Exposing aws_v4_authentication configuration in global external alb (#2539)

* added disable_default_snat variable

* add an option to disable default snat

* tfdoc readme

* change order of variables

* modify variable to exist within vpc_config and have a null default,
creating a conditional dynamic block to provide backward compatability

* defining disable snat variable in autopilot as it is also an option

* fix conditional

* update readme

* null is implied in optional bool

* update readmes

* expose aws_v4_authentication configuration option

* terraform fmt

* update readme

* use dynamic block and optional for new variable

modules/net-lb-app-ext/backend-service.tf

@@ -257,6 +257,17 @@ resource "google_compute_backend_service" "default" {
     content {
       client_tls_policy = ss.value.client_tls_policy
       subject_alt_names = ss.value.subject_alt_names
+
+      dynamic "aws_v4_authentication" {
+        for_each = ss.value.aws_v4_authentication == null ? [] : [""]
+
+        content {
+          access_key_id      = ss.value.aws_v4_authentication.access_key_id
+          access_key         = ss.value.aws_v4_authentication.access_key
+          access_key_version = ss.value.aws_v4_authentication.access_key_version
+          origin_region      = ss.value.aws_v4_authentication.origin_region
+        }
+      }
     }
   }
 }

modules/net-lb-app-ext/variables-backend-service.tf

@@ -123,8 +123,13 @@ variable "backend_service_configs" {
     security_settings = optional(object({
       client_tls_policy = string
       subject_alt_names = list(string)
-    }))
-  }))
+      aws_v4_authentication = optional(object({
+        access_key_id      = optional(string)
+        access_key         = optional(string)
+        access_key_version = optional(string)
+        origin_region      = optional(string)
+      }))
+  })) }))
   default  = {}
   nullable = false
   validation {