resource "google_compute_region_network_endpoint_group" "cr_neg" {
  name                  = "${var.service_name}-neg"
  region                = var.region
  network_endpoint_type = "SERVERLESS"

  cloud_run {
    service = var.service_name
  }
}

resource "google_compute_backend_service" "backend" {
  name = "${var.service_name}-backend"

  protocol              = "HTTP"
  port_name             = "http"
  load_balancing_scheme = "EXTERNAL"

  log_config {
    enable      = true
    sample_rate = 1
  }

  backend {
    group           = google_compute_region_network_endpoint_group.cr_neg.id
    balancing_mode  = "UTILIZATION"
    capacity_scaler = 1.0
  }

  security_policy = var.security_name
}

resource "google_compute_url_map" "url_map" {
  name            = "${var.service_name}-lb"
  default_service = google_compute_backend_service.backend.self_link
}

resource "google_compute_managed_ssl_certificate" "cert" {
  name = "${var.service_name}-cert"

  managed {
    domains = [var.domain]
  }
}

resource "google_compute_target_https_proxy" "https_proxy" {
  name    = "${var.service_name}-https-proxy"
  url_map = google_compute_url_map.url_map.id
  ssl_certificates = [
    google_compute_managed_ssl_certificate.cert.id
  ]
}

resource "google_compute_global_forwarding_rule" "https_forward" {
  name                  = "${var.service_name}-https-forward"
  target                = google_compute_target_https_proxy.https_proxy.id
  port_range            = "443"
  load_balancing_scheme = "EXTERNAL"
  ip_address            = var.lb_ip
  ip_protocol           = "TCP"
}