feat!: Make ILB adc compliant. Change input variable project to project_id (#167)

vandnagarggoogle · web-flow · commit 0fc38c9b110b · 2026-02-04T12:07:09.000+05:30
diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 
@@ -65,6 +65,7 @@ docker_test_integration:
 .PHONY: docker_test_lint
 docker_test_lint:
 	docker run --rm -it \
+		-e ENABLE_BPMETADATA=1 \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
@@ -73,6 +74,7 @@ docker_test_lint:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
+		-e ENABLE_BPMETADATA=1 \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ The following guides are available to assist with upgrades:
 
 - [1.X -> 2.0](./docs/upgrading_to_lb_internal_v2.0.md)
 - [5.x -> 6.x](./docs/upgrading_to_lb_internal_v6.md)
+- [7.x -> 8.x](./docs/upgrading_to_lb_internal_v8.md)
 
 ## Usage
 
@@ -63,32 +64,32 @@ module "gce-ilb" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| all\_ports | Boolean for all\_ports setting on forwarding rule. The `ports` or `all_ports` are mutually exclusive. | `bool` | `null` | no |
-| backends | List of backends, should be a map of key-value pairs for each backend, must have the 'group' key. | `list(any)` | n/a | yes |
+| all\_ports | Boolean for all\_ports setting on forwarding rule. The `ports` or `all_ports` are mutually exclusive. | `bool` | `false` | no |
+| backends | List of backends, should be a map of key-value pairs for each backend, must have the 'group' key. | <pre>list(object({<br>    group       = string<br>    description = optional(string)<br>    failover    = optional(bool)<br>  }))</pre> | n/a | yes |
 | connection\_draining\_timeout\_sec | Time for which instance will be drained | `number` | `null` | no |
 | create\_backend\_firewall | Controls if firewall rules for the backends will be created or not. Health-check firewall rules are controlled separately. | `bool` | `true` | no |
 | create\_health\_check\_firewall | Controls if firewall rules for the health check will be created or not. If this rule is not present backend healthcheck will fail. | `bool` | `true` | no |
 | firewall\_enable\_logging | Controls if firewall rules that are created are to have logging configured. This will be ignored for firewall rules that are not created. | `bool` | `false` | no |
 | global\_access | Allow all regions on the same VPC network access. | `bool` | `false` | no |
-| health\_check | Health check to determine whether instances are responsive and able to do work | <pre>object({<br>    type                = string<br>    check_interval_sec  = optional(number)<br>    healthy_threshold   = optional(number)<br>    timeout_sec         = optional(number)<br>    unhealthy_threshold = optional(number)<br>    response            = optional(string)<br>    proxy_header        = optional(string)<br>    port                = optional(number)<br>    port_name           = optional(string)<br>    request             = optional(string)<br>    request_path        = optional(string)<br>    host                = optional(string)<br>    enable_log          = optional(bool)<br>  })</pre> | n/a | yes |
+| health\_check | Health check to determine whether instances are responsive and able to do work | <pre>object({<br>    type                = string<br>    check_interval_sec  = optional(number)<br>    healthy_threshold   = optional(number)<br>    timeout_sec         = optional(number)<br>    unhealthy_threshold = optional(number)<br>    response            = optional(string)<br>    proxy_header        = optional(string)<br>    port                = optional(number, 80)<br>    port_name           = optional(string)<br>    request             = optional(string)<br>    request_path        = optional(string)<br>    host                = optional(string)<br>    enable_log          = optional(bool, false)<br>  })</pre> | n/a | yes |
 | ip\_address | IP address of the internal load balancer, if empty one will be assigned. Default is empty. | `string` | `null` | no |
 | ip\_protocol | The IP protocol for the backend and frontend forwarding rule. TCP or UDP. | `string` | `"TCP"` | no |
 | is\_mirroring\_collector | Indicates whether or not this load balancer can be used as a collector for packet mirroring. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL. | `bool` | `false` | no |
 | labels | The labels to attach to resources created by this module. | `map(string)` | `{}` | no |
 | name | Name for the forwarding rule and prefix for supporting resources. | `string` | n/a | yes |
 | network | Name of the network to create resources in. | `string` | `"default"` | no |
-| network\_project | Name of the project for the network. Useful for shared VPC. Default is var.project. | `string` | `""` | no |
-| ports | List of ports to forward to backend services. Max is 5. The `ports` or `all_ports` are mutually exclusive. | `list(string)` | `null` | no |
-| project | The project to deploy to, if not set the default provider project is used. | `string` | `""` | no |
-| region | Region for cloud resources. | `string` | `"us-central1"` | no |
+| network\_project | Name of the project for the network. Useful for shared VPC. Default is var.project\_id. | `string` | `""` | no |
+| ports | List of ports to forward to backend services. Max is 5. The `ports` or `all_ports` are mutually exclusive. | `list(string)` | <pre>[<br>  "80"<br>]</pre> | no |
+| project\_id | The project\_id to deploy to. | `string` | n/a | yes |
+| region | Region for cloud resources. | `string` | n/a | yes |
 | service\_label | Service label is used to create internal DNS name | `string` | `null` | no |
 | session\_affinity | The session affinity for the backends example: NONE, CLIENT\_IP. Default is `NONE`. | `string` | `"NONE"` | no |
 | source\_ip\_ranges | List of source ip ranges for traffic between the internal load balancer. | `list(string)` | `null` | no |
 | source\_service\_accounts | List of source service accounts for traffic between the internal load balancer. | `list(string)` | `null` | no |
-| source\_tags | List of source tags for traffic between the internal load balancer. | `list(string)` | n/a | yes |
+| source\_tags | List of source tags for traffic between the internal load balancer. | `list(string)` | `[]` | no |
 | subnetwork | Name of the subnetwork to create resources in. | `string` | `"default"` | no |
 | target\_service\_accounts | List of target service accounts for traffic between the internal load balancer. | `list(string)` | `null` | no |
-| target\_tags | List of target tags for traffic between the internal load balancer. | `list(string)` | n/a | yes |
+| target\_tags | List of target tags for traffic between the internal load balancer. | `list(string)` | `[]` | no |
 
 ## Outputs
 
diff --git a/docs/upgrading_to_lb_internal_v8.0.md b/docs/upgrading_to_lb_internal_v8.0.md
@@ -0,0 +1,25 @@
+# Upgrading to v8.0
+
+This version introduces breaking changes to align the module with Google's **Application Design Center (ADC)** compliance standards.
+
+## Breaking Changes
+
+### Variable Rename: `project` to `project_id`
+
+To maintain consistency across all Google Cloud blueprints and modules, the `project` input variable has been renamed to `project_id`. This change is required for ADC compliance.
+
+#### Before
+```hcl
+module "gce-ilb" {
+  source  = "terraform-google-modules/lb-internal/google"
+  version = "~> 7.0"
+  project = "my-project-id"
+  # ...
+}
+After
+module "gce-ilb" {
+  source     = "terraform-google-modules/lb-internal/google"
+  version    = "~> 8.0"
+  project_id = "my-project-id"
+  # ...
+}
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
@@ -59,10 +59,9 @@ resource "google_compute_subnetwork" "test" {
 
 # [START cloudloadbalancing_int_tcp_udp_minimal]
 module "test_ilb" {
-  source  = "GoogleCloudPlatform/lb-internal/google"
-  version = "~> 7.0"
+  source = "../../"
 
