feat: Add support for allowed list of domains for https redirect

Author: Srinivas Arnepalli

.terraform-version

@@ -0,0 +1 @@
+1.3.0

main.tf

@@ -174,10 +174,29 @@ resource "google_compute_url_map" "https_redirect" {
   project = var.project
   count   = var.https_redirect ? 1 : 0
   name    = "${var.name}-https-redirect"
-  default_url_redirect {
-    https_redirect         = true
-    redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
-    strip_query            = false
+
+  host_rule {
+    hosts        = length(var.https_redirect_domains) > 0 ? var.https_redirect_domains : ["*"]
+    path_matcher = "https-redirect-matcher"
+  }
+  path_matcher {
+    name            = "https-redirect-matcher"
+    default_url_redirect {
+      https_redirect         = true
+      redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
+      strip_query            = false
+    }
+  }
+  default_route_action {
+    weighted_backend_services {
+      backend_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
+    }
+    fault_injection_policy {
+      abort {
+        http_status = 404
+        percentage  = 100
+      }
+    }
   }
 }
 

variables.tf

@@ -275,6 +275,15 @@ variable "https_redirect" {
   default     = false
 }
 
+variable "https_redirect_domains" {
+  type    = list(string)
+  default = []
+  validation {
+    condition     = var.https_redirect_domains == [] || !(length(var.https_redirect_domains) == 1 && var.https_redirect_domains[0] == "")
+    error_message = "The variable \"https_redirect_domains\" must not contain an empty string. Use an empty list ([]) if no domains are provided."
+  }
+}
+
 variable "random_certificate_suffix" {
   description = "Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert."
   type        = bool

versions.tf

@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.2.9"
   required_providers {
 
     google = {