provisioned ssl cert. configured https proxy and http redirect

Author: mayuthombre

Makefile

@@ -174,3 +174,7 @@ gcp-destroy-grafana:
 gcp-destroy-all:
 	@echo "\n\n---GCP-DESTROY-ALL---\n"
 	cd infrastructure/gcp;cdktf destroy gcp_base gcp_core gcp_grafana 
+
+local-gcp-plan: gcp-plan-base gcp-plan-core
+
+local-gcp-deploy: gcp-deploy-base gcp-deploy-core

infrastructure/gcp/lb_component.py

@@ -5,7 +5,8 @@
                                          compute_region_network_endpoint_group,
                                          compute_target_http_proxy,
                                          compute_url_map,
-                                         compute_managed_ssl_certificate
+                                         compute_managed_ssl_certificate,
+                                         compute_target_https_proxy,
                                          )
 from constructs import Construct
 
@@ -18,6 +19,7 @@ def __init__(
         project_id: str,
         location: str,
         name_prefix: str,
+        DOMAIN_NAME: str,
     ):
         super().__init__(scope, id)
 
@@ -26,7 +28,7 @@ def __init__(
             compute_region_network_endpoint_group.ComputeRegionNetworkEndpointGroup(
                 self,
                 "function_neg",
-                name=name_prefix + "-grafana-lb-neg",
+                name=name_prefix+"-grafana-lb-neg",
                 project=project_id,
                 region=location,
                 network_endpoint_type="SERVERLESS",
@@ -39,18 +41,18 @@ def __init__(
         # self.health_check = compute_health_check.ComputeHealthCheck(
         #     self,
         #     "health_check",
-        #     name=name_prefix + "-grafana-lb-health-check",
+        #     name=name_prefix+"-grafana-lb-health-check",
         #     project=project_id,
-        #     http_health_check={
-        #     "port": 80
+        #     ssl_health_check={
+        #     "port": 443
         #     },
         # )
 
         # Create Backend service network endpoint
         self.backend_service = compute_backend_service.ComputeBackendService(
             self,
             "backend_service",
-            name=name_prefix + "-grafana-lb-backend",
+            name=name_prefix+"-grafana-lb-backend",
             project=project_id,
             timeout_sec=30,
             connection_draining_timeout_sec=300,
@@ -63,88 +65,83 @@ def __init__(
         self.global_address = compute_global_address.ComputeGlobalAddress(
             self,
             "global_address",
-            name=f"{name_prefix}-grafana-ip",
+            name=name_prefix+"-grafana-ip",
             project=project_id,
         )
 
         # Create SSL certificate
-        # self.certificate = compute_managed_ssl_certificate.ComputeManagedSslCertificate(
-        #     self,
-        #     "ssl_certificate",
-        #     name=name_prefix+"-ssl-certificate",
-        #     project=project_id,
-        #     type="MANAGED",
-        #     managed={
-        #     "domains": ["flightcontroller.apacsquadzero.io"]
-        #     }
-        # )
+        self.certificate = compute_managed_ssl_certificate.ComputeManagedSslCertificate(
+            self,
+            "ssl_certificate",
+            name=name_prefix+"-ssl-certificate",
+            project=project_id,
+            type="MANAGED",
+            managed={
+            "domains": [str(DOMAIN_NAME),]
+            }
+        )
 
         # Create URL map
-        self.url_map = compute_url_map.ComputeUrlMap(
+        self.default = compute_url_map.ComputeUrlMap(
             self,
-            "urlmap",
-            name=name_prefix + "-grafana-lb-urlmap",
-            default_service=self.backend_service.id,
+            "default-urlmap",
+            name=name_prefix+"-grafana-default-urlmap",
+            default_service=self.backend_service.self_link,
             project=project_id,
         )
 
-        # self.http_redirect = compute_url_map.ComputeUrlMap(
-        #     self,
-        #     "http_redirect",
-        #     name=name+"-http-redirect",
-        #     project=project_id,
-        #     default_url_redirect={
-        #     "https_redirect": True,
-        #     "strip_query": False,
-        #     }
-        # )
-
-        # # Create target proxy
-        # self.targetproxy = compute_target_https_proxy.ComputeTargetHttpsProxy(
-        #     self,
-        #     "target_proxy",
-        #     name=name+"-target",
-        #     url_map=self.url_map.id,
-        #     project=project_id,
-        #     ssl_certificates=[self.certificate.id],
-        # )
+        self.https_redirect = compute_url_map.ComputeUrlMap(
+            self,
+            "https_redirect",
+            name=name_prefix+"-https-redirect",
+            project=project_id,
+            default_url_redirect={
+            "https_redirect": True,
+            "strip_query": False,
+            "redirect_response_code": "MOVED_PERMANENTLY_DEFAULT"
+            }
+        )
 
-        # self.redirectproxy = compute_target_http_proxy.ComputeTargetHttpProxy(
-        #     self,
-        #     "redirect_proxy",
-        #     name=name+"http-redirect",
-        #     url_map=self.http_redirect.id,
-        #     project=project_id,
-        # )
+        # HTTPS proxy when ssl is true
+        self.https_proxy = compute_target_https_proxy.ComputeTargetHttpsProxy(
+            self,
+            "https_proxy",
+            name=name_prefix+"-grafana-https-proxy",
+            url_map=self.default.self_link,
+            project=project_id,
+            ssl_certificates=[self.certificate.id],
+        )
 
-        self.redirect_proxy = compute_target_http_proxy.ComputeTargetHttpProxy(
+        # HTTP Proxy when http forwarding is true
+        self.http_proxy = compute_target_http_proxy.ComputeTargetHttpProxy(
             self,
-            "redirect_proxy",
-            name=name_prefix + "-grafana-lbhttp-redirect",
-            url_map=self.url_map.id,
+            "http_proxy",
+            name=name_prefix+"-grafana-http-proxy",
+            url_map=self.https_redirect.self_link,
             project=project_id,
         )
 
         # Create global forwarding rule
-        self.forwarding_rule = (
+        self.http_forwarding = (
             compute_global_forwarding_rule.ComputeGlobalForwardingRule(
                 self,
-                "forwarding_rule",
-                name=f"{name_prefix}-grafana-lb",
-                target=self.redirect_proxy.id,
+                "http_forwarding",
+                name=name_prefix+"-grafana-http",
+                target=self.http_proxy.self_link,
                 port_range="80",
                 project=project_id,
                 load_balancing_scheme="EXTERNAL_MANAGED",
                 ip_address=self.global_address.address,
             )
         )
 
-        # self.redirect_rule = compute_global_forwarding_rule.ComputeGlobalForwardingRule(
-        #     self,
-        #     "redirect_rule",
-        #     name=name_prefix+"httpredirect",
-        #     target=self.redirectproxy.id,
-        #     port_range="80",
-        #     project=project_id,
-        #     ip_address=self.forwarding_rule.ip_address,
-        # )
+        self.https_forwarding = compute_global_forwarding_rule.ComputeGlobalForwardingRule(
+            self,
+            "https_forwarding",
+            name=name_prefix+"-grafana-https",
+            target=self.https_proxy.self_link,
+            port_range="443",
+            project=project_id,
+            ip_address=self.global_address.address,
+            load_balancing_scheme="EXTERNAL_MANAGED",
+        )

infrastructure/gcp/main.py

@@ -22,6 +22,7 @@
 NAME_PREFIX = "flight-controller"
 EVENT_TABLE_NAME = "event_sourcing_table"
 METRIC_TABLE_NAME = "metric_sourcing_table"
+DOMAIN_NAME = "flightcontroller.apacsquadzero.io"
 
 # GCP Base Stack
 class GcpBase(TerraformStack):
@@ -137,6 +138,7 @@ def __init__(
             PROJECT_ID,
             LOCATION,
             NAME_PREFIX,
+            DOMAIN_NAME
         )
         # self.grafana_workspace_id = lb_component.global_address.address