kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update and fix module net-lb-proxy-int (#4024)

Browse Source 
* Fix net-lb-int-proxy

* WIP update

* Update tests
This commit is contained in:
Luca Prete
2026-06-15 10:08:26 +02:00
committed by GitHub
parent a0987e189d
commit 6dcb19466a
23 changed files with 2387 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

306
modules/net-lb-proxy-int/README.md
View File

@@ -1,15 +1,18 @@
# Internal Proxy Network Load Balancer Module
This module allows managing Internal HTTP/HTTPS Load Balancers (L7 ILBs). It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc.
This module allows managing Internal TCP proxy Load Balancers. It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc.
Due to the complexity of the underlying resources, changes to the configuration that involve recreation of resources are best applied in stages, starting by disabling the configuration in the urlmap that references the resources that need recreation, then doing the same for the backend service, etc.
## Examples
<!-- BEGIN TOC -->
- [Examples](#examples)
- [Minimal Example](#minimal-example)
- [Health Checks](#health-checks)
- [Specify an existing IP address](#specify-an-existing-ip-address)
- [Specify multiple ports](#specify-multiple-ports)
- [Instance Groups](#instance-groups)
- [Network Endpoint Groups (NEGs)](#network-endpoint-groups-negs)
- [Zonal NEG creation](#zonal-neg-creation)
@@ -21,6 +24,7 @@ Due to the complexity of the underlying resources, changes to the configuration
- [Files](#files)
- [Variables](#variables)
- [Outputs](#outputs)
<!-- END TOC -->
### Minimal Example
@@ -28,7 +32,7 @@ Due to the complexity of the underlying resources, changes to the configuration
An Regional internal proxy Network Load Balancer with a backend service pointing to an existing GCE instance group:
```hcl
module "tcp-proxy" {
module "int-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
name = "ilb-test"
project_id = var.project_id
@@ -43,7 +47,7 @@ module "tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=4
# tftest inventory=minimal.yaml
```
### Health Checks
@@ -71,7 +75,7 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=4
# tftest inventory=health-check-config.yaml
```
To leverage an existing health check without having the module create them, simply pass its self link:
@@ -93,7 +97,92 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=3
# tftest inventory=health-check-link.yaml
```
### Specify an existing IP address
You can pass your forwarding rules existing IP addresses to use.
```hcl
module "address" {
source = "./fabric/modules/net-address"
project_id = var.project_id
internal_addresses = {
ilb = {
purpose = "INTERNAL"
region = "europe-west1"
subnetwork = var.subnet.self_link
}
}
}
module "int-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
name = "int-tcp-proxy"
project_id = var.project_id
region = "europe-west1"
forwarding_rules_config = {
"" = {
ip_address = module.address.internal_addresses["ilb"].address
}
}
backend_service_config = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
}]
}
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
}
# tftest inventory=address.yaml
```
### Specify multiple ports
To make your load balancer listen on multiple ports you will need to create multiple forwarding rules listening on the same IP of type `SHARED_LOADBALANCER_VIP` (created outside the module).
```hcl
module "address" {
source = "./fabric/modules/net-address"
project_id = var.project_id
internal_addresses = {
ilb = {
purpose = "SHARED_LOADBALANCER_VIP"
region = "europe-west1"
subnetwork = var.subnet.self_link
}
}
}
module "int-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
name = "int-tcp-proxy"
project_id = var.project_id
region = "europe-west1"
forwarding_rules_config = {
http = {
ip_address = module.address.internal_addresses["ilb"].address
port = 80
}
https = {
ip_address = module.address.internal_addresses["ilb"].address
port = 443
}
}
backend_service_config = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
}]
}
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
}
# tftest inventory=ports.yaml
```
### Instance Groups
@@ -126,7 +215,7 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=5
# tftest inventory=group-config.yaml
```
### Network Endpoint Groups (NEGs)
@@ -149,7 +238,7 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=4
# tftest inventory=neg-link.yaml
```
Similarly to instance groups, NEGs can also be managed by this module which supports GCE, hybrid and Private Service Connect NEGs:
@@ -157,15 +246,6 @@ Similarly to instance groups, NEGs can also be managed by this module which supp
#### Zonal NEG creation
```hcl
resource "google_compute_address" "test" {
project = var.project_id
name = "neg-test"
