terraform-google-lb-http icon indicating copy to clipboard operation
terraform-google-lb-http copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Missing HTTPS protocol for backend service

Open gangsta opened this issue 3 years ago • 10 comments

Hi,

I was wondering if there is a specific reason to not include protocol param in the backend service.

I can see it's supported here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service#protocol

but currently missing from: https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/modules/serverless_negs/main.tf#L157

And I believe it's missing from: https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/modules/serverless_negs/main.tf#L174

The scenario is the following, create HTTPS only LB for CloudRun.

Greetings

gangsta avatar Aug 20 '21 09:08 gangsta

Currently we expose serverless NEGS as both HTTP and HTTPS. This is meant to provide an opinionated design choice and not introduce unnecessary complexity to the module interface.

If you want to only use HTTPS, I recommend simply redirecting to the HTTPS url.

morgante avatar Aug 20 '21 09:08 morgante

does it sound good to have added options with default values and if I want to go with HTTPS only, I just specify false to HTTP param ? and by default values for HTTPS and HTTP are set to true

Currently, I don't have the option to choose, while I don't want to support HTTP in NEG setup

gangsta avatar Aug 20 '21 13:08 gangsta

I would consider accepting a pull request making these optional.

morgante avatar Aug 20 '21 16:08 morgante

I just have a few questions before PR will be ready.

  • I see the main module has contribution documentation, and it should start from autogen . Does this apply to NEG module?
  • I'm checking architecture how it's built in https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/modules/serverless_negs/main.tf#L157 and seems it's expected from me to add one more of this block (157-197) but with count similar to something like
  count    = var.ssl && length(var.managed_ssl_certificate_domains) > 0 && ! var.use_ssl_certificates && var.https_only ? 1 : 0

Greetings

gangsta avatar Aug 23 '21 14:08 gangsta

I see the main module has contribution documentation, and it should start from autogen . Does this apply to NEG module?

Yes.

I'm checking architecture how it's built in https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/modules/serverless_negs/main.tf#L157

Yes, something along those lines. You will need to use count for toggling.

morgante avatar Aug 23 '21 20:08 morgante

@morgante tagging you here just to see if u got time to check my PR

gangsta avatar Aug 25 '21 09:08 gangsta

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Oct 24 '21 23:10 github-actions[bot]

@morgante @gangsta I'm in the same boat and would need to change my loadbalancer <-> cloud run connection to HTTPS. Is there something I can do to get this PR merged?

a-zen avatar Feb 08 '22 16:02 a-zen

We are also in the same boat. It would be perfect to able to set up an internet NEG using the serverless module, and this is the only thing missing for us. Would it be possible to get the last pieces fixed and get #205 and/or #259 merged?

linus avatar Oct 06 '22 14:10 linus

I'll recreate this weekend the original solution I proposed in firs commit, let's hope to get it reviewed.

gangsta avatar Oct 07 '22 18:10 gangsta