fix!: Fix result of var.quic to match the current behaviour on GCP (terraform-google-modules#318)

Author: s3i7h

Diff for: README.md

@@ -129,12 +129,12 @@ Current version is 3.0. Upgrade guides:
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
 | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no |
 | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no |
-| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL for classic internal load balancer, and INTERNAL\_SELF\_MANAGED for Traffic Director) | `string` | `"EXTERNAL"` | no |
+| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL for classic internal load balancer, and INTERNAL\_SELF\_MANAGED for internal load balancer) | `string` | `"EXTERNAL"` | no |
 | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` and `use_ssl_certificates` set to `false`. | `list(string)` | `[]` | no |
 | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
 | private\_key | Content of the private SSL key. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
-| quic | Set to `true` to enable QUIC support | `bool` | `false` | no |
+| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
 | random\_certificate\_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. | `bool` | `false` | no |
 | security\_policy | The resource URL for the security policy to associate with the backend service | `string` | `null` | no |
 | ssl | Set to `true` to enable SSL support, requires variable `ssl_certificates` - a list of self\_link certs | `bool` | `false` | no |

Diff for: autogen/main.tf.tmpl

@@ -116,7 +116,7 @@ resource "google_compute_target_https_proxy" "default" {
   ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default.*.self_link, google_compute_managed_ssl_certificate.default.*.self_link, ), )
   certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
   ssl_policy       = var.ssl_policy
-  quic_override    = var.quic ? "ENABLE" : null
+  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
 }
 
 resource "google_compute_ssl_certificate" "default" {

Diff for: autogen/variables.tf.tmpl

@@ -202,8 +202,8 @@ variable "ssl_policy" {
 
 variable "quic" {
   type        = bool
-  description = "Set to `true` to enable QUIC support"
-  default     = false
+  description = "Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only."
+  default     = null
 }
 
 variable "private_key" {

Diff for: docs/upgrading_to_v9.0.md

@@ -5,3 +5,7 @@ The v9.0 release contains backwards-incompatible changes.
 This update requires upgrading the minimum provider version from `4.45` to `4.50`.
 
 The [`edge_security_policy`](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/cb15ed7391f1bbcc4fdb6d55ee5703ca0d47447a/variables.tf#L91) object attribute and its nested attributes within the [`backends`] variable (https://github.com/terraform-google-modules/terraform-google-lb-http/blob/cb15ed7391f1bbcc4fdb6d55ee5703ca0d47447a/variables.tf#L81) is now available. It is optional.
+
+---
+
+The [`quic`](https://github.com/terraform-google-modules/terraform-google-lb-http/blob/dfb6cdaf5681e59324294bb23f0e656e0f4847e6/variables.tf#L190) variable now takes `true`, `false`, or `null` which corresponds to HTTP/3 and Google QUIC being enabled, both disabled, and HTTP/3 enabled only. Defaults to `null`.

Diff for: main.tf

@@ -114,7 +114,7 @@ resource "google_compute_target_https_proxy" "default" {
   ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default.*.self_link, google_compute_managed_ssl_certificate.default.*.self_link, ), )
   certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
   ssl_policy       = var.ssl_policy
-  quic_override    = var.quic ? "ENABLE" : null
+  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
 }
 
 resource "google_compute_ssl_certificate" "default" {

Diff for: metadata.yaml

@@ -197,9 +197,8 @@ spec:
     type: string
     required: true
   - name: quic
-    description: Set to `true` to enable QUIC support
+    description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only.
     type: bool
-    default: false
     required: false
   - name: random_certificate_suffix
     description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert.

Diff for: modules/dynamic_backends/README.md

@@ -127,7 +127,7 @@ Current version is 3.0. Upgrade guides:
 | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
 | private\_key | Content of the private SSL key. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
-| quic | Set to `true` to enable QUIC support | `bool` | `false` | no |
+| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
 | random\_certificate\_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. | `bool` | `false` | no |
 | security\_policy | The resource URL for the security policy to associate with the backend service | `string` | `null` | no |
 | ssl | Set to `true` to enable SSL support, requires variable `ssl_certificates` - a list of self\_link certs | `bool` | `false` | no |

Diff for: modules/dynamic_backends/main.tf

@@ -114,7 +114,7 @@ resource "google_compute_target_https_proxy" "default" {
   ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default.*.self_link, google_compute_managed_ssl_certificate.default.*.self_link, ), )
   certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
   ssl_policy       = var.ssl_policy
-  quic_override    = var.quic ? "ENABLE" : null
+  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
 }
 
 resource "google_compute_ssl_certificate" "default" {

Diff for: modules/dynamic_backends/metadata.yaml

@@ -191,9 +191,8 @@ spec:
     type: string
     required: true
   - name: quic
-    description: Set to `true` to enable QUIC support
+    description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only.
     type: bool
-    default: false
     required: false
   - name: random_certificate_suffix
     description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert.

Diff for: modules/dynamic_backends/variables.tf

@@ -189,8 +189,8 @@ variable "ssl_policy" {
 
 variable "quic" {
   type        = bool
-  description = "Set to `true` to enable QUIC support"
-  default     = false
+  description = "Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only."
+  default     = null
 }
 
 variable "private_key" {
@@ -254,7 +254,7 @@ variable "labels" {
 }
 
 variable "load_balancing_scheme" {
-  description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL for classic internal load balancer, and INTERNAL_SELF_MANAGED for Traffic Director)"
+  description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL for classic internal load balancer, and INTERNAL_SELF_MANAGED for internal load balancer)"
   type        = string
   default     = "EXTERNAL"
 }

Diff for: modules/serverless_negs/README.md

@@ -91,7 +91,7 @@ Current version is 3.0. Upgrade guides:
 | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
 | private\_key | Content of the private SSL key. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
-| quic | Set to `true` to enable QUIC support | `bool` | `false` | no |
+| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
 | random\_certificate\_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. | `bool` | `false` | no |
 | security\_policy | The resource URL for the security policy to associate with the backend service | `string` | `null` | no |
 | ssl | Set to `true` to enable SSL support, requires variable `ssl_certificates` - a list of self\_link certs | `bool` | `false` | no |

Diff for: modules/serverless_negs/main.tf

@@ -113,7 +113,7 @@ resource "google_compute_target_https_proxy" "default" {
   ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default.*.self_link, google_compute_managed_ssl_certificate.default.*.self_link, ), )
   certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
   ssl_policy       = var.ssl_policy
-  quic_override    = var.quic ? "ENABLE" : null
+  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
 }
 
 resource "google_compute_ssl_certificate" "default" {

Diff for: modules/serverless_negs/metadata.yaml

@@ -154,9 +154,8 @@ spec:
     type: string
     required: true
   - name: quic
-    description: Set to `true` to enable QUIC support
+    description: Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only.
     type: bool
-    default: false
     required: false
   - name: random_certificate_suffix
     description: Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert.

Diff for: modules/serverless_negs/variables.tf

@@ -141,8 +141,8 @@ variable "ssl_policy" {
 
 variable "quic" {
   type        = bool
-  description = "Set to `true` to enable QUIC support"
-  default     = false
+  description = "Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only."
+  default     = null
 }
 
 variable "private_key" {

Diff for: variables.tf

@@ -189,8 +189,8 @@ variable "ssl_policy" {
 
 variable "quic" {
   type        = bool
-  description = "Set to `true` to enable QUIC support"
-  default     = false
+  description = "Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only."
+  default     = null
 }
 
 variable "private_key" {