From 8554cd0f0b56b1ee2976f82770d15eefef09c2f5 Mon Sep 17 00:00:00 2001
From: Bryan Kelly <bobbake4@gmail.com>
Date: Mon, 6 Nov 2023 13:22:38 -0500
Subject: [PATCH] feat: Added support for google_compute_backend_service
 outlier_detection (#365)

---
 README.md                             |  2 +-
 autogen/main.tf.tmpl                  | 31 +++++++++++++++++++++++++++
 autogen/variables.tf.tmpl             | 19 ++++++++++++++++
 main.tf                               | 31 +++++++++++++++++++++++++++
 modules/dynamic_backends/README.md    |  2 +-
 modules/dynamic_backends/main.tf      | 31 +++++++++++++++++++++++++++
 modules/dynamic_backends/variables.tf | 19 ++++++++++++++++
 modules/serverless_negs/README.md     |  2 +-
 modules/serverless_negs/main.tf       | 31 +++++++++++++++++++++++++++
 modules/serverless_negs/variables.tf  | 19 ++++++++++++++++
 variables.tf                          | 19 ++++++++++++++++
 11 files changed, 203 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index cc57a61c..677bc296 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ module "gce-lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
index 8ff27fee..6ec826df 100644
--- a/autogen/main.tf.tmpl
+++ b/autogen/main.tf.tmpl
@@ -286,6 +286,37 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
+  dynamic "outlier_detection" {
+    for_each = each.value.outlier_detection != null && ( var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "EXTERNAL_MANAGED" ) ? [1] : []
+    content {
+      consecutive_errors                    = each.value.outlier_detection.consecutive_errors
+      consecutive_gateway_failure           = each.value.outlier_detection.consecutive_gateway_failure
+      enforcing_consecutive_errors          = each.value.outlier_detection.enforcing_consecutive_errors
+      enforcing_consecutive_gateway_failure = each.value.outlier_detection.enforcing_consecutive_gateway_failure
+      enforcing_success_rate                = each.value.outlier_detection.enforcing_success_rate
+      max_ejection_percent                  = each.value.outlier_detection.max_ejection_percent
+      success_rate_minimum_hosts            = each.value.outlier_detection.success_rate_minimum_hosts
+      success_rate_request_volume           = each.value.outlier_detection.success_rate_request_volume
+      success_rate_stdev_factor             = each.value.outlier_detection.success_rate_stdev_factor
+
+      dynamic "base_ejection_time" {
+        for_each = each.value.outlier_detection.base_ejection_time != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.base_ejection_time.seconds
+          nanos   = each.value.outlier_detection.base_ejection_time.nanos
+        }
+      }
+
+      dynamic "interval" {
+        for_each = each.value.outlier_detection.cache_key_policy != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.cache_key_policy.seconds
+          nanos   = each.value.outlier_detection.cache_key_policy.nanos
+        }
+      }
+    }
+  }
+
   {% if not serverless %}
   depends_on = [
     google_compute_health_check.default
diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
index 35c57b02..c56ba9d9 100644
--- a/autogen/variables.tf.tmpl
+++ b/autogen/variables.tf.tmpl
@@ -174,6 +174,25 @@ variable "backends" {
         include_named_cookies  = optional(list(string))
       }))
     }))
+    outlier_detection = optional(object({
+      base_ejection_time = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      consecutive_errors                    = optional(number)
+      consecutive_gateway_failure           = optional(number)
+      enforcing_consecutive_errors          = optional(number)
+      enforcing_consecutive_gateway_failure = optional(number)
+      enforcing_success_rate                = optional(number)
+      interval = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      max_ejection_percent        = optional(number)
+      success_rate_minimum_hosts  = optional(number)
+      success_rate_request_volume = optional(number)
+      success_rate_stdev_factor   = optional(number)
+    }))
   }))
 }
 
