From bf9ccb7547e0b69541690d6b95a6bc604a4f21b7 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Thu, 7 May 2026 09:07:58 +0200 Subject: [PATCH] Allowing disabling logging and configuring optional fields in LB backend services (#3940) * fix(modules): allow disabling logging and configuring optional fields in LB backend services Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging. Affected modules: - net-lb-app-ext-regional - net-lb-app-ext - net-lb-app-int-cross-region - net-lb-app-int - net-lb-ext - net-lb-int - net-lb-proxy-int Added test cases and updated documentation. Fixes #3914 * style: format variables files with terraform fmt * docs: add critical linting rule for AI agents to GEMINI.md --- GEMINI.md | 1 + .../backend-service.tf | 8 +- .../variables-backend-service.tf | 21 +- modules/net-lb-app-ext/backend-service.tf | 8 +- .../variables-backend-service.tf | 19 +- .../backend-service.tf | 8 +- .../variables-backend-service.tf | 17 +- modules/net-lb-app-int/README.md | 28 +- modules/net-lb-app-int/backend-service.tf | 8 +- .../variables-backend-service.tf | 19 +- modules/net-lb-ext/README.md | 18 +- modules/net-lb-ext/main.tf | 8 +- modules/net-lb-ext/variables.tf | 19 +- modules/net-lb-int/README.md | 28 +- modules/net-lb-int/main.tf | 8 +- modules/net-lb-int/variables.tf | 7 +- modules/net-lb-proxy-int/README.md | 26 +- modules/net-lb-proxy-int/backend-service.tf | 8 +- modules/net-lb-proxy-int/variables.tf | 15 +- .../net_lb_app_int/examples/urlmap.yaml | 249 ++++++++++++++++++ tests/modules/net_lb_app_int/logging.tfvars | 46 ++++ tests/modules/net_lb_app_int/logging.yaml | 38 +++ tests/modules/net_lb_app_int/tftest.yaml | 1 + 23 files changed, 505 insertions(+), 103 deletions(-) create mode 100644 tests/modules/net_lb_app_int/examples/urlmap.yaml create mode 100644 tests/modules/net_lb_app_int/logging.tfvars create mode 100644 tests/modules/net_lb_app_int/logging.yaml diff --git a/GEMINI.md b/GEMINI.md index 9ae14a1a9..0bc1ced60 100644 --- a/GEMINI.md +++ b/GEMINI.md @@ -270,5 +270,6 @@ Run the specific `pytest` plan test. The test will fail, and the captured output - For targeted edits or appending to a single file, ALWAYS use the native `replace` tool. (To append, match the last few lines of the file and replace them with the same lines plus your new content). - **EXCEPTION (Pattern/Bulk Edits):** You MAY use shell commands (like `sed -i`, `perl -pi`, or `find ... xargs sed`) ONLY for regex-based or pattern-based replacements, particularly across multiple files, where the exact-match `replace` tool is not feasible. - **Ambiguity & Paths:** When encountering unfamiliar or unexpected repository structures, paths, or tool executions, always pause and offer the user the choice to either explain or authorize further independent investigation, rather than making assumptions or guessing paths. +- **CRITICAL (LINTING & FORMATTING):** You MUST ALWAYS run all formatting and linting checks (`terraform fmt`, `check_documentation.py`, `yamllint`, `check_boilerplate.py` as described in [Formatting & Linting](#1-formatting--linting)) on all modified or new files BEFORE staging, committing, or pushing changes. To run specific FAST stage tests, use the syntax `pytest tests/fast/stages/s_/tftest.yaml::`. For example: `pytest tests/fast/stages/s0_org_setup/tftest.yaml::starter-gcd`. diff --git a/modules/net-lb-app-ext-regional/backend-service.tf b/modules/net-lb-app-ext-regional/backend-service.tf index a5f533267..c50626271 100644 --- a/modules/net-lb-app-ext-regional/backend-service.tf +++ b/modules/net-lb-app-ext-regional/backend-service.tf @@ -205,10 +205,12 @@ resource "google_compute_region_backend_service" "default" { } dynamic "log_config" { - for_each = each.value.log_sample_rate == null ? [] : [""] + for_each = each.value.log_config == null ? [] : [""] content { - enable = true - sample_rate = each.value.log_sample_rate + enable = each.value.log_config.enable + sample_rate = each.value.log_config.sample_rate + optional_mode = each.value.log_config.optional_mode + optional_fields = each.value.log_config.optional_fields } } diff --git a/modules/net-lb-app-ext-regional/variables-backend-service.tf b/modules/net-lb-app-ext-regional/variables-backend-service.tf index 4a0cf25f0..b9c79d4c4 100644 --- a/modules/net-lb-app-ext-regional/variables-backend-service.tf +++ b/modules/net-lb-app-ext-regional/variables-backend-service.tf @@ -25,14 +25,19 @@ variable "backend_service_configs" { connection_draining_timeout_sec = optional(number) enable_cdn = optional(bool) health_checks = optional(list(string), ["default"]) - log_sample_rate = optional(number) - port_name = optional(string) - project_id = optional(string) - protocol = optional(string) - security_policy = optional(string) - session_affinity = optional(string) - locality_lb_policy = optional(string) - timeout_sec = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + port_name = optional(string) + project_id = optional(string) + protocol = optional(string) + security_policy = optional(string) + session_affinity = optional(string) + locality_lb_policy = optional(string) + timeout_sec = optional(number) backends = list(object({ # group renamed to backend backend = string diff --git a/modules/net-lb-app-ext/backend-service.tf b/modules/net-lb-app-ext/backend-service.tf index 694dc7fa4..fe1ed27cb 100644 --- a/modules/net-lb-app-ext/backend-service.tf +++ b/modules/net-lb-app-ext/backend-service.tf @@ -209,10 +209,12 @@ resource "google_compute_backend_service" "default" { } dynamic "log_config" { - for_each = each.value.log_sample_rate == null ? [] : [""] + for_each = each.value.log_config == null ? [] : [""] content { - enable = true - sample_rate = each.value.log_sample_rate + enable = each.value.log_config.enable + sample_rate = each.value.log_config.sample_rate + optional_mode = each.value.log_config.optional_mode + optional_fields = each.value.log_config.optional_fields } } diff --git a/modules/net-lb-app-ext/variables-backend-service.tf b/modules/net-lb-app-ext/variables-backend-service.tf index 20d58d7f4..00d4a5ada 100644 --- a/modules/net-lb-app-ext/variables-backend-service.tf +++ b/modules/net-lb-app-ext/variables-backend-service.tf @@ -28,14 +28,19 @@ variable "backend_service_configs" { custom_response_headers = optional(list(string)) enable_cdn = optional(bool) health_checks = optional(list(string), ["default"]) - log_sample_rate = optional(number) locality_lb_policy = optional(string) - port_name = optional(string) - project_id = optional(string) - protocol = optional(string) - security_policy = optional(string) - session_affinity = optional(string) - timeout_sec = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + port_name = optional(string) + project_id = optional(string) + protocol = optional(string) + security_policy = optional(string) + session_affinity = optional(string) + timeout_sec = optional(number) backends = list(object({ # group renamed to backend backend = string diff --git a/modules/net-lb-app-int-cross-region/backend-service.tf b/modules/net-lb-app-int-cross-region/backend-service.tf index 200971fd7..5e3746a75 100644 --- a/modules/net-lb-app-int-cross-region/backend-service.tf +++ b/modules/net-lb-app-int-cross-region/backend-service.tf @@ -150,10 +150,12 @@ resource "google_compute_backend_service" "default" { } dynamic "log_config" { - for_each = each.value.log_sample_rate == null ? [] : [""] + for_each = each.value.log_config == null ? [] : [""] content { - enable = true - sample_rate = each.value.log_sample_rate + enable = each.value.log_config.enable + sample_rate = each.value.log_config.sample_rate + optional_mode = each.value.log_config.optional_mode + optional_fields = each.value.log_config.optional_fields } } diff --git a/modules/net-lb-app-int-cross-region/variables-backend-service.tf b/modules/net-lb-app-int-cross-region/variables-backend-service.tf index 223c7983b..767825689 100644 --- a/modules/net-lb-app-int-cross-region/variables-backend-service.tf +++ b/modules/net-lb-app-int-cross-region/variables-backend-service.tf @@ -25,12 +25,17 @@ variable "backend_service_configs" { connection_draining_timeout_sec = optional(number) health_checks = optional(list(string), ["default"]) locality_lb_policy = optional(string) - log_sample_rate = optional(number) - port_name = optional(string) - project_id = optional(string) - protocol = optional(string) - session_affinity = optional(string) - timeout_sec = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + port_name = optional(string) + project_id = optional(string) + protocol = optional(string) + session_affinity = optional(string) + timeout_sec = optional(number) backends = list(object({ group = string