subnetwork = var.subnet.self_link
address_type = "INTERNAL"
address = "10.0.0.10"
region = "europe-west1"
}
module "int-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
name = "int-tcp-proxy"
@@ -187,9 +267,8 @@ module "int-tcp-proxy" {
endpoints = {
e-0 = {
instance = "test-1"
ip_address = google_compute_address.test.address
# ip_address = "10.0.0.10"
port = 80
ip_address = "10.0.0.10"
port = 80
}
}
}
@@ -200,7 +279,7 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=7 inventory=zonal-neg.yaml
# tftest inventory=zonal-neg.yaml
```
#### Hybrid NEG creation
@@ -238,40 +317,133 @@ module "int-tcp-proxy" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=6
# tftest inventory=hybrid-neg.yaml
```
#### Private Service Connect NEG creation
```hcl
module "address-ilb" {
source = "./fabric/modules/net-address"
project_id = var.project_id
internal_addresses = {
ilb-01 = {
purpose = "SHARED_LOADBALANCER_VIP"
region = var.region
subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id
}
}
}
module "int-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
name = "int-tcp-proxy"
project_id = var.project_id
region = "europe-west1"
region = var.region
forwarding_rules_config = {
http = {
ip_address = module.address-ilb.internal_addresses["ilb-01"].address
port = 80
}
https = {
ip_address = module.address-ilb.internal_addresses["ilb-01"].address
port = 443
}
}
backend_service_config = {
backends = [{
group = "my-neg"
balancing_mode = "CONNECTION"
max_connections = {
per_endpoint = 10
}
group = "my-neg"
}]
}
neg_configs = {
my-neg = {
psc = {
region = "europe-west1"
target_service = "europe-west1-cloudkms.googleapis.com"
network = module.vpc.id
subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id
region = var.region
producer_port = 80
target_service = module.ilb-producer.service_attachment_ids["default"]
}
}
}
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
network = module.vpc.id
subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id
}
}
# tftest modules=1 resources=5
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = var.project_id
name = "net-consumer-0"
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = "sub-consumer-0"
region = var.region
}
]
subnets_proxy_only = [
{
name = "sub-proxy-consumer-0"
region = var.region
ip_cidr_range = "10.0.1.0/26"
active = true
}
]
}
# PRODUCER - What the PSC NEG points to
module "ilb-producer" {
source = "./fabric/modules/net-lb-int"
project_id = var.project_id
region = "europe-west1"
name = "ilb-producer"
service_label = "ilb-producer"
vpc_config = {
network = module.vpc-producer.id
subnetwork = module.vpc-producer.subnets["${var.region}/sub-producer-0"].id
}
forwarding_rules_config = {
default = {}
}
service_attachments = {
default = {
nat_subnets = [module.vpc-producer.subnets_psc["${var.region}/sub-psc-producer-0"].id]
automatic_connection = true
}
}
}
module "vpc-producer" {
source = "./fabric/modules/net-vpc"
project_id = var.project_id
name = "net-producer-0"
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = "sub-producer-0"
region = var.region
}
]
subnets_proxy_only = [
{
name = "sub-proxy-producer-0"
region = var.region
ip_cidr_range = "10.0.1.0/26"
active = true
}
]
subnets_psc = [
{
name = "sub-psc-producer-0"
region = var.region
ip_cidr_range = "10.0.2.0/26"
}
]
}
# tftest inventory=psc-neg.yaml
```
#### Internet NEG creation
@@ -279,7 +451,7 @@ module "int-tcp-proxy" {
This example shows how to create and manage internet NEGs:
```hcl
module "ilb-l7" {
module "ilb-tcp-proxy" {
source = "./fabric/modules/net-lb-proxy-int"
project_id = var.project_id
name = "ilb-test"
@@ -291,7 +463,6 @@ module "ilb-l7" {
# with a single internet NEG the implied default health check is optional
health_checks = []
}
port = 80
neg_configs = {
neg-0 = {
internet = {
@@ -311,7 +482,7 @@ module "ilb-l7" {
subnetwork = var.subnet.self_link
}
}
# tftest modules=1 resources=6 inventory=internet-neg.yaml e2e
# tftest inventory=internet-neg.yaml e2e
```
### Context
@@ -324,7 +495,11 @@ module "tcp-proxy" {
name = "ilb-test"
project_id = "$project_ids:test"
region = "$locations:ew8"
address = "$addresses:test"
forwarding_rules_config = {
"" = {
ip_address = "$addresses:test"
}
}
backend_service_config = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
@@ -366,6 +541,7 @@ module "tcp-proxy" {
```
## Deploying changes to load balancer configurations
For deploying changes to load balancer configuration please refer to [net-lb-app-ext README.md](../net-lb-app-ext/README.md#deploying-changes-to-load-balancer-configurations)
<!-- TFDOC OPTS files:1 -->
@@ -374,7 +550,7 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
| name | description | resources |
|---|---|---|
| [backend-service.tf](./backend-service.tf) | Backend service resources. | <code>google_compute_region_backend_service</code> |