diff --git a/main.tf b/main.tf
index 199ed859..48fe72ac 100644
--- a/main.tf
+++ b/main.tf
@@ -277,6 +277,37 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
+  dynamic "outlier_detection" {
+    for_each = each.value.outlier_detection != null && (var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "EXTERNAL_MANAGED") ? [1] : []
+    content {
+      consecutive_errors                    = each.value.outlier_detection.consecutive_errors
+      consecutive_gateway_failure           = each.value.outlier_detection.consecutive_gateway_failure
+      enforcing_consecutive_errors          = each.value.outlier_detection.enforcing_consecutive_errors
+      enforcing_consecutive_gateway_failure = each.value.outlier_detection.enforcing_consecutive_gateway_failure
+      enforcing_success_rate                = each.value.outlier_detection.enforcing_success_rate
+      max_ejection_percent                  = each.value.outlier_detection.max_ejection_percent
+      success_rate_minimum_hosts            = each.value.outlier_detection.success_rate_minimum_hosts
+      success_rate_request_volume           = each.value.outlier_detection.success_rate_request_volume
+      success_rate_stdev_factor             = each.value.outlier_detection.success_rate_stdev_factor
+
+      dynamic "base_ejection_time" {
+        for_each = each.value.outlier_detection.base_ejection_time != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.base_ejection_time.seconds
+          nanos   = each.value.outlier_detection.base_ejection_time.nanos
+        }
+      }
+
+      dynamic "interval" {
+        for_each = each.value.outlier_detection.cache_key_policy != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.cache_key_policy.seconds
+          nanos   = each.value.outlier_detection.cache_key_policy.nanos
+        }
+      }
+    }
+  }
+
   depends_on = [
     google_compute_health_check.default
   ]
diff --git a/modules/dynamic_backends/README.md b/modules/dynamic_backends/README.md
index e7e84fae..658b767b 100644
--- a/modules/dynamic_backends/README.md
+++ b/modules/dynamic_backends/README.md
@@ -113,7 +113,7 @@ module "gce-lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      protocol            = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
index 776137a1..d6ff812f 100644
--- a/modules/dynamic_backends/main.tf
+++ b/modules/dynamic_backends/main.tf
@@ -277,6 +277,37 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
+  dynamic "outlier_detection" {
+    for_each = each.value.outlier_detection != null && (var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "EXTERNAL_MANAGED") ? [1] : []
+    content {
+      consecutive_errors                    = each.value.outlier_detection.consecutive_errors
+      consecutive_gateway_failure           = each.value.outlier_detection.consecutive_gateway_failure
+      enforcing_consecutive_errors          = each.value.outlier_detection.enforcing_consecutive_errors
+      enforcing_consecutive_gateway_failure = each.value.outlier_detection.enforcing_consecutive_gateway_failure
+      enforcing_success_rate                = each.value.outlier_detection.enforcing_success_rate
+      max_ejection_percent                  = each.value.outlier_detection.max_ejection_percent
+      success_rate_minimum_hosts            = each.value.outlier_detection.success_rate_minimum_hosts
+      success_rate_request_volume           = each.value.outlier_detection.success_rate_request_volume
+      success_rate_stdev_factor             = each.value.outlier_detection.success_rate_stdev_factor
+
+      dynamic "base_ejection_time" {
+        for_each = each.value.outlier_detection.base_ejection_time != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.base_ejection_time.seconds
+          nanos   = each.value.outlier_detection.base_ejection_time.nanos
+        }
+      }
+
+      dynamic "interval" {
+        for_each = each.value.outlier_detection.cache_key_policy != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.cache_key_policy.seconds
+          nanos   = each.value.outlier_detection.cache_key_policy.nanos
+        }
+      }
+    }
+  }
+
   depends_on = [
     google_compute_health_check.default
   ]
diff --git a/modules/dynamic_backends/variables.tf b/modules/dynamic_backends/variables.tf
index 771ecedd..5f27bff0 100644
--- a/modules/dynamic_backends/variables.tf
+++ b/modules/dynamic_backends/variables.tf
@@ -161,6 +161,25 @@ variable "backends" {
         include_named_cookies  = optional(list(string))
       }))
     }))
+    outlier_detection = optional(object({
+      base_ejection_time = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      consecutive_errors                    = optional(number)
+      consecutive_gateway_failure           = optional(number)
+      enforcing_consecutive_errors          = optional(number)
+      enforcing_consecutive_gateway_failure = optional(number)
+      enforcing_success_rate                = optional(number)
+      interval = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      max_ejection_percent        = optional(number)
+      success_rate_minimum_hosts  = optional(number)
+      success_rate_request_volume = optional(number)
+      success_rate_stdev_factor   = optional(number)
+    }))
   }))
 }
 
diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
index 9d568175..9e1588b7 100644
--- a/modules/serverless_negs/README.md
+++ b/modules/serverless_negs/README.md
@@ -79,7 +79,7 @@ module "lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
index 8215ee1b..90ed40cc 100644
--- a/modules/serverless_negs/main.tf
+++ b/modules/serverless_negs/main.tf
@@ -265,6 +265,37 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
+  dynamic "outlier_detection" {
+    for_each = each.value.outlier_detection != null && (var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "EXTERNAL_MANAGED") ? [1] : []
+    content {
+      consecutive_errors                    = each.value.outlier_detection.consecutive_errors
+      consecutive_gateway_failure           = each.value.outlier_detection.consecutive_gateway_failure
+      enforcing_consecutive_errors          = each.value.outlier_detection.enforcing_consecutive_errors
+      enforcing_consecutive_gateway_failure = each.value.outlier_detection.enforcing_consecutive_gateway_failure
+      enforcing_success_rate                = each.value.outlier_detection.enforcing_success_rate
+      max_ejection_percent                  = each.value.outlier_detection.max_ejection_percent
+      success_rate_minimum_hosts            = each.value.outlier_detection.success_rate_minimum_hosts
+      success_rate_request_volume           = each.value.outlier_detection.success_rate_request_volume
+      success_rate_stdev_factor             = each.value.outlier_detection.success_rate_stdev_factor
+
+      dynamic "base_ejection_time" {
+        for_each = each.value.outlier_detection.base_ejection_time != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.base_ejection_time.seconds
+          nanos   = each.value.outlier_detection.base_ejection_time.nanos
+        }
+      }
+
+      dynamic "interval" {
+        for_each = each.value.outlier_detection.cache_key_policy != null ? [1] : []
+        content {
+          seconds = each.value.outlier_detection.cache_key_policy.seconds
+          nanos   = each.value.outlier_detection.cache_key_policy.nanos
+        }
+      }
+    }
+  }
+
 
 }
 
diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
index 3cbde3e5..1629d1a2 100644
--- a/modules/serverless_negs/variables.tf
+++ b/modules/serverless_negs/variables.tf
@@ -110,6 +110,25 @@ variable "backends" {
         include_named_cookies  = optional(list(string))
       }))
     }))
+    outlier_detection = optional(object({
+      base_ejection_time = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      consecutive_errors                    = optional(number)
+      consecutive_gateway_failure           = optional(number)
+      enforcing_consecutive_errors          = optional(number)
+      enforcing_consecutive_gateway_failure = optional(number)
+      enforcing_success_rate                = optional(number)
+      interval = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      max_ejection_percent        = optional(number)
+      success_rate_minimum_hosts  = optional(number)
+      success_rate_request_volume = optional(number)
+      success_rate_stdev_factor   = optional(number)
+    }))
   }))
 }
 
diff --git a/variables.tf b/variables.tf
index 771ecedd..5f27bff0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -161,6 +161,25 @@ variable "backends" {
         include_named_cookies  = optional(list(string))
       }))
     }))
+    outlier_detection = optional(object({
+      base_ejection_time = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      consecutive_errors                    = optional(number)
+      consecutive_gateway_failure           = optional(number)
+      enforcing_consecutive_errors          = optional(number)
+      enforcing_consecutive_gateway_failure = optional(number)
+      enforcing_success_rate                = optional(number)
+      interval = optional(object({
+        seconds = number
+        nanos   = optional(number)
+      }))
+      max_ejection_percent        = optional(number)
+      success_rate_minimum_hosts  = optional(number)
+      success_rate_request_volume = optional(number)
+      success_rate_stdev_factor   = optional(number)
+    }))
   }))
 }