balancing_mode = optional(string, "UTILIZATION") diff --git a/modules/net-lb-app-int/README.md b/modules/net-lb-app-int/README.md index efd1b0747..27d1ec4e6 100644 --- a/modules/net-lb-app-int/README.md +++ b/modules/net-lb-app-int/README.md @@ -628,6 +628,18 @@ module "ilb-l7" { backends = [{ group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-2" }] + log_config = { + enable = true + sample_rate = 0.5 + } + } + audio = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-3" + }] + log_config = { + enable = false + } } } urlmap_config = { @@ -639,10 +651,16 @@ module "ilb-l7" { path_matchers = { pathmap = { default_service = "default" - path_rules = [{ - paths = ["/video", "/video/*"] - service = "video" - }] + path_rules = [ + { + paths = ["/video", "/video/*"] + service = "video" + }, + { + paths = ["/audio", "/audio/*"] + service = "audio" + } + ] } } } @@ -652,7 +670,7 @@ module "ilb-l7" { } } -# tftest modules=1 resources=6 +# tftest modules=1 resources=7 inventory=urlmap.yaml ``` ### SSL Certificates diff --git a/modules/net-lb-app-int/backend-service.tf b/modules/net-lb-app-int/backend-service.tf index 3f2fde913..ac93fff88 100644 --- a/modules/net-lb-app-int/backend-service.tf +++ b/modules/net-lb-app-int/backend-service.tf @@ -176,10 +176,12 @@ resource "google_compute_region_backend_service" "default" { } dynamic "log_config" { - for_each = each.value.log_sample_rate == null ? [] : [""] + for_each = each.value.log_config == null ? [] : [""] content { - enable = true - sample_rate = each.value.log_sample_rate + enable = each.value.log_config.enable + sample_rate = each.value.log_config.sample_rate + optional_mode = each.value.log_config.optional_mode + optional_fields = each.value.log_config.optional_fields } } diff --git a/modules/net-lb-app-int/variables-backend-service.tf b/modules/net-lb-app-int/variables-backend-service.tf index f38019fb7..4733deedb 100644 --- a/modules/net-lb-app-int/variables-backend-service.tf +++ b/modules/net-lb-app-int/variables-backend-service.tf @@ -25,13 +25,18 @@ variable "backend_service_configs" { connection_draining_timeout_sec = optional(number) health_checks = optional(list(string), ["default"]) locality_lb_policy = optional(string) - log_sample_rate = optional(number) - port_name = optional(string) - project_id = optional(string) - protocol = optional(string) - session_affinity = optional(string) - timeout_sec = optional(number) - security_policy = optional(string) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + port_name = optional(string) + project_id = optional(string) + protocol = optional(string) + session_affinity = optional(string) + timeout_sec = optional(number) + security_policy = optional(string) backends = list(object({ group = string balancing_mode = optional(string, "UTILIZATION") diff --git a/modules/net-lb-ext/README.md b/modules/net-lb-ext/README.md index 30b4b61d7..1a0bf9310 100644 --- a/modules/net-lb-ext/README.md +++ b/modules/net-lb-ext/README.md @@ -205,16 +205,16 @@ For deploying changes to load balancer configuration please refer to [net-lb-app | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L198) | Name used for all resources. | string | ✓ | | -| [project_id](variables.tf#L203) | Project id where resources will be created. | string | ✓ | | -| [region](variables.tf#L208) | GCP region. | string | ✓ | | +| [name](variables.tf#L203) | Name used for all resources. | string | ✓ | | +| [project_id](variables.tf#L208) | Project id where resources will be created. | string | ✓ | | +| [region](variables.tf#L213) | GCP region. | string | ✓ | | | [backend_service_config](variables.tf#L17) | Backend service level configuration. | object({…}) | | {} | -| [backends](variables.tf#L68) | Load balancer backends. | list(object({…})) | | [] | -| [forwarding_rules_config](variables.tf#L79) | The optional forwarding rules configuration. | map(object({…})) | | {…} | -| [group_configs](variables.tf#L95) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L108) | Name of existing health check to use, disables auto-created health check. | string | | null | -| [health_check_config](variables.tf#L114) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L192) | Labels set on resources. | map(string) | | {} | +| [backends](variables.tf#L73) | Load balancer backends. | list(object({…})) | | [] | +| [forwarding_rules_config](variables.tf#L84) | The