feat: Add support for setting http_keep_alive_timeout_sec (#425)

Jim D'Agostino · web-flow · commit 804b7b9f9ced · 2024-05-18T02:15:51.000-05:00
diff --git a/README.md b/README.md
@@ -106,6 +106,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
@@ -119,11 +119,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy       = var.ssl_policy
-  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
@@ -337,3 +337,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/examples/dynamic-backend/main.tf b/examples/dynamic-backend/main.tf
@@ -34,11 +34,12 @@ module "load_balancer" {
   source  = "terraform-google-modules/lb-http/google//modules/dynamic_backends"
   version = "~> 10.0"
 
-  name                = "dynamic-backend-lb"
-  project             = var.project
-  enable_ipv6         = true
-  create_ipv6_address = true
-  http_forward        = false
+  name                        = "dynamic-backend-lb"
+  project                     = var.project
+  enable_ipv6                 = true
+  create_ipv6_address         = true
+  http_forward                = false
+  http_keep_alive_timeout_sec = 610
 
   load_balancing_scheme = "EXTERNAL_MANAGED"
 
diff --git a/main.tf b/main.tf
@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/dynamic_backends/README.md b/modules/dynamic_backends/README.md
@@ -99,6 +99,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/dynamic_backends/variables.tf b/modules/dynamic_backends/variables.tf
@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
@@ -82,6 +82,7 @@ module "lb-http" {
 | edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
 | enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
@@ -116,11 +116,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
@@ -273,3 +273,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/variables.tf b/variables.tf
@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}

Original file line number	Diff line number	Diff line change
`@@ -337,3 +337,9 @@ variable "https_port" {`
`337`	`337`	`error_message = "You must specify exactly one port between 1 and 65535"`
`338`	`338`	`}`
`339`	`339`	`}`
	`340`	`+`
	`341`	`+variable "http_keep_alive_timeout_sec" {`
	`342`	`+ description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."`
	`343`	`+ type = number`
	`344`	`+ default = null`
	`345`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -324,3 +324,9 @@ variable "https_port" {`
`324`	`324`	`error_message = "You must specify exactly one port between 1 and 65535"`
`325`	`325`	`}`
`326`	`326`	`}`
	`327`	`+`
	`328`	`+variable "http_keep_alive_timeout_sec" {`
	`329`	`+ description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."`
	`330`	`+ type = number`
	`331`	`+ default = null`
	`332`	`+}`