| [backend-service.tf](./backend-service.tf) | Backend service resources. | <code>google_compute_region_backend_service</code> · <code>terraform_data</code> |
| [groups.tf](./groups.tf) | None | <code>google_compute_instance_group</code> |
| [health-check.tf](./health-check.tf) | Health check resource. | <code>google_compute_region_health_check</code> |
| [main.tf](./main.tf) | Module-level locals and resources. | <code>google_compute_forwarding_rule</code> · <code>google_compute_network_endpoint</code> · <code>google_compute_network_endpoint_group</code> · <code>google_compute_region_network_endpoint</code> · <code>google_compute_region_network_endpoint_group</code> · <code>google_compute_region_target_tcp_proxy</code> · <code>google_compute_service_attachment</code> |
@@ -386,38 +562,36 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L221) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L290) | Project id. | <code>string</code> | ✓ | |
| [region](variables.tf#L295) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L315) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
| [backend_service_config](variables.tf#L23) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [context](variables.tf#L82) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L95) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [global_access](variables.tf#L102) | Allow client access from all regions. | <code>bool</code> | | <code>null</code> |
| [group_configs](variables.tf#L108) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L122) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L128) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L215) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L226) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [port](variables.tf#L284) | Port. | <code>number</code> | | <code>80</code> |
| [service_attachment](variables.tf#L300) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [name](variables.tf#L224) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L288) | Project id. | <code>string</code> | ✓ | |
| [region](variables.tf#L293) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L314) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [context](variables.tf#L76) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L89) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [forwarding_rules_config](variables.tf#L95) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L111) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L125) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L131) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L218) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L229) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_attachment](variables.tf#L298) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [address](outputs.tf#L17) | Forwarding rule address. | |
| [backend_service](outputs.tf#L22) | Backend resource. | |
| [backend_service_id](outputs.tf#L27) | Backend id. | |
| [backend_service_self_link](outputs.tf#L32) | Backend self link. | |
| [forwarding_rule](outputs.tf#L37) | Forwarding rule resource. | |
| [group_self_links](outputs.tf#L42) | Optional unmanaged instance group self links. | |
| [groups](outputs.tf#L49) | Optional unmanaged instance group resources. | |
| [health_check](outputs.tf#L54) | Auto-created health-check resource. | |
| [health_check_id](outputs.tf#L59) | Auto-created health-check id. | |
| [health_check_self_link](outputs.tf#L64) | Auto-created health-check self link. | |
| [id](outputs.tf#L69) | Fully qualified forwarding rule id. | |
| [neg_ids](outputs.tf#L74) | Autogenerated network endpoint group ids. | |
| [service_attachment_id](outputs.tf#L81) | Id of the service attachment. | |
| [address](outputs.tf#L17) | Forwarding rules addresses. | |
| [backend_service](outputs.tf#L25) | Backend resource. | |
| [backend_service_id](outputs.tf#L30) | Backend id. | |
| [backend_service_self_link](outputs.tf#L35) | Backend self link. | |
| [forwarding_rules](outputs.tf#L40) | Forwarding rule resources. | |
| [group_self_links](outputs.tf#L45) | Optional unmanaged instance group self links. | |
| [groups](outputs.tf#L52) | Optional unmanaged instance group resources. | |
| [health_check](outputs.tf#L57) | Auto-created health-check resource. | |
| [health_check_id](outputs.tf#L62) | Auto-created health-check id. | |
| [health_check_self_link](outputs.tf#L67) | Auto-created health-check self link. | |
| [ids](outputs.tf#L72) | Fully qualified forwarding rule ids. | |
| [neg_ids](outputs.tf#L79) | Autogenerated network endpoint group ids. | |
| [service_attachment_id](outputs.tf#L86) | Id of the service attachment. | |
<!-- END TFDOC -->

16
modules/net-lb-proxy-int/backend-service.tf
View File

@@ -34,6 +34,14 @@ locals {
)
}
resource "terraform_data" "neg_trigger" {
input = {
zonal = { for k, v in google_compute_network_endpoint_group.default : k => v.id }
psc = { for k, v in google_compute_region_network_endpoint_group.psc : k => v.id }
internet = { for k, v in google_compute_region_network_endpoint_group.internet : k => v.id }
}
}
resource "google_compute_region_backend_service" "default" {
provider = google-beta
project = local.project_id
@@ -42,7 +50,7 @@ resource "google_compute_region_backend_service" "default" {
description = var.backend_service_config.description
affinity_cookie_ttl_sec = var.backend_service_config.affinity_cookie_ttl_sec
connection_draining_timeout_sec = var.backend_service_config.connection_draining_timeout_sec
health_checks = [local.health_check]
health_checks = local.health_check == null ? null : [local.health_check]
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.backend_service_config.port_name # defaults to http, not for NEGs
protocol = "TCP"
@@ -102,4 +110,10 @@ resource "google_compute_region_backend_service" "default" {
}
}
lifecycle {
replace_triggered_by = [
terraform_data.neg_trigger
]
}
}

14
modules/net-lb-proxy-int/health-check.tf
View File

@@ -18,7 +18,7 @@
locals {
hc = (
var.health_check != null ? null : var.health_check_config
local.has_psc_backend || var.health_check != null ? null : var.health_check_config
)
hc_grpc = try(local.hc.grpc, null) != null
hc_http = try(local.hc.http, null) != null
@@ -32,13 +32,13 @@ resource "google_compute_region_health_check" "default" {
provider = google-beta
count = local.hc != null ? 1 : 0
project = local.project_id
name = coalesce(local.hc.name, var.name)
name = coalesce(try(local.hc.name, null), var.name)
region = local.region
description = local.hc.description
check_interval_sec = local.hc.check_interval_sec
healthy_threshold = local.hc.healthy_threshold
timeout_sec = local.hc.timeout_sec
unhealthy_threshold = local.hc.unhealthy_threshold
description = try(local.hc.description, null)
check_interval_sec = try(local.hc.check_interval_sec, null)
healthy_threshold = try(local.hc.healthy_threshold, null)
timeout_sec = try(local.hc.timeout_sec, null)
unhealthy_threshold = try(local.hc.unhealthy_threshold, null)
dynamic "grpc_health_check" {
for_each = local.hc_grpc ? [""] : []

71
modules/net-lb-proxy-int/main.tf
View File

@@ -36,11 +36,27 @@ locals {
})
]
])
forwarding_rule_names = {
for k, v in var.forwarding_rules_config :
k => k == "" ? var.name : "${var.name}-${k}"
}
health_check = (
var.health_check != null
? var.health_check
: google_compute_region_health_check.default[0].self_link
local.has_psc_backend
? null
: (
var.health_check == null
? (
var.health_check_config == null
? null
: google_compute_region_health_check.default[0].self_link
)
: var.health_check
)
)
has_psc_backend = anytrue([
for b in coalesce(var.backend_service_config.backends, []) :
try(var.neg_configs[b.group].psc != null, false)
])
neg_endpoints = {
for v in local._neg_endpoints : (v.key) => v
}
@@ -62,25 +78,37 @@ locals {
}
resource "google_compute_forwarding_rule" "default" {
for_each = var.forwarding_rules_config
provider = google-beta
project = local.project_id
region = local.region
name = var.name
description = var.description
ip_address = (
var.address == null
name = coalesce(each.value.name, local.forwarding_rule_names[each.key])
description = coalesce(each.value.description, var.description)
ip_address = try(local.ctx.addresses[each.value.address], each.value.address)
ip_protocol = "TCP"
ip_version = (
each.value.address != null
? null
: lookup(local.ctx.addresses, var.address, var.address)
: (
each.value.ipv6 == true
? "IPV6"
: "IPV4" # do not set if address is provided
)
)
ip_protocol = "TCP"
load_balancing_scheme = "INTERNAL_MANAGED"
network = local.network
port_range = var.port
port_range = each.value.port
subnetwork = local.subnetwork
labels = var.labels
target = google_compute_region_target_tcp_proxy.default.id
# during the preview phase you cannot change this attribute on an existing rule
allow_global_access = var.global_access
# During the preview phase you cannot change this attribute on an existing rule
allow_global_access = each.value.global_access
lifecycle {
replace_triggered_by = [
google_compute_region_target_tcp_proxy.default
]
}
}
resource "google_compute_region_target_tcp_proxy" "default" {
@@ -134,11 +162,10 @@ resource "google_compute_network_endpoint" "default" {
}
resource "google_compute_region_network_endpoint_group" "psc" {
for_each = local.neg_regional_psc
project = local.project_id
region = each.value.psc.region
name = "${var.name}-${each.key}"
//description = coalesce(each.value.description, var.description)
for_each = local.neg_regional_psc
project = local.project_id
region = each.value.psc.region
name = "${var.name}-${each.key}"
network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
psc_target_service = each.value.psc.target_service
network = (
@@ -151,9 +178,9 @@ resource "google_compute_region_network_endpoint_group" "psc" {
? null
: try(local.ctx.subnets[each.value.psc.subnetwork], each.value.psc.subnetwork)
)
lifecycle {
# ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
ignore_changes = [psc_data]
psc_data {
producer_port = each.value.psc.producer_port
}
}
@@ -210,7 +237,7 @@ resource "google_compute_service_attachment" "default" {
region = var.region
name = var.name
description = var.description
target_service = google_compute_forwarding_rule.default.id
target_service = google_compute_forwarding_rule.default[var.service_attachment.forwarding_rule].id
nat_subnets = [
for s in var.service_attachment.nat_subnets
: lookup(local.ctx.subnets, s, s)
@@ -228,9 +255,11 @@ resource "google_compute_service_attachment" "default" {
)
enable_proxy_protocol = var.service_attachment.enable_proxy_protocol
reconcile_connections = var.service_attachment.reconcile_connections
dynamic "consumer_accept_lists" {
for_each = var.service_attachment.consumer_accept_lists
iterator = accept
content {
project_id_or_num = accept.key
connection_limit = accept.value

