Allowing disabling logging and configuring optional fields in LB backend services (#3940)

* fix(modules): allow disabling logging and configuring optional fields in LB backend services

Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging.

Affected modules:
- net-lb-app-ext-regional
- net-lb-app-ext
- net-lb-app-int-cross-region
- net-lb-app-int
- net-lb-ext
- net-lb-int
- net-lb-proxy-int

Added test cases and updated documentation.

Fixes #3914

* style: format variables files with terraform fmt

* docs: add critical linting rule for AI agents to GEMINI.md

modules/net-lb-int/README.md

@@ -459,21 +459,21 @@ One other issue is a `Provider produced inconsistent final plan` error which is
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [name](variables.tf#L203) | Name used for all resources. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L208) | Project id where resources will be created. | <code>string</code> | ✓ |  |
-| [region](variables.tf#L213) | GCP region. | <code>string</code> | ✓ |  |
-| [vpc_config](variables.tf#L239) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [name](variables.tf#L208) | Name used for all resources. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L213) | Project id where resources will be created. | <code>string</code> | ✓ |  |
+| [region](variables.tf#L218) | GCP region. | <code>string</code> | ✓ |  |
+| [vpc_config](variables.tf#L244) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
 | [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [backends](variables.tf#L53) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
-| [context](variables.tf#L64) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [description](variables.tf#L77) | Optional description used for resources. | <code>string</code> |  | <code>&#34;Terraform managed.&#34;</code> |
-| [forwarding_rules_config](variables.tf#L83) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
-| [group_configs](variables.tf#L99) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [health_check](variables.tf#L112) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | <code>string</code> |  | <code>null</code> |
-| [health_check_config](variables.tf#L118) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
-| [labels](variables.tf#L197) | Labels set on resources. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
-| [service_attachments](variables.tf#L218) | PSC service attachments, keyed by forwarding rule. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
-| [service_label](variables.tf#L233) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> |  | <code>null</code> |
+| [backends](variables.tf#L58) | Load balancer backends. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#91;&#93;</code> |
+| [context](variables.tf#L69) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [description](variables.tf#L82) | Optional description used for resources. | <code>string</code> |  | <code>&#34;Terraform managed.&#34;</code> |
+| [forwarding_rules_config](variables.tf#L88) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
+| [group_configs](variables.tf#L104) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [health_check](variables.tf#L117) | Name of existing health check to use, disables auto-created health check. Also set `health_check_config = null` when cross-referencing an health check from another load balancer module to avoid a Terraform error. | <code>string</code> |  | <code>null</code> |
+| [health_check_config](variables.tf#L123) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
+| [labels](variables.tf#L202) | Labels set on resources. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
+| [service_attachments](variables.tf#L223) | PSC service attachments, keyed by forwarding rule. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
+| [service_label](variables.tf#L238) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> |  | <code>null</code> |
 
 ## Outputs
 

modules/net-lb-int/main.tf

@@ -134,10 +134,12 @@ resource "google_compute_region_backend_service" "default" {
   }
 
   dynamic "log_config" {
-    for_each = var.backend_service_config.log_sample_rate == null ? [] : [""]
+    for_each = var.backend_service_config.log_config == null ? [] : [""]
     content {
-      enable      = true
-      sample_rate = var.backend_service_config.log_sample_rate
+      enable          = var.backend_service_config.log_config.enable
+      sample_rate     = var.backend_service_config.log_config.sample_rate
+      optional_mode   = var.backend_service_config.log_config.optional_mode
+      optional_fields = var.backend_service_config.log_config.optional_fields
     }
   }
 

modules/net-lb-int/variables.tf

@@ -29,7 +29,12 @@ variable "backend_service_config" {
       drop_traffic_if_unhealthy = optional(bool)
       ratio                     = optional(number)
     }))
-    log_sample_rate  = optional(number)
+    log_config = optional(object({
+      enable          = optional(bool)
+      sample_rate     = optional(number)
+      optional_mode   = optional(string)
+      optional_fields = optional(list(string))
+    }))
     name             = optional(string)
     description      = optional(string, "Terraform managed.")
     protocol         = optional(string, "UNSPECIFIED")