lucidworks
diff --git a/‎README.md
+1-1 b/‎README.md
+1-1
diff --git a/‎autogen/main.tf.tmpl
+4-3 b/‎autogen/main.tf.tmpl
+4-3
diff --git a/‎autogen/variables.tf.tmpl
+1 b/‎autogen/variables.tf.tmpl
+1
diff --git a/‎examples/cross-project-mig-backend/README.md
+65 b/‎examples/cross-project-mig-backend/README.md
+65
diff --git a/‎examples/cross-project-mig-backend/gceme.sh.tpl
+118 b/‎examples/cross-project-mig-backend/gceme.sh.tpl
+118
diff --git a/‎examples/cross-project-mig-backend/main.tf
+59 b/‎examples/cross-project-mig-backend/main.tf
+59
@@ -120,7 +120,7 @@ module "gce-lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    port                    = optional(number)<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    timeout_sec                     = optional(number)<br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br><br>    health_check = object({<br>      host                = optional(string)<br>      request_path        = optional(string)<br>      request             = optional(string)<br>      response            = optional(string)<br>      port                = optional(number)<br>      port_name           = optional(string)<br>      proxy_header        = optional(string)<br>      port_specification  = optional(string)<br>      check_interval_sec  = optional(number)<br>      timeout_sec         = optional(number)<br>      healthy_threshold   = optional(number)<br>      unhealthy_threshold = optional(number)<br>      logging             = optional(bool)<br>    })<br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group = string<br><br>      balancing_mode               = optional(string)<br>      capacity_scaler              = optional(number)<br>      description                  = optional(string)<br>      max_connections              = optional(number)<br>      max_connections_per_instance = optional(number)<br>      max_connections_per_endpoint = optional(number)<br>      max_rate                     = optional(number)<br>      max_rate_per_instance        = optional(number)<br>      max_rate_per_endpoint        = optional(number)<br>      max_utilization              = optional(number)<br>    }))<br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Required if `ssl` is `true` and `ssl_certificates` is empty. | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |
 
@@ -23,7 +23,7 @@ locals {
   create_http_forward = var.http_forward || var.https_redirect
 
   {% if not serverless %}{# Serverless NEGs don't support health checks #}
-  health_checked_backends = { for backend_index, backend_value in var.backends : backend_index => backend_value if backend_value["health_check"] != null }  
+  health_checked_backends = { for backend_index, backend_value in var.backends : backend_index => backend_value if backend_value["health_check"] != null }
   {% endif %}
 
   is_internal       = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED"
@@ -163,6 +163,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
 }
 
 resource "google_compute_url_map" "default" {
+  provider        = google-beta
   project         = var.project
   count           = var.create_url_map ? 1 : 0
   name            = "${var.name}-url-map"
@@ -184,7 +185,7 @@ resource "google_compute_backend_service" "default" {
   provider = google-beta
   for_each = var.backends
 
-  project = var.project
+  project = coalesce(each.value["project"], var.project)
   name    = "${var.name}-backend-${each.key}"
 
   load_balancing_scheme = var.load_balancing_scheme
@@ -302,7 +303,7 @@ resource "google_compute_backend_service" "default" {
 resource "google_compute_health_check" "default" {
   provider = google-beta
   for_each = local.health_checked_backends
-  project  = var.project
+  project  = coalesce(each.value["project"], var.project)
   name     = "${var.name}-hc-${each.key}"
 
   check_interval_sec  = lookup(each.value["health_check"], "check_interval_sec", 5)
 
@@ -87,6 +87,7 @@ variable "backends" {
     {% if not serverless %}{# not necessary for serverless as default port_name=http, protocol=HTTP #}
     port                    = optional(number)
     {% endif %}
+    project                 = optional(string)
     protocol                = optional(string)
     port_name               = optional(string)
     description             = optional(string)
 
