Allow IAP configuration with default IdP
Load balancers can be configured with IAP-enabled backends. They can either be configured to use external Identity Providers (IdP) or to use Cloud Identity. The latter is the default and is used when the OAuth2 parameters are not specified. The iap_config parameter in the backend_service_configs variable already supported the external IdP option, but did not support the default one.
This commit is contained in:
Stefano Tribioli
committed by
Stefano Tribioli
Stefano Tribioli
parent
03db2e45cf
commit
ffe1fbdfea
@@ -786,7 +786,7 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
|
||||
| [region](variables.tf#L182) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L224) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
||||
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
|
||||
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | <code title="map(object({ affinity_cookie_ttl_sec = optional(number) connection_draining_timeout_sec = optional(number) health_checks = optional(list(string), ["default"]) locality_lb_policy = optional(string) log_sample_rate = optional(number) port_name = optional(string) project_id = optional(string) protocol = optional(string) session_affinity = optional(string) timeout_sec = optional(number) security_policy = optional(string) backends = list(object({ group = string balancing_mode = optional(string, "UTILIZATION") capacity_scaler = optional(number, 1) description = optional(string, "Terraform managed.") failover = optional(bool, false) max_rate = optional(object({ per_endpoint = optional(number) per_group = optional(number) per_instance = optional(number) })) max_utilization = optional(number) })) circuit_breakers = optional(object({ max_connections = optional(number) max_pending_requests = optional(number) max_requests = optional(number) max_requests_per_connection = optional(number) max_retries = optional(number) connect_timeout = optional(object({ seconds = number nanos = optional(number) })) })) consistent_hash = optional(object({ http_header_name = optional(string) minimum_ring_size = optional(number) http_cookie = optional(object({ name = optional(string) path = optional(string) ttl = optional(object({ seconds = number nanos = optional(number) })) })) })) enable_subsetting = optional(bool) failover_config = optional(object({ disable_conn_drain = optional(bool) drop_traffic_if_unhealthy = optional(bool) })) iap_config = optional(object({ oauth2_client_id = string oauth2_client_secret = string oauth2_client_secret_sha256 = optional(string) })) outlier_detection = optional(object({ consecutive_errors = optional(number) consecutive_gateway_failure = optional(number) enforcing_consecutive_errors = optional(number) enforcing_consecutive_gateway_failure = optional(number) enforcing_success_rate = optional(number) max_ejection_percent = optional(number) success_rate_minimum_hosts = optional(number) success_rate_request_volume = optional(number) success_rate_stdev_factor = optional(number) base_ejection_time = optional(object({ seconds = number nanos = optional(number) })) interval = optional(object({ seconds = number nanos = optional(number) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | <code title="map(object({ affinity_cookie_ttl_sec = optional(number) connection_draining_timeout_sec = optional(number) health_checks = optional(list(string), ["default"]) locality_lb_policy = optional(string) log_sample_rate = optional(number) port_name = optional(string) project_id = optional(string) protocol = optional(string) session_affinity = optional(string) timeout_sec = optional(number) security_policy = optional(string) backends = list(object({ group = string balancing_mode = optional(string, "UTILIZATION") capacity_scaler = optional(number, 1) description = optional(string, "Terraform managed.") failover = optional(bool, false) max_rate = optional(object({ per_endpoint = optional(number) per_group = optional(number) per_instance = optional(number) })) max_utilization = optional(number) })) circuit_breakers = optional(object({ max_connections = optional(number) max_pending_requests = optional(number) max_requests = optional(number) max_requests_per_connection = optional(number) max_retries = optional(number) connect_timeout = optional(object({ seconds = number nanos = optional(number) })) })) consistent_hash = optional(object({ http_header_name = optional(string) minimum_ring_size = optional(number) http_cookie = optional(object({ name = optional(string) path = optional(string) ttl = optional(object({ seconds = number nanos = optional(number) })) })) })) enable_subsetting = optional(bool) failover_config = optional(object({ disable_conn_drain = optional(bool) drop_traffic_if_unhealthy = optional(bool) })) iap_config = optional(object({ oauth2_client_id = optional(string) oauth2_client_secret = optional(string) oauth2_client_secret_sha256 = optional(string) })) outlier_detection = optional(object({ consecutive_errors = optional(number) consecutive_gateway_failure = optional(number) enforcing_consecutive_errors = optional(number) enforcing_consecutive_gateway_failure = optional(number) enforcing_success_rate = optional(number) max_ejection_percent = optional(number) success_rate_minimum_hosts = optional(number) success_rate_request_volume = optional(number) success_rate_stdev_factor = optional(number) base_ejection_time = optional(object({ seconds = number nanos = optional(number) })) interval = optional(object({ seconds = number nanos = optional(number) })) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L23) | Optional description used for resources. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [global_access](variables.tf#L30) | Allow client access from all regions. | <code>bool</code> | | <code>null</code> |
|
||||
| [group_configs](variables.tf#L36) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code title="map(object({ zone = string instances = optional(list(string)) named_ports = optional(map(number), {}) project_id = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
@@ -72,8 +72,8 @@ variable "backend_service_configs" {
|
||||
drop_traffic_if_unhealthy = optional(bool)
|
||||
}))
|
||||
iap_config = optional(object({
|
||||
oauth2_client_id = string
|
||||
oauth2_client_secret = string
|
||||
oauth2_client_id = optional(string)
|
||||
oauth2_client_secret = optional(string)
|
||||
oauth2_client_secret_sha256 = optional(string)
|
||||
}))
|
||||
outlier_detection = optional(object({
|
||||
|
||||
Reference in New Issue
Block a user