-  project      = var.project_id
+  project_id   = var.project_id
   network      = google_compute_network.test.name
   subnetwork   = google_compute_subnetwork.test.name
   region       = var.region
diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -12,7 +12,7 @@ This example creates 3 instance groups. The first group is in us-central1-b and
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | network | Name of the network to create resources in. | `string` | n/a | yes |
-| project | The project id to deploy to | `string` | n/a | yes |
+| project\_id | The project id to deploy to | `string` | n/a | yes |
 | region | Region for cloud resources. | `string` | n/a | yes |
 | service\_account | Service account to attach to the instance. See https://www.terraform.io/docs/providers/google/r/compute_instance_template#service_account | <pre>object({<br>    email  = string<br>    scopes = set(string)<br>  })</pre> | n/a | yes |
 | subnetwork | Name of the subnetwork to create resources in. | `string` | n/a | yes |
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -19,7 +19,7 @@ module "gce-lb-fr" {
   version      = "~> 5.0"
   region       = var.region
   network      = var.network
-  project      = var.project
+  project      = var.project_id
   name         = "group1-lb"
   service_port = local.named_ports[0].port
   target_tags  = ["allow-group1"]
@@ -29,7 +29,7 @@ module "gce-ilb" {
   source  = "terraform-google-modules/lb-internal/google"
   version = "~> 5.0"
 
-  project      = var.project
+  project_id   = var.project_id
   region       = var.region
   name         = "group-ilb"
   ports        = [local.named_ports[0].port]
diff --git a/examples/simple/mig.tf b/examples/simple/mig.tf
@@ -17,7 +17,7 @@
 module "instance_template1" {
   source             = "terraform-google-modules/vm/google//modules/instance_template"
   version            = "~> 12.0"
-  project_id         = var.project
+  project_id         = var.project_id
   subnetwork         = var.subnetwork
   subnetwork_project = var.subnetwork_project
   service_account    = var.service_account
@@ -28,7 +28,7 @@ module "instance_template1" {
 module "instance_template2" {
   source             = "terraform-google-modules/vm/google//modules/instance_template"
   version            = "~> 12.0"
-  project_id         = var.project
+  project_id         = var.project_id
   subnetwork         = var.subnetwork
   subnetwork_project = var.subnetwork_project
   service_account    = var.service_account
@@ -39,7 +39,7 @@ module "instance_template2" {
 module "instance_template3" {
   source             = "terraform-google-modules/vm/google//modules/instance_template"
   version            = "~> 12.0"
-  project_id         = var.project
+  project_id         = var.project_id
   subnetwork         = var.subnetwork
   subnetwork_project = var.subnetwork_project
   service_account    = var.service_account
@@ -50,7 +50,7 @@ module "instance_template3" {
 module "mig1" {
   source            = "terraform-google-modules/vm/google//modules/mig"
   version           = "~> 12.0"
-  project_id        = var.project
+  project_id        = var.project_id
   region            = var.region
   target_pools      = [module.gce-lb-fr.target_pool]
   instance_template = module.instance_template1.self_link
@@ -61,7 +61,7 @@ module "mig1" {
 module "mig2" {
   source            = "terraform-google-modules/vm/google//modules/mig"
   version           = "~> 12.0"
-  project_id        = var.project
+  project_id        = var.project_id
   region            = var.region
   hostname          = "mig2"
   instance_template = module.instance_template2.self_link
@@ -71,7 +71,7 @@ module "mig2" {
 module "mig3" {
   source            = "terraform-google-modules/vm/google//modules/mig"
   version           = "~> 12.0"
-  project_id        = var.project
+  project_id        = var.project_id
   region            = var.region
   hostname          = "mig3"
   instance_template = module.instance_template3.self_link
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -42,7 +42,7 @@ variable "subnetwork_project" {
   type        = string
 }
 
-variable "project" {
+variable "project_id" {
   description = "The project id to deploy to"
   type        = string
 }
diff --git a/main.tf b/main.tf
@@ -18,17 +18,17 @@
 # Using a data source here to access both self_link and name by looking up the network name.
 data "google_compute_network" "network" {
   name    = var.network
-  project = var.network_project == "" ? var.project : var.network_project
+  project = var.network_project == "" ? var.project_id : var.network_project
 }
 
 data "google_compute_subnetwork" "network" {
   name    = var.subnetwork
-  project = var.network_project == "" ? var.project : var.network_project
+  project = var.network_project == "" ? var.project_id : var.network_project
   region  = var.region
 }
 
 resource "google_compute_forwarding_rule" "default" {
-  project                = var.project
+  project                = var.project_id
   name                   = var.name
   region                 = var.region
   network                = data.google_compute_network.network.self_link
@@ -46,7 +46,7 @@ resource "google_compute_forwarding_rule" "default" {
 }
 
 resource "google_compute_region_backend_service" "default" {
-  project = var.project
+  project = var.project_id
   name = {
     "tcp"   = "${var.name}-with-tcp-hc",
     "http"  = "${var.name}-with-http-hc",
@@ -74,7 +74,7 @@ resource "google_compute_region_backend_service" "default" {
 resource "google_compute_health_check" "tcp" {
   provider = google-beta
   count    = var.health_check["type"] == "tcp" ? 1 : 0
-  project  = var.project
+  project  = var.project_id
   name     = "${var.name}-hc-tcp"
 
   timeout_sec         = var.health_check["timeout_sec"]
@@ -101,7 +101,7 @@ resource "google_compute_health_check" "tcp" {
 resource "google_compute_health_check" "http" {
   provider = google-beta
   count    = var.health_check["type"] == "http" ? 1 : 0
-  project  = var.project
+  project  = var.project_id
   name     = "${var.name}-hc-http"
 
   timeout_sec         = var.health_check["timeout_sec"]
@@ -129,7 +129,7 @@ resource "google_compute_health_check" "http" {
 resource "google_compute_health_check" "https" {
   provider = google-beta
   count    = var.health_check["type"] == "https" ? 1 : 0
-  project  = var.project
+  project  = var.project_id
   name     = "${var.name}-hc-https"
 
   timeout_sec         = var.health_check["timeout_sec"]
@@ -156,7 +156,7 @@ resource "google_compute_health_check" "https" {
 
 resource "google_compute_firewall" "default-ilb-fw" {
   count   = var.create_backend_firewall ? 1 : 0
-  project = var.network_project == "" ? var.project : var.network_project
+  project = var.network_project == "" ? var.project_id : var.network_project
   name    = "${var.name}-ilb-fw"
   network = data.google_compute_network.network.name
 
@@ -166,9 +166,9 @@ resource "google_compute_firewall" "default-ilb-fw" {
   }
 
   source_ranges           = var.source_ip_ranges
-  source_tags             = var.source_tags
+  source_tags             = length(var.source_tags) > 0 ? var.source_tags : null
   source_service_accounts = var.source_service_accounts
-  target_tags             = var.target_tags
+  target_tags             = length(var.target_tags) > 0 ? var.target_tags : null
   target_service_accounts = var.target_service_accounts
 
   dynamic "log_config" {
@@ -181,7 +181,7 @@ resource "google_compute_firewall" "default-ilb-fw" {
 
 resource "google_compute_firewall" "default-hc" {
   count   = var.create_health_check_firewall ? 1 : 0
-  project = var.network_project == "" ? var.project : var.network_project
+  project = var.network_project == "" ? var.project_id : var.network_project
   name    = "${var.name}-hc"
   network = data.google_compute_network.network.name
 
@@ -191,7 +191,7 @@ resource "google_compute_firewall" "default-hc" {
   }
 
   source_ranges           = ["130.211.0.0/22", "35.191.0.0/16"]
-  target_tags             = var.target_tags
+  target_tags             = length(var.target_tags) > 0 ? var.target_tags : null
   target_service_accounts = var.target_service_accounts
 
   dynamic "log_config" {
diff --git a/metadata.display.yaml b/metadata.display.yaml
diff --git a/metadata.yaml b/metadata.yaml
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ variable "subnetwork_project" {`
`42`	`42`	`type = string`
`43`	`43`	`}`
`44`	`44`
`45`		`-variable "project" {`
	`45`	`+variable "project_id" {`
`46`	`46`	`description = "The project id to deploy to"`
`47`	`47`	`type = string`
`48`	`48`	`}`