updated default value for iap_config variable object and description. fixed lint errors

Author: Deepraj1996

examples/lb-http-separate-frontend-and-backend/main.tf

@@ -70,6 +70,7 @@ module "cloud-nat-group2" {
 module "lb-http-backend" {
   source     = "terraform-google-modules/lb-http/google//modules/backend"
   version    = "~> 12.0"
+
   project_id = var.project_id
   name       = "backend-lb"
   target_tags = [
@@ -104,7 +105,7 @@ module "lb-http-backend" {
   ]
 
   iap_config = {
-    enable = false
+    iap_members = []
   }
 }
 

metadata.yaml

@@ -338,13 +338,13 @@ spec:
     roles:
       - level: Project
         roles:
+          - roles/certificatemanager.owner
+          - roles/vpcaccess.admin
           - roles/iam.serviceAccountAdmin
           - roles/storage.admin
           - roles/compute.admin
           - roles/run.admin
           - roles/iam.serviceAccountUser
-          - roles/certificatemanager.owner
-          - roles/vpcaccess.admin
     services:
       - certificatemanager.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/backend/README.md

@@ -22,7 +22,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | groups | The list of backend instance group which serves the traffic. | <pre>list(object({<br>    group       = string<br>    description = optional(string)<br><br>    balancing_mode               = optional(string)<br>    capacity_scaler              = optional(number)<br>    max_connections              = optional(number)<br>    max_connections_per_instance = optional(number)<br>    max_connections_per_endpoint = optional(number)<br>    max_rate                     = optional(number)<br>    max_rate_per_instance        = optional(number)<br>    max_rate_per_endpoint        = optional(number)<br>    max_utilization              = optional(number)<br>  }))</pre> | `[]` | no |
 | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | <pre>object({<br>    host                = optional(string, null)<br>    request_path        = optional(string, null)<br>    request             = optional(string, null)<br>    response            = optional(string, null)<br>    port                = optional(number, null)<br>    port_name           = optional(string, null)<br>    proxy_header        = optional(string, null)<br>    port_specification  = optional(string, null)<br>    protocol            = optional(string, null)<br>    check_interval_sec  = optional(number, 5)<br>    timeout_sec         = optional(number, 5)<br>    healthy_threshold   = optional(number, 2)<br>    unhealthy_threshold = optional(number, 2)<br>    logging             = optional(bool, false)<br>  })</pre> | `null` | no |
 | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | <pre>list(object({<br>    host = string<br>    path = string<br>  }))</pre> | <pre>[<br>  {<br>    "host": "*",<br>    "path": "/*"<br>  }<br>]</pre> | no |
-| iap\_config | Settings for enabling Cloud Identity Aware Proxy Structure and Users/SAs to be given IAP HttpResourceAccessor access to the service. | <pre>object({<br>    iap_members          = list(string)<br>    oauth2_client_id     = optional(string)<br>    oauth2_client_secret = optional(string)<br>  })</pre> | `null` | no |
+| iap\_config | Settings for enabling Cloud Identity Aware Proxy and Users/SAs to be given IAP HttpResourceAccessor access to the service. | <pre>object({<br>    iap_members          = list(string)<br>    oauth2_client_id     = optional(string)<br>    oauth2_client_secret = optional(string)<br>  })</pre> | <pre>{<br>  "iap_members": []<br>}</pre> | no |
 | load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_MANAGED for internal load balancer and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no |
 | locality\_lb\_policy | The load balancing algorithm used within the scope of the locality. | `string` | `null` | no |
 | log\_config | This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. | <pre>object({<br>    enable      = bool<br>    sample_rate = number<br>  })</pre> | <pre>{<br>  "enable": true,<br>  "sample_rate": 1<br>}</pre> | no |

modules/backend/metadata.yaml

@@ -191,13 +191,15 @@ spec:
             spec:
               outputExpr: name
       - name: iap_config
-        description: Settings for enabling Cloud Identity Aware Proxy Structure and Users/SAs to be given IAP HttpResourceAccessor access to the service.
+        description: Settings for enabling Cloud Identity Aware Proxy and Users/SAs to be given IAP HttpResourceAccessor access to the service.
         varType: |-
           object({
               iap_members          = list(string)
               oauth2_client_id     = optional(string)
               oauth2_client_secret = optional(string)
             })
+        defaultValue:
+          iap_members: []
       - name: cdn_policy
         description: Cloud CDN configuration for this BackendService.
         varType: |-
@@ -331,13 +333,13 @@ spec:
     roles:
       - level: Project
         roles:
+          - roles/iam.serviceAccountUser
           - roles/iam.serviceAccountAdmin
           - roles/compute.admin
           - roles/storage.admin
           - roles/run.admin
           - roles/compute.networkAdmin
           - roles/iap.admin
-          - roles/iam.serviceAccountUser
     services:
       - cloudresourcemanager.googleapis.com
       - compute.googleapis.com

modules/backend/variables.tf

@@ -154,13 +154,13 @@ variable "backend_bucket_name" {
 }
 
 variable "iap_config" {
-  description = "Settings for enabling Cloud Identity Aware Proxy Structure and Users/SAs to be given IAP HttpResourceAccessor access to the service."
+  description = "Settings for enabling Cloud Identity Aware Proxy and Users/SAs to be given IAP HttpResourceAccessor access to the service."
   type = object({
     iap_members          = list(string)
     oauth2_client_id     = optional(string)
     oauth2_client_secret = optional(string)
   })
-  default = null
+  default = { iap_members = [] }
 }
 
 variable "cdn_policy" {

modules/dynamic_backends/metadata.yaml

@@ -330,13 +330,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/storage.admin
-          - roles/compute.admin
-          - roles/run.admin
           - roles/iam.serviceAccountUser
           - roles/certificatemanager.owner
           - roles/vpcaccess.admin
           - roles/iam.serviceAccountAdmin
+          - roles/storage.admin
+          - roles/compute.admin
+          - roles/run.admin
     services:
       - certificatemanager.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/serverless_negs/metadata.yaml

@@ -294,13 +294,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/iam.serviceAccountAdmin
           - roles/storage.admin
           - roles/compute.admin
           - roles/run.admin
           - roles/iam.serviceAccountUser
           - roles/certificatemanager.owner
           - roles/vpcaccess.admin
+          - roles/iam.serviceAccountAdmin
     services:
       - certificatemanager.googleapis.com
       - cloudresourcemanager.googleapis.com