kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allowing disabling logging and configuring optional fields in LB backend services (#3940)

Browse Source 
* fix(modules): allow disabling logging and configuring optional fields in LB backend services

Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging.

Affected modules:
- net-lb-app-ext-regional
- net-lb-app-ext
- net-lb-app-int-cross-region
- net-lb-app-int
- net-lb-ext
- net-lb-int
- net-lb-proxy-int

Added test cases and updated documentation.

Fixes #3914

* style: format variables files with terraform fmt

* docs: add critical linting rule for AI agents to GEMINI.md
This commit is contained in:
Ludovico Magnocavallo
2026-05-07 09:07:58 +02:00
committed by GitHub
parent 16c245f43b
commit bf9ccb7547
23 changed files with 505 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
GEMINI.md
View File

@@ -270,5 +270,6 @@ Run the specific `pytest` plan test. The test will fail, and the captured output
- For targeted edits or appending to a single file, ALWAYS use the native `replace` tool. (To append, match the last few lines of the file and replace them with the same lines plus your new content).
- **EXCEPTION (Pattern/Bulk Edits):** You MAY use shell commands (like `sed -i`, `perl -pi`, or `find ... xargs sed`) ONLY for regex-based or pattern-based replacements, particularly across multiple files, where the exact-match `replace` tool is not feasible.
- **Ambiguity & Paths:** When encountering unfamiliar or unexpected repository structures, paths, or tool executions, always pause and offer the user the choice to either explain or authorize further independent investigation, rather than making assumptions or guessing paths.
- **CRITICAL (LINTING & FORMATTING):** You MUST ALWAYS run all formatting and linting checks (`terraform fmt`, `check_documentation.py`, `yamllint`, `check_boilerplate.py` as described in [Formatting & Linting](#1-formatting--linting)) on all modified or new files BEFORE staging, committing, or pushing changes.
To run specific FAST stage tests, use the syntax `pytest tests/fast/stages/s<stage_num>_<stage_name>/tftest.yaml::<test_name>`. For example: `pytest tests/fast/stages/s0_org_setup/tftest.yaml::starter-gcd`.

8
modules/net-lb-app-ext-regional/backend-service.tf
View File

@@ -205,10 +205,12 @@ resource "google_compute_region_backend_service" "default" {
}
dynamic "log_config" {
for_each = each.value.log_sample_rate == null ? [] : [""]
for_each = each.value.log_config == null ? [] : [""]
content {
enable = true
sample_rate = each.value.log_sample_rate
enable = each.value.log_config.enable
sample_rate = each.value.log_config.sample_rate
optional_mode = each.value.log_config.optional_mode
optional_fields = each.value.log_config.optional_fields
}
}

21
modules/net-lb-app-ext-regional/variables-backend-service.tf
View File

@@ -25,14 +25,19 @@ variable "backend_service_configs" {
connection_draining_timeout_sec = optional(number)
enable_cdn = optional(bool)
health_checks = optional(list(string), ["default"])
log_sample_rate = optional(number)
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
security_policy = optional(string)
session_affinity = optional(string)
locality_lb_policy = optional(string)
timeout_sec = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
security_policy = optional(string)
session_affinity = optional(string)
locality_lb_policy = optional(string)
timeout_sec = optional(number)
backends = list(object({
# group renamed to backend
backend = string

8
modules/net-lb-app-ext/backend-service.tf
View File

@@ -209,10 +209,12 @@ resource "google_compute_backend_service" "default" {
}
dynamic "log_config" {
for_each = each.value.log_sample_rate == null ? [] : [""]
for_each = each.value.log_config == null ? [] : [""]
content {
enable = true
sample_rate = each.value.log_sample_rate
enable = each.value.log_config.enable
sample_rate = each.value.log_config.sample_rate
optional_mode = each.value.log_config.optional_mode
optional_fields = each.value.log_config.optional_fields
}
}

19
modules/net-lb-app-ext/variables-backend-service.tf
View File

@@ -28,14 +28,19 @@ variable "backend_service_configs" {
custom_response_headers = optional(list(string))
enable_cdn = optional(bool)
health_checks = optional(list(string), ["default"])
log_sample_rate = optional(number)
locality_lb_policy = optional(string)
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
security_policy = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
security_policy = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
backends = list(object({
# group renamed to backend
backend = string

