Skip to content

Commit

Permalink
feat: Add support for allowed list of domains for https redirect
Browse files Browse the repository at this point in the history
  • Loading branch information
Srinivas Arnepalli committed Dec 13, 2024
1 parent 279c8e8 commit dbb551e
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 5 deletions.
1 change: 1 addition & 0 deletions .terraform-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.3.0
27 changes: 23 additions & 4 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -174,10 +174,29 @@ resource "google_compute_url_map" "https_redirect" {
project = var.project
count = var.https_redirect ? 1 : 0
name = "${var.name}-https-redirect"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
strip_query = false

host_rule {
hosts = length(var.https_redirect_domains) > 0 ? var.https_redirect_domains : ["*"]
path_matcher = "https-redirect-matcher"
}
path_matcher {
name = "https-redirect-matcher"
default_url_redirect {
https_redirect = true
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
strip_query = false
}
}
default_route_action {
weighted_backend_services {
backend_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
}
fault_injection_policy {
abort {
http_status = 404
percentage = 100
}
}
}
}

Expand Down
9 changes: 9 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,15 @@ variable "https_redirect" {
default = false
}

variable "https_redirect_domains" {
type = list(string)
default = []
validation {
condition = var.https_redirect_domains == [] || !(length(var.https_redirect_domains) == 1 && var.https_redirect_domains[0] == "")
error_message = "The variable \"https_redirect_domains\" must not contain an empty string. Use an empty list ([]) if no domains are provided."
}
}

variable "random_certificate_suffix" {
description = "Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert."
type = bool
Expand Down
2 changes: 1 addition & 1 deletion versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
*/

terraform {
required_version = ">= 1.3"
required_version = ">= 1.2.9"
required_providers {

google = {
Expand Down

0 comments on commit dbb551e

Please sign in to comment.