optional forwarding rules configuration. | map(object({…})) | | {…} | +| [group_configs](variables.tf#L100) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L113) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L119) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L197) | Labels set on resources. | map(string) | | {} | ## Outputs diff --git a/modules/net-lb-ext/main.tf b/modules/net-lb-ext/main.tf index 88588d06d..b4f022af9 100644 --- a/modules/net-lb-ext/main.tf +++ b/modules/net-lb-ext/main.tf @@ -102,10 +102,12 @@ resource "google_compute_region_backend_service" "default" { } dynamic "log_config" { - for_each = var.backend_service_config.log_sample_rate == null ? [] : [""] + for_each = var.backend_service_config.log_config == null ? [] : [""] content { - enable = true - sample_rate = var.backend_service_config.log_sample_rate + enable = var.backend_service_config.log_config.enable + sample_rate = var.backend_service_config.log_config.sample_rate + optional_mode = var.backend_service_config.log_config.optional_mode + optional_fields = var.backend_service_config.log_config.optional_fields } } } diff --git a/modules/net-lb-ext/variables.tf b/modules/net-lb-ext/variables.tf index 521e1390b..05f829e40 100644 --- a/modules/net-lb-ext/variables.tf +++ b/modules/net-lb-ext/variables.tf @@ -29,13 +29,18 @@ variable "backend_service_config" { ratio = optional(number) })) locality_lb_policy = optional(string) - log_sample_rate = optional(number) - name = optional(string) - description = optional(string, "Terraform managed.") - port_name = optional(string) - protocol = optional(string, "UNSPECIFIED") - session_affinity = optional(string) - timeout_sec = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + name = optional(string) + description = optional(string, "Terraform managed.") + port_name = optional(string) + protocol = optional(string, "UNSPECIFIED") + session_affinity = optional(string) + timeout_sec = optional(number) }) default = {} nullable = false diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md index 5d7f3b346..24308dab0 100644 --- a/modules/net-lb-int/README.md +++ b/modules/net-lb-int/README.md @@ -459,21 +459,21 @@ One other issue is a `Provider produced inconsistent final plan` error which is | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L203) | Name used for all resources. | string | ✓ | | -| [project_id](variables.tf#L208) | Project id where resources will be created. | string | ✓ | | -| [region](variables.tf#L213) | GCP region. | string | ✓ | | -| [vpc_config](variables.tf#L239) | VPC-level configuration. | object({…}) | ✓ | | +| [name](variables.tf#L208) | Name used for all resources. | string | ✓ | | +| [project_id](variables.tf#L213) | Project id where resources will be created. | string | ✓ | | +| [region](variables.tf#L218) | GCP region. | string | ✓ | | +| [vpc_config](variables.tf#L244) | VPC-level configuration. | object({…}) | ✓ | | | [backend_service_config](variables.tf#L17) | Backend service level configuration. | object({…}) | | {} | -| [backends](variables.tf#L53) | Load balancer backends. | list(object({…})) | | [] | -| [context](variables.tf#L64) | Context-specific interpolations. | object({…}) | | {} | -| [description](variables.tf#L77) | Optional description used for resources. | string | | "Terraform managed." | -| [forwarding_rules_config](variables.tf#L83) | The optional forwarding rules configuration. | map(object({…})) | | {…} | -| [group_configs](variables.tf#L99) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L112) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | string | | null | -| [health_check_config](variables.tf#L118) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L197) | Labels set on resources. | map(string) | | {} | -| [service_attachments](variables.tf#L218) | PSC service attachments, keyed by forwarding rule. | map(object({…})) | | null | -| [service_label](variables.tf#L233) | Optional prefix of the fully qualified forwarding rule name. | string | | null | +| [backends](variables.tf#L58) | Load balancer backends. | list(object({…})) | | [] | +| [context](variables.tf#L69) | Context-specific interpolations. | object({…}) | | {} | +| [description](variables.tf#L82) | Optional description used for resources. | string | | "Terraform