19
modules/net-lb-proxy-int/outputs.tf
View File

@@ -15,8 +15,11 @@
*/
output "address" {
description = "Forwarding rule address."
value = google_compute_forwarding_rule.default.ip_address
description = "Forwarding rules addresses."
value = {
for k, v in google_compute_forwarding_rule.default
: v.name => v.ip_address
}
}
output "backend_service" {
@@ -34,8 +37,8 @@ output "backend_service_self_link" {
value = google_compute_region_backend_service.default.self_link
}
output "forwarding_rule" {
description = "Forwarding rule resource."
output "forwarding_rules" {
description = "Forwarding rule resources."
value = google_compute_forwarding_rule.default
}
@@ -66,9 +69,11 @@ output "health_check_self_link" {
value = try(google_compute_region_health_check.default[0].self_link, null)
}
output "id" {
description = "Fully qualified forwarding rule id."
value = google_compute_forwarding_rule.default.id
output "ids" {
description = "Fully qualified forwarding rule ids."
value = {
for k, v in google_compute_forwarding_rule.default : k => v.id
}
}
output "neg_ids" {

35
modules/net-lb-proxy-int/variables.tf
View File

@@ -14,12 +14,6 @@
* limitations under the License.
*/
variable "address" {
description = "Optional IP address used for the forwarding rule."
type = string
default = null
}
variable "backend_service_config" {
description = "Backend service level configuration."
type = object({
@@ -98,11 +92,20 @@ variable "description" {
default = "Terraform managed."
}
# during the preview phase you cannot change this attribute on an existing rule
variable "global_access" {
description = "Allow client access from all regions."
type = bool
default = null
variable "forwarding_rules_config" {
description = "The optional forwarding rules configuration."
type = map(object({
address = optional(string)
description = optional(string)
global_access = optional(bool, true)
ipv6 = optional(bool, false)
name = optional(string)
port = optional(number, 80)
protocol = optional(string, "TCP")
}))
default = {
"" = {}
}
}
variable "group_configs" {
@@ -203,7 +206,7 @@ variable "health_check_config" {
error_message = "Only one health check type can be configured at a time."
}
validation {
condition = alltrue([
condition = var.health_check_config == null ? true : alltrue([
for k, v in var.health_check_config : contains([
"-", "USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"
], coalesce(try(v.port_specification, null), "-"))
@@ -263,6 +266,7 @@ variable "neg_configs" {
region = string
target_service = string
network = optional(string)
producer_port = optional(number)
subnetwork = optional(string)
}))
}))
@@ -281,12 +285,6 @@ variable "neg_configs" {
}
}
variable "port" {
description = "Port."
type = number
default = 80
}
variable "project_id" {
description = "Project id."
type = string
@@ -307,6 +305,7 @@ variable "service_attachment" {
description = optional(string)
domain_name = optional(string)
enable_proxy_protocol = optional(bool, false)
forwarding_rule = optional(string)
reconcile_connections = optional(bool)
})
default = null

154
tests/modules/net_lb_proxy_int/examples/address.yaml Normal file
View File

@@ -0,0 +1,154 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.address.google_compute_address.internal["ilb"]:
address_type: INTERNAL
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
ip_collection: null
ip_version: null
ipv6_endpoint_type: null
labels: null
name: ilb
network: null
project: project-id
purpose: INTERNAL
region: europe-west1
subnetwork: subnet_self_link
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_address: 1
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 2
resources: 6
terraform_data: 1
outputs: {}

24
tests/modules/net_lb_proxy_int/examples/context.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2025 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -13,15 +13,16 @@
# limitations under the License.
values:
module.tcp-proxy.google_compute_forwarding_rule.default:
module.tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_address: 10.0.0.10
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
@@ -38,6 +39,7 @@ values:
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce
timeouts: null
module.tcp-proxy.google_compute_instance_group.default["default"]:
deletion_policy: DELETE
description: Terraform managed.
instances:
- projects/myprj/zones/europe-west1-b/instances/vm-a
@@ -70,6 +72,7 @@ values:
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
@@ -94,6 +97,7 @@ values:
tls_settings: []
module.tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
@@ -116,12 +120,19 @@ values:
timeouts: null
unhealthy_threshold: 2
module.tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: ilb-test
project: foo-test-0
proxy_header: NONE
region: europe-west8
timeouts: null
module.tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
@@ -130,6 +141,7 @@ counts:
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 5
resources: 6
terraform_data: 1
outputs: {}

147
tests/modules/net_lb_proxy_int/examples/group-config.yaml Normal file
View File

@@ -0,0 +1,147 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_instance_group.default["default"]:
deletion_policy: DELETE
description: Terraform managed.
instances:
- projects/myprj/zones/europe-west1-b/instances/vm-a
name: int-tcp-proxy-default
named_port:
- name: http
port: 80
project: project-id
timeouts: null
zone: europe-west1-b
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
port_name: http
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_instance_group: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 6
terraform_data: 1
outputs: {}

134
tests/modules/net_lb_proxy_int/examples/health-check-config.yaml Normal file
View File

@@ -0,0 +1,134 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: 80
port_name: null
port_specification: null
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 5
terraform_data: 1
outputs: {}

111
tests/modules/net_lb_proxy_int/examples/health-check-link.yaml Normal file
View File

@@ -0,0 +1,111 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
health_checks:
- projects/myprj/global/healthChecks/custom
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 4
terraform_data: 1
outputs: {}

