Merge pull request #55 from NandosUK/cloud-run-lb-backends

adding custom url map and additional backends
NandosUK · Feb 14, 2024 · 6809471 · 6809471
2 parents d4ed4e6 + 62b175a
commit 6809471
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 19 deletions.
diff --git a/gcp/cloud-run-v2/main.tf b/gcp/cloud-run-v2/main.tf
@@ -5,6 +5,18 @@ data "google_project" "current" {
 locals {
   cloud_armor_rules = var.cloud_armor.enabled ? yamldecode(file(var.cloud_armor.rules_file_path)) : []
   domain            = var.custom_domain != null ? var.custom_domain : var.environment == "prod" ? "${var.name}.${var.domain_host}" : var.environment == "preview" ? "${var.name}-preview.${var.domain_host}" : "${var.name}-preprod.${var.domain_host}"
+  default_backend_config = {
+    description             = "Backend for Cloud Run service"
+    enable_cdn              = false
+    custom_request_headers  = ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"]
+    custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"]
+    log_config = {
+      enable = false
+    }
+    iap_config = {
+      enable = false
+    }
+  }
 }
 
 # Resource configuration for deploying a Google Cloud Run service
@@ -197,27 +209,61 @@ module "lb-http" {
   https_redirect            = true # Enable HTTPS redirect
   random_certificate_suffix = true
 
-  backends = {
-    default = {
-      groups = [
-        {
-          group = google_compute_region_network_endpoint_group.cloudrun_neg[count.index].id
-        }
-      ]
+  url_map        = var.create_url_map == false? google_compute_url_map.custom_url_map_https[count.index].self_link : null
+  create_url_map = var.create_url_map
 
-      description             = "Backend for Cloud Run service"
-      enable_cdn              = false
-      custom_request_headers  = ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"]
-      custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"]
+  backends = merge(
+    {
+      "default" = merge(local.default_backend_config, {
+        groups = [
+          {
+            group = google_compute_region_network_endpoint_group.cloudrun_neg[0].id
+          }
+        ]
+        security_policy = var.cloud_armor.enabled ? google_compute_security_policy.cloud_armor_policy[0].self_link : null
+      })
+    },
+    { for key, value in var.additional_backend_services :
+      key => merge(local.default_backend_config, {
+        groups = [
+          {
+            group = value.group
+          }
+        ]
+        security_policy = value.cloud_armor ? google_compute_security_policy.cloud_armor_policy[0].self_link : null
+      })
+    }
+  )
+}
 
-      # Clour Armor security
-      security_policy = var.cloud_armor.enabled ? google_compute_security_policy.cloud_armor_policy[0].self_link : null
+# Custom URL maps for https load balancer
+resource "google_compute_url_map" "custom_url_map_https" {
+  count           = var.create_url_map == false ? 1 : 0
+  name            = "${var.name}-https-urlmap"
+  description     = "Custom URL map for Cloud Run service"
+  default_service = module.lb-http[0].backend_services["default"].self_link
 
-      log_config = {
-        enable = false
-      }
-      iap_config = {
-        enable = false
+  host_rule {
+    hosts        = [local.domain]
+    path_matcher = "allpaths"
+  }
+  path_matcher {
+    name            = "allpaths"
+    default_service = module.lb-http[0].backend_services["default"].self_link
+    dynamic "path_rule" {
+      for_each = var.path_rules
+      content {
+        paths   = length(path_rule.value.paths)  > 0 ? path_rule.value.paths : ["/*"]
+        service = path_rule.value.service_name != null ? module.lb-http[0].backend_services["${path_rule.value.service_name}"].self_link : module.lb-http[0].backend_services["default"].self_link
+        dynamic "route_action" {
+          for_each = path_rule.value.route_action != null ? [1] : []
+          content {
+            url_rewrite {
+              path_prefix_rewrite = path_rule.value.route_action.url_rewrite.path_prefix_rewrite != null ? path_rule.value.route_action.url_rewrite.path_prefix_rewrite : null
+            }
+          }
+
+        }
       }
     }
   }

diff --git a/gcp/cloud-run-v2/variables.tf b/gcp/cloud-run-v2/variables.tf
@@ -296,6 +296,36 @@ variable "enable_custom_domain" {
   default     = true
 }
 
+variable "create_url_map" {
+  description = "Create a URL map for the load balancer. If false, the URL map must be created manually"
+  type        = bool
+  default     = true
+}
+
+
+variable "additional_backend_services" {
+  description = "Additional backend services to be used in the load balancer"
+  type = map(object({
+    group       = string
+    cloud_armor = bool
+  }))
+  default = {}
+}
+
+variable "path_rules" {
+  description = "Custon path rules for the load balancer"
+type = list(object({
+    paths   = list(string)
+    service_name = string
+    route_action = optional(object({
+        url_rewrite = optional(object({
+            path_prefix_rewrite = string
+        }))
+    }))
+}))
+  default = null
+}
+
 variable "startup_cpu_boost" {
   description = "CPU boost for the Cloud Run container"
   type        = bool

diff --git a/test/gcp/.terraform.tfstate.lock.info b/test/gcp/.terraform.tfstate.lock.info