object({
address = optional(string, null)
address_ipv6 = optional(string, null)
certificate = optional(string, null)
http_forwarding_rule = optional(string, null)
http_ipv6_forwarding_rule = optional(string, null)
https_forwarding_rule = optional(string, null)
https_ipv6_forwarding_rule = optional(string, null)
target_http_proxy = optional(string, null)
target_https_proxy = optional(string, null)
url_map = optional(string, null)
url_map_https_redirect = optional(string, null)
backend_service = optional(string, null)
health_check = optional(string, null)
}) | `{}` | no |
+| name\_suffixes | Map of suffixes to the created resource names. | object({
address = optional(string, "-address")
address_ipv6 = optional(string, "-ipv6-address")
certificate = optional(string, "-cert")
http_forwarding_rule = optional(string, "")
http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
https_forwarding_rule = optional(string, "-https")
https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
target_http_proxy = optional(string, "-http-proxy")
target_https_proxy = optional(string, "-https-proxy")
url_map = optional(string, "-url-map")
url_map_https_redirect = optional(string, "-https-redirect")
backend_service = optional(string, "")
health_check = optional(string, "")
}) | `{}` | no |
| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no |
| private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
| project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
diff --git a/autogen/README.md b/autogen/README.md
index 4c3f746c..66f2e37f 100644
--- a/autogen/README.md
+++ b/autogen/README.md
@@ -45,13 +45,13 @@ intended for Terraform 0.12.x is [v4.5.0](https://registry.terraform.io/modules/
Current version is 12.0. Upgrade guides:
-- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
-- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
-- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
-- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
-- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)
-- [9.X -> 10.0](/docs/upgrading_to_v10.0.md)
-- [10.X -> 11.0](/docs/upgrading_to_v11.0.md)
+- [2.X -> 3.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v3.0.0.md)
+- [3.X -> 4.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v4.0.md)
+- [6.X -> 7.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v7.0.md)
+- [7.X -> 8.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v8.0.md)
+- [8.X -> 9.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v9.0.md)
+- [9.X -> 10.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v10.0.md)
+- [10.X -> 11.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v11.0.md)
## Usage
@@ -62,7 +62,7 @@ module "gce-lb-http" {
module "lb-http" {
{% endif %}
source = "GoogleCloudPlatform/lb-http/google{{ module_path }}"
- version = "~> 9.0"
+ version = "~> 12.0"
project = "my-project-id"
{% if serverless %}
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
index d1b15f9c..8b3bd399 100644
--- a/autogen/main.tf.tmpl
+++ b/autogen/main.tf.tmpl
@@ -35,7 +35,7 @@ resource "google_compute_global_forwarding_rule" "http" {
provider = google-beta
project = var.project
count = local.create_http_forward ? 1 : 0
- name = var.name
+ name = "${var.name_prefixes.http_forwarding_rule != null ? var.name_prefixes.http_forwarding_rule : var.name}${var.name_suffixes.http_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.address
port_range = var.http_port
@@ -48,7 +48,7 @@ resource "google_compute_global_forwarding_rule" "https" {
provider = google-beta
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https"
+ name = "${var.name_prefixes.https_forwarding_rule != null ? var.name_prefixes.https_forwarding_rule : var.name}${var.name_suffixes.https_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.address
port_range = var.https_port
@@ -61,7 +61,7 @@ resource "google_compute_global_address" "default" {
provider = google-beta
count = local.is_internal ? 0 : var.create_address ? 1 : 0
project = var.project
- name = "${var.name}-address"
+ name = "${var.name_prefixes.address != null ? var.name_prefixes.address : var.name}${var.name_suffixes.address}"
ip_version = "IPV4"
labels = var.labels
}
@@ -72,7 +72,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" {
provider = google-beta
project = var.project
count = (var.enable_ipv6 && local.create_http_forward) ? 1 : 0
- name = "${var.name}-ipv6-http"
+ name = "${var.name_prefixes.http_ipv6_forwarding_rule != null ? var.name_prefixes.http_ipv6_forwarding_rule : var.name}${var.name_suffixes.http_ipv6_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "80"
@@ -85,7 +85,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" {
provider = google-beta
project = var.project
count = var.enable_ipv6 && var.ssl ? 1 : 0
- name = "${var.name}-ipv6-https"
+ name = "${var.name_prefixes.https_ipv6_forwarding_rule != null ? var.name_prefixes.https_ipv6_forwarding_rule : var.name}${var.name_suffixes.https_ipv6_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "443"
@@ -98,7 +98,7 @@ resource "google_compute_global_address" "default_ipv6" {
provider = google-beta
count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0
project = var.project
- name = "${var.name}-ipv6-address"
+ name = "${var.name_prefixes.address_ipv6 != null ? var.name_prefixes.address_ipv6 : var.name}${var.name_suffixes.address_ipv6}"
ip_version = "IPV6"
labels = var.labels
}
@@ -108,7 +108,7 @@ resource "google_compute_global_address" "default_ipv6" {
resource "google_compute_target_http_proxy" "default" {
project = var.project
count = local.create_http_forward ? 1 : 0
- name = "${var.name}-http-proxy"
+ name = "${var.name_prefixes.target_http_proxy != null ? var.name_prefixes.target_http_proxy : var.name}${var.name_suffixes.target_http_proxy}"
url_map = var.https_redirect == false ? local.url_map : join("", google_compute_url_map.https_redirect[*].self_link)
}
@@ -116,7 +116,7 @@ resource "google_compute_target_http_proxy" "default" {
resource "google_compute_target_https_proxy" "default" {
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https-proxy"
+ name = "${var.name_prefixes.target_https_proxy != null ? var.name_prefixes.target_https_proxy : var.name}${var.name_suffixes.target_https_proxy}"
url_map = local.url_map
ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
@@ -153,7 +153,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
provider = google-beta
project = var.project
count = var.ssl && length(var.managed_ssl_certificate_domains) > 0 ? 1 : 0
- name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name}-cert"
+ name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name_prefixes.certificate != null ? var.name_prefixes.certificate : var.name}${var.name_suffixes.certificate}"
lifecycle {
create_before_destroy = true
