From 6dcb19466afe40e41a91e6ea30e00d27b4ad788e Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Mon, 15 Jun 2026 10:08:26 +0200 Subject: [PATCH] Update and fix module net-lb-proxy-int (#4024) * Fix net-lb-int-proxy * WIP update * Update tests --- modules/net-lb-proxy-int/README.md | 306 +++++++++--- modules/net-lb-proxy-int/backend-service.tf | 16 +- modules/net-lb-proxy-int/health-check.tf | 14 +- modules/net-lb-proxy-int/main.tf | 71 ++- modules/net-lb-proxy-int/outputs.tf | 19 +- modules/net-lb-proxy-int/variables.tf | 35 +- .../net_lb_proxy_int/examples/address.yaml | 154 ++++++ .../net_lb_proxy_int/examples/context.yaml | 24 +- .../examples/group-config.yaml | 147 ++++++ .../examples/health-check-config.yaml | 134 +++++ .../examples/health-check-link.yaml | 111 +++++ .../net_lb_proxy_int/examples/hybrid-neg.yaml | 155 ++++++ .../examples/internet-neg.yaml | 109 +++- .../net_lb_proxy_int/examples/minimal.yaml | 134 +++++ .../net_lb_proxy_int/examples/neg-link.yaml | 134 +++++ .../net_lb_proxy_int/examples/ports.yaml | 179 +++++++ .../net_lb_proxy_int/examples/psc-neg.yaml | 471 ++++++++++++++++++ .../net_lb_proxy_int/examples/zonal-neg.yaml | 54 +- .../health-checks-none.tfvars | 1 + .../net_lb_proxy_int/health-checks-none.yaml | 123 +++++ .../net_lb_proxy_int/health-checks-psc.tfvars | 13 + .../net_lb_proxy_int/health-checks-psc.yaml | 138 +++++ tests/modules/net_lb_proxy_int/tftest.yaml | 2 + 23 files changed, 2387 insertions(+), 157 deletions(-) create mode 100644 tests/modules/net_lb_proxy_int/examples/address.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/group-config.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/health-check-config.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/health-check-link.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/hybrid-neg.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/minimal.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/neg-link.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/ports.yaml create mode 100644 tests/modules/net_lb_proxy_int/examples/psc-neg.yaml create mode 100644 tests/modules/net_lb_proxy_int/health-checks-none.tfvars create mode 100644 tests/modules/net_lb_proxy_int/health-checks-none.yaml create mode 100644 tests/modules/net_lb_proxy_int/health-checks-psc.tfvars create mode 100644 tests/modules/net_lb_proxy_int/health-checks-psc.yaml diff --git a/modules/net-lb-proxy-int/README.md b/modules/net-lb-proxy-int/README.md index af1053c4b..ada4e0d56 100644 --- a/modules/net-lb-proxy-int/README.md +++ b/modules/net-lb-proxy-int/README.md @@ -1,15 +1,18 @@ # Internal Proxy Network Load Balancer Module -This module allows managing Internal HTTP/HTTPS Load Balancers (L7 ILBs). It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc. +This module allows managing Internal TCP proxy Load Balancers. It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc. Due to the complexity of the underlying resources, changes to the configuration that involve recreation of resources are best applied in stages, starting by disabling the configuration in the urlmap that references the resources that need recreation, then doing the same for the backend service, etc. ## Examples + - [Examples](#examples) - [Minimal Example](#minimal-example) - [Health Checks](#health-checks) + - [Specify an existing IP address](#specify-an-existing-ip-address) + - [Specify multiple ports](#specify-multiple-ports) - [Instance Groups](#instance-groups) - [Network Endpoint Groups (NEGs)](#network-endpoint-groups-negs) - [Zonal NEG creation](#zonal-neg-creation) @@ -21,6 +24,7 @@ Due to the complexity of the underlying resources, changes to the configuration - [Files](#files) - [Variables](#variables) - [Outputs](#outputs) + ### Minimal Example @@ -28,7 +32,7 @@ Due to the complexity of the underlying resources, changes to the configuration An Regional internal proxy Network Load Balancer with a backend service pointing to an existing GCE instance group: ```hcl -module "tcp-proxy" { +module "int-tcp-proxy" { source = "./fabric/modules/net-lb-proxy-int" name = "ilb-test" project_id = var.project_id @@ -43,7 +47,7 @@ module "tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=4 +# tftest inventory=minimal.yaml ``` ### Health Checks @@ -71,7 +75,7 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=4 +# tftest inventory=health-check-config.yaml ``` To leverage an existing health check without having the module create them, simply pass its self link: @@ -93,7 +97,92 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=3 +# tftest inventory=health-check-link.yaml +``` + +### Specify an existing IP address + +You can pass your forwarding rules existing IP addresses to use. + +```hcl +module "address" { + source = "./fabric/modules/net-address" + project_id = var.project_id + internal_addresses = { + ilb = { + purpose = "INTERNAL" + region = "europe-west1" + subnetwork = var.subnet.self_link + } + } +} + +module "int-tcp-proxy" { + source = "./fabric/modules/net-lb-proxy-int" + name = "int-tcp-proxy" + project_id = var.project_id + region = "europe-west1" + forwarding_rules_config = { + "" = { + ip_address = module.address.internal_addresses["ilb"].address + } + } + backend_service_config = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" + }] + } + vpc_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } +} +# tftest inventory=address.yaml +``` + +### Specify multiple ports + +To make your load balancer listen on multiple ports you will need to create multiple forwarding rules listening on the same IP of type `SHARED_LOADBALANCER_VIP` (created outside the module). + +```hcl +module "address" { + source = "./fabric/modules/net-address" + project_id = var.project_id + internal_addresses = { + ilb = { + purpose = "SHARED_LOADBALANCER_VIP" + region = "europe-west1" + subnetwork = var.subnet.self_link + } + } +} + +module "int-tcp-proxy" { + source = "./fabric/modules/net-lb-proxy-int" + name = "int-tcp-proxy" + project_id = var.project_id + region = "europe-west1" + forwarding_rules_config = { + http = { + ip_address = module.address.internal_addresses["ilb"].address + port = 80 + } + https = { + ip_address = module.address.internal_addresses["ilb"].address + port = 443 + } + } + backend_service_config = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" + }] + } + vpc_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } +} +# tftest inventory=ports.yaml ``` ### Instance Groups @@ -126,7 +215,7 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=5 +# tftest inventory=group-config.yaml ``` ### Network Endpoint Groups (NEGs) @@ -149,7 +238,7 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=4 +# tftest inventory=neg-link.yaml ``` Similarly to instance groups, NEGs can also be managed by this module which supports GCE, hybrid and Private Service Connect NEGs: @@ -157,15 +246,6 @@ Similarly to instance groups, NEGs can also be managed by this module which supp #### Zonal NEG creation ```hcl -resource "google_compute_address" "test" { - project = var.project_id - name = "neg-test" - subnetwork = var.subnet.self_link - address_type = "INTERNAL" - address = "10.0.0.10" - region = "europe-west1" -} - module "int-tcp-proxy" { source = "./fabric/modules/net-lb-proxy-int" name = "int-tcp-proxy" @@ -187,9 +267,8 @@ module "int-tcp-proxy" { endpoints = { e-0 = { instance = "test-1" - ip_address = google_compute_address.test.address - # ip_address = "10.0.0.10" - port = 80 + ip_address = "10.0.0.10" + port = 80 } } } @@ -200,7 +279,7 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=7 inventory=zonal-neg.yaml +# tftest inventory=zonal-neg.yaml ``` #### Hybrid NEG creation @@ -238,40 +317,133 @@ module "int-tcp-proxy" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=6 +# tftest inventory=hybrid-neg.yaml ``` #### Private Service Connect NEG creation ```hcl +module "address-ilb" { + source = "./fabric/modules/net-address" + project_id = var.project_id + internal_addresses = { + ilb-01 = { + purpose = "SHARED_LOADBALANCER_VIP" + region = var.region + subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id + } + } +} + module "int-tcp-proxy" { source = "./fabric/modules/net-lb-proxy-int" name = "int-tcp-proxy" project_id = var.project_id - region = "europe-west1" + region = var.region + forwarding_rules_config = { + http = { + ip_address = module.address-ilb.internal_addresses["ilb-01"].address + port = 80 + } + https = { + ip_address = module.address-ilb.internal_addresses["ilb-01"].address + port = 443 + } + } backend_service_config = { backends = [{ - group = "my-neg" - balancing_mode = "CONNECTION" - max_connections = { - per_endpoint = 10 - } + group = "my-neg" }] } neg_configs = { my-neg = { psc = { - region = "europe-west1" - target_service = "europe-west1-cloudkms.googleapis.com" + network = module.vpc.id + subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id + region = var.region + producer_port = 80 + target_service = module.ilb-producer.service_attachment_ids["default"] } } } vpc_config = { - network = var.vpc.self_link - subnetwork = var.subnet.self_link + network = module.vpc.id + subnetwork = module.vpc.subnets["${var.region}/sub-consumer-0"].id } } -# tftest modules=1 resources=5 + +module "vpc" { + source = "./fabric/modules/net-vpc" + project_id = var.project_id + name = "net-consumer-0" + subnets = [ + { + ip_cidr_range = "10.0.0.0/24" + name = "sub-consumer-0" + region = var.region + } + ] + subnets_proxy_only = [ + { + name = "sub-proxy-consumer-0" + region = var.region + ip_cidr_range = "10.0.1.0/26" + active = true + } + ] +} + +# PRODUCER - What the PSC NEG points to + +module "ilb-producer" { + source = "./fabric/modules/net-lb-int" + project_id = var.project_id + region = "europe-west1" + name = "ilb-producer" + service_label = "ilb-producer" + vpc_config = { + network = module.vpc-producer.id + subnetwork = module.vpc-producer.subnets["${var.region}/sub-producer-0"].id + } + forwarding_rules_config = { + default = {} + } + service_attachments = { + default = { + nat_subnets = [module.vpc-producer.subnets_psc["${var.region}/sub-psc-producer-0"].id] + automatic_connection = true + } + } +} + +module "vpc-producer" { + source = "./fabric/modules/net-vpc" + project_id = var.project_id + name = "net-producer-0" + subnets = [ + { + ip_cidr_range = "10.0.0.0/24" + name = "sub-producer-0" + region = var.region + } + ] + subnets_proxy_only = [ + { + name = "sub-proxy-producer-0" + region = var.region + ip_cidr_range = "10.0.1.0/26" + active = true + } + ] + subnets_psc = [ + { + name = "sub-psc-producer-0" + region = var.region + ip_cidr_range = "10.0.2.0/26" + } + ] +} +# tftest inventory=psc-neg.yaml ``` #### Internet NEG creation @@ -279,7 +451,7 @@ module "int-tcp-proxy" { This example shows how to create and manage internet NEGs: ```hcl -module "ilb-l7" { +module "ilb-tcp-proxy" { source = "./fabric/modules/net-lb-proxy-int" project_id = var.project_id name = "ilb-test" @@ -291,7 +463,6 @@ module "ilb-l7" { # with a single internet NEG the implied default health check is optional health_checks = [] } - port = 80 neg_configs = { neg-0 = { internet = { @@ -311,7 +482,7 @@ module "ilb-l7" { subnetwork = var.subnet.self_link } } -# tftest modules=1 resources=6 inventory=internet-neg.yaml e2e +# tftest inventory=internet-neg.yaml e2e ``` ### Context @@ -324,7 +495,11 @@ module "tcp-proxy" { name = "ilb-test" project_id = "$project_ids:test" region = "$locations:ew8" - address = "$addresses:test" + forwarding_rules_config = { + "" = { + ip_address = "$addresses:test" + } + } backend_service_config = { backends = [{ group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" @@ -366,6 +541,7 @@ module "tcp-proxy" { ``` ## Deploying changes to load balancer configurations + For deploying changes to load balancer configuration please refer to [net-lb-app-ext README.md](../net-lb-app-ext/README.md#deploying-changes-to-load-balancer-configurations) @@ -374,7 +550,7 @@ For deploying changes to load balancer configuration please refer to [net-lb-app | name | description | resources | |---|---|---| -| [backend-service.tf](./backend-service.tf) | Backend service resources. | google_compute_region_backend_service | +| [backend-service.tf](./backend-service.tf) | Backend service resources. | google_compute_region_backend_service · terraform_data | | [groups.tf](./groups.tf) | None | google_compute_instance_group | | [health-check.tf](./health-check.tf) | Health check resource. | google_compute_region_health_check | | [main.tf](./main.tf) | Module-level locals and resources. | google_compute_forwarding_rule · google_compute_network_endpoint · google_compute_network_endpoint_group · google_compute_region_network_endpoint · google_compute_region_network_endpoint_group · google_compute_region_target_tcp_proxy · google_compute_service_attachment | @@ -386,38 +562,36 @@ For deploying changes to load balancer configuration please refer to [net-lb-app | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L221) | Load balancer name. | string | ✓ | | -| [project_id](variables.tf#L290) | Project id. | string | ✓ | | -| [region](variables.tf#L295) | The region where to allocate the ILB resources. | string | ✓ | | -| [vpc_config](variables.tf#L315) | VPC-level configuration. | object({…}) | ✓ | | -| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | -| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | -| [context](variables.tf#L82) | Context-specific interpolations. | object({…}) | | {} | -| [description](variables.tf#L95) | Optional description used for resources. | string | | "Terraform managed." | -| [global_access](variables.tf#L102) | Allow client access from all regions. | bool | | null | -| [group_configs](variables.tf#L108) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L122) | Name of existing health check to use, disables auto-created health check. | string | | null | -| [health_check_config](variables.tf#L128) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L215) | Labels set on resources. | map(string) | | {} | -| [neg_configs](variables.tf#L226) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | -| [port](variables.tf#L284) | Port. | number | | 80 | -| [service_attachment](variables.tf#L300) | PSC service attachment. | object({…}) | | null | +| [name](variables.tf#L224) | Load balancer name. | string | ✓ | | +| [project_id](variables.tf#L288) | Project id. | string | ✓ | | +| [region](variables.tf#L293) | The region where to allocate the ILB resources. | string | ✓ | | +| [vpc_config](variables.tf#L314) | VPC-level configuration. | object({…}) | ✓ | | +| [backend_service_config](variables.tf#L17) | Backend service level configuration. | object({…}) | | {} | +| [context](variables.tf#L76) | Context-specific interpolations. | object({…}) | | {} | +| [description](variables.tf#L89) | Optional description used for resources. | string | | "Terraform managed." | +| [forwarding_rules_config](variables.tf#L95) | The optional forwarding rules configuration. | map(object({…})) | | {…} | +| [group_configs](variables.tf#L111) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L125) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L131) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L218) | Labels set on resources. | map(string) | | {} | +| [neg_configs](variables.tf#L229) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | +| [service_attachment](variables.tf#L298) | PSC service attachment. | object({…}) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| -| [address](outputs.tf#L17) | Forwarding rule address. | | -| [backend_service](outputs.tf#L22) | Backend resource. | | -| [backend_service_id](outputs.tf#L27) | Backend id. | | -| [backend_service_self_link](outputs.tf#L32) | Backend self link. | | -| [forwarding_rule](outputs.tf#L37) | Forwarding rule resource. | | -| [group_self_links](outputs.tf#L42) | Optional unmanaged instance group self links. | | -| [groups](outputs.tf#L49) | Optional unmanaged instance group resources. | | -| [health_check](outputs.tf#L54) | Auto-created health-check resource. | | -| [health_check_id](outputs.tf#L59) | Auto-created health-check id. | | -| [health_check_self_link](outputs.tf#L64) | Auto-created health-check self link. | | -| [id](outputs.tf#L69) | Fully qualified forwarding rule id. | | -| [neg_ids](outputs.tf#L74) | Autogenerated network endpoint group ids. | | -| [service_attachment_id](outputs.tf#L81) | Id of the service attachment. | | +| [address](outputs.tf#L17) | Forwarding rules addresses. | | +| [backend_service](outputs.tf#L25) | Backend resource. | | +| [backend_service_id](outputs.tf#L30) | Backend id. | | +| [backend_service_self_link](outputs.tf#L35) | Backend self link. | | +| [forwarding_rules](outputs.tf#L40) | Forwarding rule resources. | | +| [group_self_links](outputs.tf#L45) | Optional unmanaged instance group self links. | | +| [groups](outputs.tf#L52) | Optional unmanaged instance group resources. | | +| [health_check](outputs.tf#L57) | Auto-created health-check resource. | | +| [health_check_id](outputs.tf#L62) | Auto-created health-check id. | | +| [health_check_self_link](outputs.tf#L67) | Auto-created health-check self link. | | +| [ids](outputs.tf#L72) | Fully qualified forwarding rule ids. | | +| [neg_ids](outputs.tf#L79) | Autogenerated network endpoint group ids. | | +| [service_attachment_id](outputs.tf#L86) | Id of the service attachment. | | diff --git a/modules/net-lb-proxy-int/backend-service.tf b/modules/net-lb-proxy-int/backend-service.tf index 3d92b6637..76e4760bb 100644 --- a/modules/net-lb-proxy-int/backend-service.tf +++ b/modules/net-lb-proxy-int/backend-service.tf @@ -34,6 +34,14 @@ locals { ) } +resource "terraform_data" "neg_trigger" { + input = { + zonal = { for k, v in google_compute_network_endpoint_group.default : k => v.id } + psc = { for k, v in google_compute_region_network_endpoint_group.psc : k => v.id } + internet = { for k, v in google_compute_region_network_endpoint_group.internet : k => v.id } + } +} + resource "google_compute_region_backend_service" "default" { provider = google-beta project = local.project_id @@ -42,7 +50,7 @@ resource "google_compute_region_backend_service" "default" { description = var.backend_service_config.description affinity_cookie_ttl_sec = var.backend_service_config.affinity_cookie_ttl_sec connection_draining_timeout_sec = var.backend_service_config.connection_draining_timeout_sec - health_checks = [local.health_check] + health_checks = local.health_check == null ? null : [local.health_check] load_balancing_scheme = "INTERNAL_MANAGED" port_name = var.backend_service_config.port_name # defaults to http, not for NEGs protocol = "TCP" @@ -102,4 +110,10 @@ resource "google_compute_region_backend_service" "default" { } } + + lifecycle { + replace_triggered_by = [ + terraform_data.neg_trigger + ] + } } diff --git a/modules/net-lb-proxy-int/health-check.tf b/modules/net-lb-proxy-int/health-check.tf index 27544eb98..e1313032d 100644 --- a/modules/net-lb-proxy-int/health-check.tf +++ b/modules/net-lb-proxy-int/health-check.tf @@ -18,7 +18,7 @@ locals { hc = ( - var.health_check != null ? null : var.health_check_config + local.has_psc_backend || var.health_check != null ? null : var.health_check_config ) hc_grpc = try(local.hc.grpc, null) != null hc_http = try(local.hc.http, null) != null @@ -32,13 +32,13 @@ resource "google_compute_region_health_check" "default" { provider = google-beta count = local.hc != null ? 1 : 0 project = local.project_id - name = coalesce(local.hc.name, var.name) + name = coalesce(try(local.hc.name, null), var.name) region = local.region - description = local.hc.description - check_interval_sec = local.hc.check_interval_sec - healthy_threshold = local.hc.healthy_threshold - timeout_sec = local.hc.timeout_sec - unhealthy_threshold = local.hc.unhealthy_threshold + description = try(local.hc.description, null) + check_interval_sec = try(local.hc.check_interval_sec, null) + healthy_threshold = try(local.hc.healthy_threshold, null) + timeout_sec = try(local.hc.timeout_sec, null) + unhealthy_threshold = try(local.hc.unhealthy_threshold, null) dynamic "grpc_health_check" { for_each = local.hc_grpc ? [""] : [] diff --git a/modules/net-lb-proxy-int/main.tf b/modules/net-lb-proxy-int/main.tf index fffd49d48..33e51b0ca 100644 --- a/modules/net-lb-proxy-int/main.tf +++ b/modules/net-lb-proxy-int/main.tf @@ -36,11 +36,27 @@ locals { }) ] ]) + forwarding_rule_names = { + for k, v in var.forwarding_rules_config : + k => k == "" ? var.name : "${var.name}-${k}" + } health_check = ( - var.health_check != null - ? var.health_check - : google_compute_region_health_check.default[0].self_link + local.has_psc_backend + ? null + : ( + var.health_check == null + ? ( + var.health_check_config == null + ? null + : google_compute_region_health_check.default[0].self_link + ) + : var.health_check + ) ) + has_psc_backend = anytrue([ + for b in coalesce(var.backend_service_config.backends, []) : + try(var.neg_configs[b.group].psc != null, false) + ]) neg_endpoints = { for v in local._neg_endpoints : (v.key) => v } @@ -62,25 +78,37 @@ locals { } resource "google_compute_forwarding_rule" "default" { + for_each = var.forwarding_rules_config provider = google-beta project = local.project_id region = local.region - name = var.name - description = var.description - ip_address = ( - var.address == null + name = coalesce(each.value.name, local.forwarding_rule_names[each.key]) + description = coalesce(each.value.description, var.description) + ip_address = try(local.ctx.addresses[each.value.address], each.value.address) + ip_protocol = "TCP" + ip_version = ( + each.value.address != null ? null - : lookup(local.ctx.addresses, var.address, var.address) + : ( + each.value.ipv6 == true + ? "IPV6" + : "IPV4" # do not set if address is provided + ) ) - ip_protocol = "TCP" load_balancing_scheme = "INTERNAL_MANAGED" network = local.network - port_range = var.port + port_range = each.value.port subnetwork = local.subnetwork labels = var.labels target = google_compute_region_target_tcp_proxy.default.id - # during the preview phase you cannot change this attribute on an existing rule - allow_global_access = var.global_access + # During the preview phase you cannot change this attribute on an existing rule + allow_global_access = each.value.global_access + + lifecycle { + replace_triggered_by = [ + google_compute_region_target_tcp_proxy.default + ] + } } resource "google_compute_region_target_tcp_proxy" "default" { @@ -134,11 +162,10 @@ resource "google_compute_network_endpoint" "default" { } resource "google_compute_region_network_endpoint_group" "psc" { - for_each = local.neg_regional_psc - project = local.project_id - region = each.value.psc.region - name = "${var.name}-${each.key}" - //description = coalesce(each.value.description, var.description) + for_each = local.neg_regional_psc + project = local.project_id + region = each.value.psc.region + name = "${var.name}-${each.key}" network_endpoint_type = "PRIVATE_SERVICE_CONNECT" psc_target_service = each.value.psc.target_service network = ( @@ -151,9 +178,9 @@ resource "google_compute_region_network_endpoint_group" "psc" { ? null : try(local.ctx.subnets[each.value.psc.subnetwork], each.value.psc.subnetwork) ) - lifecycle { - # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed - ignore_changes = [psc_data] + + psc_data { + producer_port = each.value.psc.producer_port } } @@ -210,7 +237,7 @@ resource "google_compute_service_attachment" "default" { region = var.region name = var.name description = var.description - target_service = google_compute_forwarding_rule.default.id + target_service = google_compute_forwarding_rule.default[var.service_attachment.forwarding_rule].id nat_subnets = [ for s in var.service_attachment.nat_subnets : lookup(local.ctx.subnets, s, s) @@ -228,9 +255,11 @@ resource "google_compute_service_attachment" "default" { ) enable_proxy_protocol = var.service_attachment.enable_proxy_protocol reconcile_connections = var.service_attachment.reconcile_connections + dynamic "consumer_accept_lists" { for_each = var.service_attachment.consumer_accept_lists iterator = accept + content { project_id_or_num = accept.key connection_limit = accept.value diff --git a/modules/net-lb-proxy-int/outputs.tf b/modules/net-lb-proxy-int/outputs.tf index 7f37aa7e6..a1081e576 100644 --- a/modules/net-lb-proxy-int/outputs.tf +++ b/modules/net-lb-proxy-int/outputs.tf @@ -15,8 +15,11 @@ */ output "address" { - description = "Forwarding rule address." - value = google_compute_forwarding_rule.default.ip_address + description = "Forwarding rules addresses." + value = { + for k, v in google_compute_forwarding_rule.default + : v.name => v.ip_address + } } output "backend_service" { @@ -34,8 +37,8 @@ output "backend_service_self_link" { value = google_compute_region_backend_service.default.self_link } -output "forwarding_rule" { - description = "Forwarding rule resource." +output "forwarding_rules" { + description = "Forwarding rule resources." value = google_compute_forwarding_rule.default } @@ -66,9 +69,11 @@ output "health_check_self_link" { value = try(google_compute_region_health_check.default[0].self_link, null) } -output "id" { - description = "Fully qualified forwarding rule id." - value = google_compute_forwarding_rule.default.id +output "ids" { + description = "Fully qualified forwarding rule ids." + value = { + for k, v in google_compute_forwarding_rule.default : k => v.id + } } output "neg_ids" { diff --git a/modules/net-lb-proxy-int/variables.tf b/modules/net-lb-proxy-int/variables.tf index 12590d16b..7d530e34f 100644 --- a/modules/net-lb-proxy-int/variables.tf +++ b/modules/net-lb-proxy-int/variables.tf @@ -14,12 +14,6 @@ * limitations under the License. */ -variable "address" { - description = "Optional IP address used for the forwarding rule." - type = string - default = null -} - variable "backend_service_config" { description = "Backend service level configuration." type = object({ @@ -98,11 +92,20 @@ variable "description" { default = "Terraform managed." } -# during the preview phase you cannot change this attribute on an existing rule -variable "global_access" { - description = "Allow client access from all regions." - type = bool - default = null +variable "forwarding_rules_config" { + description = "The optional forwarding rules configuration." + type = map(object({ + address = optional(string) + description = optional(string) + global_access = optional(bool, true) + ipv6 = optional(bool, false) + name = optional(string) + port = optional(number, 80) + protocol = optional(string, "TCP") + })) + default = { + "" = {} + } } variable "group_configs" { @@ -203,7 +206,7 @@ variable "health_check_config" { error_message = "Only one health check type can be configured at a time." } validation { - condition = alltrue([ + condition = var.health_check_config == null ? true : alltrue([ for k, v in var.health_check_config : contains([ "-", "USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT" ], coalesce(try(v.port_specification, null), "-")) @@ -263,6 +266,7 @@ variable "neg_configs" { region = string target_service = string network = optional(string) + producer_port = optional(number) subnetwork = optional(string) })) })) @@ -281,12 +285,6 @@ variable "neg_configs" { } } -variable "port" { - description = "Port." - type = number - default = 80 -} - variable "project_id" { description = "Project id." type = string @@ -307,6 +305,7 @@ variable "service_attachment" { description = optional(string) domain_name = optional(string) enable_proxy_protocol = optional(bool, false) + forwarding_rule = optional(string) reconcile_connections = optional(bool) }) default = null diff --git a/tests/modules/net_lb_proxy_int/examples/address.yaml b/tests/modules/net_lb_proxy_int/examples/address.yaml new file mode 100644 index 000000000..38ffce29f --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/address.yaml @@ -0,0 +1,154 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.address.google_compute_address.internal["ilb"]: + address_type: INTERNAL + deletion_policy: DELETE + description: Terraform managed. + effective_labels: + goog-terraform-provisioned: 'true' + ip_collection: null + ip_version: null + ipv6_endpoint_type: null + labels: null + name: ilb + network: null + project: project-id + purpose: INTERNAL + region: europe-west1 + subnetwork: subnet_self_link + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_address: 1 + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 2 + resources: 6 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/context.yaml b/tests/modules/net_lb_proxy_int/examples/context.yaml index 201db62ac..7d2e5086c 100644 --- a/tests/modules/net_lb_proxy_int/examples/context.yaml +++ b/tests/modules/net_lb_proxy_int/examples/context.yaml @@ -1,10 +1,10 @@ -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -13,15 +13,16 @@ # limitations under the License. values: - module.tcp-proxy.google_compute_forwarding_rule.default: + module.tcp-proxy.google_compute_forwarding_rule.default[""]: all_ports: null - allow_global_access: null + allow_global_access: true allow_psc_global_access: null backend_service: null + deletion_policy: DELETE description: Terraform managed. - ip_address: 10.0.0.10 ip_collection: null ip_protocol: TCP + ip_version: IPV4 is_mirroring_collector: null labels: null load_balancing_scheme: INTERNAL_MANAGED @@ -38,6 +39,7 @@ values: subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce timeouts: null module.tcp-proxy.google_compute_instance_group.default["default"]: + deletion_policy: DELETE description: Terraform managed. instances: - projects/myprj/zones/europe-west1-b/instances/vm-a @@ -70,6 +72,7 @@ values: connection_tracking_policy: [] consistent_hash: [] custom_metrics: [] + deletion_policy: DELETE description: Terraform managed. dynamic_forwarding: [] enable_cdn: null @@ -94,6 +97,7 @@ values: tls_settings: [] module.tcp-proxy.google_compute_region_health_check.default[0]: check_interval_sec: 5 + deletion_policy: DELETE description: Terraform managed. grpc_health_check: [] grpc_tls_health_check: [] @@ -116,12 +120,19 @@ values: timeouts: null unhealthy_threshold: 2 module.tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE description: Terraform managed. name: ilb-test project: foo-test-0 proxy_header: NONE region: europe-west8 timeouts: null + module.tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null counts: google_compute_forwarding_rule: 1 @@ -130,6 +141,7 @@ counts: google_compute_region_health_check: 1 google_compute_region_target_tcp_proxy: 1 modules: 1 - resources: 5 + resources: 6 + terraform_data: 1 outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/group-config.yaml b/tests/modules/net_lb_proxy_int/examples/group-config.yaml new file mode 100644 index 000000000..886936c1d --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/group-config.yaml @@ -0,0 +1,147 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_instance_group.default["default"]: + deletion_policy: DELETE + description: Terraform managed. + instances: + - projects/myprj/zones/europe-west1-b/instances/vm-a + name: int-tcp-proxy-default + named_port: + - name: http + port: 80 + project: project-id + timeouts: null + zone: europe-west1-b + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + port_name: http + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_instance_group: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 6 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/health-check-config.yaml b/tests/modules/net_lb_proxy_int/examples/health-check-config.yaml new file mode 100644 index 000000000..8b1fc7ca8 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/health-check-config.yaml @@ -0,0 +1,134 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: 80 + port_name: null + port_specification: null + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 5 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/health-check-link.yaml b/tests/modules/net_lb_proxy_int/examples/health-check-link.yaml new file mode 100644 index 000000000..5ca01c9ff --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/health-check-link.yaml @@ -0,0 +1,111 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + health_checks: + - projects/myprj/global/healthChecks/custom + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 4 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/hybrid-neg.yaml b/tests/modules/net_lb_proxy_int/examples/hybrid-neg.yaml new file mode 100644 index 000000000..b0db6dd46 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/hybrid-neg.yaml @@ -0,0 +1,155 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_network_endpoint.default["my-neg-e-0"]: + deletion_policy: DELETE + instance: null + ip_address: 10.0.0.10 + network_endpoint_group: int-tcp-proxy-my-neg + port: 80 + project: project-id + timeouts: null + zone: europe-west1-b + module.int-tcp-proxy.google_compute_network_endpoint_group.default["my-neg"]: + default_port: null + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy-my-neg + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + network_endpoint_type: NON_GCP_PRIVATE_IP_PORT + project: project-id + subnetwork: null + timeouts: null + zone: europe-west1-b + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: CONNECTION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + max_connections: null + max_connections_per_endpoint: 10 + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_network_endpoint: 1 + google_compute_network_endpoint_group: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 7 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/internet-neg.yaml b/tests/modules/net_lb_proxy_int/examples/internet-neg.yaml index 2c87bcb70..c27952f2e 100644 --- a/tests/modules/net_lb_proxy_int/examples/internet-neg.yaml +++ b/tests/modules/net_lb_proxy_int/examples/internet-neg.yaml @@ -1,10 +1,10 @@ -# Copyright 2024 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -12,51 +12,139 @@ # See the License for the specific language governing permissions and # limitations under the License. - values: - module.ilb-l7.google_compute_forwarding_rule.default: + module.ilb-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE description: Terraform managed. + ip_collection: null ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null load_balancing_scheme: INTERNAL_MANAGED name: ilb-test network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null port_range: '80' + ports: null project: project-id + recreate_closed_psc: false region: europe-west8 + service_label: null + source_ip_ranges: null subnetwork: subnet_self_link - module.ilb-l7.google_compute_region_backend_service.default: + timeouts: null + module.ilb-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null backend: - balancing_mode: UTILIZATION capacity_scaler: 1 + custom_metrics: [] description: Terraform managed. + failover: false + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null name: ilb-test + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] project: project-id protocol: TCP region: europe-west8 + security_policy: null session_affinity: NONE - module.ilb-l7.google_compute_region_network_endpoint.internet["neg-0-e-0"]: + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.ilb-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: ilb-test + project: project-id + region: europe-west8 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.ilb-tcp-proxy.google_compute_region_network_endpoint.internet["neg-0-e-0"]: + client_destination_port: null + deletion_policy: DELETE fqdn: www.example.org + instance: null ip_address: null port: 80 project: project-id region: europe-west8 region_network_endpoint_group: ilb-test-neg-0 - module.ilb-l7.google_compute_region_network_endpoint_group.internet["neg-0"]: + timeouts: null + module.ilb-tcp-proxy.google_compute_region_network_endpoint_group.internet["neg-0"]: + app_engine: [] + cloud_function: [] + cloud_run: [] + deletion_policy: DELETE + description: null name: ilb-test-neg-0 network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa network_endpoint_type: INTERNET_FQDN_PORT project: project-id + psc_target_service: null region: europe-west8 subnetwork: null - module.ilb-l7.google_compute_region_target_tcp_proxy.default: + timeouts: null + module.ilb-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE description: Terraform managed. name: ilb-test project: project-id proxy_header: NONE region: europe-west8 timeouts: null + module.ilb-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null counts: google_compute_forwarding_rule: 1 @@ -66,4 +154,7 @@ counts: google_compute_region_network_endpoint_group: 1 google_compute_region_target_tcp_proxy: 1 modules: 1 - resources: 6 + resources: 7 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/minimal.yaml b/tests/modules/net_lb_proxy_int/examples/minimal.yaml new file mode 100644 index 000000000..5f4e9191b --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/minimal.yaml @@ -0,0 +1,134 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: ilb-test + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: ilb-test + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: ilb-test + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 5 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/neg-link.yaml b/tests/modules/net_lb_proxy_int/examples/neg-link.yaml new file mode 100644 index 000000000..f66cd7e6d --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/neg-link.yaml @@ -0,0 +1,134 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/networkEndpointGroups/my-neg + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 1 + resources: 5 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/ports.yaml b/tests/modules/net_lb_proxy_int/examples/ports.yaml new file mode 100644 index 000000000..047ad626c --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/ports.yaml @@ -0,0 +1,179 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.address.google_compute_address.internal["ilb"]: + address_type: INTERNAL + deletion_policy: DELETE + description: Terraform managed. + effective_labels: + goog-terraform-provisioned: 'true' + ip_collection: null + ip_version: null + ipv6_endpoint_type: null + labels: null + name: ilb + network: null + project: project-id + purpose: SHARED_LOADBALANCER_VIP + region: europe-west1 + subnetwork: subnet_self_link + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.int-tcp-proxy.google_compute_forwarding_rule.default["http"]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy-http + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_forwarding_rule.default["https"]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy-https + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + no_automate_dns_zone: null + port_range: '443' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west1 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: int-tcp-proxy + project: project-id + region: europe-west1 + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west1 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_address: 1 + google_compute_forwarding_rule: 2 + google_compute_region_backend_service: 1 + google_compute_region_health_check: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 2 + resources: 7 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/psc-neg.yaml b/tests/modules/net_lb_proxy_int/examples/psc-neg.yaml new file mode 100644 index 000000000..96b9e5f03 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/examples/psc-neg.yaml @@ -0,0 +1,471 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.address-ilb.google_compute_address.internal["ilb-01"]: + address_type: INTERNAL + deletion_policy: DELETE + description: Terraform managed. + effective_labels: + goog-terraform-provisioned: 'true' + ip_collection: null + ip_version: null + ipv6_endpoint_type: null + labels: null + name: ilb-01 + network: null + project: project-id + purpose: SHARED_LOADBALANCER_VIP + region: europe-west8 + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.ilb-producer.google_compute_forwarding_rule.default["default"]: + all_ports: true + allow_global_access: true + allow_psc_global_access: null + deletion_policy: DELETE + description: null + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL + name: ilb-producer-default + no_automate_dns_zone: null + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: ilb-producer + source_ip_ranges: null + target: null + timeouts: null + module.ilb-producer.google_compute_health_check.default[0]: + check_interval_sec: 5 + deletion_policy: DELETE + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: [] + https_health_check: [] + name: ilb-producer + project: project-id + source_regions: null + ssl_health_check: [] + tcp_health_check: + - port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request: null + response: null + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.ilb-producer.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: [] + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + iap: + - enabled: false + oauth2_client_id: null + oauth2_client_secret: null + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL + locality_lb_policy: null + name: ilb-producer + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: UNSPECIFIED + region: europe-west1 + security_policy: null + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.ilb-producer.google_compute_service_attachment.default["default"]: + connection_preference: ACCEPT_AUTOMATIC + consumer_accept_lists: [] + consumer_reject_lists: null + deletion_policy: DELETE + description: Terraform managed. + domain_names: null + enable_proxy_protocol: false + name: ilb-producer-default + project: project-id + region: europe-west1 + send_propagated_connection_limit_if_zero: false + show_nat_ips: null + timeouts: null + module.int-tcp-proxy.google_compute_forwarding_rule.default["http"]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy-http + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west8 + service_label: null + source_ip_ranges: null + timeouts: null + module.int-tcp-proxy.google_compute_forwarding_rule.default["https"]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: int-tcp-proxy-https + no_automate_dns_zone: null + port_range: '443' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west8 + service_label: null + source_ip_ranges: null + timeouts: null + module.int-tcp-proxy.google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + health_checks: null + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: int-tcp-proxy + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: TCP + region: europe-west8 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.int-tcp-proxy.google_compute_region_network_endpoint_group.psc["my-neg"]: + app_engine: [] + cloud_function: [] + cloud_run: [] + deletion_policy: DELETE + description: null + name: int-tcp-proxy-my-neg + network_endpoint_type: PRIVATE_SERVICE_CONNECT + project: project-id + psc_data: + - producer_port: '80' + region: europe-west8 + timeouts: null + module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: int-tcp-proxy + project: project-id + proxy_header: NONE + region: europe-west8 + timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + module.vpc-producer.google_compute_network.network[0]: + auto_create_subnetworks: false + delete_bgp_always_compare_med: false + delete_default_routes_on_create: false + deletion_policy: DELETE + description: Terraform-managed. + enable_ula_internal_ipv6: null + name: net-producer-0 + network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL + network_profile: null + params: [] + project: project-id + routing_mode: GLOBAL + timeouts: null + module.vpc-producer.google_compute_route.gateway["directpath-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 34.126.0.0/18 + name: net-producer-0-directpath-googleapis + network: net-producer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc-producer.google_compute_route.gateway["private-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 199.36.153.8/30 + name: net-producer-0-private-googleapis + network: net-producer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc-producer.google_compute_route.gateway["restricted-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 199.36.153.4/30 + name: net-producer-0-restricted-googleapis + network: net-producer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc-producer.google_compute_subnetwork.proxy_only["europe-west8/sub-proxy-producer-0"]: + deletion_policy: DELETE + description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal + HTTPS or Cross-Regional HTTPS Internal LB. + ip_cidr_range: 10.0.1.0/26 + ip_collection: null + ipv6_access_type: null + log_config: [] + name: sub-proxy-producer-0 + network: net-producer-0 + params: [] + project: project-id + purpose: REGIONAL_MANAGED_PROXY + region: europe-west8 + reserved_internal_range: null + resolve_subnet_mask: null + role: ACTIVE + send_secondary_ip_range_if_empty: null + timeouts: null + module.vpc-producer.google_compute_subnetwork.psc["europe-west8/sub-psc-producer-0"]: + deletion_policy: DELETE + description: Terraform-managed subnet for Private Service Connect (PSC NAT). + ip_cidr_range: 10.0.2.0/26 + ip_collection: null + ipv6_access_type: null + log_config: [] + name: sub-psc-producer-0 + network: net-producer-0 + params: [] + project: project-id + purpose: PRIVATE_SERVICE_CONNECT + region: europe-west8 + reserved_internal_range: null + resolve_subnet_mask: null + role: null + send_secondary_ip_range_if_empty: null + timeouts: null + module.vpc-producer.google_compute_subnetwork.subnetwork["europe-west8/sub-producer-0"]: + deletion_policy: DELETE + description: Terraform-managed. + ip_cidr_range: 10.0.0.0/24 + ip_collection: null + ipv6_access_type: null + log_config: [] + name: sub-producer-0 + network: net-producer-0 + params: [] + private_ip_google_access: true + project: project-id + region: europe-west8 + reserved_internal_range: null + resolve_subnet_mask: null + role: null + send_secondary_ip_range_if_empty: true + timeouts: null + module.vpc.google_compute_network.network[0]: + auto_create_subnetworks: false + delete_bgp_always_compare_med: false + delete_default_routes_on_create: false + deletion_policy: DELETE + description: Terraform-managed. + enable_ula_internal_ipv6: null + name: net-consumer-0 + network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL + network_profile: null + params: [] + project: project-id + routing_mode: GLOBAL + timeouts: null + module.vpc.google_compute_route.gateway["directpath-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 34.126.0.0/18 + name: net-consumer-0-directpath-googleapis + network: net-consumer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc.google_compute_route.gateway["private-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 199.36.153.8/30 + name: net-consumer-0-private-googleapis + network: net-consumer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc.google_compute_route.gateway["restricted-googleapis"]: + deletion_policy: DELETE + description: Terraform-managed. + dest_range: 199.36.153.4/30 + name: net-consumer-0-restricted-googleapis + network: net-consumer-0 + next_hop_gateway: default-internet-gateway + next_hop_ilb: null + next_hop_instance: null + next_hop_vpn_tunnel: null + params: [] + priority: 1000 + project: project-id + tags: null + timeouts: null + module.vpc.google_compute_subnetwork.proxy_only["europe-west8/sub-proxy-consumer-0"]: + deletion_policy: DELETE + description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal + HTTPS or Cross-Regional HTTPS Internal LB. + ip_cidr_range: 10.0.1.0/26 + ip_collection: null + ipv6_access_type: null + log_config: [] + name: sub-proxy-consumer-0 + network: net-consumer-0 + params: [] + project: project-id + purpose: REGIONAL_MANAGED_PROXY + region: europe-west8 + reserved_internal_range: null + resolve_subnet_mask: null + role: ACTIVE + send_secondary_ip_range_if_empty: null + timeouts: null + module.vpc.google_compute_subnetwork.subnetwork["europe-west8/sub-consumer-0"]: + deletion_policy: DELETE + description: Terraform-managed. + ip_cidr_range: 10.0.0.0/24 + ip_collection: null + ipv6_access_type: null + log_config: [] + name: sub-consumer-0 + network: net-consumer-0 + params: [] + private_ip_google_access: true + project: project-id + region: europe-west8 + reserved_internal_range: null + resolve_subnet_mask: null + role: null + send_secondary_ip_range_if_empty: true + timeouts: null + +counts: + google_compute_address: 1 + google_compute_forwarding_rule: 3 + google_compute_health_check: 1 + google_compute_network: 2 + google_compute_region_backend_service: 2 + google_compute_region_network_endpoint_group: 1 + google_compute_region_target_tcp_proxy: 1 + google_compute_route: 6 + google_compute_service_attachment: 1 + google_compute_subnetwork: 5 + modules: 5 + resources: 24 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/examples/zonal-neg.yaml b/tests/modules/net_lb_proxy_int/examples/zonal-neg.yaml index b8e3b88c6..3425a9c05 100644 --- a/tests/modules/net_lb_proxy_int/examples/zonal-neg.yaml +++ b/tests/modules/net_lb_proxy_int/examples/zonal-neg.yaml @@ -1,10 +1,10 @@ -# Copyright 2024 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -13,30 +13,16 @@ # limitations under the License. values: - google_compute_address.test: - address: 10.0.0.10 - address_type: INTERNAL - description: null - effective_labels: - goog-terraform-provisioned: 'true' - ip_version: null - ipv6_endpoint_type: null - labels: null - name: neg-test - network: null - project: project-id - region: europe-west1 - subnetwork: subnet_self_link - terraform_labels: - goog-terraform-provisioned: 'true' - timeouts: null - module.int-tcp-proxy.google_compute_forwarding_rule.default: + module.int-tcp-proxy.google_compute_forwarding_rule.default[""]: all_ports: null - allow_global_access: null + allow_global_access: true allow_psc_global_access: null backend_service: null + deletion_policy: DELETE description: Terraform managed. + ip_collection: null ip_protocol: TCP + ip_version: IPV4 is_mirroring_collector: null labels: null load_balancing_scheme: INTERNAL_MANAGED @@ -53,6 +39,7 @@ values: subnetwork: subnet_self_link timeouts: null module.int-tcp-proxy.google_compute_network_endpoint.default["my-neg-e-0"]: + deletion_policy: DELETE instance: test-1 ip_address: 10.0.0.10 network_endpoint_group: int-tcp-proxy-my-neg @@ -62,6 +49,7 @@ values: zone: europe-west1-b module.int-tcp-proxy.google_compute_network_endpoint_group.default["my-neg"]: default_port: null + deletion_policy: DELETE description: Terraform managed. name: int-tcp-proxy-my-neg network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa @@ -75,6 +63,7 @@ values: backend: - balancing_mode: CONNECTION capacity_scaler: 1 + custom_metrics: [] description: Terraform managed. failover: false max_connections: null @@ -84,29 +73,41 @@ values: max_rate_per_endpoint: null max_rate_per_instance: null max_utilization: null + traffic_duration: '' circuit_breakers: [] connection_draining_timeout_sec: 300 connection_tracking_policy: [] consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE description: Terraform managed. + dynamic_forwarding: [] enable_cdn: null failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null load_balancing_scheme: INTERNAL_MANAGED locality_lb_policy: null name: int-tcp-proxy network: null + network_pass_through_lb_traffic_policy: [] outlier_detection: [] + params: [] project: project-id protocol: TCP region: europe-west1 security_policy: null session_affinity: NONE + strong_session_affinity_cookie: [] subsetting: [] timeouts: null + tls_settings: [] module.int-tcp-proxy.google_compute_region_health_check.default[0]: check_interval_sec: 5 + deletion_policy: DELETE description: Terraform managed. grpc_health_check: [] + grpc_tls_health_check: [] healthy_threshold: 2 http2_health_check: [] http_health_check: [] @@ -126,15 +127,21 @@ values: timeouts: null unhealthy_threshold: 2 module.int-tcp-proxy.google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE description: Terraform managed. name: int-tcp-proxy project: project-id proxy_header: NONE region: europe-west1 timeouts: null + module.int-tcp-proxy.terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null counts: - google_compute_address: 1 google_compute_forwarding_rule: 1 google_compute_network_endpoint: 1 google_compute_network_endpoint_group: 1 @@ -143,3 +150,6 @@ counts: google_compute_region_target_tcp_proxy: 1 modules: 1 resources: 7 + terraform_data: 1 + +outputs: {} diff --git a/tests/modules/net_lb_proxy_int/health-checks-none.tfvars b/tests/modules/net_lb_proxy_int/health-checks-none.tfvars new file mode 100644 index 000000000..fd4d8bd5a --- /dev/null +++ b/tests/modules/net_lb_proxy_int/health-checks-none.tfvars @@ -0,0 +1 @@ +health_check_config = null diff --git a/tests/modules/net_lb_proxy_int/health-checks-none.yaml b/tests/modules/net_lb_proxy_int/health-checks-none.yaml new file mode 100644 index 000000000..ce05a9771 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/health-checks-none.yaml @@ -0,0 +1,123 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: hc-test-0 + network: network + no_automate_dns_zone: null + port_range: '80' + ports: null + project: my-project + recreate_closed_psc: false + region: europe-west4 + service_label: null + source_ip_ranges: null + subnetwork: subnet + timeouts: null + google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west4-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + health_checks: null + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: hc-test-0 + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: my-project + protocol: TCP + region: europe-west4 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: hc-test-0 + project: my-project + proxy_header: NONE + region: europe-west4 + timeouts: null + terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 0 + resources: 4 + terraform_data: 1 + +outputs: + address: __missing__ + backend_service: __missing__ + backend_service_id: __missing__ + backend_service_self_link: __missing__ + forwarding_rules: __missing__ + group_self_links: {} + groups: {} + health_check: null + health_check_id: null + health_check_self_link: null + ids: __missing__ + neg_ids: {} + service_attachment_id: null diff --git a/tests/modules/net_lb_proxy_int/health-checks-psc.tfvars b/tests/modules/net_lb_proxy_int/health-checks-psc.tfvars new file mode 100644 index 000000000..4c10173e0 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/health-checks-psc.tfvars @@ -0,0 +1,13 @@ +neg_configs = { + my-psc = { + psc = { + region = "europe-west4" + target_service = "projects/my-prod-project/regions/europe-west4/serviceAttachments/my-attachment" + } + } +} +backend_service_config = { + backends = [{ + group = "my-psc" + }] +} diff --git a/tests/modules/net_lb_proxy_int/health-checks-psc.yaml b/tests/modules/net_lb_proxy_int/health-checks-psc.yaml new file mode 100644 index 000000000..a74c45990 --- /dev/null +++ b/tests/modules/net_lb_proxy_int/health-checks-psc.yaml @@ -0,0 +1,138 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + google_compute_forwarding_rule.default[""]: + all_ports: null + allow_global_access: true + allow_psc_global_access: null + backend_service: null + deletion_policy: DELETE + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + ip_version: IPV4 + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: hc-test-0 + network: network + no_automate_dns_zone: null + port_range: '80' + ports: null + project: my-project + recreate_closed_psc: false + region: europe-west4 + service_label: null + source_ip_ranges: null + subnetwork: subnet + timeouts: null + google_compute_region_backend_service.default: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + deletion_policy: DELETE + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + health_checks: null + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: hc-test-0 + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: my-project + protocol: TCP + region: europe-west4 + security_policy: null + session_affinity: NONE + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + google_compute_region_network_endpoint_group.psc["my-psc"]: + app_engine: [] + cloud_function: [] + cloud_run: [] + deletion_policy: DELETE + description: null + name: hc-test-0-my-psc + network_endpoint_type: PRIVATE_SERVICE_CONNECT + project: my-project + psc_data: + - producer_port: null + psc_target_service: projects/my-prod-project/regions/europe-west4/serviceAttachments/my-attachment + region: europe-west4 + subnetwork: null + timeouts: null + google_compute_region_target_tcp_proxy.default: + deletion_policy: DELETE + description: Terraform managed. + name: hc-test-0 + project: my-project + proxy_header: NONE + region: europe-west4 + timeouts: null + terraform_data.neg_trigger: + input: + internet: {} + psc: {} + zonal: {} + triggers_replace: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_region_backend_service: 1 + google_compute_region_network_endpoint_group: 1 + google_compute_region_target_tcp_proxy: 1 + modules: 0 + resources: 5 + terraform_data: 1 + +outputs: + address: __missing__ + backend_service: __missing__ + backend_service_id: __missing__ + backend_service_self_link: __missing__ + forwarding_rules: __missing__ + group_self_links: {} + groups: {} + health_check: null + health_check_id: null + health_check_self_link: null + ids: __missing__ + neg_ids: {} + service_attachment_id: null diff --git a/tests/modules/net_lb_proxy_int/tftest.yaml b/tests/modules/net_lb_proxy_int/tftest.yaml index 6e415fe09..0917b86cf 100644 --- a/tests/modules/net_lb_proxy_int/tftest.yaml +++ b/tests/modules/net_lb_proxy_int/tftest.yaml @@ -20,5 +20,7 @@ tests: health-checks-http: health-checks-http2: health-checks-https: + health-checks-none: + health-checks-psc: health-checks-ssl: health-checks-tcp: