feat: Add support for setting http_keep_alive_timeout_sec (#425)

README.md

@@ -106,6 +106,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |

autogen/main.tf.tmpl

@@ -119,11 +119,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy       = var.ssl_policy
-  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {

autogen/variables.tf.tmpl

@@ -337,3 +337,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}

examples/dynamic-backend/main.tf

@@ -34,11 +34,12 @@ module "load_balancer" {
   source  = "terraform-google-modules/lb-http/google//modules/dynamic_backends"
   version = "~> 10.0"
 
-  name                = "dynamic-backend-lb"
-  project             = var.project
-  enable_ipv6         = true
-  create_ipv6_address = true
-  http_forward        = false
+  name                        = "dynamic-backend-lb"
+  project                     = var.project
+  enable_ipv6                 = true
+  create_ipv6_address         = true
+  http_forward                = false
+  http_keep_alive_timeout_sec = 610
 
   load_balancing_scheme = "EXTERNAL_MANAGED"
 

main.tf

@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {

modules/dynamic_backends/README.md

@@ -99,6 +99,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |

modules/dynamic_backends/main.tf

@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {

modules/dynamic_backends/variables.tf

@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}

modules/serverless_negs/README.md

@@ -82,6 +82,7 @@ module "lb-http" {
 | edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
 | enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |

modules/serverless_negs/main.tf

@@ -116,11 +116,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {

modules/serverless_negs/variables.tf

@@ -273,3 +273,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}

variables.tf

@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}