer.
+          regexValidation: ^[a-z][a-z0-9-]{0,36}[a-z0-9]$
+          validation: Use lowercase letters, numbers, and hyphens. Start with a letter and end with letter/number. Must be 38 characters or fewer.
         outlier_detection:
           name: outlier_detection
           title: Outlier Detection

modules/backend/metadata.yaml

@@ -229,7 +229,7 @@ spec:
           client_ttl: 3600
           default_ttl: 3600
           max_ttl: 86400
-          signed_url_cache_max_age_sec: 0
+          signed_url_cache_max_age_sec: "0"
       - name: outlier_detection
         description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
         varType: |-
@@ -311,6 +311,14 @@ spec:
         defaultValue:
           - 10.127.0.0/23
     outputs:
+      - name: apphub_service_uri
+        description: Service URI in CAIS style to be used by Apphub.
+        type:
+          - list
+          - - object
+            - location: string
+              service_id: string
+              service_uri: string
       - name: backend_service_info
         description: Host, path and backend service mapping
         type:

modules/backend/outputs.tf

@@ -30,3 +30,14 @@ output "backend_service_info" {
     ] : []
   )
 }
+
+output "apphub_service_uri" {
+  value = [
+    {
+      service_uri = "//compute.googleapis.com/${google_compute_backend_service.default[0].id}"
+      service_id  = substr("${google_compute_backend_service.default[0].name}-${md5("global-be-service-${var.project_id}")}", 0, 63)
+      location    = "global"
+    }
+  ]
+  description = "Service URI in CAIS style to be used by Apphub."
+}

modules/backend/variables.tf

@@ -193,7 +193,7 @@ variable "cdn_policy" {
     default_ttl                  = 3600
     client_ttl                   = 3600
     max_ttl                      = 86400
-    signed_url_cache_max_age_sec = 0
+    signed_url_cache_max_age_sec = "0"
   }
 }
 

modules/frontend/README.md

@@ -41,6 +41,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules
 
 | Name | Description |
 |------|-------------|
+| apphub\_service\_uri | Service URI in CAIS style to be used by Apphub. |
 | external\_ip | The external IPv4 assigned to the global fowarding rule. |
 | external\_ipv6\_address | The external IPv6 assigned to the global fowarding rule. |
 | http\_proxy | The HTTP proxy used by this module. |

modules/frontend/metadata.yaml

@@ -201,6 +201,14 @@ spec:
             }))
         defaultValue: []
     outputs:
+      - name: apphub_service_uri
+        description: Service URI in CAIS style to be used by Apphub.
+        type:
+          - list
+          - - object
+            - location: string
+              service_id: string
+              service_uri: string
       - name: external_ip
         description: The external IPv4 assigned to the global fowarding rule.
         type: string

modules/frontend/outputs.tf

@@ -58,3 +58,37 @@ output "ssl_certificate_created" {
   description = "The SSL certificate create from key/pem"
   value       = google_compute_ssl_certificate.default[*].self_link
 }
+
+output "apphub_service_uri" {
+  value = concat(
+    local.create_http_forward && !local.is_internal_managed ? [
+      {
+        service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.http[0].id}"
+        service_id  = substr("${google_compute_global_forwarding_rule.http[0].name}-${md5("global-lb-${var.project_id}")}", 0, 63)
+        location    = "global"
+      }
+    ] : [],
+    var.ssl && !local.is_internal_managed ? [
+      {
+        service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.https[0].id}"
+        service_id  = substr("${google_compute_global_forwarding_rule.https[0].name}-${md5("global-lb-${var.project_id}")}", 0, 63)
+        location    = "global"
+      }
+    ] : [],
+    (var.enable_ipv6 && local.create_http_forward && !local.is_internal_managed) ? [
+      {
+        service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.http_ipv6[0].id}"
+        service_id  = substr("${google_compute_global_forwarding_rule.http_ipv6[0].name}-${md5("global-lb-${var.project_id}")}", 0, 63)
+        location    = "global"
+      }
+    ] : [],
+    var.enable_ipv6 && var.ssl && !local.is_internal_managed ? [
+      {
+        service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.https_ipv6[0].id}"
+        service_id  = substr("${google_compute_global_forwarding_rule.https_ipv6[0].name}-${md5("global-lb-${var.project_id}")}", 0, 63)
+        location    = "global"
+      }
+    ] : [],
+  )
+  description = "Service URI in CAIS style to be used by Apphub."
+}