From d34947139d20d36398b565195ee39a585eec4c58 Mon Sep 17 00:00:00 2001 From: Piotr Date: Mon, 6 Jul 2026 09:49:18 +0200 Subject: [PATCH] feat(net-lb-app-ext-regional): add strong session affinity cookie support Expose strong_session_affinity_cookie on regional external application load balancer backend services and validate it when session_affinity is STRONG_COOKIE_AFFINITY. --- .../backend-service.tf | 23 +++++++++++++++++++ .../variables-backend-service.tf | 23 +++++++++++++++++-- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/modules/net-lb-app-ext-regional/backend-service.tf b/modules/net-lb-app-ext-regional/backend-service.tf index 75dc946f6..1ea5efc98 100644 --- a/modules/net-lb-app-ext-regional/backend-service.tf +++ b/modules/net-lb-app-ext-regional/backend-service.tf @@ -193,6 +193,29 @@ resource "google_compute_region_backend_service" "default" { } } + dynamic "strong_session_affinity_cookie" { + for_each = ( + each.value.strong_session_affinity_cookie == null + ? [] + : [each.value.strong_session_affinity_cookie] + ) + content { + name = strong_session_affinity_cookie.value.name + path = strong_session_affinity_cookie.value.path + dynamic "ttl" { + for_each = ( + strong_session_affinity_cookie.value.ttl == null + ? [] + : [strong_session_affinity_cookie.value.ttl] + ) + content { + seconds = ttl.value.seconds + nanos = ttl.value.nanos + } + } + } + } + dynamic "iap" { for_each = each.value.iap_config == null ? [] : [each.value.iap_config] content { diff --git a/modules/net-lb-app-ext-regional/variables-backend-service.tf b/modules/net-lb-app-ext-regional/variables-backend-service.tf index c6b4d6586..b0f9ccb6e 100644 --- a/modules/net-lb-app-ext-regional/variables-backend-service.tf +++ b/modules/net-lb-app-ext-regional/variables-backend-service.tf @@ -29,7 +29,15 @@ variable "backend_service_configs" { protocol = optional(string) security_policy = optional(string) session_affinity = optional(string) - timeout_sec = optional(number) + strong_session_affinity_cookie = optional(object({ + name = optional(string) + path = optional(string, "/") + ttl = optional(object({ + seconds = number + nanos = optional(number) + })) + })) + timeout_sec = optional(number) backends = list(object({ # group renamed to backend backend = string @@ -125,13 +133,24 @@ variable "backend_service_configs" { for backend_service in values(var.backend_service_configs) : contains( [ "NONE", "CLIENT_IP", "CLIENT_IP_NO_DESTINATION", - "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO" + "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", + "GENERATED_COOKIE", "HTTP_COOKIE", "HEADER_FIELD", + "STRONG_COOKIE_AFFINITY" ], coalesce(backend_service.session_affinity, "NONE") ) ]) error_message = "Invalid session affinity value." } + validation { + condition = alltrue([ + for backend_service in values(var.backend_service_configs) : ( + coalesce(backend_service.session_affinity, "NONE") != "STRONG_COOKIE_AFFINITY" + || backend_service.strong_session_affinity_cookie != null + ) + ]) + error_message = "strong_session_affinity_cookie is required when session_affinity is STRONG_COOKIE_AFFINITY." + } validation { condition = alltrue(flatten([ for backend_service in values(var.backend_service_configs) : [