From 94316e7d79dcdc2291eead3a2ec64b4dac6c458a Mon Sep 17 00:00:00 2001
From: Srinivas Arnepalli <sarnepalli@box.com>
Date: Thu, 14 Nov 2024 11:09:10 -0800
Subject: [PATCH] feat: Add support for allowed list of domains for https
 redirect

---
 .terraform-version |  1 +
 main.tf            | 27 +++++++++++++++++++++++----
 variables.tf       |  9 +++++++++
 versions.tf        |  2 +-
 4 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 .terraform-version

diff --git a/.terraform-version b/.terraform-version
new file mode 100644
index 00000000..f0bb29e7
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+1.3.0
diff --git a/main.tf b/main.tf
index 9721c9a3..95e90dde 100644
--- a/main.tf
+++ b/main.tf
@@ -174,10 +174,29 @@ resource "google_compute_url_map" "https_redirect" {
   project = var.project
   count   = var.https_redirect ? 1 : 0
   name    = "${var.name}-https-redirect"
-  default_url_redirect {
-    https_redirect         = true
-    redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
-    strip_query            = false
+
+  host_rule {
+    hosts        = length(var.https_redirect_domains) > 0 ? var.https_redirect_domains : ["*"]
+    path_matcher = "https-redirect-matcher"
+  }
+  path_matcher {
+    name            = "https-redirect-matcher"
+    default_url_redirect {
+      https_redirect         = true
+      redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
+      strip_query            = false
+    }
+  }
+  default_route_action {
+    weighted_backend_services {
+      backend_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
+    }
+    fault_injection_policy {
+      abort {
+        http_status = 404
+        percentage  = 100
+      }
+    }
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 83a86fdf..8c1c6e05 100644
--- a/variables.tf
+++ b/variables.tf
@@ -275,6 +275,15 @@ variable "https_redirect" {
   default     = false
 }
 
+variable "https_redirect_domains" {
+  type    = list(string)
+  default = []
+  validation {
+    condition     = alltrue([for domain in var.https_redirect_domains : domain != ""])
+    error_message = "The variable \"https_redirect_domains\" must not contain an empty string. Use an empty list ([]) if no domains are provided."
+  }
+}
+
 variable "random_certificate_suffix" {
   description = "Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert."
   type        = bool
diff --git a/versions.tf b/versions.tf
index 942eb4ce..bb7acb78 100644
--- a/versions.tf
+++ b/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.2.9"
   required_providers {
 
     google = {