managed." | +| [forwarding_rules_config](variables.tf#L88) | The optional forwarding rules configuration. | map(object({…})) | | {…} | +| [group_configs](variables.tf#L104) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L117) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | string | | null | +| [health_check_config](variables.tf#L123) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L202) | Labels set on resources. | map(string) | | {} | +| [service_attachments](variables.tf#L223) | PSC service attachments, keyed by forwarding rule. | map(object({…})) | | null | +| [service_label](variables.tf#L238) | Optional prefix of the fully qualified forwarding rule name. | string | | null | ## Outputs diff --git a/modules/net-lb-int/main.tf b/modules/net-lb-int/main.tf index 56facb408..273b5cc95 100644 --- a/modules/net-lb-int/main.tf +++ b/modules/net-lb-int/main.tf @@ -134,10 +134,12 @@ resource "google_compute_region_backend_service" "default" { } dynamic "log_config" { - for_each = var.backend_service_config.log_sample_rate == null ? [] : [""] + for_each = var.backend_service_config.log_config == null ? [] : [""] content { - enable = true - sample_rate = var.backend_service_config.log_sample_rate + enable = var.backend_service_config.log_config.enable + sample_rate = var.backend_service_config.log_config.sample_rate + optional_mode = var.backend_service_config.log_config.optional_mode + optional_fields = var.backend_service_config.log_config.optional_fields } } diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf index 014c6cfe8..2f1ce22f7 100644 --- a/modules/net-lb-int/variables.tf +++ b/modules/net-lb-int/variables.tf @@ -29,7 +29,12 @@ variable "backend_service_config" { drop_traffic_if_unhealthy = optional(bool) ratio = optional(number) })) - log_sample_rate = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) name = optional(string) description = optional(string, "Terraform managed.") protocol = optional(string, "UNSPECIFIED") diff --git a/modules/net-lb-proxy-int/README.md b/modules/net-lb-proxy-int/README.md index c6edab939..ea0c85389 100644 --- a/modules/net-lb-proxy-int/README.md +++ b/modules/net-lb-proxy-int/README.md @@ -334,21 +334,21 @@ For deploying changes to load balancer configuration please refer to [net-lb-app | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L203) | Load balancer name. | string | ✓ | | -| [project_id](variables.tf#L272) | Project id. | string | ✓ | | -| [region](variables.tf#L277) | The region where to allocate the ILB resources. | string | ✓ | | -| [vpc_config](variables.tf#L297) | VPC-level configuration. | object({…}) | ✓ | | +| [name](variables.tf#L208) | Load balancer name. | string | ✓ | | +| [project_id](variables.tf#L277) | Project id. | string | ✓ | | +| [region](variables.tf#L282) | The region where to allocate the ILB resources. | string | ✓ | | +| [vpc_config](variables.tf#L302) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | | [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | -| [description](variables.tf#L77) | Optional description used for resources. | string | | "Terraform managed." | -| [global_access](variables.tf#L84) | Allow client access from all regions. | bool | | null | -| [group_configs](variables.tf#L90) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L104) | Name of existing health check to use, disables auto-created health check. | string | | null | -| [health_check_config](variables.tf#L110) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L197) | Labels set on resources. | map(string) | | {} | -| [neg_configs](variables.tf#L208) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | -| [port](variables.tf#L266) | Port. | number | | 80 | -| [service_attachment](variables.tf#L282) | PSC service attachment. | object({…}) | | null | +| [description](variables.tf#L82) | Optional description used for resources. | string | | "Terraform managed." | +| [global_access](variables.tf#L89) | Allow client access from all regions. | bool | | null | +| [group_configs](variables.tf#L95) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L109) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L115) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L202) | Labels set on resources. | map(string) | | {} | +| [neg_configs](variables.tf#L213) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | map(object({…})) | | {} | +| [port](variables.tf#L271) | Port. | number | | 80 | +| [service_attachment](variables.tf#L287) | PSC service attachment. | object({…}) | | null | ## Outputs diff --git a/modules/net-lb-proxy-int/backend-service.tf b/modules/net-lb-proxy-int/backend-service.tf index 93481a955..3dac7dd1b 100644 --- a/modules/net-lb-proxy-int/backend-service.tf +++ b/modules/net-lb-proxy-int/backend-service.tf @@ -93,10 +93,12 @@ resource "google_compute_region_backend_service" "default" { } dynamic "log_config" { - for_each = var.backend_service_config.log_sample_rate == null ? [] : [""] + for_each = var.backend_service_config.log_config == null ? [] : [""] content { - enable = true - sample_rate = var.backend_service_config.log_sample_rate + enable = var.backend_service_config.log_config.enable + sample_rate = var.backend_service_config.log_config.sample_rate + optional_mode = var.backend_service_config.log_config.optional_mode + optional_fields = var.backend_service_config.log_config.optional_fields } } diff --git a/modules/net-lb-proxy-int/variables.tf b/modules/net-lb-proxy-int/variables.tf index 2f888469d..d4f631a42 100644 --- a/modules/net-lb-proxy-int/variables.tf +++ b/modules/net-lb-proxy-int/variables.tf @@ -28,11 +28,16 @@ variable "backend_service_config" { affinity_cookie_ttl_sec = optional(number) connection_draining_timeout_sec = optional(number) health_checks = optional(list(string), ["default"]) - log_sample_rate = optional(number) - port_name = optional(string) - project_id = optional(string) - session_affinity = optional(string, "NONE") - timeout_sec = optional(number) + log_config = optional(object({ + enable = optional(bool) + sample_rate = optional(number) + optional_mode = optional(string) + optional_fields = optional(list(string)) + })) + port_name = optional(string) + project_id = optional(string) + session_affinity = optional(string, "NONE") + timeout_sec = optional(number) backends = optional(list(object({ group = string balancing_mode = optional(string, "UTILIZATION") diff --git a/tests/modules/net_lb_app_int/examples/urlmap.yaml b/tests/modules/net_lb_app_int/examples/urlmap.yaml new file mode 100644 index 000000000..665803b58 --- /dev/null +++ b/tests/modules/net_lb_app_int/examples/urlmap.yaml @@ -0,0 +1,249 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.ilb-l7.google_compute_forwarding_rule.default: + all_ports: null + allow_global_access: null + allow_psc_global_access: null + backend_service: null + description: Terraform managed. + ip_collection: null + ip_protocol: TCP + is_mirroring_collector: null + labels: null + load_balancing_scheme: INTERNAL_MANAGED + name: ilb-test + network: https://www.googleapis.com/compute/v1/projects/xxx/global/networks/aaa + network_tier: PREMIUM + no_automate_dns_zone: null + port_range: '80' + ports: null + project: project-id + recreate_closed_psc: false + region: europe-west1 + service_label: null + source_ip_ranges: null + subnetwork: subnet_self_link + timeouts: null + module.ilb-l7.google_compute_health_check.default["default"]: + check_interval_sec: 5 + description: Terraform managed. + grpc_health_check: [] + grpc_tls_health_check: [] + healthy_threshold: 2 + http2_health_check: [] + http_health_check: + - host: null + port: null + port_name: null + port_specification: USE_SERVING_PORT + proxy_header: NONE + request_path: / + response: null + https_health_check: [] + name: ilb-test-default + project: project-id + source_regions: null + ssl_health_check: [] + tcp_health_check: [] + timeout_sec: 5 + timeouts: null + unhealthy_threshold: 2 + module.ilb-l7.google_compute_region_backend_service.default["audio"]: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-3 + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + log_config: + - enable: false + sample_rate: null + name: ilb-test-audio + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: HTTP + region: europe-west1 + security_policy: null + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.ilb-l7.google_compute_region_backend_service.default["default"]: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + name: ilb-test-default + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: HTTP + region: europe-west1 + security_policy: null + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.ilb-l7.google_compute_region_backend_service.default["video"]: + affinity_cookie_ttl_sec: null + backend: + - balancing_mode: UTILIZATION + capacity_scaler: 1 + custom_metrics: [] + description: Terraform managed. + failover: false + group: projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-2 + max_connections: null + max_connections_per_endpoint: null + max_connections_per_instance: null + max_rate: null + max_rate_per_endpoint: null + max_rate_per_instance: null + max_utilization: null + traffic_duration: '' + circuit_breakers: [] + connection_draining_timeout_sec: 300 + connection_tracking_policy: [] + consistent_hash: [] + custom_metrics: [] + description: Terraform managed. + dynamic_forwarding: [] + enable_cdn: null + failover_policy: [] + ha_policy: [] + ip_address_selection_policy: null + load_balancing_scheme: INTERNAL_MANAGED + locality_lb_policy: null + log_config: + - enable: true + sample_rate: 0.5 + name: ilb-test-video + network: null + network_pass_through_lb_traffic_policy: [] + outlier_detection: [] + params: [] + project: project-id + protocol: HTTP + region: europe-west1 + security_policy: null + strong_session_affinity_cookie: [] + subsetting: [] + timeouts: null + tls_settings: [] + module.ilb-l7.google_compute_region_target_http_proxy.default[0]: + description: Terraform managed. + http_keep_alive_timeout_sec: null + name: ilb-test + project: project-id + region: europe-west1 + timeouts: null + module.ilb-l7.google_compute_region_url_map.default: + default_route_action: [] + default_url_redirect: [] + description: Terraform managed. + header_action: [] + host_rule: + - description: '' + hosts: + - '*' + path_matcher: pathmap + name: ilb-test + path_matcher: + - default_route_action: [] + default_url_redirect: [] + description: null + header_action: [] + name: pathmap + path_rule: + - paths: + - /audio + - /audio/* + route_action: [] + url_redirect: [] + - paths: + - /video + - /video/* + route_action: [] + url_redirect: [] + route_rules: [] + project: project-id + region: europe-west1 + test: [] + timeouts: null + +counts: + google_compute_forwarding_rule: 1 + google_compute_health_check: 1 + google_compute_region_backend_service: 3 + google_compute_region_target_http_proxy: 1 + google_compute_region_url_map: 1 + modules: 1 + resources: 7 + +outputs: {} diff --git a/tests/modules/net_lb_app_int/logging.tfvars b/tests/modules/net_lb_app_int/logging.tfvars new file mode 100644 index 000000000..9b7a586e1 --- /dev/null +++ b/tests/modules/net_lb_app_int/logging.tfvars @@ -0,0 +1,46 @@ +/** + * Copyright 2026 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +backend_service_configs = { + logging-enabled = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" + }] + log_config = { + enable = true + sample_rate = 0.5 + } + } + logging-disabled = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" + }] + log_config = { + enable = false + } + } + logging-advanced = { + backends = [{ + group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig" + }] + log_config = { + enable = true + sample_rate = 0.8 + optional_mode = "CUSTOM" + optional_fields = ["orca_load_report", "tls.protocol"] + } + } +} diff --git a/tests/modules/net_lb_app_int/logging.yaml b/tests/modules/net_lb_app_int/logging.yaml new file mode 100644 index 000000000..8e5720be0 --- /dev/null +++ b/tests/modules/net_lb_app_int/logging.yaml @@ -0,0 +1,38 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + google_compute_region_backend_service.default["logging-enabled"]: + log_config: + - enable: true + sample_rate: 0.5 + google_compute_region_backend_service.default["logging-disabled"]: + log_config: + - enable: false + sample_rate: null + google_compute_region_backend_service.default["logging-advanced"]: + log_config: + - enable: true + sample_rate: 0.8 + optional_mode: CUSTOM + optional_fields: + - orca_load_report + - tls.protocol + +counts: + google_compute_forwarding_rule: 1 + google_compute_health_check: 1 + google_compute_region_backend_service: 3 + google_compute_region_target_http_proxy: 1 + google_compute_region_url_map: 1 diff --git a/tests/modules/net_lb_app_int/tftest.yaml b/tests/modules/net_lb_app_int/tftest.yaml index 169e21a08..7672a7e6d 100644 --- a/tests/modules/net_lb_app_int/tftest.yaml +++ b/tests/modules/net_lb_app_int/tftest.yaml @@ -29,6 +29,7 @@ tests: health-checks-ssl: health-checks-tcp: https: + logging: negs: ssl: urlmaps: