Adding Regional Internet NEGs support (#3206)

* Adding Regional Internet NEGs support * return version * Align versions.tf * Align versions file * Fixing test inputs * Reverting url map accidental change * Fixed README example formatting --------- Co-authored-by: Daniel Kanevsky <danny@opsguru.co.il> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2025-07-05 18:50:54 +03:00
parent b8efcc5d89
commit bd21b92504
6 changed files with 164 additions and 31 deletions
--- a/modules/net-lb-app-ext-regional/README.md
+++ b/modules/net-lb-app-ext-regional/README.md
--- a/modules/net-lb-app-ext-regional/backend-service.tf
+++ b/modules/net-lb-app-ext-regional/backend-service.tf
@@ -24,6 +24,9 @@ locals {
    {
      for k, v in google_compute_network_endpoint_group.default : k => v.id
    },
+    {
+      for k, v in google_compute_region_network_endpoint_group.internet : k => v.id
+    },
    {
      for k, v in google_compute_region_network_endpoint_group.psc : k => v.id
    },
--- a/modules/net-lb-app-ext-regional/negs.tf
+++ b/modules/net-lb-app-ext-regional/negs.tf
@@ -27,6 +27,20 @@ locals {
  neg_endpoints_zonal = {
    for v in local._neg_endpoints_zonal : (v.key) => v
  }
+
+  neg_regional_internet = {
+    for k, v in var.neg_configs :
+    k => merge(v, {
+      # Calculate the endpoint type based on the first endpoint
+      # If any endpoint has fqdn, we'll use FQDN_PORT, otherwise IP_PORT
+      endpoint_type = length(v.internet.endpoints) > 0 ? (
+        alltrue([
+          for e_key, e in v.internet.endpoints : e.fqdn == null
+        ]) ? "INTERNET_IP_PORT" : "INTERNET_FQDN_PORT"
+      ) : "INTERNET_FQDN_PORT" # Default if no endpoints
+    }) if v.internet != null
+  }
+
  neg_regional_psc = {
    for k, v in var.neg_configs :
    k => v if v.psc != null
@@ -46,6 +60,24 @@ locals {
      zone        = v.gce != null ? v.gce.zone : v.hybrid.zone
    } if v.gce != null || v.hybrid != null
  }
+
+  # Create a map of Internet NEG endpoints for for_each
+  internet_neg_endpoints = {
+    for endpoint in flatten([
+      for neg_key, neg in local.neg_regional_internet : [
+        for endpoint_key, endpoint in neg.internet.endpoints : {
+          id            = "${neg_key}-${endpoint_key}"
+          neg_key       = neg_key
+          endpoint_key  = endpoint_key
+          region        = neg.internet.region
+          fqdn          = try(endpoint.fqdn, null)
+          ip_address    = try(endpoint.ip_address, null)
+          port          = endpoint.port
+          endpoint_type = neg.endpoint_type
+        }
+      ]
+    ]) : endpoint.id => endpoint
+  }
 }

 resource "google_compute_network_endpoint_group" "default" {
@@ -79,6 +111,28 @@ resource "google_compute_network_endpoint" "default" {
  zone       = each.value.zone
 }

+resource "google_compute_region_network_endpoint_group" "internet" {
+  for_each              = local.neg_regional_internet
+  project               = var.project_id
+  region                = each.value.internet.region
+  name                  = "${var.name}-${each.key}"
+  description           = coalesce(each.value.description, var.description)
+  network_endpoint_type = each.value.endpoint_type
+  network               = each.value.internet.network
+}
+
+resource "google_compute_region_network_endpoint" "internet" {
+  for_each                      = local.internet_neg_endpoints
+  region                        = each.value.region
+  region_network_endpoint_group = google_compute_region_network_endpoint_group.internet[each.value.neg_key].name
+  # Only set fqdn if endpoint type is FQDN_PORT
+  fqdn = each.value.endpoint_type == "INTERNET_FQDN_PORT" ? each.value.fqdn : null
+  # Only set ip_address if endpoint type is IP_PORT
+  ip_address = each.value.endpoint_type == "INTERNET_IP_PORT" ? each.value.ip_address : null
+  port       = each.value.port
+  project    = var.project_id
+}
+
 resource "google_compute_region_network_endpoint_group" "psc" {
  for_each              = local.neg_regional_psc
  project               = var.project_id
--- a/modules/net-lb-app-ext-regional/outputs.tf
+++ b/modules/net-lb-app-ext-regional/outputs.tf
@@ -59,7 +59,18 @@ output "id" {

 output "neg_ids" {
  description = "Autogenerated network endpoint group ids."
-  value = {
-    for k, v in google_compute_network_endpoint_group.default : k => v.id
-  }
+  value = merge(
+    {
+      for k, v in google_compute_network_endpoint_group.default : k => v.id
+    },
+    {
+      for k, v in google_compute_region_network_endpoint_group.internet : k => v.id
+    },
+    {
+      for k, v in google_compute_region_network_endpoint_group.psc : k => v.id
+    },
+    {
+      for k, v in google_compute_region_network_endpoint_group.serverless : k => v.id
+    }
+  )
 }
--- a/modules/net-lb-app-ext-regional/variables-backend-service.tf
+++ b/modules/net-lb-app-ext-regional/variables-backend-service.tf
@@ -125,9 +125,7 @@ variable "backend_service_configs" {
      for backend_service in values(var.backend_service_configs) : contains(
        [
          "NONE", "CLIENT_IP", "CLIENT_IP_NO_DESTINATION",
-          "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO",
-          "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE",
-          "STRONG_COOKIE_AFFINITY"
+          "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO"
        ],
        coalesce(backend_service.session_affinity, "NONE")
      )
--- a/modules/net-lb-app-ext-regional/variables.tf
+++ b/modules/net-lb-app-ext-regional/variables.tf
@@ -99,6 +99,15 @@ variable "neg_configs" {
        port       = number
      })))
    }))
+    internet = optional(object({
+      region  = string
+      network = string
+      endpoints = map(object({
+        fqdn       = optional(string)
+        ip_address = optional(string)
+        port       = number
+      }))
+    }))
    psc = optional(object({
      region         = string
      target_service = string
@@ -115,6 +124,7 @@ variable "neg_configs" {
        (try(v.cloudrun, null) == null ? 0 : 1) +
        (try(v.gce, null) == null ? 0 : 1) +
        (try(v.hybrid, null) == null ? 0 : 1) +
+        (try(v.internet, null) == null ? 0 : 1) +
        (try(v.psc, null) == null ? 0 : 1) == 1
      )
    ])
@@ -140,6 +150,18 @@ variable "neg_configs" {
    ])
    error_message = "Cloud Function NEGs need either target function or target urlmask defined."
  }
+  validation {
+    condition = alltrue([
+      for k, v in var.neg_configs : (
+        v.internet == null
+        ? true
+        : alltrue([
+          for ek, ev in v.internet.endpoints : (ev.fqdn != null || ev.ip_address != null)
+        ])
+      )
+    ])
+    error_message = "Internet NEG endpoints must specify either fqdn or ip_address."
+  }
 }

 variable "network_tier_standard" {