@@ -0,0 +1,65 @@
+# HTTP Load Balancer Example
+
+[![button](http://gstatic.com/cloudssh/images/open-btn.png)](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/terraform-google-lb-http&working_dir=examples/cross-project-mig-backend&page=shell&tutorial=README.md)
+
+This example creates a global HTTP forwarding rule in host project to forward traffic to instance groups in service project.
+
+## Change to the example directory
+
+```
+[[ `basename $PWD` != cross-project-mig-backend ]] && cd examples/cross-project-mig-backend
+```
+
+## Install Terraform
+
+1. Install Terraform if it is not already installed (visit [terraform.io](https://terraform.io) for other distributions):
+
+## Set up the environment
+
+
+1. Configure the environment for Terraform:
+
+```
+[[ $CLOUD_SHELL ]] || gcloud auth application-default login
+```
+
+## Run Terraform
+
+```
+terraform init
+terraform apply
+```
+
+## Test load balancing
+
+1. Open the URL of the load balancer in your browser:
+
+```
+echo http://$(terraform output load-balancer-ip)
+```
+
+## Cleanup
+
+1. Remove all resources created by terraform:
+
+```
+terraform destroy
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| host\_project | ID for the Shared VPC host project | `any` | n/a | yes |
+| network\_name | n/a | `string` | `"multi-mig-cross-project-mig"` | no |
+| region | n/a | `string` | `"us-central1"` | no |
+| service\_project | ID for the Shared VPC service project where instances will be deployed | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| load-balancer-ip | The external IP assigned to the load balancer. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,118 @@
+#!/bin/bash -xe
+
+RPM_INSTALL_ARGS="install -y httpd php php-common"
+
+if [ -f "/etc/redhat-release" ]; then
+  yum update -y || dnf update -y
+  yum $RPM_INSTALL_ARGS || dnf $RPM_INSTALL_ARGS
+else
+  apt-get update
+  apt-get install -y apache2 libapache2-mod-php
+fi
+
+cat > /var/www/html/index.php <<'EOF'
+<?php
+function metadata_value($value) {
+    $opts = array(
+        "http" => array(
+            "method" => "GET",
+            "header" => "Metadata-Flavor: Google"
+        )
+    );
+    $context = stream_context_create($opts);
+    $content = file_get_contents("http://metadata/computeMetadata/v1/$value", false, $context);
+    return $content;
+}
+?>
+
+<!doctype html>
+<html>
+<head>
+<!-- Compiled and minified CSS -->
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.0/css/materialize.min.css">
+
+<!-- Compiled and minified JavaScript -->
+<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.0/js/materialize.min.js"></script>
+<title>Frontend Web Server</title>
+</head>
+<body>
+<div class="container">
+<div class="row">
+<div class="col s2">&nbsp;</div>
+<div class="col s8">
+
+
+<div class="card blue">
+<div class="card-content white-text">
+<div class="card-title">Backend that serviced this request</div>
+</div>
+<div class="card-content white">
+<table class="bordered">
+  <tbody>
+	<tr>
+	  <td>Name</td>
+	  <td><?php printf(metadata_value("instance/name")) ?></td>
+	</tr>
+	<tr>
+	  <td>ID</td>
+	  <td><?php printf(metadata_value("instance/id")) ?></td>
+	</tr>
+	<tr>
+	  <td>Hostname</td>
+	  <td><?php printf(metadata_value("instance/hostname")) ?></td>
+	</tr>
+	<tr>
+	  <td>Zone</td>
+	  <td><?php printf(metadata_value("instance/zone")) ?></td>
+	</tr>
+    <tr>
+	  <td>Machine Type</td>
+	  <td><?php printf(metadata_value("instance/machine-type")) ?></td>
+	</tr>
+	<tr>
+	  <td>Project</td>
+	  <td><?php printf(metadata_value("project/project-id")) ?></td>
+	</tr>
+	<tr>
+	  <td>Internal IP</td>
+	  <td><?php printf(metadata_value("instance/network-interfaces/0/ip")) ?></td>
+	</tr>
+	<tr>
+	  <td>External IP</td>
+	  <td><?php printf(metadata_value("instance/network-interfaces/0/access-configs/0/external-ip")) ?></td>
+	</tr>
+  </tbody>
+</table>
+</div>
+</div>
+
+<div class="card blue">
+<div class="card-content white-text">
+<div class="card-title">Proxy that handled this request</div>
+</div>
+<div class="card-content white">
+<table class="bordered">
+  <tbody>
+	<tr>
+	  <td>Address</td>
+	  <td><?php printf($_SERVER["HTTP_HOST"]); ?></td>
+	</tr>
+  </tbody>
+</table>
+</div>
+
+</div>
+</div>
+<div class="col s2">&nbsp;</div>
+</div>
+</div>
+</html>
+EOF
+
+mv /var/www/html/index.html /var/www/html/index.html.old || echo "Old index doesn't exist"
+
+[[ -n "${PROXY_PATH}" ]] && mkdir -p /var/www/html/${PROXY_PATH} && cp /var/www/html/index.php /var/www/html/${PROXY_PATH}/index.php
+
+chkconfig httpd on || systemctl enable httpd || systemctl enable apache2
+service httpd restart || systemctl restart httpd || systemctl restart apache2
+
@@ -0,0 +1,59 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+# [START cloudloadbalancing_ext_http_gce_shared_vpc]
+module "gce-lb-http" {
+  source                = "../../"
+  name                  = "ci-crossproject-lb"
+  project               = var.host_project
+  target_tags           = ["allow-cross-project-mig"]
+  firewall_projects     = [var.host_project]
+  firewall_networks     = [var.network_name]
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+
+  backends = {
+    default = {
+      project     = var.service_project
+      protocol    = "HTTP"
+      port        = 80
+      port_name   = "http"
+      timeout_sec = 10
+      enable_cdn  = false
+
+      health_check = {
+        request_path = "/"
+        port         = 80
+      }
+
+      log_config = {
+        enable      = true
+        sample_rate = 1.0
+      }
+
+      groups = [
+        {
+          group = module.mig.instance_group
+        }
+      ]
+
+      iap_config = {
+        enable = false
+      }
+    }
+  }
+}
+# [END cloudloadbalancing_ext_http_gce_shared_vpc]