fix: updated iap_config behavior to match TPG 6.0 (#469)

terraform-google-modules · Nov 11, 2024 · 279c8e8 · 279c8e8
1 parent 6c45d7e
commit 279c8e8
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 29 deletions.
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
@@ -256,13 +256,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {

diff --git a/examples/user-managed-google-managed-ssl/main.tf b/examples/user-managed-google-managed-ssl/main.tf
@@ -65,7 +65,7 @@ locals {
 
 module "gce-lb-https" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 11.0"
+  version = "~> 12.0"
 
   name                            = var.network_name
   project                         = var.project_id

diff --git a/main.tf b/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {

diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {

diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
@@ -233,13 +233,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {

diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -26,6 +26,7 @@ module "project-ci-lb-http" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
@@ -50,6 +51,7 @@ module "project-ci-lb-http-1" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",