Add edge_security_policy variable to the mig-l7xlb module

apigee · Mar 15, 2024 · 486325e · 486325e
1 parent 4a0d2dd
commit 486325e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/modules/mig-l7xlb/README.md b/modules/mig-l7xlb/README.md
@@ -27,6 +27,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_backend_migs"></a> [backend\_migs](#input\_backend\_migs) | List of MIGs to be used as backends. | `list(string)` | n/a | yes |
 | <a name="input_backend_timeout"></a> [backend\_timeout](#input\_backend\_timeout) | Backend timeout in seconds | `number` | `10` | no |
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | (Optional) External IP for the L7 XLB. | `string` | `null` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.<br>Default is an empty map. | `map(string)` | `{}` | no |
 | <a name="input_logs_enabled"></a> [logs\_enabled](#input\_logs\_enabled) | Whether to enable logging for the load balancer traffic served by this backend service. | `bool` | `false` | no |

diff --git a/modules/mig-l7xlb/main.tf b/modules/mig-l7xlb/main.tf
@@ -24,13 +24,14 @@ resource "google_compute_health_check" "mig_lb_hc" {
 }
 
 resource "google_compute_backend_service" "mig_backend" {
-  project         = var.project_id
-  name            = "${var.name}-backend"
-  port_name       = "https"
-  protocol        = "HTTPS"
-  timeout_sec     = var.backend_timeout
-  health_checks   = [google_compute_health_check.mig_lb_hc.id]
-  security_policy = var.security_policy
+  project               = var.project_id
+  name                  = "${var.name}-backend"
+  port_name             = "https"
+  protocol              = "HTTPS"
+  timeout_sec           = var.backend_timeout
+  health_checks         = [google_compute_health_check.mig_lb_hc.id]
+  security_policy       = var.security_policy
+  edge_security_policy  = var.edge_security_policy
   dynamic "backend" {
     for_each = var.backend_migs
     content {

diff --git a/modules/mig-l7xlb/variables.tf b/modules/mig-l7xlb/variables.tf
@@ -46,6 +46,12 @@ variable "security_policy" {
   default     = null
 }
 
+variable "edge_security_policy" {
+  description = "(Optional) The edge security policy associated with this backend service."
+  type        = string
+  default     = null
+}
+
 variable "logs_enabled" {
   type        = bool
   default     = false