From 235661f591138c298f49108fce5c62f50c5e9ee0 Mon Sep 17 00:00:00 2001
From: Reinier van der Hoeven
 <50574865+reiniervanderhoeven@users.noreply.github.com>
Date: Fri, 15 Mar 2024 14:38:02 +0100
Subject: [PATCH 1/3] Feat: added edge_security_policy to nb-psc-l7xlb

---
 modules/nb-psc-l7xlb/README.md    | 1 +
 modules/nb-psc-l7xlb/main.tf      | 1 +
 modules/nb-psc-l7xlb/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/modules/nb-psc-l7xlb/README.md b/modules/nb-psc-l7xlb/README.md
index 96aaf60..ad5201c 100644
--- a/modules/nb-psc-l7xlb/README.md
+++ b/modules/nb-psc-l7xlb/README.md
@@ -28,6 +28,7 @@ No modules.
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes |
 | <a name="input_psc_negs"></a> [psc\_negs](#input\_psc\_negs) | List of PSC NEGs to be used as backends. | `list(string)` | n/a | yes |
 | <a name="input_security_policy"></a> [security\_policy](#input\_security\_policy) | (Optional) The security policy associated with this backend service. | `string` | `null` | no |
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_ssl_certificate"></a> [ssl\_certificate](#input\_ssl\_certificate) | A list of SSL certificates for the HTTPS LB. | `list(string)` | n/a | yes |
 
 ## Outputs
diff --git a/modules/nb-psc-l7xlb/main.tf b/modules/nb-psc-l7xlb/main.tf
index e8225f0..d49bfe0 100644
--- a/modules/nb-psc-l7xlb/main.tf
+++ b/modules/nb-psc-l7xlb/main.tf
@@ -21,6 +21,7 @@ resource "google_compute_backend_service" "psc_backend" {
   protocol              = "HTTPS"
   load_balancing_scheme = "EXTERNAL_MANAGED"
   security_policy       = var.security_policy
+  edge_security_policy  = var.edge_security_policy
   dynamic "backend" {
     for_each = var.psc_negs
     content {
diff --git a/modules/nb-psc-l7xlb/variables.tf b/modules/nb-psc-l7xlb/variables.tf
index 782d656..47d65f0 100644
--- a/modules/nb-psc-l7xlb/variables.tf
+++ b/modules/nb-psc-l7xlb/variables.tf
@@ -41,6 +41,12 @@ variable "security_policy" {
   default     = null
 }
 
+variable "edge_security_policy" {
+  description = "(Optional) The edge security policy associated with this backend service."
+  type        = string
+  default     = null
+}
+
 variable "psc_negs" {
   description = "List of PSC NEGs to be used as backends."
   type        = list(string)

From 4a0d2dd85788da1755ab09296d64f74615a71012 Mon Sep 17 00:00:00 2001
From: philips-reiniervanderhoeven <partner.Reinier.vander.Hoeven@philips.com>
Date: Fri, 15 Mar 2024 15:08:23 +0100
Subject: [PATCH 2/3] Update README.md with changes to input variables

---
 modules/nb-psc-l7xlb/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nb-psc-l7xlb/README.md b/modules/nb-psc-l7xlb/README.md
index ad5201c..645494d 100644
--- a/modules/nb-psc-l7xlb/README.md
+++ b/modules/nb-psc-l7xlb/README.md
@@ -22,13 +22,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | External IP for the L7 XLB. | `string` | `null` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.<br>Default is an empty map. | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | External LB name. | `string` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | Project id. | `string` | n/a | yes |
 | <a name="input_psc_negs"></a> [psc\_negs](#input\_psc\_negs) | List of PSC NEGs to be used as backends. | `list(string)` | n/a | yes |
 | <a name="input_security_policy"></a> [security\_policy](#input\_security\_policy) | (Optional) The security policy associated with this backend service. | `string` | `null` | no |
-| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_ssl_certificate"></a> [ssl\_certificate](#input\_ssl\_certificate) | A list of SSL certificates for the HTTPS LB. | `list(string)` | n/a | yes |
 
 ## Outputs

From 486325e5e61b36398a4e31db8992f2d9dd585db7 Mon Sep 17 00:00:00 2001
From: philips-reiniervanderhoeven <partner.Reinier.vander.Hoeven@philips.com>
Date: Fri, 15 Mar 2024 15:11:01 +0100
Subject: [PATCH 3/3] Add edge_security_policy variable to the mig-l7xlb module

---
 modules/mig-l7xlb/README.md    |  1 +
 modules/mig-l7xlb/main.tf      | 15 ++++++++-------
 modules/mig-l7xlb/variables.tf |  6 ++++++
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/modules/mig-l7xlb/README.md b/modules/mig-l7xlb/README.md
index 10e1d40..b42eed0 100644
--- a/modules/mig-l7xlb/README.md
+++ b/modules/mig-l7xlb/README.md
@@ -27,6 +27,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_backend_migs"></a> [backend\_migs](#input\_backend\_migs) | List of MIGs to be used as backends. | `list(string)` | n/a | yes |
 | <a name="input_backend_timeout"></a> [backend\_timeout](#input\_backend\_timeout) | Backend timeout in seconds | `number` | `10` | no |
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | (Optional) External IP for the L7 XLB. | `string` | `null` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.<br>Default is an empty map. | `map(string)` | `{}` | no |
 | <a name="input_logs_enabled"></a> [logs\_enabled](#input\_logs\_enabled) | Whether to enable logging for the load balancer traffic served by this backend service. | `bool` | `false` | no |
diff --git a/modules/mig-l7xlb/main.tf b/modules/mig-l7xlb/main.tf
index 7006d84..83519bc 100644
--- a/modules/mig-l7xlb/main.tf
+++ b/modules/mig-l7xlb/main.tf
@@ -24,13 +24,14 @@ resource "google_compute_health_check" "mig_lb_hc" {
 }
 
 resource "google_compute_backend_service" "mig_backend" {
-  project         = var.project_id
-  name            = "${var.name}-backend"
-  port_name       = "https"
-  protocol        = "HTTPS"
-  timeout_sec     = var.backend_timeout
-  health_checks   = [google_compute_health_check.mig_lb_hc.id]
-  security_policy = var.security_policy
+  project               = var.project_id
+  name                  = "${var.name}-backend"
+  port_name             = "https"
+  protocol              = "HTTPS"
+  timeout_sec           = var.backend_timeout
+  health_checks         = [google_compute_health_check.mig_lb_hc.id]
+  security_policy       = var.security_policy
+  edge_security_policy  = var.edge_security_policy
   dynamic "backend" {
     for_each = var.backend_migs
     content {
diff --git a/modules/mig-l7xlb/variables.tf b/modules/mig-l7xlb/variables.tf
index 2e35654..3763892 100644
--- a/modules/mig-l7xlb/variables.tf
+++ b/modules/mig-l7xlb/variables.tf
@@ -46,6 +46,12 @@ variable "security_policy" {
   default     = null
 }
 
+variable "edge_security_policy" {
+  description = "(Optional) The edge security policy associated with this backend service."
+  type        = string
+  default     = null
+}
+
 variable "logs_enabled" {
   type        = bool
   default     = false