Allowing disabling logging and configuring optional fields in LB backend services (#3940)

* fix(modules): allow disabling logging and configuring optional fields in LB backend services Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging. Affected modules: - net-lb-app-ext-regional - net-lb-app-ext - net-lb-app-int-cross-region - net-lb-app-int - net-lb-ext - net-lb-int - net-lb-proxy-int Added test cases and updated documentation. Fixes #3914 * style: format variables files with terraform fmt * docs: add critical linting rule for AI agents to GEMINI.md
2026-05-07 09:07:58 +02:00
parent 16c245f43b
commit bf9ccb7547
23 changed files with 505 additions and 103 deletions
--- a/modules/net-lb-proxy-int/README.md
+++ b/modules/net-lb-proxy-int/README.md
@@ -334,21 +334,21 @@ For deploying changes to load balancer configuration please refer to [net-lb-app

 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [name](variables.tf#L203) | Load balancer name. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L272) | Project id. | <code>string</code> | ✓ |  |
-| [region](variables.tf#L277) | The region where to allocate the ILB resources. | <code>string</code> | ✓ |  |
-| [vpc_config](variables.tf#L297) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [name](variables.tf#L208) | Load balancer name. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L277) | Project id. | <code>string</code> | ✓ |  |
+| [region](variables.tf#L282) | The region where to allocate the ILB resources. | <code>string</code> | ✓ |  |
+| [vpc_config](variables.tf#L302) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
 | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> |  | <code>null</code> |
 | [backend_service_config](variables.tf#L23) | Backend service level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [description](variables.tf#L77) | Optional description used for resources. | <code>string</code> |  | <code>&#34;Terraform managed.&#34;</code> |
-| [global_access](variables.tf#L84) | Allow client access from all regions. | <code>bool</code> |  | <code>null</code> |
-| [group_configs](variables.tf#L90) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [health_check](variables.tf#L104) | Name of existing health check to use, disables auto-created health check. | <code>string</code> |  | <code>null</code> |
-| [health_check_config](variables.tf#L110) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
-| [labels](variables.tf#L197) | Labels set on resources. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
-| [neg_configs](variables.tf#L208) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [port](variables.tf#L266) | Port. | <code>number</code> |  | <code>80</code> |
-| [service_attachment](variables.tf#L282) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [description](variables.tf#L82) | Optional description used for resources. | <code>string</code> |  | <code>&#34;Terraform managed.&#34;</code> |
+| [global_access](variables.tf#L89) | Allow client access from all regions. | <code>bool</code> |  | <code>null</code> |
+| [group_configs](variables.tf#L95) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [health_check](variables.tf#L109) | Name of existing health check to use, disables auto-created health check. | <code>string</code> |  | <code>null</code> |
+| [health_check_config](variables.tf#L115) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
+| [labels](variables.tf#L202) | Labels set on resources. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
+| [neg_configs](variables.tf#L213) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [port](variables.tf#L271) | Port. | <code>number</code> |  | <code>80</code> |
+| [service_attachment](variables.tf#L287) | PSC service attachment. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |

 ## Outputs

--- a/modules/net-lb-proxy-int/backend-service.tf
+++ b/modules/net-lb-proxy-int/backend-service.tf
@@ -93,10 +93,12 @@ resource "google_compute_region_backend_service" "default" {
  }

  dynamic "log_config" {
-    for_each = var.backend_service_config.log_sample_rate == null ? [] : [""]
+    for_each = var.backend_service_config.log_config == null ? [] : [""]
    content {
-      enable      = true
-      sample_rate = var.backend_service_config.log_sample_rate
+      enable          = var.backend_service_config.log_config.enable
+      sample_rate     = var.backend_service_config.log_config.sample_rate
+      optional_mode   = var.backend_service_config.log_config.optional_mode
+      optional_fields = var.backend_service_config.log_config.optional_fields
    }
  }

--- a/modules/net-lb-proxy-int/variables.tf
+++ b/modules/net-lb-proxy-int/variables.tf
@@ -28,11 +28,16 @@ variable "backend_service_config" {
    affinity_cookie_ttl_sec         = optional(number)
    connection_draining_timeout_sec = optional(number)
    health_checks                   = optional(list(string), ["default"])
-    log_sample_rate                 = optional(number)
-    port_name                       = optional(string)
-    project_id                      = optional(string)
-    session_affinity                = optional(string, "NONE")
-    timeout_sec                     = optional(number)
+    log_config = optional(object({
+      enable          = optional(bool)
+      sample_rate     = optional(number)
+      optional_mode   = optional(string)
+      optional_fields = optional(list(string))
+    }))
+    port_name        = optional(string)
+    project_id       = optional(string)
+    session_affinity = optional(string, "NONE")
+    timeout_sec      = optional(number)
    backends = optional(list(object({
      group           = string
      balancing_mode  = optional(string, "UTILIZATION")