feat: enable mtls on external application application load balancer

.gitignore

@@ -1,5 +1,6 @@
 venv/*
 */venv/*
+**/.python-version
 **/.terraform
 **/terraform.tfstate*
 **/terraform.tfvars

modules/net-lb-app-ext/main.tf

@@ -82,13 +82,14 @@ resource "google_compute_target_http_proxy" "default" {
 }
 
 resource "google_compute_target_https_proxy" "default" {
-  count            = var.protocol == "HTTPS" ? 1 : 0
-  project          = var.project_id
-  name             = var.name
-  description      = var.description
-  certificate_map  = var.https_proxy_config.certificate_map
-  quic_override    = var.https_proxy_config.quic_override
-  ssl_certificates = local.proxy_ssl_certificates
-  ssl_policy       = var.https_proxy_config.ssl_policy
-  url_map          = google_compute_url_map.default.id
+  count             = var.protocol == "HTTPS" ? 1 : 0
+  project           = var.project_id
+  name              = var.name
+  description       = var.description
+  certificate_map   = var.https_proxy_config.certificate_map
+  quic_override     = var.https_proxy_config.quic_override
+  ssl_certificates  = local.proxy_ssl_certificates
+  ssl_policy        = var.https_proxy_config.ssl_policy
+  url_map           = google_compute_url_map.default.id
+  server_tls_policy = var.mtls_policy
 }

modules/net-lb-app-ext/variables.tf

@@ -82,6 +82,12 @@ variable "https_proxy_config" {
   nullable = false
 }
 
+variable "mtls_policy" {
+  description = "id of the mTLS policy to use for the target proxy."
+  type        = string
+  default     = ""
+}
+
 variable "labels" {
   description = "Labels set on resources."
   type        = map(string)