@@ -168,14 +168,14 @@ resource "google_compute_url_map" "default" {
provider = google-beta
project = var.project
count = var.create_url_map ? 1 : 0
- name = "${var.name}-url-map"
+ name = "${var.name_prefixes.url_map != null ? var.name_prefixes.url_map : var.name}${var.name_suffixes.url_map}"
default_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
}
resource "google_compute_url_map" "https_redirect" {
project = var.project
count = var.https_redirect ? 1 : 0
- name = "${var.name}-https-redirect"
+ name = "${var.name_prefixes.url_map_https_redirect != null ? var.name_prefixes.url_map_https_redirect : var.name}${var.name_suffixes.url_map_https_redirect}"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
@@ -188,7 +188,7 @@ resource "google_compute_backend_service" "default" {
for_each = var.backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-backend-${each.key}"
+ name = "${var.name_prefixes.backend_service != null ? var.name_prefixes.backend_service : "${var.name}-backend-"}${each.key}${var.name_suffixes.backend_service}"
load_balancing_scheme = var.load_balancing_scheme
@@ -395,7 +395,7 @@ resource "google_compute_health_check" "default" {
provider = google-beta
for_each = local.health_checked_backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-hc-${each.key}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}-${each.key}${var.name_suffixes.health_check}"
check_interval_sec = lookup(each.value["health_check"], "check_interval_sec", 5)
timeout_sec = lookup(each.value["health_check"], "timeout_sec", 5)
@@ -504,7 +504,7 @@ resource "google_compute_health_check" "default" {
resource "google_compute_firewall" "default-hc" {
count = length(var.firewall_networks)
project = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project : var.firewall_projects[count.index]
- name = "${var.name}-hc-${count.index}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}${var.name_suffixes.health_check}-${count.index}"
network = var.firewall_networks[count.index]
source_ranges = [
"130.211.0.0/22",
diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
index 6a6bfe87..6168cfd6 100644
--- a/autogen/variables.tf.tmpl
+++ b/autogen/variables.tf.tmpl
@@ -105,8 +105,8 @@ variable "backends" {
description = optional(string)
enable_cdn = optional(bool)
compression_mode = optional(string)
- security_policy = optional(string,null)
- edge_security_policy = optional(string,null)
+ security_policy = optional(string, null)
+ edge_security_policy = optional(string, null)
custom_request_headers = optional(list(string))
custom_response_headers = optional(list(string))
@@ -366,3 +366,43 @@ variable "http_keep_alive_timeout_sec" {
type = number
default = null
}
+
+variable "name_suffixes" {
+ description = "Map of suffixes to the created resource names."
+ type = object({
+ address = optional(string, "-address")
+ address_ipv6 = optional(string, "-ipv6-address")
+ certificate = optional(string, "-cert")
+ http_forwarding_rule = optional(string, "")
+ http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
+ https_forwarding_rule = optional(string, "-https")
+ https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
+ target_http_proxy = optional(string, "-http-proxy")
+ target_https_proxy = optional(string, "-https-proxy")
+ url_map = optional(string, "-url-map")
+ url_map_https_redirect = optional(string, "-https-redirect")
+ backend_service = optional(string, "")
+ health_check = optional(string, "")
+ })
+ default = {}
+}
+
+variable "name_prefixes" {
+ description = "Map of resource name prefixes allowing name customization. `null` values fallback to module defaults."
+ type = object({
+ address = optional(string, null)
+ address_ipv6 = optional(string, null)
+ certificate = optional(string, null)
+ http_forwarding_rule = optional(string, null)
+ http_ipv6_forwarding_rule = optional(string, null)
+ https_forwarding_rule = optional(string, null)
+ https_ipv6_forwarding_rule = optional(string, null)
+ target_http_proxy = optional(string, null)
+ target_https_proxy = optional(string, null)
+ url_map = optional(string, null)
+ url_map_https_redirect = optional(string, null)
+ backend_service = optional(string, null)
+ health_check = optional(string, null)
+ })
+ default = {}
+}
diff --git a/main.tf b/main.tf
index 9721c9a3..8bd76f87 100644
--- a/main.tf
+++ b/main.tf
@@ -33,7 +33,7 @@ resource "google_compute_global_forwarding_rule" "http" {
provider = google-beta
project = var.project
count = local.create_http_forward ? 1 : 0
- name = var.name
+ name = "${var.name_prefixes.http_forwarding_rule != null ? var.name_prefixes.http_forwarding_rule : var.name}${var.name_suffixes.http_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.address
port_range = var.http_port
@@ -46,7 +46,7 @@ resource "google_compute_global_forwarding_rule" "https" {
provider = google-beta
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https"
+ name = "${var.name_prefixes.https_forwarding_rule != null ? var.name_prefixes.https_forwarding_rule : var.name}${var.name_suffixes.https_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.address
port_range = var.https_port
@@ -59,7 +59,7 @@ resource "google_compute_global_address" "default" {
provider = google-beta
count = local.is_internal ? 0 : var.create_address ? 1 : 0
project = var.project
- name = "${var.name}-address"
+ name = "${var.name_prefixes.address != null ? var.name_prefixes.address : var.name}${var.name_suffixes.address}"
ip_version = "IPV4"
labels = var.labels
}
@@ -70,7 +70,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" {
provider = google-beta
project = var.project
count = (var.enable_ipv6 && local.create_http_forward) ? 1 : 0
- name = "${var.name}-ipv6-http"
+ name = "${var.name_prefixes.http_ipv6_forwarding_rule != null ? var.name_prefixes.http_ipv6_forwarding_rule : var.name}${var.name_suffixes.http_ipv6_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "80"
@@ -83,7 +83,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" {
provider = google-beta
project = var.project
count = var.enable_ipv6 && var.ssl ? 1 : 0
- name = "${var.name}-ipv6-https"
+ name = "${var.name_prefixes.https_ipv6_forwarding_rule != null ? var.name_prefixes.https_ipv6_forwarding_rule : var.name}${var.name_suffixes.https_ipv6_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "443"
@@ -96,7 +96,7 @@ resource "google_compute_global_address" "default_ipv6" {
provider = google-beta
count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0
project = var.project
- name = "${var.name}-ipv6-address"
+ name = "${var.name_prefixes.address_ipv6 != null ? var.name_prefixes.address_ipv6 : var.name}${var.name_suffixes.address_ipv6}"
ip_version = "IPV6"
labels = var.labels
}
@@ -106,7 +106,7 @@ resource "google_compute_global_address" "default_ipv6" {
resource "google_compute_target_http_proxy" "default" {
project = var.project
count = local.create_http_forward ? 1 : 0
- name = "${var.name}-http-proxy"
+ name = "${var.name_prefixes.target_http_proxy != null ? var.name_prefixes.target_http_proxy : var.name}${var.name_suffixes.target_http_proxy}"
url_map = var.https_redirect == false ? local.url_map : join("", google_compute_url_map.https_redirect[*].self_link)
}
@@ -114,7 +114,7 @@ resource "google_compute_target_http_proxy" "default" {
resource "google_compute_target_https_proxy" "default" {
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https-proxy"
+ name = "${var.name_prefixes.target_https_proxy != null ? var.name_prefixes.target_https_proxy : var.name}${var.name_suffixes.target_https_proxy}"
url_map = local.url_map
ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
@@ -151,7 +151,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
provider = google-beta
project = var.project
count = var.ssl && length(var.managed_ssl_certificate_domains) > 0 ? 1 : 0
- name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name}-cert"
+ name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name_prefixes.certificate != null ? var.name_prefixes.certificate : var.name}${var.name_suffixes.certificate}"
lifecycle {
create_before_destroy = true
@@ -166,14 +166,14 @@ resource "google_compute_url_map" "default" {
provider = google-beta
project = var.project
count = var.create_url_map ? 1 : 0
- name = "${var.name}-url-map"
+ name = "${var.name_prefixes.url_map != null ? var.name_prefixes.url_map : var.name}${var.name_suffixes.url_map}"
default_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
}
resource "google_compute_url_map" "https_redirect" {
project = var.project
count = var.https_redirect ? 1 : 0
- name = "${var.name}-https-redirect"
+ name = "${var.name_prefixes.url_map_https_redirect != null ? var.name_prefixes.url_map_https_redirect : var.name}${var.name_suffixes.url_map_https_redirect}"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
@@ -186,7 +186,7 @@ resource "google_compute_backend_service" "default" {
for_each = var.backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-backend-${each.key}"
+ name = "${var.name_prefixes.backend_service != null ? var.name_prefixes.backend_service : "${var.name}-backend-"}${each.key}${var.name_suffixes.backend_service}"
load_balancing_scheme = var.load_balancing_scheme
@@ -326,7 +326,7 @@ resource "google_compute_health_check" "default" {
provider = google-beta
for_each = local.health_checked_backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-hc-${each.key}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}-${each.key}${var.name_suffixes.health_check}"
check_interval_sec = lookup(each.value["health_check"], "check_interval_sec", 5)
timeout_sec = lookup(each.value["health_check"], "timeout_sec", 5)
@@ -435,7 +435,7 @@ resource "google_compute_health_check" "default" {
resource "google_compute_firewall" "default-hc" {
count = length(var.firewall_networks)
project = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project : var.firewall_projects[count.index]
- name = "${var.name}-hc-${count.index}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}${var.name_suffixes.health_check}-${count.index}"
network = var.firewall_networks[count.index]
source_ranges = [
"130.211.0.0/22",
diff --git a/modules/dynamic_backends/README.md b/modules/dynamic_backends/README.md
index 559412c9..815112b2 100644
--- a/modules/dynamic_backends/README.md
+++ b/modules/dynamic_backends/README.md
@@ -22,20 +22,20 @@ intended for Terraform 0.12.x is [v4.5.0](https://registry.terraform.io/modules/
Current version is 12.0. Upgrade guides:
-- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
-- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
-- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
-- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
-- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)
-- [9.X -> 10.0](/docs/upgrading_to_v10.0.md)
-- [10.X -> 11.0](/docs/upgrading_to_v11.0.md)
+- [2.X -> 3.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v3.0.0.md)
+- [3.X -> 4.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v4.0.md)
+- [6.X -> 7.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v7.0.md)
+- [7.X -> 8.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v8.0.md)
+- [8.X -> 9.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v9.0.md)
+- [9.X -> 10.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v10.0.md)
+- [10.X -> 11.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v11.0.md)
## Usage
```HCL
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google//modules/dynamic_backends"
- version = "~> 9.0"
+ version = "~> 12.0"
project = "my-project-id"
name = "group-http-lb"
@@ -85,56 +85,58 @@ module "gce-lb-http" {
## Inputs
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | map(object({
port = optional(number)
project = optional(string)
protocol = optional(string)
port_name = optional(string)
description = optional(string)
enable_cdn = optional(bool)
compression_mode = optional(string)
security_policy = optional(string, null)
edge_security_policy = optional(string, null)
custom_request_headers = optional(list(string))
custom_response_headers = optional(list(string))
timeout_sec = optional(number)
connection_draining_timeout_sec = optional(number)
session_affinity = optional(string)
affinity_cookie_ttl_sec = optional(number)
locality_lb_policy = optional(string)
health_check = optional(object({
host = optional(string)
request_path = optional(string)
request = optional(string)
response = optional(string)
port = optional(number)
port_name = optional(string)
proxy_header = optional(string)
port_specification = optional(string)
protocol = optional(string)
check_interval_sec = optional(number)
timeout_sec = optional(number)
healthy_threshold = optional(number)
unhealthy_threshold = optional(number)
logging = optional(bool)
}))
log_config = object({
enable = optional(bool)
sample_rate = optional(number)
})
groups = list(object({
group = string
description = optional(string)
balancing_mode = optional(string)
capacity_scaler = optional(number)
max_connections = optional(number)
max_connections_per_instance = optional(number)
max_connections_per_endpoint = optional(number)
max_rate = optional(number)
max_rate_per_instance = optional(number)
max_rate_per_endpoint = optional(number)
max_utilization = optional(number)
}))
iap_config = optional(object({
enable = bool
oauth2_client_id = optional(string)
oauth2_client_secret = optional(string)
}))
cdn_policy = optional(object({
cache_mode = optional(string)
signed_url_cache_max_age_sec = optional(string)
default_ttl = optional(number)
max_ttl = optional(number)
client_ttl = optional(number)
negative_caching = optional(bool)
negative_caching_policy = optional(object({
code = optional(number)
ttl = optional(number)
}))
serve_while_stale = optional(number)
cache_key_policy = optional(object({
include_host = optional(bool)
include_protocol = optional(bool)
include_query_string = optional(bool)
query_string_blacklist = optional(list(string))
query_string_whitelist = optional(list(string))
include_http_headers = optional(list(string))
include_named_cookies = optional(list(string))
}))
bypass_cache_on_request_headers = optional(list(string))
}))
outlier_detection = optional(object({
base_ejection_time = optional(object({
seconds = number
nanos = optional(number)
}))
consecutive_errors = optional(number)
consecutive_gateway_failure = optional(number)
enforcing_consecutive_errors = optional(number)
enforcing_consecutive_gateway_failure = optional(number)
enforcing_success_rate = optional(number)
interval = optional(object({
seconds = number
nanos = optional(number)
}))
max_ejection_percent = optional(number)
success_rate_minimum_hosts = optional(number)
success_rate_request_volume = optional(number)
success_rate_stdev_factor = optional(number)
}))
})) | n/a | yes |
-| certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
-| certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` | `string` | `null` | no |
-| create\_address | Create a new global IPv4 address | `bool` | `true` | no |
-| create\_ipv6\_address | Allocate a new IPv6 address. Conflicts with "ipv6\_address" - if both specified, "create\_ipv6\_address" takes precedence. | `bool` | `false` | no |
-| create\_ssl\_certificate | If `true`, Create certificate using `private_key/certificate` | `bool` | `false` | no |
-| create\_url\_map | Set to `false` if url\_map variable is provided. | `bool` | `true` | no |
-| edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
-| enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
-| firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | [| no | -| firewall\_projects | Names of the projects to create firewall rules in | `list(string)` |
"default"
]
[| no | -| http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no | -| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no | -| http\_port | The port for the HTTP load balancer | `number` | `80` | no | -| https\_port | The port for the HTTPS load balancer | `number` | `443` | no | -| https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | -| ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | -| labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL"` | no | -| managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | -| name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | -| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no | -| private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | -| project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes | -| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no | -| random\_certificate\_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. | `bool` | `false` | no | -| security\_policy | The resource URL for the security policy to associate with the backend service | `string` | `null` | no | -| server\_tls\_policy | The resource URL for the server TLS policy to associate with the https proxy service | `string` | `null` | no | -| ssl | Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map` | `bool` | `false` | no | -| ssl\_certificates | SSL cert self\_link list. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | -| ssl\_policy | Selfink to SSL Policy | `string` | `null` | no | -| target\_service\_accounts | List of target service accounts for health check firewall rule. Exactly one of target\_tags or target\_service\_accounts should be specified. | `list(string)` | `[]` | no | -| target\_tags | List of target tags for health check firewall rule. Exactly one of target\_tags or target\_service\_accounts should be specified. | `list(string)` | `[]` | no | -| url\_map | The url\_map resource to use. Default is to send all traffic to first backend. | `string` | `null` | no | +| Name | Description | Type | Default | Required | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | :------: | +| address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no | +| backends | Map backend indices to list of backend maps. |
"default"
]
map(object({
port = optional(number)
project = optional(string)
protocol = optional(string)
port_name = optional(string)
description = optional(string)
enable_cdn = optional(bool)
compression_mode = optional(string)
security_policy = optional(string, null)
edge_security_policy = optional(string, null)
custom_request_headers = optional(list(string))
custom_response_headers = optional(list(string))
timeout_sec = optional(number)
connection_draining_timeout_sec = optional(number)
session_affinity = optional(string)
affinity_cookie_ttl_sec = optional(number)
locality_lb_policy = optional(string)
health_check = optional(object({
host = optional(string)
request_path = optional(string)
request = optional(string)
response = optional(string)
port = optional(number)
port_name = optional(string)
proxy_header = optional(string)
port_specification = optional(string)
protocol = optional(string)
check_interval_sec = optional(number)
timeout_sec = optional(number)
healthy_threshold = optional(number)
unhealthy_threshold = optional(number)
logging = optional(bool)
}))
log_config = object({
enable = optional(bool)
sample_rate = optional(number)
})
groups = list(object({
group = string
description = optional(string)
balancing_mode = optional(string)
capacity_scaler = optional(number)
max_connections = optional(number)
max_connections_per_instance = optional(number)
max_connections_per_endpoint = optional(number)
max_rate = optional(number)
max_rate_per_instance = optional(number)
max_rate_per_endpoint = optional(number)
max_utilization = optional(number)
}))
iap_config = optional(object({
enable = bool
oauth2_client_id = optional(string)
oauth2_client_secret = optional(string)
}))
cdn_policy = optional(object({
cache_mode = optional(string)
signed_url_cache_max_age_sec = optional(string)
default_ttl = optional(number)
max_ttl = optional(number)
client_ttl = optional(number)
negative_caching = optional(bool)
negative_caching_policy = optional(object({
code = optional(number)
ttl = optional(number)
}))
serve_while_stale = optional(number)
cache_key_policy = optional(object({
include_host = optional(bool)
include_protocol = optional(bool)
include_query_string = optional(bool)
query_string_blacklist = optional(list(string))
query_string_whitelist = optional(list(string))
include_http_headers = optional(list(string))
include_named_cookies = optional(list(string))
}))
bypass_cache_on_request_headers = optional(list(string))
}))
outlier_detection = optional(object({
base_ejection_time = optional(object({
seconds = number
nanos = optional(number)
}))
consecutive_errors = optional(number)
consecutive_gateway_failure = optional(number)
enforcing_consecutive_errors = optional(number)
enforcing_consecutive_gateway_failure = optional(number)
enforcing_success_rate = optional(number)
interval = optional(object({
seconds = number
nanos = optional(number)
}))
max_ejection_percent = optional(number)
success_rate_minimum_hosts = optional(number)
success_rate_request_volume = optional(number)
success_rate_stdev_factor = optional(number)
}))
})) | n/a | yes |
+| certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
+| certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` | `string` | `null` | no |
+| create\_address | Create a new global IPv4 address | `bool` | `true` | no |
+| create\_ipv6\_address | Allocate a new IPv6 address. Conflicts with "ipv6\_address" - if both specified, "create\_ipv6\_address" takes precedence. | `bool` | `false` | no |
+| create\_ssl\_certificate | If `true`, Create certificate using `private_key/certificate` | `bool` | `false` | no |
+| create\_url\_map | Set to `false` if url\_map variable is provided. | `bool` | `true` | no |
+| edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
+| enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
+| firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | [| no | +| firewall\_projects | Names of the projects to create firewall rules in | `list(string)` |
"default"
]
[| no | +| http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no | +| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no | +| http\_port | The port for the HTTP load balancer | `number` | `80` | no | +| https\_port | The port for the HTTPS load balancer | `number` | `443` | no | +| https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | +| ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | +| labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL"` | no | +| managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | +| name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | +| name\_prefixes | Map of resource name prefixes allowing name customization. `null` values fallback to module defaults. |
"default"
]
object({
address = optional(string, null)
address_ipv6 = optional(string, null)
certificate = optional(string, null)
http_forwarding_rule = optional(string, null)
http_ipv6_forwarding_rule = optional(string, null)
https_forwarding_rule = optional(string, null)
https_ipv6_forwarding_rule = optional(string, null)
target_http_proxy = optional(string, null)
target_https_proxy = optional(string, null)
url_map = optional(string, null)
url_map_https_redirect = optional(string, null)
backend_service = optional(string, null)
health_check = optional(string, null)
}) | `{}` | no |
+| name\_suffixes | Map of suffixes to the created resource names. | object({
address = optional(string, "-address")
address_ipv6 = optional(string, "-ipv6-address")
certificate = optional(string, "-cert")
http_forwarding_rule = optional(string, "")
http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
https_forwarding_rule = optional(string, "-https")
https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
target_http_proxy = optional(string, "-http-proxy")
target_https_proxy = optional(string, "-https-proxy")
url_map = optional(string, "-url-map")
url_map_https_redirect = optional(string, "-https-redirect")
backend_service = optional(string, "")
health_check = optional(string, "")
}) | `{}` | no |
+| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no |
+| private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
+| project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
+| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
+| random\_certificate\_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. | `bool` | `false` | no |
+| security\_policy | The resource URL for the security policy to associate with the backend service | `string` | `null` | no |
+| server\_tls\_policy | The resource URL for the server TLS policy to associate with the https proxy service | `string` | `null` | no |
+| ssl | Set to `true` to enable SSL support. If `true` then at least one of these are required: 1) `ssl_certificates` OR 2) `create_ssl_certificate` set to `true` and `private_key/certificate` OR 3) `managed_ssl_certificate_domains`, OR 4) `certificate_map` | `bool` | `false` | no |
+| ssl\_certificates | SSL cert self\_link list. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no |
+| ssl\_policy | Selfink to SSL Policy | `string` | `null` | no |
+| target\_service\_accounts | List of target service accounts for health check firewall rule. Exactly one of target\_tags or target\_service\_accounts should be specified. | `list(string)` | `[]` | no |
+| target\_tags | List of target tags for health check firewall rule. Exactly one of target\_tags or target\_service\_accounts should be specified. | `list(string)` | `[]` | no |
+| url\_map | The url\_map resource to use. Default is to send all traffic to first backend. | `string` | `null` | no |
## Outputs
-| Name | Description |
-|------|-------------|
-| backend\_services | The backend service resources. |
-| external\_ip | The external IPv4 assigned to the global fowarding rule. |
-| external\_ipv6\_address | The external IPv6 assigned to the global fowarding rule. |
-| http\_proxy | The HTTP proxy used by this module. |
-| https\_proxy | The HTTPS proxy used by this module. |
-| ipv6\_enabled | Whether IPv6 configuration is enabled on this load-balancer |
-| ssl\_certificate\_created | The SSL certificate create from key/pem |
-| url\_map | The default URL map used by this module. |
+| Name | Description |
+| ------------------------- | ----------------------------------------------------------- |
+| backend\_services | The backend service resources. |
+| external\_ip | The external IPv4 assigned to the global fowarding rule. |
+| external\_ipv6\_address | The external IPv6 assigned to the global fowarding rule. |
+| http\_proxy | The HTTP proxy used by this module. |
+| https\_proxy | The HTTPS proxy used by this module. |
+| ipv6\_enabled | Whether IPv6 configuration is enabled on this load-balancer |
+| ssl\_certificate\_created | The SSL certificate create from key/pem |
+| url\_map | The default URL map used by this module. |
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
index b0b4aacc..1efe24c0 100644
--- a/modules/dynamic_backends/main.tf
+++ b/modules/dynamic_backends/main.tf
@@ -33,7 +33,7 @@ resource "google_compute_global_forwarding_rule" "http" {
provider = google-beta
project = var.project
count = local.create_http_forward ? 1 : 0
- name = var.name
+ name = "${var.name_prefixes.http_forwarding_rule != null ? var.name_prefixes.http_forwarding_rule : var.name}${var.name_suffixes.http_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.address
port_range = var.http_port
@@ -46,7 +46,7 @@ resource "google_compute_global_forwarding_rule" "https" {
provider = google-beta
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https"
+ name = "${var.name_prefixes.https_forwarding_rule != null ? var.name_prefixes.https_forwarding_rule : var.name}${var.name_suffixes.https_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.address
port_range = var.https_port
@@ -59,7 +59,7 @@ resource "google_compute_global_address" "default" {
provider = google-beta
count = local.is_internal ? 0 : var.create_address ? 1 : 0
project = var.project
- name = "${var.name}-address"
+ name = "${var.name_prefixes.address != null ? var.name_prefixes.address : var.name}${var.name_suffixes.address}"
ip_version = "IPV4"
labels = var.labels
}
@@ -70,7 +70,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" {
provider = google-beta
project = var.project
count = (var.enable_ipv6 && local.create_http_forward) ? 1 : 0
- name = "${var.name}-ipv6-http"
+ name = "${var.name_prefixes.http_ipv6_forwarding_rule != null ? var.name_prefixes.http_ipv6_forwarding_rule : var.name}${var.name_suffixes.http_ipv6_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "80"
@@ -83,7 +83,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" {
provider = google-beta
project = var.project
count = var.enable_ipv6 && var.ssl ? 1 : 0
- name = "${var.name}-ipv6-https"
+ name = "${var.name_prefixes.https_ipv6_forwarding_rule != null ? var.name_prefixes.https_ipv6_forwarding_rule : var.name}${var.name_suffixes.https_ipv6_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "443"
@@ -96,7 +96,7 @@ resource "google_compute_global_address" "default_ipv6" {
provider = google-beta
count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0
project = var.project
- name = "${var.name}-ipv6-address"
+ name = "${var.name_prefixes.address_ipv6 != null ? var.name_prefixes.address_ipv6 : var.name}${var.name_suffixes.address_ipv6}"
ip_version = "IPV6"
labels = var.labels
}
@@ -106,7 +106,7 @@ resource "google_compute_global_address" "default_ipv6" {
resource "google_compute_target_http_proxy" "default" {
project = var.project
count = local.create_http_forward ? 1 : 0
- name = "${var.name}-http-proxy"
+ name = "${var.name_prefixes.target_http_proxy != null ? var.name_prefixes.target_http_proxy : var.name}${var.name_suffixes.target_http_proxy}"
url_map = var.https_redirect == false ? local.url_map : join("", google_compute_url_map.https_redirect[*].self_link)
}
@@ -114,7 +114,7 @@ resource "google_compute_target_http_proxy" "default" {
resource "google_compute_target_https_proxy" "default" {
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https-proxy"
+ name = "${var.name_prefixes.target_https_proxy != null ? var.name_prefixes.target_https_proxy : var.name}${var.name_suffixes.target_https_proxy}"
url_map = local.url_map
ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
@@ -151,7 +151,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
provider = google-beta
project = var.project
count = var.ssl && length(var.managed_ssl_certificate_domains) > 0 ? 1 : 0
- name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name}-cert"
+ name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name_prefixes.certificate != null ? var.name_prefixes.certificate : var.name}${var.name_suffixes.certificate}"
lifecycle {
create_before_destroy = true
@@ -166,14 +166,14 @@ resource "google_compute_url_map" "default" {
provider = google-beta
project = var.project
count = var.create_url_map ? 1 : 0
- name = "${var.name}-url-map"
+ name = "${var.name_prefixes.url_map != null ? var.name_prefixes.url_map : var.name}${var.name_suffixes.url_map}"
default_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
}
resource "google_compute_url_map" "https_redirect" {
project = var.project
count = var.https_redirect ? 1 : 0
- name = "${var.name}-https-redirect"
+ name = "${var.name_prefixes.url_map_https_redirect != null ? var.name_prefixes.url_map_https_redirect : var.name}${var.name_suffixes.url_map_https_redirect}"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
@@ -186,7 +186,7 @@ resource "google_compute_backend_service" "default" {
for_each = var.backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-backend-${each.key}"
+ name = "${var.name_prefixes.backend_service != null ? var.name_prefixes.backend_service : "${var.name}-backend-"}${each.key}${var.name_suffixes.backend_service}"
load_balancing_scheme = var.load_balancing_scheme
@@ -329,7 +329,7 @@ resource "google_compute_health_check" "default" {
provider = google-beta
for_each = local.health_checked_backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-hc-${each.key}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}-${each.key}${var.name_suffixes.health_check}"
check_interval_sec = lookup(each.value["health_check"], "check_interval_sec", 5)
timeout_sec = lookup(each.value["health_check"], "timeout_sec", 5)
@@ -438,7 +438,7 @@ resource "google_compute_health_check" "default" {
resource "google_compute_firewall" "default-hc" {
count = length(var.firewall_networks)
project = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project : var.firewall_projects[count.index]
- name = "${var.name}-hc-${count.index}"
+ name = "${var.name_prefixes.health_check != null ? var.name_prefixes.health_check : "${var.name}-hc"}${var.name_suffixes.health_check}-${count.index}"
network = var.firewall_networks[count.index]
source_ranges = [
"130.211.0.0/22",
diff --git a/modules/dynamic_backends/variables.tf b/modules/dynamic_backends/variables.tf
index 83a86fdf..20fb0bf2 100644
--- a/modules/dynamic_backends/variables.tf
+++ b/modules/dynamic_backends/variables.tf
@@ -330,3 +330,43 @@ variable "http_keep_alive_timeout_sec" {
type = number
default = null
}
+
+variable "name_suffixes" {
+ description = "Map of suffixes to the created resource names."
+ type = object({
+ address = optional(string, "-address")
+ address_ipv6 = optional(string, "-ipv6-address")
+ certificate = optional(string, "-cert")
+ http_forwarding_rule = optional(string, "")
+ http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
+ https_forwarding_rule = optional(string, "-https")
+ https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
+ target_http_proxy = optional(string, "-http-proxy")
+ target_https_proxy = optional(string, "-https-proxy")
+ url_map = optional(string, "-url-map")
+ url_map_https_redirect = optional(string, "-https-redirect")
+ backend_service = optional(string, "")
+ health_check = optional(string, "")
+ })
+ default = {}
+}
+
+variable "name_prefixes" {
+ description = "Map of resource name prefixes allowing name customization. `null` values fallback to module defaults."
+ type = object({
+ address = optional(string, null)
+ address_ipv6 = optional(string, null)
+ certificate = optional(string, null)
+ http_forwarding_rule = optional(string, null)
+ http_ipv6_forwarding_rule = optional(string, null)
+ https_forwarding_rule = optional(string, null)
+ https_ipv6_forwarding_rule = optional(string, null)
+ target_http_proxy = optional(string, null)
+ target_https_proxy = optional(string, null)
+ url_map = optional(string, null)
+ url_map_https_redirect = optional(string, null)
+ backend_service = optional(string, null)
+ health_check = optional(string, null)
+ })
+ default = {}
+}
diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
index 71791233..e4872b09 100644
--- a/modules/serverless_negs/README.md
+++ b/modules/serverless_negs/README.md
@@ -17,20 +17,20 @@ intended for Terraform 0.12.x is [v4.5.0](https://registry.terraform.io/modules/
Current version is 12.0. Upgrade guides:
-- [2.X -> 3.0](/docs/upgrading-v2.0.0-v3.0.0.md)
-- [3.X -> 4.0](/docs/upgrading_to_v4.0.md)
-- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
-- [7.X -> 8.0](/docs/upgrading_to_v8.0.md)
-- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)
-- [9.X -> 10.0](/docs/upgrading_to_v10.0.md)
-- [10.X -> 11.0](/docs/upgrading_to_v11.0.md)
+- [2.X -> 3.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v3.0.0.md)
+- [3.X -> 4.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v4.0.md)
+- [6.X -> 7.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v7.0.md)
+- [7.X -> 8.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v8.0.md)
+- [8.X -> 9.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v9.0.md)
+- [9.X -> 10.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v10.0.md)
+- [10.X -> 11.0](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/docs/upgrading_to_v11.0.md)
## Usage
```HCL
module "lb-http" {
source = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
- version = "~> 9.0"
+ version = "~> 12.0"
project = "my-project-id"
name = "my-lb"
@@ -92,6 +92,8 @@ module "lb-http" {
| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL"` | no |
| managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no |
| name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
+| name\_prefixes | Map of resource name prefixes allowing name customization. `null` values fallback to module defaults. | object({
address = optional(string, null)
address_ipv6 = optional(string, null)
certificate = optional(string, null)
http_forwarding_rule = optional(string, null)
http_ipv6_forwarding_rule = optional(string, null)
https_forwarding_rule = optional(string, null)
https_ipv6_forwarding_rule = optional(string, null)
target_http_proxy = optional(string, null)
target_https_proxy = optional(string, null)
url_map = optional(string, null)
url_map_https_redirect = optional(string, null)
backend_service = optional(string, null)
health_check = optional(string, null)
}) | `{}` | no |
+| name\_suffixes | Map of suffixes to the created resource names. | object({
address = optional(string, "-address")
address_ipv6 = optional(string, "-ipv6-address")
certificate = optional(string, "-cert")
http_forwarding_rule = optional(string, "")
http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
https_forwarding_rule = optional(string, "-https")
https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
target_http_proxy = optional(string, "-http-proxy")
target_https_proxy = optional(string, "-https-proxy")
url_map = optional(string, "-url-map")
url_map_https_redirect = optional(string, "-https-redirect")
backend_service = optional(string, "")
health_check = optional(string, "")
}) | `{}` | no |
| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no |
| private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
| project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
index 306de60f..79ca8108 100644
--- a/modules/serverless_negs/main.tf
+++ b/modules/serverless_negs/main.tf
@@ -32,7 +32,7 @@ resource "google_compute_global_forwarding_rule" "http" {
provider = google-beta
project = var.project
count = local.create_http_forward ? 1 : 0
- name = var.name
+ name = "${var.name_prefixes.http_forwarding_rule != null ? var.name_prefixes.http_forwarding_rule : var.name}${var.name_suffixes.http_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.address
port_range = var.http_port
@@ -45,7 +45,7 @@ resource "google_compute_global_forwarding_rule" "https" {
provider = google-beta
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https"
+ name = "${var.name_prefixes.https_forwarding_rule != null ? var.name_prefixes.https_forwarding_rule : var.name}${var.name_suffixes.https_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.address
port_range = var.https_port
@@ -58,7 +58,7 @@ resource "google_compute_global_address" "default" {
provider = google-beta
count = local.is_internal ? 0 : var.create_address ? 1 : 0
project = var.project
- name = "${var.name}-address"
+ name = "${var.name_prefixes.address != null ? var.name_prefixes.address : var.name}${var.name_suffixes.address}"
ip_version = "IPV4"
labels = var.labels
}
@@ -69,7 +69,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" {
provider = google-beta
project = var.project
count = (var.enable_ipv6 && local.create_http_forward) ? 1 : 0
- name = "${var.name}-ipv6-http"
+ name = "${var.name_prefixes.http_ipv6_forwarding_rule != null ? var.name_prefixes.http_ipv6_forwarding_rule : var.name}${var.name_suffixes.http_ipv6_forwarding_rule}"
target = google_compute_target_http_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "80"
@@ -82,7 +82,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" {
provider = google-beta
project = var.project
count = var.enable_ipv6 && var.ssl ? 1 : 0
- name = "${var.name}-ipv6-https"
+ name = "${var.name_prefixes.https_ipv6_forwarding_rule != null ? var.name_prefixes.https_ipv6_forwarding_rule : var.name}${var.name_suffixes.https_ipv6_forwarding_rule}"
target = google_compute_target_https_proxy.default[0].self_link
ip_address = local.ipv6_address
port_range = "443"
@@ -95,7 +95,7 @@ resource "google_compute_global_address" "default_ipv6" {
provider = google-beta
count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0
project = var.project
- name = "${var.name}-ipv6-address"
+ name = "${var.name_prefixes.address_ipv6 != null ? var.name_prefixes.address_ipv6 : var.name}${var.name_suffixes.address_ipv6}"
ip_version = "IPV6"
labels = var.labels
}
@@ -105,7 +105,7 @@ resource "google_compute_global_address" "default_ipv6" {
resource "google_compute_target_http_proxy" "default" {
project = var.project
count = local.create_http_forward ? 1 : 0
- name = "${var.name}-http-proxy"
+ name = "${var.name_prefixes.target_http_proxy != null ? var.name_prefixes.target_http_proxy : var.name}${var.name_suffixes.target_http_proxy}"
url_map = var.https_redirect == false ? local.url_map : join("", google_compute_url_map.https_redirect[*].self_link)
}
@@ -113,7 +113,7 @@ resource "google_compute_target_http_proxy" "default" {
resource "google_compute_target_https_proxy" "default" {
project = var.project
count = var.ssl ? 1 : 0
- name = "${var.name}-https-proxy"
+ name = "${var.name_prefixes.target_https_proxy != null ? var.name_prefixes.target_https_proxy : var.name}${var.name_suffixes.target_https_proxy}"
url_map = local.url_map
ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
@@ -150,7 +150,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
provider = google-beta
project = var.project
count = var.ssl && length(var.managed_ssl_certificate_domains) > 0 ? 1 : 0
- name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name}-cert"
+ name = var.random_certificate_suffix == true ? random_id.certificate[0].hex : "${var.name_prefixes.certificate != null ? var.name_prefixes.certificate : var.name}${var.name_suffixes.certificate}"
lifecycle {
create_before_destroy = true
@@ -165,14 +165,14 @@ resource "google_compute_url_map" "default" {
provider = google-beta
project = var.project
count = var.create_url_map ? 1 : 0
- name = "${var.name}-url-map"
+ name = "${var.name_prefixes.url_map != null ? var.name_prefixes.url_map : var.name}${var.name_suffixes.url_map}"
default_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
}
resource "google_compute_url_map" "https_redirect" {
project = var.project
count = var.https_redirect ? 1 : 0
- name = "${var.name}-https-redirect"
+ name = "${var.name_prefixes.url_map_https_redirect != null ? var.name_prefixes.url_map_https_redirect : var.name}${var.name_suffixes.url_map_https_redirect}"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
@@ -185,7 +185,7 @@ resource "google_compute_backend_service" "default" {
for_each = var.backends
project = coalesce(each.value["project"], var.project)
- name = "${var.name}-backend-${each.key}"
+ name = "${var.name_prefixes.backend_service != null ? var.name_prefixes.backend_service : "${var.name}-backend-"}${each.key}${var.name_suffixes.backend_service}"
load_balancing_scheme = var.load_balancing_scheme
diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
index 8bbeb5b3..11949a0d 100644
--- a/modules/serverless_negs/variables.tf
+++ b/modules/serverless_negs/variables.tf
@@ -299,3 +299,43 @@ variable "http_keep_alive_timeout_sec" {
type = number
default = null
}
+
+variable "name_suffixes" {
+ description = "Map of suffixes to the created resource names."
+ type = object({
+ address = optional(string, "-address")
+ address_ipv6 = optional(string, "-ipv6-address")
+ certificate = optional(string, "-cert")
+ http_forwarding_rule = optional(string, "")
+ http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
+ https_forwarding_rule = optional(string, "-https")
+ https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
+ target_http_proxy = optional(string, "-http-proxy")
+ target_https_proxy = optional(string, "-https-proxy")
+ url_map = optional(string, "-url-map")
+ url_map_https_redirect = optional(string, "-https-redirect")
+ backend_service = optional(string, "")
+ health_check = optional(string, "")
+ })
+ default = {}
+}
+
+variable "name_prefixes" {
+ description = "Map of resource name prefixes allowing name customization. `null` values fallback to module defaults."
+ type = object({
+ address = optional(string, null)
+ address_ipv6 = optional(string, null)
+ certificate = optional(string, null)
+ http_forwarding_rule = optional(string, null)
+ http_ipv6_forwarding_rule = optional(string, null)
+ https_forwarding_rule = optional(string, null)
+ https_ipv6_forwarding_rule = optional(string, null)
+ target_http_proxy = optional(string, null)
+ target_https_proxy = optional(string, null)
+ url_map = optional(string, null)
+ url_map_https_redirect = optional(string, null)
+ backend_service = optional(string, null)
+ health_check = optional(string, null)
+ })
+ default = {}
+}
diff --git a/variables.tf b/variables.tf
index 83a86fdf..20fb0bf2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -330,3 +330,43 @@ variable "http_keep_alive_timeout_sec" {
type = number
default = null
}
+
+variable "name_suffixes" {
+ description = "Map of suffixes to the created resource names."
+ type = object({
+ address = optional(string, "-address")
+ address_ipv6 = optional(string, "-ipv6-address")
+ certificate = optional(string, "-cert")
+ http_forwarding_rule = optional(string, "")
+ http_ipv6_forwarding_rule = optional(string, "-ipv6-http")
+ https_forwarding_rule = optional(string, "-https")
+ https_ipv6_forwarding_rule = optional(string, "-ipv6-https")
+ target_http_proxy = optional(string, "-http-proxy")
+ target_https_proxy = optional(string, "-https-proxy")
+ url_map = optional(string, "-url-map")
+ url_map_https_redirect = optional(string, "-https-redirect")
+ backend_service = optional(string, "")
+ health_check = optional(string, "")
+ })
+ default = {}
+}
+
+variable "name_prefixes" {
+ description = "Map of resource name prefixes allowing name customization. `null` values fallback to module defaults."
+ type = object({
+ address = optional(string, null)
+ address_ipv6 = optional(string, null)
+ certificate = optional(string, null)
+ http_forwarding_rule = optional(string, null)
+ http_ipv6_forwarding_rule = optional(string, null)
+ https_forwarding_rule = optional(string, null)
+ https_ipv6_forwarding_rule = optional(string, null)
+ target_http_proxy = optional(string, null)
+ target_https_proxy = optional(string, null)
+ url_map = optional(string, null)
+ url_map_https_redirect = optional(string, null)
+ backend_service = optional(string, null)
+ health_check = optional(string, null)
+ })
+ default = {}
+}