155
tests/modules/net_lb_proxy_int/examples/hybrid-neg.yaml Normal file
View File

@@ -0,0 +1,155 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_network_endpoint.default["my-neg-e-0"]:
deletion_policy: DELETE
instance: null
ip_address: 10.0.0.10
network_endpoint_group: int-tcp-proxy-my-neg
port: 80
project: project-id
timeouts: null
zone: europe-west1-b
module.int-tcp-proxy.google_compute_network_endpoint_group.default["my-neg"]:
default_port: null
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy-my-neg
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
network_endpoint_type: NON_GCP_PRIVATE_IP_PORT
project: project-id
subnetwork: null
timeouts: null
zone: europe-west1-b
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: CONNECTION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
max_connections_per_endpoint: 10
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_network_endpoint: 1
google_compute_network_endpoint_group: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 7
terraform_data: 1
outputs: {}

109
tests/modules/net_lb_proxy_int/examples/internet-neg.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,51 +12,139 @@
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.ilb-l7.google_compute_forwarding_rule.default:
module.ilb-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west8
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
module.ilb-l7.google_compute_region_backend_service.default:
timeouts: null
module.ilb-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: ilb-test
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west8
security_policy: null
session_affinity: NONE
module.ilb-l7.google_compute_region_network_endpoint.internet["neg-0-e-0"]:
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.ilb-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: ilb-test
project: project-id
region: europe-west8
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.ilb-tcp-proxy.google_compute_region_network_endpoint.internet["neg-0-e-0"]:
client_destination_port: null
deletion_policy: DELETE
fqdn: www.example.org
instance: null
ip_address: null
port: 80
project: project-id
region: europe-west8
region_network_endpoint_group: ilb-test-neg-0
module.ilb-l7.google_compute_region_network_endpoint_group.internet["neg-0"]:
timeouts: null
module.ilb-tcp-proxy.google_compute_region_network_endpoint_group.internet["neg-0"]:
app_engine: []
cloud_function: []
cloud_run: []
deletion_policy: DELETE
description: null
name: ilb-test-neg-0
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
network_endpoint_type: INTERNET_FQDN_PORT
project: project-id
psc_target_service: null
region: europe-west8
subnetwork: null
module.ilb-l7.google_compute_region_target_tcp_proxy.default:
timeouts: null
module.ilb-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: ilb-test
project: project-id
proxy_header: NONE
region: europe-west8
timeouts: null
module.ilb-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
@@ -66,4 +154,7 @@ counts:
google_compute_region_network_endpoint_group: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 6
resources: 7
terraform_data: 1
outputs: {}

134
tests/modules/net_lb_proxy_int/examples/minimal.yaml Normal file
View File

@@ -0,0 +1,134 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: ilb-test
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: ilb-test
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: ilb-test
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 5
terraform_data: 1
outputs: {}

134
tests/modules/net_lb_proxy_int/examples/neg-link.yaml Normal file
View File

@@ -0,0 +1,134 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/networkEndpointGroups/my-neg
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 5
terraform_data: 1
outputs: {}

179
tests/modules/net_lb_proxy_int/examples/ports.yaml Normal file
View File

@@ -0,0 +1,179 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.address.google_compute_address.internal["ilb"]:
address_type: INTERNAL
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
ip_collection: null
ip_version: null
ipv6_endpoint_type: null
labels: null
name: ilb
network: null
project: project-id
purpose: SHARED_LOADBALANCER_VIP
region: europe-west1
subnetwork: subnet_self_link
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default["http"]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy-http
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default["https"]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy-https
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
no_automate_dns_zone: null
port_range: '443'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: int-tcp-proxy
project: project-id
region: europe-west1
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_address: 1
google_compute_forwarding_rule: 2
google_compute_region_backend_service: 1
google_compute_region_health_check: 1
google_compute_region_target_tcp_proxy: 1
modules: 2
resources: 7
terraform_data: 1
outputs: {}

471
tests/modules/net_lb_proxy_int/examples/psc-neg.yaml Normal file
View File

@@ -0,0 +1,471 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.address-ilb.google_compute_address.internal["ilb-01"]:
address_type: INTERNAL
deletion_policy: DELETE
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
ip_collection: null
ip_version: null
ipv6_endpoint_type: null
labels: null
name: ilb-01
network: null
project: project-id
purpose: SHARED_LOADBALANCER_VIP
region: europe-west8
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.ilb-producer.google_compute_forwarding_rule.default["default"]:
all_ports: true
allow_global_access: true
allow_psc_global_access: null
deletion_policy: DELETE
description: null
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL
name: ilb-producer-default
no_automate_dns_zone: null
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: ilb-producer
source_ip_ranges: null
target: null
timeouts: null
module.ilb-producer.google_compute_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: ilb-producer
project: project-id
source_regions: null
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.ilb-producer.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend: []
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
iap:
- enabled: false
oauth2_client_id: null
oauth2_client_secret: null
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL
locality_lb_policy: null
name: ilb-producer
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: UNSPECIFIED
region: europe-west1
security_policy: null
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.ilb-producer.google_compute_service_attachment.default["default"]:
connection_preference: ACCEPT_AUTOMATIC
consumer_accept_lists: []
consumer_reject_lists: null
deletion_policy: DELETE
description: Terraform managed.
domain_names: null
enable_proxy_protocol: false
name: ilb-producer-default
project: project-id
region: europe-west1
send_propagated_connection_limit_if_zero: false
show_nat_ips: null
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default["http"]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy-http
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west8
service_label: null
source_ip_ranges: null
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default["https"]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: int-tcp-proxy-https
no_automate_dns_zone: null
port_range: '443'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west8
service_label: null
source_ip_ranges: null
timeouts: null
module.int-tcp-proxy.google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
health_checks: null
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west8
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_network_endpoint_group.psc["my-neg"]:
app_engine: []
cloud_function: []
cloud_run: []
deletion_policy: DELETE
description: null
name: int-tcp-proxy-my-neg
network_endpoint_type: PRIVATE_SERVICE_CONNECT
project: project-id
psc_data:
- producer_port: '80'
region: europe-west8
timeouts: null
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west8
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
module.vpc-producer.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: net-producer-0
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc-producer.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: net-producer-0-directpath-googleapis
network: net-producer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc-producer.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: net-producer-0-private-googleapis
network: net-producer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc-producer.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: net-producer-0-restricted-googleapis
network: net-producer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc-producer.google_compute_subnetwork.proxy_only["europe-west8/sub-proxy-producer-0"]:
deletion_policy: DELETE
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal
HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.1.0/26
ip_collection: null
ipv6_access_type: null
log_config: []
name: sub-proxy-producer-0
network: net-producer-0
params: []
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: ACTIVE
send_secondary_ip_range_if_empty: null
timeouts: null
module.vpc-producer.google_compute_subnetwork.psc["europe-west8/sub-psc-producer-0"]:
deletion_policy: DELETE
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.2.0/26
ip_collection: null
ipv6_access_type: null
log_config: []
name: sub-psc-producer-0
network: net-producer-0
params: []
project: project-id
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: null
timeouts: null
module.vpc-producer.google_compute_subnetwork.subnetwork["europe-west8/sub-producer-0"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: sub-producer-0
network: net-producer-0
params: []
private_ip_google_access: true
project: project-id
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_bgp_always_compare_med: false
delete_default_routes_on_create: false
deletion_policy: DELETE
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: net-consumer-0
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["directpath-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: net-consumer-0-directpath-googleapis
network: net-consumer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: net-consumer-0-private-googleapis
network: net-consumer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
deletion_policy: DELETE
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: net-consumer-0-restricted-googleapis
network: net-consumer-0
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.proxy_only["europe-west8/sub-proxy-consumer-0"]:
deletion_policy: DELETE
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal
HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.1.0/26
ip_collection: null
ipv6_access_type: null
log_config: []
name: sub-proxy-consumer-0
network: net-consumer-0
params: []
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: ACTIVE
send_secondary_ip_range_if_empty: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west8/sub-consumer-0"]:
deletion_policy: DELETE
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
ip_collection: null
ipv6_access_type: null
log_config: []
name: sub-consumer-0
network: net-consumer-0
params: []
private_ip_google_access: true
project: project-id
region: europe-west8
reserved_internal_range: null
resolve_subnet_mask: null
role: null
send_secondary_ip_range_if_empty: true
timeouts: null
counts:
google_compute_address: 1
google_compute_forwarding_rule: 3
google_compute_health_check: 1
google_compute_network: 2
google_compute_region_backend_service: 2
google_compute_region_network_endpoint_group: 1
google_compute_region_target_tcp_proxy: 1
google_compute_route: 6
google_compute_service_attachment: 1
google_compute_subnetwork: 5
modules: 5
resources: 24
terraform_data: 1
outputs: {}

