add service attachments for cross regional load balancer

add docs and cleanup add missing toc link in readme add domain_name field in the service attachment docs update variable table with tfdoc.py
2025-12-22 10:59:50 +01:00
parent 63a3d0d250
commit de401addcb
3 changed files with 119 additions and 4 deletions
--- a/modules/net-lb-app-int-cross-region/README.md
+++ b/modules/net-lb-app-int-cross-region/README.md
--- a/modules/net-lb-app-int-cross-region/main.tf
+++ b/modules/net-lb-app-int-cross-region/main.tf
@@ -99,6 +99,37 @@ resource "google_compute_target_https_proxy" "default" {
  url_map                          = google_compute_url_map.default.id
 }

+resource "google_compute_service_attachment" "default" {
+  for_each       = var.service_attachment == null ? {} : google_compute_global_forwarding_rule.forwarding_rules
+  project        = var.project_id
+  region         = each.key
+  name           = each.value.name
+  description    = var.service_attachment.description
+  target_service = each.value.id
+  nat_subnets    = var.service_attachment.nat_subnets[each.key]
+  connection_preference = (
+    var.service_attachment.automatic_connection
+    ? "ACCEPT_AUTOMATIC"
+    : "ACCEPT_MANUAL"
+  )
+  consumer_reject_lists = var.service_attachment.consumer_reject_lists
+  domain_names = (
+    var.service_attachment.domain_name == null
+    ? null
+    : [var.service_attachment.domain_name[each.key]]
+  )
+  enable_proxy_protocol = var.service_attachment.enable_proxy_protocol
+  reconcile_connections = var.service_attachment.reconcile_connections
+  dynamic "consumer_accept_lists" {
+    for_each = var.service_attachment.consumer_accept_lists
+    iterator = accept
+    content {
+      project_id_or_num = accept.key
+      connection_limit  = accept.value
+    }
+  }
+}
+
 resource "google_compute_network_endpoint_group" "default" {
  for_each = local.neg_zonal
  project = (
--- a/modules/net-lb-app-int-cross-region/variables.tf
+++ b/modules/net-lb-app-int-cross-region/variables.tf
@@ -168,6 +168,21 @@ variable "protocol" {
  }
 }

+variable "service_attachment" {
+  description = "PSC service attachments."
+  type = object({
+    automatic_connection  = optional(bool, false)
+    consumer_accept_lists = optional(map(string), {})
+    consumer_reject_lists = optional(list(string))
+    description           = optional(string)
+    domain_name           = optional(map(string))
+    enable_proxy_protocol = optional(bool, false)
+    nat_subnets           = map(list(string))
+    reconcile_connections = optional(bool)
+  })
+  default = null
+}
+
 variable "service_directory_registration" {
  description = "Service directory namespace and service used to register this load balancer."
  type = object({