Support custom gcp ssl policies in frontend load balancer

privacysandbox · Nov 20, 2024 · 2d1863a · 2d1863a
1 parent 26d7a1d
commit 2d1863a
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/production/deploy/gcp/terraform/environment/demo/buyer/buyer.tf b/production/deploy/gcp/terraform/environment/demo/buyer/buyer.tf
@@ -49,6 +49,7 @@ locals {
   # If you specify a certificate_map_id, you do not need to specify an ssl_certificate_id.
   frontend_domain_ssl_certificate_id = "" # Example: "projects/${local.gcp_project_id}/global/sslCertificates/bfe-${local.environment}"
   frontend_certificate_map_id        = "" # Example: "//certificatemanager.googleapis.com/projects/test/locations/global/certificateMaps/wildcard-cert-map"
+  frontend_ssl_policy_id             = "" # Example: "projects/${local.gcp_project_id}/global/sslPolicies/bfe-ssl-policy
   buyer_domain_name                  = "" # Example: bfe-gcp.com
   frontend_dns_zone                  = "" # Example: "bfe-gcp-com"
 
@@ -246,6 +247,7 @@ module "buyer_frontend_load_balancing" {
 
   frontend_domain_ssl_certificate_id = local.frontend_domain_ssl_certificate_id
   frontend_certificate_map_id        = local.frontend_certificate_map_id
+  frontend_ssl_policy_id             = local.frontend_ssl_policy_id
   frontend_service_name              = "bfe"
   google_compute_backend_service_ids = {
     for buyer_key, buyer in module.buyer :

diff --git a/production/deploy/gcp/terraform/environment/demo/seller/seller.tf b/production/deploy/gcp/terraform/environment/demo/seller/seller.tf
@@ -49,6 +49,7 @@ locals {
   # If you specify a certificate_map_id, you do not need to specify an ssl_certificate_id.
   frontend_domain_ssl_certificate_id = "" # Example: "projects/${local.gcp_project_id}/global/sslCertificates/sfe-${local.environment}"
   frontend_certificate_map_id        = "" # Example: "//certificatemanager.googleapis.com/projects/test/locations/global/certificateMaps/wildcard-cert-map"
+  frontend_ssl_policy_id             = "" # Example: "projects/${local.gcp_project_id}/global/sslPolicies/sfe-ssl-policy
   seller_domain_name                 = "" # Example: sfe-gcp.com
   frontend_dns_zone                  = "" # Example: "sfe-gcp-com"
 
@@ -224,6 +225,7 @@ module "seller_frontend_load_balancing" {
 
   frontend_domain_ssl_certificate_id = local.frontend_domain_ssl_certificate_id
   frontend_certificate_map_id        = local.frontend_certificate_map_id
+  frontend_ssl_policy_id             = local.frontend_ssl_policy_id
   frontend_service_name              = "sfe"
   google_compute_backend_service_ids = {
     for seller_key, seller in module.seller :

diff --git a/production/deploy/gcp/terraform/services/frontend_load_balancing/main.tf b/production/deploy/gcp/terraform/services/frontend_load_balancing/main.tf
@@ -38,6 +38,7 @@ resource "google_compute_target_https_proxy" "default" {
   name             = "${var.operator}-${var.environment}-https-lb-proxy"
   url_map          = google_compute_url_map.default.id
   ssl_certificates = var.frontend_certificate_map_id == "" ? [var.frontend_domain_ssl_certificate_id] : null
+  ssl_policy       = var.frontend_ssl_policy_id == "" ? null : var.frontend_ssl_policy_id
   certificate_map  = var.frontend_certificate_map_id == "" ? null : var.frontend_certificate_map_id
 }
 

diff --git a/production/deploy/gcp/terraform/services/frontend_load_balancing/variables.tf b/production/deploy/gcp/terraform/services/frontend_load_balancing/variables.tf
@@ -50,6 +50,12 @@ variable "frontend_certificate_map_id" {
   default     = ""
 }
 
+variable "frontend_ssl_policy_id" {
+  description = "A GCP ssl policy id. Example: projects/test-projects/global/sslPolicies/test-ssl-policy."
+  type        = string
+  default     = ""
+}
+
 variable "frontend_service_name" {
   type = string
 }