54
tests/modules/net_lb_proxy_int/examples/zonal-neg.yaml
View File

@@ -1,10 +1,10 @@
# Copyright 2024 Google LLC
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -13,30 +13,16 @@
# limitations under the License.
values:
google_compute_address.test:
address: 10.0.0.10
address_type: INTERNAL
description: null
effective_labels:
goog-terraform-provisioned: 'true'
ip_version: null
ipv6_endpoint_type: null
labels: null
name: neg-test
network: null
project: project-id
region: europe-west1
subnetwork: subnet_self_link
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.int-tcp-proxy.google_compute_forwarding_rule.default:
module.int-tcp-proxy.google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
@@ -53,6 +39,7 @@ values:
subnetwork: subnet_self_link
timeouts: null
module.int-tcp-proxy.google_compute_network_endpoint.default["my-neg-e-0"]:
deletion_policy: DELETE
instance: test-1
ip_address: 10.0.0.10
network_endpoint_group: int-tcp-proxy-my-neg
@@ -62,6 +49,7 @@ values:
zone: europe-west1-b
module.int-tcp-proxy.google_compute_network_endpoint_group.default["my-neg"]:
default_port: null
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy-my-neg
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
@@ -75,6 +63,7 @@ values:
backend:
- balancing_mode: CONNECTION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
@@ -84,29 +73,41 @@ values:
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: int-tcp-proxy
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: TCP
region: europe-west1
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.int-tcp-proxy.google_compute_region_health_check.default[0]:
check_interval_sec: 5
deletion_policy: DELETE
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
@@ -126,15 +127,21 @@ values:
timeouts: null
unhealthy_threshold: 2
module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: int-tcp-proxy
project: project-id
proxy_header: NONE
region: europe-west1
timeouts: null
module.int-tcp-proxy.terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_address: 1
google_compute_forwarding_rule: 1
google_compute_network_endpoint: 1
google_compute_network_endpoint_group: 1
@@ -143,3 +150,6 @@ counts:
google_compute_region_target_tcp_proxy: 1
modules: 1
resources: 7
terraform_data: 1
outputs: {}

1
tests/modules/net_lb_proxy_int/health-checks-none.tfvars Normal file
View File

@@ -0,0 +1 @@
health_check_config = null

123
tests/modules/net_lb_proxy_int/health-checks-none.yaml Normal file
View File

@@ -0,0 +1,123 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: hc-test-0
network: network
no_automate_dns_zone: null
port_range: '80'
ports: null
project: my-project
recreate_closed_psc: false
region: europe-west4
service_label: null
source_ip_ranges: null
subnetwork: subnet
timeouts: null
google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west4-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
health_checks: null
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: hc-test-0
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: my-project
protocol: TCP
region: europe-west4
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: hc-test-0
project: my-project
proxy_header: NONE
region: europe-west4
timeouts: null
terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_target_tcp_proxy: 1
modules: 0
resources: 4
terraform_data: 1
outputs:
address: __missing__
backend_service: __missing__
backend_service_id: __missing__
backend_service_self_link: __missing__
forwarding_rules: __missing__
group_self_links: {}
groups: {}
health_check: null
health_check_id: null
health_check_self_link: null
ids: __missing__
neg_ids: {}
service_attachment_id: null

13
tests/modules/net_lb_proxy_int/health-checks-psc.tfvars Normal file
View File

@@ -0,0 +1,13 @@
neg_configs = {
my-psc = {
psc = {
region = "europe-west4"
target_service = "projects/my-prod-project/regions/europe-west4/serviceAttachments/my-attachment"
}
}
}
backend_service_config = {
backends = [{
group = "my-psc"
}]
}

138
tests/modules/net_lb_proxy_int/health-checks-psc.yaml Normal file
View File

@@ -0,0 +1,138 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_forwarding_rule.default[""]:
all_ports: null
allow_global_access: true
allow_psc_global_access: null
backend_service: null
deletion_policy: DELETE
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
ip_version: IPV4
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: hc-test-0
network: network
no_automate_dns_zone: null
port_range: '80'
ports: null
project: my-project
recreate_closed_psc: false
region: europe-west4
service_label: null
source_ip_ranges: null
subnetwork: subnet
timeouts: null
google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
deletion_policy: DELETE
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
health_checks: null
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: hc-test-0
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: my-project
protocol: TCP
region: europe-west4
security_policy: null
session_affinity: NONE
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
google_compute_region_network_endpoint_group.psc["my-psc"]:
app_engine: []
cloud_function: []
cloud_run: []
deletion_policy: DELETE
description: null
name: hc-test-0-my-psc
network_endpoint_type: PRIVATE_SERVICE_CONNECT
project: my-project
psc_data:
- producer_port: null
psc_target_service: projects/my-prod-project/regions/europe-west4/serviceAttachments/my-attachment
region: europe-west4
subnetwork: null
timeouts: null
google_compute_region_target_tcp_proxy.default:
deletion_policy: DELETE
description: Terraform managed.
name: hc-test-0
project: my-project
proxy_header: NONE
region: europe-west4
timeouts: null
terraform_data.neg_trigger:
input:
internet: {}
psc: {}
zonal: {}
triggers_replace: null
counts:
google_compute_forwarding_rule: 1
google_compute_region_backend_service: 1
google_compute_region_network_endpoint_group: 1
google_compute_region_target_tcp_proxy: 1
modules: 0
resources: 5
terraform_data: 1
outputs:
address: __missing__
backend_service: __missing__
backend_service_id: __missing__
backend_service_self_link: __missing__
forwarding_rules: __missing__
group_self_links: {}
groups: {}
health_check: null
health_check_id: null
health_check_self_link: null
ids: __missing__
neg_ids: {}
service_attachment_id: null

2
tests/modules/net_lb_proxy_int/tftest.yaml
View File

@@ -20,5 +20,7 @@ tests:
health-checks-http:
health-checks-http2:
health-checks-https:
health-checks-none:
health-checks-psc:
health-checks-ssl:
health-checks-tcp: