diff --git a/modules/net-lb-app-int/README.md b/modules/net-lb-app-int/README.md index 11fad9443..f3c08770a 100644 --- a/modules/net-lb-app-int/README.md +++ b/modules/net-lb-app-int/README.md @@ -23,6 +23,7 @@ Due to the complexity of the underlying resources, changes to the configuration - [SSL Certificates](#ssl-certificates) - [Backend Authenticated TLS](#backend-authenticated-tls) - [PSC service attachment](#psc-service-attachment) + - [Context](#context) - [Complex example](#complex-example) - [Deploying changes to load balancer configurations](#deploying-changes-to-load-balancer-configurations) - [Files](#files) @@ -777,6 +778,167 @@ module "ilb-l7" { # tftest modules=3 resources=10 fixtures=fixtures/compute-vm-group-bc.tf e2e ``` +### Context + +The module supports the contexts interpolation. For example: + +```hcl +module "ilb-l7" { + source = "./fabric/modules/net-lb-app-int" + name = "ilb-test-0" + project_id = "$project_ids:test" + region = "$locations:ew8" + vpc_config = { + network = "$networks:test" + subnetwork = "$subnets:test" + } + address = "$addresses:test" + backend_service_configs = { + default = { + backends = [ + { group = "projects/foo-test-0/zones/europe-west8-b/instanceGroups/ig-b" }, + { group = "ig-c" } + ] + } + neg-cloudrun = { + backends = [{ group = "neg-cloudrun" }] + health_checks = [] + } + neg-gce = { + backends = [{ group = "neg-gce" }] + balancing_mode = "RATE" + max_rate = { per_endpoint = 10 } + } + neg-hybrid = { + backends = [{ group = "neg-hybrid" }] + balancing_mode = "RATE" + max_rate = { per_endpoint = 10 } + } + neg-internet = { + backends = [{ group = "neg-internet" }] + health_checks = [] + } + neg-psc = { + backends = [{ group = "neg-psc" }] + health_checks = [] + } + } + group_configs = { + ig-c = { + zone = "$locations:ew8-c" + instances = [ + "projects/foo-test-0/zones/europe-west8-c/instances/vm-c" + ] + named_ports = { http = 80 } + } + } + health_check_configs = { + default = { + http = { + host = "hello.example.org" + port_specification = "USE_SERVING_PORT" + } + } + } + neg_configs = { + neg-cloudrun = { + cloudrun = { + region = "$locations:ew8" + target_service = { + name = "hello" + } + } + } + neg-gce = { + gce = { + network = "$networks:test" + subnetwork = "$subnets:test" + zone = "$locations:ew8-b" + endpoints = { + e-0 = { + instance = "nginx-ew8-b" + ip_address = "$addresses:test" + port = 80 + } + } + } + } + neg-hybrid = { + hybrid = { + network = "$networks:test" + zone = "$locations:ew8-b" + endpoints = { + e-0 = { + ip_address = "$addresses:test-hybrid" + port = 80 + } + } + } + } + neg-internet = { + internet = { + region = "$locations:ew8" + use_fqdn = true + endpoints = { + e-0 = { + destination = "hello.example.org" + port = 80 + } + } + } + } + neg-psc = { + psc = { + region = "$locations:ew8" + target_service = "projects/foo-test-0/regions/europe-west8/serviceAttachments/sa" + network = "$networks:test" + subnetwork = "$subnets:test" + } + } + } + urlmap_config = { + default_service = "default" + host_rules = [{ + hosts = ["*"] + path_matcher = "pathmap" + }] + path_matchers = { + pathmap = { + default_service = "default" + path_rules = [ + { paths = ["/cloudrun", "/cloudrun/*"], service = "neg-cloudrun" }, + { paths = ["/gce", "/gce/*"], service = "neg-gce" }, + { paths = ["/hybrid", "/hybrid/*"], service = "neg-hybrid" }, + { paths = ["/internet", "/internet/*"], service = "neg-internet" }, + { paths = ["/psc", "/psc/*"], service = "neg-psc" }, + ] + } + } + } + context = { + addresses = { + test = "10.0.0.10" + test-hybrid = "192.168.0.3" + } + locations = { + ew8 = "europe-west8" + ew8-b = "europe-west8-b" + ew8-c = "europe-west8-c" + } + networks = { + test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0" + } + project_ids = { + test = "foo-test-0" + } + subnets = { + test = "projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce" + } + } +} +# tftest modules=1 resources=19 inventory=context.yaml +``` + ### Complex example This example mixes group and NEG backends, and shows how to set HTTPS for specific backends. diff --git a/modules/net-lb-app-int/groups.tf b/modules/net-lb-app-int/groups.tf index bce797403..2f03f8c56 100644 --- a/modules/net-lb-app-int/groups.tf +++ b/modules/net-lb-app-int/groups.tf @@ -21,7 +21,7 @@ resource "google_compute_instance_group" "default" { ? local.project_id : each.value.project_id ) - zone = each.value.zone + zone = try(local.ctx.locations[each.value.zone], each.value.zone) name = coalesce(each.value.name, "${var.name}-${each.key}") description = each.value.description instances = each.value.instances diff --git a/modules/net-lb-app-int/main.tf b/modules/net-lb-app-int/main.tf index 8eec3e5da..6d549a5b3 100644 --- a/modules/net-lb-app-int/main.tf +++ b/modules/net-lb-app-int/main.tf @@ -183,12 +183,17 @@ resource "google_compute_network_endpoint_group" "default" { description = var.description network_endpoint_type = each.value.type network = ( - each.value.network != null ? each.value.network : local.network + each.value.network != null + ? try(local.ctx.networks[each.value.network], each.value.network) + : local.network ) subnetwork = ( each.value.type == "NON_GCP_PRIVATE_IP_PORT" ? null - : coalesce(each.value.subnetwork, local.subnetwork) + : coalesce( + try(local.ctx.subnets[each.value.subnetwork], each.value.subnetwork), + local.subnetwork + ) ) } @@ -238,8 +243,16 @@ resource "google_compute_region_network_endpoint_group" "psc" { //description = coalesce(each.value.description, var.description) network_endpoint_type = "PRIVATE_SERVICE_CONNECT" psc_target_service = each.value.psc.target_service - network = each.value.psc.network - subnetwork = each.value.psc.subnetwork + network = ( + each.value.psc.network == null + ? null + : try(local.ctx.networks[each.value.psc.network], each.value.psc.network) + ) + subnetwork = ( + each.value.psc.subnetwork == null + ? null + : try(local.ctx.subnets[each.value.psc.subnetwork], each.value.psc.subnetwork) + ) lifecycle { # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed ignore_changes = [psc_data] diff --git a/tests/modules/net_lb_app_int/examples/context.yaml b/tests/modules/net_lb_app_int/examples/context.yaml new file mode 100644 index 000000000..8e1ec4f08 --- /dev/null +++ b/tests/modules/net_lb_app_int/examples/context.yaml @@ -0,0 +1,233 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.ilb-l7.google_compute_forwarding_rule.default: + ip_address: 10.0.0.10 + ip_protocol: TCP + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0 + network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0 + network_tier: PREMIUM + port_range: '80' + project: foo-test-0 + region: europe-west8 + subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce + module.ilb-l7.google_compute_health_check.default["default"]: + check_interval_sec: 5 + description: Terraform managed. + healthy_threshold: 2 + http_health_check: + - host: hello.example.org + port_specification: USE_SERVING_PORT + name: ilb-test-0-default + project: foo-test-0 + timeout_sec: 5 + unhealthy_threshold: 2 + module.ilb-l7.google_compute_instance_group.default["ig-c"]: + description: Terraform managed. + instances: + - projects/foo-test-0/zones/europe-west8-c/instances/vm-c + name: ilb-test-0-ig-c + named_port: + - name: http + port: 80 + project: foo-test-0 + zone: europe-west8-c + module.ilb-l7.google_compute_network_endpoint.default["neg-gce-e-0"]: + instance: nginx-ew8-b + ip_address: $addresses:test + network_endpoint_group: ilb-test-0-neg-gce + port: 80 + project: foo-test-0 + zone: $locations:ew8-b + module.ilb-l7.google_compute_network_endpoint.default["neg-hybrid-e-0"]: + ip_address: $addresses:test-hybrid + network_endpoint_group: ilb-test-0-neg-hybrid + port: 80 + project: foo-test-0 + zone: $locations:ew8-b + module.ilb-l7.google_compute_network_endpoint_group.default["neg-gce"]: + description: Terraform managed. + name: ilb-test-0-neg-gce + network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0 + network_endpoint_type: GCE_VM_IP_PORT + project: foo-test-0 + subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce + zone: $locations:ew8-b + module.ilb-l7.google_compute_network_endpoint_group.default["neg-hybrid"]: + description: Terraform managed. + name: ilb-test-0-neg-hybrid + network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0 + network_endpoint_type: NON_GCP_PRIVATE_IP_PORT + project: foo-test-0 + zone: $locations:ew8-b + module.ilb-l7.google_compute_region_backend_service.default["default"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + group: projects/foo-test-0/zones/europe-west8-b/instanceGroups/ig-b + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-default + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_backend_service.default["neg-cloudrun"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-neg-cloudrun + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_backend_service.default["neg-gce"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-neg-gce + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_backend_service.default["neg-hybrid"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-neg-hybrid + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_backend_service.default["neg-internet"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-neg-internet + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_backend_service.default["neg-psc"]: + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + description: Terraform managed. + failover: false + connection_draining_timeout_sec: 300 + description: Terraform managed. + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test-0-neg-psc + project: foo-test-0 + protocol: HTTP + region: europe-west8 + module.ilb-l7.google_compute_region_network_endpoint.internet["neg-internet-e-0"]: + fqdn: hello.example.org + port: 80 + project: foo-test-0 + region: $locations:ew8 + region_network_endpoint_group: ilb-test-0-neg-internet + module.ilb-l7.google_compute_region_network_endpoint_group.default["neg-cloudrun"]: + cloud_run: + - service: hello + description: Terraform managed. + name: ilb-test-0-neg-cloudrun + network_endpoint_type: SERVERLESS + project: foo-test-0 + region: $locations:ew8 + module.ilb-l7.google_compute_region_network_endpoint_group.internet["neg-internet"]: + description: Terraform managed. + name: ilb-test-0-neg-internet + network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0 + network_endpoint_type: INTERNET_FQDN_PORT + project: foo-test-0 + region: $locations:ew8 + module.ilb-l7.google_compute_region_network_endpoint_group.psc["neg-psc"]: + name: ilb-test-0-neg-psc + network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0 + network_endpoint_type: PRIVATE_SERVICE_CONNECT + project: foo-test-0 + psc_target_service: projects/foo-test-0/regions/europe-west8/serviceAttachments/sa + region: $locations:ew8 + subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce + module.ilb-l7.google_compute_region_target_http_proxy.default[0]: + description: Terraform managed. + name: ilb-test-0 + project: foo-test-0 + region: europe-west8 + module.ilb-l7.google_compute_region_url_map.default: + description: Terraform managed. + host_rule: + - hosts: + - '*' + path_matcher: pathmap + name: ilb-test-0 + path_matcher: + - name: pathmap + path_rule: + - paths: + - /cloudrun + - /cloudrun/* + - paths: + - /gce + - /gce/* + - paths: + - /hybrid + - /hybrid/* + - paths: + - /internet + - /internet/* + - paths: + - /psc + - /psc/* + project: foo-test-0 + region: europe-west8 + +counts: + google_compute_forwarding_rule: 1 + google_compute_health_check: 1 + google_compute_instance_group: 1 + google_compute_network_endpoint: 2 + google_compute_network_endpoint_group: 2 + google_compute_region_backend_service: 6 + google_compute_region_network_endpoint: 1 + google_compute_region_network_endpoint_group: 3 + google_compute_region_target_http_proxy: 1 + google_compute_region_url_map: 1 + modules: 1 + resources: 19