8
modules/net-lb-app-int-cross-region/backend-service.tf
View File

@@ -150,10 +150,12 @@ resource "google_compute_backend_service" "default" {
}
dynamic "log_config" {
for_each = each.value.log_sample_rate == null ? [] : [""]
for_each = each.value.log_config == null ? [] : [""]
content {
enable = true
sample_rate = each.value.log_sample_rate
enable = each.value.log_config.enable
sample_rate = each.value.log_config.sample_rate
optional_mode = each.value.log_config.optional_mode
optional_fields = each.value.log_config.optional_fields
}
}

17
modules/net-lb-app-int-cross-region/variables-backend-service.tf
View File

@@ -25,12 +25,17 @@ variable "backend_service_configs" {
connection_draining_timeout_sec = optional(number)
health_checks = optional(list(string), ["default"])
locality_lb_policy = optional(string)
log_sample_rate = optional(number)
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
backends = list(object({
group = string
balancing_mode = optional(string, "UTILIZATION")

28
modules/net-lb-app-int/README.md
View File

@@ -628,6 +628,18 @@ module "ilb-l7" {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-2"
}]
log_config = {
enable = true
sample_rate = 0.5
}
}
audio = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-3"
}]
log_config = {
enable = false
}
}
}
urlmap_config = {
@@ -639,10 +651,16 @@ module "ilb-l7" {
path_matchers = {
pathmap = {
default_service = "default"
path_rules = [{
paths = ["/video", "/video/*"]
service = "video"
}]
path_rules = [
{
paths = ["/video", "/video/*"]
service = "video"
},
{
paths = ["/audio", "/audio/*"]
service = "audio"
}
]
}
}
}
@@ -652,7 +670,7 @@ module "ilb-l7" {
}
}
# tftest modules=1 resources=6
# tftest modules=1 resources=7 inventory=urlmap.yaml
```
### SSL Certificates

8
modules/net-lb-app-int/backend-service.tf
View File

@@ -176,10 +176,12 @@ resource "google_compute_region_backend_service" "default" {
}
dynamic "log_config" {
for_each = each.value.log_sample_rate == null ? [] : [""]
for_each = each.value.log_config == null ? [] : [""]
content {
enable = true
sample_rate = each.value.log_sample_rate
enable = each.value.log_config.enable
sample_rate = each.value.log_config.sample_rate
optional_mode = each.value.log_config.optional_mode
optional_fields = each.value.log_config.optional_fields
}
}

19
modules/net-lb-app-int/variables-backend-service.tf
View File

@@ -25,13 +25,18 @@ variable "backend_service_configs" {
connection_draining_timeout_sec = optional(number)
health_checks = optional(list(string), ["default"])
locality_lb_policy = optional(string)
log_sample_rate = optional(number)
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
security_policy = optional(string)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
port_name = optional(string)
project_id = optional(string)
protocol = optional(string)
session_affinity = optional(string)
timeout_sec = optional(number)
security_policy = optional(string)
backends = list(object({
group = string
balancing_mode = optional(string, "UTILIZATION")

18
modules/net-lb-ext/README.md
View File

@@ -205,16 +205,16 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L198) | Name used for all resources. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L203) | Project id where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L208) | GCP region. | <code>string</code> | ✓ | |
| [name](variables.tf#L203) | Name used for all resources. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L208) | Project id where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L213) | GCP region. | <code>string</code> | ✓ | |
| [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [backends](variables.tf#L68) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [forwarding_rules_config](variables.tf#L79) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L95) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L108) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L114) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L192) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [backends](variables.tf#L73) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [forwarding_rules_config](variables.tf#L84) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L100) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L113) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L119) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L197) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

8
modules/net-lb-ext/main.tf
View File

@@ -102,10 +102,12 @@ resource "google_compute_region_backend_service" "default" {
}
dynamic "log_config" {
for_each = var.backend_service_config.log_sample_rate == null ? [] : [""]
for_each = var.backend_service_config.log_config == null ? [] : [""]
content {
enable = true
sample_rate = var.backend_service_config.log_sample_rate
enable = var.backend_service_config.log_config.enable
sample_rate = var.backend_service_config.log_config.sample_rate
optional_mode = var.backend_service_config.log_config.optional_mode
optional_fields = var.backend_service_config.log_config.optional_fields
}
}
}

19
modules/net-lb-ext/variables.tf
View File

@@ -29,13 +29,18 @@ variable "backend_service_config" {
ratio = optional(number)
}))
locality_lb_policy = optional(string)
log_sample_rate = optional(number)
name = optional(string)
description = optional(string, "Terraform managed.")
port_name = optional(string)
protocol = optional(string, "UNSPECIFIED")
session_affinity = optional(string)
timeout_sec = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
name = optional(string)
description = optional(string, "Terraform managed.")
port_name = optional(string)
protocol = optional(string, "UNSPECIFIED")
session_affinity = optional(string)
timeout_sec = optional(number)
})
default = {}
nullable = false

28
modules/net-lb-int/README.md
View File

@@ -459,21 +459,21 @@ One other issue is a `Provider produced inconsistent final plan` error which is
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L203) | Name used for all resources. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L208) | Project id where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L213) | GCP region. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L239) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [name](variables.tf#L208) | Name used for all resources. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L213) | Project id where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L218) | GCP region. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L244) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [backends](variables.tf#L53) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [context](variables.tf#L64) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L77) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [forwarding_rules_config](variables.tf#L83) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L99) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L112) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L118) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L197) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [service_attachments](variables.tf#L218) | PSC service attachments, keyed by forwarding rule. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [service_label](variables.tf#L233) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
| [backends](variables.tf#L58) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [context](variables.tf#L69) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L82) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [forwarding_rules_config](variables.tf#L88) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L104) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L117) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L123) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L202) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [service_attachments](variables.tf#L223) | PSC service attachments, keyed by forwarding rule. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [service_label](variables.tf#L238) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
## Outputs

8
modules/net-lb-int/main.tf
View File

@@ -134,10 +134,12 @@ resource "google_compute_region_backend_service" "default" {
}
dynamic "log_config" {
for_each = var.backend_service_config.log_sample_rate == null ? [] : [""]
for_each = var.backend_service_config.log_config == null ? [] : [""]
content {
enable = true
sample_rate = var.backend_service_config.log_sample_rate
enable = var.backend_service_config.log_config.enable
sample_rate = var.backend_service_config.log_config.sample_rate
optional_mode = var.backend_service_config.log_config.optional_mode
optional_fields = var.backend_service_config.log_config.optional_fields
}
}

7
modules/net-lb-int/variables.tf
View File

@@ -29,7 +29,12 @@ variable "backend_service_config" {
drop_traffic_if_unhealthy = optional(bool)
ratio = optional(number)
}))
log_sample_rate = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
name = optional(string)
description = optional(string, "Terraform managed.")
protocol = optional(string, "UNSPECIFIED")

26
modules/net-lb-proxy-int/README.md
View File

@@ -334,21 +334,21 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L203) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L272) | Project id. | <code>string</code> | ✓ | |
| [region](variables.tf#L277) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L297) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [name](variables.tf#L208) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L277) | Project id. | <code>string</code> | ✓ | |
| [region](variables.tf#L282) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L302) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
| [backend_service_config](variables.tf#L23) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L77) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [global_access](variables.tf#L84) | Allow client access from all regions. | <code>bool</code> | | <code>null</code> |
| [group_configs](variables.tf#L90) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L104) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L110) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L197) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L208) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [port](variables.tf#L266) | Port. | <code>number</code> | | <code>80</code> |
| [service_attachment](variables.tf#L282) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L82) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [global_access](variables.tf#L89) | Allow client access from all regions. | <code>bool</code> | | <code>null</code> |
| [group_configs](variables.tf#L95) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check](variables.tf#L109) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
| [health_check_config](variables.tf#L115) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [labels](variables.tf#L202) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L213) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [port](variables.tf#L271) | Port. | <code>number</code> | | <code>80</code> |
| [service_attachment](variables.tf#L287) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs

8
modules/net-lb-proxy-int/backend-service.tf
View File

@@ -93,10 +93,12 @@ resource "google_compute_region_backend_service" "default" {
}
dynamic "log_config" {
for_each = var.backend_service_config.log_sample_rate == null ? [] : [""]
for_each = var.backend_service_config.log_config == null ? [] : [""]
content {
enable = true
sample_rate = var.backend_service_config.log_sample_rate
enable = var.backend_service_config.log_config.enable
sample_rate = var.backend_service_config.log_config.sample_rate
optional_mode = var.backend_service_config.log_config.optional_mode
optional_fields = var.backend_service_config.log_config.optional_fields
}
}

15
modules/net-lb-proxy-int/variables.tf
View File

@@ -28,11 +28,16 @@ variable "backend_service_config" {
affinity_cookie_ttl_sec = optional(number)
connection_draining_timeout_sec = optional(number)
health_checks = optional(list(string), ["default"])
log_sample_rate = optional(number)
port_name = optional(string)
project_id = optional(string)
session_affinity = optional(string, "NONE")
timeout_sec = optional(number)
log_config = optional(object({
enable = optional(bool)
sample_rate = optional(number)
optional_mode = optional(string)
optional_fields = optional(list(string))
}))
port_name = optional(string)
project_id = optional(string)
session_affinity = optional(string, "NONE")
timeout_sec = optional(number)
backends = optional(list(object({
group = string
balancing_mode = optional(string, "UTILIZATION")

249
tests/modules/net_lb_app_int/examples/urlmap.yaml Normal file
View File

@@ -0,0 +1,249 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.ilb-l7.google_compute_forwarding_rule.default:
all_ports: null
allow_global_access: null
allow_psc_global_access: null
backend_service: null
description: Terraform managed.
ip_collection: null
ip_protocol: TCP
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test
network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa
network_tier: PREMIUM
no_automate_dns_zone: null
port_range: '80'
ports: null
project: project-id
recreate_closed_psc: false
region: europe-west1
service_label: null
source_ip_ranges: null
subnetwork: subnet_self_link
timeouts: null
module.ilb-l7.google_compute_health_check.default["default"]:
check_interval_sec: 5
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check:
- host: null
port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request_path: /
response: null
https_health_check: []
name: ilb-test-default
project: project-id
source_regions: null
ssl_health_check: []
tcp_health_check: []
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
module.ilb-l7.google_compute_region_backend_service.default["audio"]:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-3
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
log_config:
- enable: false
sample_rate: null
name: ilb-test-audio
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: HTTP
region: europe-west1
security_policy: null
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.ilb-l7.google_compute_region_backend_service.default["default"]:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
name: ilb-test-default
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: HTTP
region: europe-west1
security_policy: null
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.ilb-l7.google_compute_region_backend_service.default["video"]:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
custom_metrics: []
description: Terraform managed.
failover: false
group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-2
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
traffic_duration: ''
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL_MANAGED
locality_lb_policy: null
log_config:
- enable: true
sample_rate: 0.5
name: ilb-test-video
network: null
network_pass_through_lb_traffic_policy: []
outlier_detection: []
params: []
project: project-id
protocol: HTTP
region: europe-west1
security_policy: null
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
tls_settings: []
module.ilb-l7.google_compute_region_target_http_proxy.default[0]:
description: Terraform managed.
http_keep_alive_timeout_sec: null
name: ilb-test
project: project-id
region: europe-west1
timeouts: null
module.ilb-l7.google_compute_region_url_map.default:
default_route_action: []
default_url_redirect: []
description: Terraform managed.
header_action: []
host_rule:
- description: ''
hosts:
- '*'
path_matcher: pathmap
name: ilb-test
path_matcher:
- default_route_action: []
default_url_redirect: []
description: null
header_action: []
name: pathmap
path_rule:
- paths:
- /audio
- /audio/*
route_action: []
url_redirect: []
- paths:
- /video
- /video/*
route_action: []
url_redirect: []
route_rules: []
project: project-id
region: europe-west1
test: []
timeouts: null
counts:
google_compute_forwarding_rule: 1
google_compute_health_check: 1
google_compute_region_backend_service: 3
google_compute_region_target_http_proxy: 1
google_compute_region_url_map: 1
modules: 1
resources: 7
outputs: {}

46
tests/modules/net_lb_app_int/logging.tfvars Normal file
View File

@@ -0,0 +1,46 @@
/**
* Copyright 2026 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
backend_service_configs = {
logging-enabled = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
}]
log_config = {
enable = true
sample_rate = 0.5
}
}
logging-disabled = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
}]
log_config = {
enable = false
}
}
logging-advanced = {
backends = [{
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
}]
log_config = {
enable = true
sample_rate = 0.8
optional_mode = "CUSTOM"
optional_fields = ["orca_load_report", "tls.protocol"]
}
}
}

38
tests/modules/net_lb_app_int/logging.yaml Normal file
View File

@@ -0,0 +1,38 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_region_backend_service.default["logging-enabled"]:
log_config:
- enable: true
sample_rate: 0.5
google_compute_region_backend_service.default["logging-disabled"]:
log_config:
- enable: false
sample_rate: null
google_compute_region_backend_service.default["logging-advanced"]:
log_config:
- enable: true
sample_rate: 0.8
optional_mode: CUSTOM
optional_fields:
- orca_load_report
- tls.protocol
counts:
google_compute_forwarding_rule: 1
google_compute_health_check: 1
google_compute_region_backend_service: 3
google_compute_region_target_http_proxy: 1
google_compute_region_url_map: 1

1
tests/modules/net_lb_app_int/tftest.yaml
View File

@@ -29,6 +29,7 @@ tests:
health-checks-ssl:
health-checks-tcp:
https:
logging:
negs:
ssl:
urlmaps: