Internet NEG for net-lb-app-int (#2293)

Internet NEG for net-lb-app-int

modules/net-lb-app-int/backend-service.tf

@@ -24,11 +24,17 @@ locals {
     {
       for k, v in google_compute_network_endpoint_group.default : k => v.id
     },
+    {
+      for k, v in google_compute_region_network_endpoint_group.internet : k => v.id
+    },
     {
       for k, v in google_compute_region_network_endpoint_group.default : k => v.id
     },
     {
       for k, v in google_compute_region_network_endpoint_group.psc : k => v.id
+    },
+    {
+      for k, v in google_compute_region_network_endpoint.internet : k => v.id
     }
   )
   hc_ids = {

modules/net-lb-app-int/main.tf

@@ -214,3 +214,48 @@ resource "google_compute_region_network_endpoint_group" "psc" {
   network               = each.value.psc.network
   subnetwork            = each.value.psc.subnetwork
 }
+
+locals {
+  _neg_endpoints_internet = flatten([
+    for k, v in local.neg_internet : [
+      for kk, vv in v.internet.endpoints : merge(vv, {
+        key = "${k}-${kk}", neg = k, region = v.internet.region, use_fqdn = v.internet.use_fqdn
+      })
+    ]
+  ])
+  neg_endpoints_internet = {
+    for v in local._neg_endpoints_internet : (v.key) => v
+  }
+  neg_internet = {
+    for k, v in var.neg_configs :
+    k => v if v.internet != null
+  }
+}
+
+resource "google_compute_region_network_endpoint_group" "internet" {
+  for_each = local.neg_internet
+  project  = var.project_id
+  name     = "${var.name}-${each.key}"
+  region   = each.value.internet.region
+  # re-enable once provider properly supports this
+  # default_port = each.value.default_port
+  description = coalesce(each.value.description, var.description)
+  network_endpoint_type = (
+    each.value.internet.use_fqdn ? "INTERNET_FQDN_PORT" : "INTERNET_IP_PORT"
+  )
+  network = var.vpc_config.network
+}
+
+resource "google_compute_region_network_endpoint" "internet" {
+  for_each = local.neg_endpoints_internet
+  project = (
+    google_compute_region_network_endpoint_group.internet[each.value.neg].project
+  )
+  region = each.value.region
+  region_network_endpoint_group = (
+    google_compute_region_network_endpoint_group.internet[each.value.neg].name
+  )
+  fqdn       = each.value.use_fqdn ? each.value.destination : null
+  ip_address = each.value.use_fqdn ? null : each.value.destination
+  port       = each.value.port
+}

modules/net-lb-app-int/variables.tf

@@ -59,7 +59,8 @@ variable "name" {
 variable "neg_configs" {
   description = "Optional network endpoint groups to create. Can be referenced in backends via key or outputs."
   type = map(object({
-    project_id = optional(string)
+    project_id  = optional(string)
+    description = optional(string)
     cloudrun = optional(object({
       region = string
       target_service = optional(object({
@@ -90,6 +91,16 @@ variable "neg_configs" {
         port       = number
       })))
     }))
+    internet = optional(object({
+      region   = string
+      use_fqdn = optional(bool, true)
+      # re-enable once provider properly support this
+      # default_port = optional(number)
+      endpoints = optional(map(object({
+        destination = string
+        port        = number
+      })))
+    }))
     psc = optional(object({
       region         = string
       target_service = string
@@ -105,6 +116,7 @@ variable "neg_configs" {
         (try(v.cloudrun, null) == null ? 0 : 1) +
         (try(v.gce, null) == null ? 0 : 1) +
         (try(v.hybrid, null) == null ? 0 : 1) +
+        (try(v.internet, null) == null ? 0 : 1) +
         (try(v.psc, null) == null ? 0 : 1) == 1
       )
     ])