Update terraform files and instructions (#1402)

* Update terraform files and instructions Update proxy terraform files based on current best practices and allow exclusion of forwarding rules for HTTP endpoints. Specifically: - Add a "public_web_whois" input to allow disabling the public HTTP whois forwarding. - Add "description" fields to all variables. - Move outputs of the top-level module into "outputs.tf". - Auto-reformat using hclfmt.
2025-07-22 02:36:03 +02:00 · 2021-10-29 09:10:23 -04:00 · 2021-10-29 09:10:23 -04:00 · 1b4b217588
commit 1b4b217588
parent f5d269c76d
7 changed files with 91 additions and 49 deletions
--- a/proxy/terraform/modules/variables.tf
+++ b/proxy/terraform/modules/variables.tf
@ -1,28 +1,37 @@
-# GCP project in which the proxy runs.
-variable "proxy_project_name" {}
+variable "proxy_project_name" {
+  description = "GCP project in which the proxy runs."
+}

-# GCP project from which the proxy image is pulled.
-variable "gcr_project_name" {}
+variable "gcr_project_name" {
+  description = "GCP project from which the proxy image is pulled."
+}

-# The base domain name of the proxy, without the whois. or epp. part.
-variable "proxy_domain_name" {}
+variable "proxy_domain_name" {
+  description = <<EOF
+    The base domain name of the proxy, without the whois. or epp. part.
+    EOF
+}

-# The GCS bucket that stores the encrypted SSL certificate.
-variable "proxy_certificate_bucket" {}
+variable "proxy_certificate_bucket" {
+  description = <<EOF
+    The GCS bucket that stores the encrypted SSL certificate.  The "gs://"
+    prefix should be omitted.
+    EOF
+}

-# Cloud KMS keyring name
 variable "proxy_key_ring" {
-  default = "proxy-key-ring"
+  default     = "proxy-key-ring"
+  description = "Cloud KMS keyring name"
 }

-# Cloud KMS key name
 variable "proxy_key" {
-  default = "proxy-key"
+  default     = "proxy-key"
+  description = "Cloud KMS key name"
 }

-# Node ports exposed by the proxy.
 variable "proxy_ports" {
-  type = map
+  type        = map
+  description = "Node ports exposed by the proxy."

  default = {
    health_check = 30000
@ -33,9 +42,9 @@ variable "proxy_ports" {
  }
 }

-# Node ports exposed by the canary proxy.
 variable "proxy_ports_canary" {
-  type = map
+  type        = map
+  description = "Node ports exposed by the canary proxy."

  default = {
    health_check = 31000
@ -45,3 +54,14 @@ variable "proxy_ports_canary" {
    https-whois  = 31011
  }
 }
+
+variable "public_web_whois" {
+  type        = number
+  default     = 1
+  description = <<EOF
+    Set to 1 if the whois HTTP ports are external, 0 if not.  This is necessary
+    because our test projects are configured with
+    constraints/compute.restrictLoadBalancerCreationForTypes, which prohibits
+    forwarding external HTTP(s) connections.
+    EOF
+}