feat: add support for backend bucket to modules/backend

Author: q2w

examples/external-lb-backend-bucket/gcp-logo.svg

@@ -0,0 +1,34 @@
+module "lb-frontend" {
+  source        = "../../modules/frontend"
+  project_id    = "abhiwa-test-30112023"
+  name          = "global-lb-fe-1"
+  url_map_input = module.lb-backend.backend_service_info
+}
+
+module "lb-backend" {
+  source              = "../../modules/backend"
+  project_id          = "abhiwa-test-30112023"
+  name                = "gcs-backend-bucket"
+  backend_bucket_name = module.gcs.name
+  enable_cdn          = true
+}
+
+module "gcs" {
+  source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
+  version = "~> 10.0"
+
+  project_id    = "abhiwa-test-30112023"
+  location      = "us-central1"
+  name          = "bucket-abhiwa"
+  force_destroy = true
+  iam_members   = [{ member = "allUsers", role = "roles/storage.objectViewer" }]
+}
+
+// The image object in Cloud Storage.
+// Note that the path in the bucket matches the paths in the url map path rule above.
+resource "google_storage_bucket_object" "image" {
+  name         = "assets/gcp-logo.svg"
+  content      = file("./gcp-logo.svg")
+  content_type = "image/svg+xml"
+  bucket       = module.gcs.name
+}

examples/external-lb-backend-bucket/main.tf

@@ -0,0 +1,3 @@
+output "load-balancer-ip" {
+  value = module.lb-frontend.external_ip
+}

examples/external-lb-backend-bucket/outputs.tf

@@ -7,6 +7,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | affinity\_cookie\_ttl\_sec | Lifetime of cookies in seconds if session\_affinity is GENERATED\_COOKIE. | `number` | `null` | no |
+| backend\_bucket\_name | The name of GCS bucket which serves the traffic. | `string` | `""` | no |
 | cdn\_policy | Cloud CDN configuration for this BackendService. | <pre>object({<br>    cache_mode                      = optional(string)<br>    signed_url_cache_max_age_sec    = optional(string)<br>    default_ttl                     = optional(number)<br>    max_ttl                         = optional(number)<br>    client_ttl                      = optional(number)<br>    negative_caching                = optional(bool)<br>    serve_while_stale               = optional(number)<br>    bypass_cache_on_request_headers = optional(list(string))<br>    negative_caching_policy = optional(object({<br>      code = optional(number)<br>      ttl  = optional(number)<br>    }))<br>    cache_key_policy = optional(object({<br>      include_host           = optional(bool)<br>      include_protocol       = optional(bool)<br>      include_query_string   = optional(bool)<br>      query_string_blacklist = optional(list(string))<br>      query_string_whitelist = optional(list(string))<br>      include_http_headers   = optional(list(string))<br>      include_named_cookies  = optional(list(string))<br>    }))<br>  })</pre> | `{}` | no |
 | compression\_mode | Compress text responses using Brotli or gzip compression. | `string` | `"DISABLED"` | no |
 | connection\_draining\_timeout\_sec | Time for which instance will be drained (not accept new connections, but still work to finish started). | `number` | `null` | no |

examples/external-lb-backend-bucket/variables.tf

@@ -14,8 +14,13 @@
  * limitations under the License.
  */
 
+locals {
+  is_backend_bucket = var.backend_bucket_name != null && var.backend_bucket_name != ""
+}
+
 resource "google_compute_backend_service" "default" {
   provider = google-beta
+  count    = !local.is_backend_bucket ? 1 : 0
 
   project = var.project_id
   name    = var.name
@@ -310,3 +315,52 @@ resource "google_compute_firewall" "allow_proxy" {
     protocol = "tcp"
   }
 }
+
+resource "google_compute_backend_bucket" "default" {
+  provider = google-beta
+  count    = local.is_backend_bucket ? 1 : 0
+
+  project     = var.project_id
+  name        = var.name
+  bucket_name = var.backend_bucket_name
+  enable_cdn  = var.enable_cdn
+
+  description = var.description
+
+  # CDN policy configuration, if CDN is enabled
+  dynamic "cdn_policy" {
+    for_each = var.enable_cdn ? [] : []
+    content {
+      cache_mode                   = var.cdn_policy.cache_mode
+      signed_url_cache_max_age_sec = var.cdn_policy.signed_url_cache_max_age_sec
+      default_ttl                  = var.cdn_policy.default_ttl
+      max_ttl                      = var.cdn_policy.max_ttl
+      client_ttl                   = var.cdn_policy.client_ttl
+      negative_caching             = var.cdn_policy.negative_caching
+      serve_while_stale            = var.cdn_policy.serve_while_stale
+
+      dynamic "negative_caching_policy" {
+        for_each = var.cdn_policy.negative_caching_policy != null ? [1] : []
+        content {
+          code = var.cdn_policy.negative_caching_policy.code
+          ttl  = var.cdn_policy.negative_caching_policy.ttl
+        }
+      }
+
+      dynamic "cache_key_policy" {
+        for_each = var.cdn_policy.cache_key_policy != null ? [1] : []
+        content {
+          query_string_whitelist = var.cdn_policy.cache_key_policy.query_string_whitelist
+          include_http_headers   = var.cdn_policy.cache_key_policy.include_http_headers
+        }
+      }
+
+      dynamic "bypass_cache_on_request_headers" {
+        for_each = var.cdn_policy.bypass_cache_on_request_headers != null && length(var.cdn_policy.bypass_cache_on_request_headers) > 0 ? toset(var.cdn_policy.bypass_cache_on_request_headers) : []
+        content {
+          header_name = bypass_cache_on_request_headers.value
+        }
+      }
+    }
+  }
+}

modules/backend/README.md

@@ -176,6 +176,10 @@ spec:
               version: ">= 0.13"
             spec:
               outputExpr: "{\"region\": location, \"service_name\": service_name, \"type\": \"cloud-run\", \"service_version\": \"\"}"
+      - name: backend_bucket_name
+        description: The name of GCS bucket which serves the traffic.
+        varType: string
+        defaultValue: ""
       - name: iap_config
         description: Settings for enabling Cloud Identity Aware Proxy Structure.
         varType: |-

modules/backend/main.tf

@@ -16,11 +16,17 @@
 
 output "backend_service_info" {
   description = "Host, path and backend service mapping"
-  value = [
+  value = concat(!local.is_backend_bucket ? [
     for mapping in var.host_path_mappings : {
       host            = mapping.host
       path            = mapping.path
-      backend_service = google_compute_backend_service.default.self_link
+      backend_service = google_compute_backend_service.default[0].self_link
     }
-  ]
+    ] : [], local.is_backend_bucket ? [for mapping in var.host_path_mappings : {
+      host            = mapping.host
+      path            = mapping.path
+      backend_service = google_compute_backend_bucket.default[0].self_link
+    }
+    ] : []
+  )
 }

modules/backend/metadata.yaml

@@ -147,6 +147,12 @@ variable "serverless_neg_backends" {
   }
 }
 
+variable "backend_bucket_name" {
+  description = "The name of GCS bucket which serves the traffic."
+  type        = string
+  default     = ""
+}
+
 variable "iap_config" {
   description = "Settings for enabling Cloud Identity Aware Proxy Structure."
   type = object({

modules/backend/outputs.tf

@@ -0,0 +1,38 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package external_lb_backend_bucket
+
+import (
+	"testing"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+	"github.com/stretchr/testify/assert"
+
+	test "github.com/terraform-google-modules/terraform-google-lb-http/test/integration"
+)
+
+func TestSeparateFrontendAndBackend(t *testing.T) {
+	bpt := tft.NewTFBlueprintTest(t)
+
+	bpt.DefineVerify(func(assert *assert.Assertions) {
+		bpt.DefaultVerify(assert)
+
+		loadBalancerIp := bpt.GetStringOutput("load-balancer-ip")
+
+		test.AssertResponseStatus(t, assert, "http://"+loadBalancerIp+"/assets/gcp-logo.svg", 200)
+	})
+
+	bpt.Test()
+}