kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludo
2024-11-17 16:31:59 +01:00
parent 1fc5e90bdd 6b0745deed
commit 104306e0c2
10 changed files with 91 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/alloydb/main.tf
View File

@@ -302,14 +302,6 @@ resource "google_alloydb_cluster" "secondary" {
}
}
dynamic "initial_user" {
for_each = var.initial_user != null ? [""] : []
content {
user = var.initial_user.user
password = var.initial_user.password
}
}
dynamic "maintenance_update_policy" {
for_each = var.maintenance_config.enabled ? [""] : []
content {

30
modules/cloud-run-v2/README.md
View File

@@ -7,7 +7,7 @@ Cloud Run Services and Jobs, with support for IAM roles and Eventarc trigger cre
- [Mounting secrets as volumes](#mounting-secrets-as-volumes)
- [Mounting GCS buckets](#mounting-gcs-buckets)
- [Connecting to Cloud SQL database](#connecting-to-cloud-sql-database)
- [Beta features](#beta-features)
- [Direct VPC Egress](#direct-vpc-egress)
- [VPC Access Connector](#vpc-access-connector)
- [Using Customer-Managed Encryption Key](#using-customer-managed-encryption-key)
- [Eventarc triggers](#eventarc-triggers)
@@ -101,14 +101,22 @@ module "cloud_run" {
}
}
}
revision = {
gen2_execution_environment = true
}
volumes = {
bucket = {
gcs = {
bucket = var.bucket
is_read_only = false
mount_options = [ # Beta feature
"metadata-cache-ttl-secs=120s",
"type-cache-max-size-mb=4",
]
}
}
}
deletion_protection = false
}
# tftest inventory=gcs-mount.yaml e2e
```
@@ -139,18 +147,13 @@ module "cloud_run" {
# tftest fixtures=fixtures/cloudsql-instance.tf inventory=cloudsql.yaml e2e
```
## Beta features
To use beta features like Direct VPC Egress, set the launch stage to a preview stage.
## Direct VPC Egress
```hcl
module "cloud_run" {
source = "./fabric/modules/cloud-run-v2"
project_id = var.project_id
name = "hello"
region = var.region
launch_stage = "BETA"
source = "./fabric/modules/cloud-run-v2"
project_id = var.project_id
name = "hello"
region = var.region
containers = {
hello = {
image = "us-docker.pkg.dev/cloudrun/container/hello"
@@ -161,12 +164,13 @@ module "cloud_run" {
max_instance_count = 20
vpc_access = {
egress = "ALL_TRAFFIC"
subnet = "default"
subnet = var.subnet.name
tags = ["tag1", "tag2", "tag3"]
}
}
deletion_protection = false
}
# tftest modules=1 resources=1 inventory=service-beta-features.yaml
# tftest modules=1 resources=1 inventory=service-direct-vpc.yaml e2e
```
## VPC Access Connector

33
modules/cloud-run-v2/job.tf
View File

@@ -87,7 +87,15 @@ resource "google_cloud_run_v2_job" "job" {
}
}
dynamic "volume_mounts" {
for_each = coalesce(containers.value.volume_mounts, tomap({}))
for_each = { for k, v in coalesce(containers.value.volume_mounts, tomap({})) : k => v if k != "cloudsql" }
content {
name = volume_mounts.key
mount_path = volume_mounts.value
}
}
# CloudSQL is the last mount in the list returned by API
dynamic "volume_mounts" {
for_each = { for k, v in coalesce(containers.value.volume_mounts, tomap({})) : k => v if k == "cloudsql" }
content {
name = volume_mounts.key
mount_path = volume_mounts.value
@@ -96,7 +104,7 @@ resource "google_cloud_run_v2_job" "job" {
}
}
dynamic "volumes" {
for_each = var.volumes
for_each = { for k, v in var.volumes : k => v if v.cloud_sql_instances == null }
content {
name = volumes.key
dynamic "secret" {
@@ -114,12 +122,7 @@ resource "google_cloud_run_v2_job" "job" {
}
}
}
dynamic "cloud_sql_instance" {
for_each = length(coalesce(volumes.value.cloud_sql_instances, [])) == 0 ? [] : [""]
content {
instances = volumes.value.cloud_sql_instances
}
}
dynamic "empty_dir" {
for_each = volumes.value.empty_dir_size == null ? [] : [""]
content {
@@ -144,6 +147,19 @@ resource "google_cloud_run_v2_job" "job" {
}
}
}
# CloudSQL is the last volume in the list returned by API
dynamic "volumes" {
for_each = { for k, v in var.volumes : k => v if v.cloud_sql_instances != null }
content {
name = volumes.key
dynamic "cloud_sql_instance" {
for_each = length(coalesce(volumes.value.cloud_sql_instances, [])) == 0 ? [] : [""]
content {
instances = volumes.value.cloud_sql_instances
}
}
}
}
}
}
@@ -162,4 +178,3 @@ resource "google_cloud_run_v2_job_iam_binding" "binding" {
role = each.key
members = each.value
}

32
modules/cloud-run-v2/service.tf
View File

@@ -101,7 +101,15 @@ resource "google_cloud_run_v2_service" "service" {
}
}
dynamic "volume_mounts" {
for_each = coalesce(containers.value.volume_mounts, tomap({}))
for_each = { for k, v in coalesce(containers.value.volume_mounts, tomap({})) : k => v if k != "cloudsql" }
content {
name = volume_mounts.key
mount_path = volume_mounts.value
}
}
# CloudSQL is the last mount in the list returned by API
dynamic "volume_mounts" {
for_each = { for k, v in coalesce(containers.value.volume_mounts, tomap({})) : k => v if k == "cloudsql" }
content {
name = volume_mounts.key
mount_path = volume_mounts.value
@@ -174,7 +182,7 @@ resource "google_cloud_run_v2_service" "service" {
}
}
dynamic "volumes" {
for_each = var.volumes
for_each = { for k, v in var.volumes : k => v if v.cloud_sql_instances == null }
content {
name = volumes.key
dynamic "secret" {
@@ -192,12 +200,7 @@ resource "google_cloud_run_v2_service" "service" {
}
}
}
dynamic "cloud_sql_instance" {
for_each = length(coalesce(volumes.value.cloud_sql_instances, [])) == 0 ? [] : [""]
content {
instances = volumes.value.cloud_sql_instances
}
}
dynamic "empty_dir" {
for_each = volumes.value.empty_dir_size == null ? [] : [""]
content {
@@ -222,6 +225,19 @@ resource "google_cloud_run_v2_service" "service" {
}
}
}
# CloudSQL is the last volume in the list returned by API
dynamic "volumes" {
for_each = { for k, v in var.volumes : k => v if v.cloud_sql_instances != null }
content {
name = volumes.key
dynamic "cloud_sql_instance" {
for_each = length(coalesce(volumes.value.cloud_sql_instances, [])) == 0 ? [] : [""]
content {
instances = volumes.value.cloud_sql_instances
}
}
}
}
}
deletion_protection = var.deletion_protection

8
modules/iam-service-account/README.md
View File

@@ -70,8 +70,8 @@ module "myproject-default-service-accounts" {
| [email](outputs.tf#L17) | Service account email. | |
| [iam_email](outputs.tf#L25) | IAM-format service account email. | |
| [id](outputs.tf#L33) | Fully qualified service account id. | |
| [key](outputs.tf#L42) | Service account key. | ✓ |
| [name](outputs.tf#L48) | Service account name. | |
| [service_account](outputs.tf#L57) | Service account resource. | |
| [service_account_credentials](outputs.tf#L62) | Service account json credential templates for uploaded public keys data. | |
| [key](outputs.tf#L41) | Service account key. | ✓ |
| [name](outputs.tf#L47) | Service account name. | |
| [service_account](outputs.tf#L55) | Service account resource. | |
| [service_account_credentials](outputs.tf#L60) | Service account json credential templates for uploaded public keys data. | |
<!-- END TFDOC -->

10
modules/iam-service-account/outputs.tf
View File

@@ -18,7 +18,7 @@ output "email" {
description = "Service account email."
value = local.resource_email_static
depends_on = [
local.service_account
local.service_account,
]
}
@@ -26,7 +26,7 @@ output "iam_email" {
description = "IAM-format service account email."
value = local.resource_iam_email_static
depends_on = [
local.service_account
local.service_account,
]
}
@@ -34,8 +34,7 @@ output "id" {
description = "Fully qualified service account id."
value = local.service_account_id_static
depends_on = [
data.google_service_account.service_account,
google_service_account.service_account
local.service_account,
]
}
@@ -49,8 +48,7 @@ output "name" {
description = "Service account name."
value = local.service_account_id_static
depends_on = [
data.google_service_account.service_account,
google_service_account.service_account
local.service_account,
]
}

10
modules/pubsub/README.md
View File

@@ -136,6 +136,11 @@ module "iam-service-account" {
source = "./fabric/modules/iam-service-account"
project_id = var.project_id
name = "fixture-service-account"
iam_project_roles = {
"${var.project_id}" = [
"roles/bigquery.dataEditor",
]
}
}
module "pubsub" {
@@ -152,8 +157,11 @@ module "pubsub" {
}
}
}
depends_on = [
module.iam-service-account # wait for IAM grants to finish
]
}
# tftest modules=3 resources=6 fixtures=fixtures/bigquery-dataset.tf inventory=bigquery-subscription-with-service-account.yaml e2e
# tftest fixtures=fixtures/bigquery-dataset.tf inventory=bigquery-subscription-with-service-account.yaml e2e
```
## Cloud Storage subscriptions

2
tests/modules/cloud_run_v2/examples/gcs-mount.yaml
View File

@@ -24,7 +24,7 @@ values:
volume_mounts:
- mount_path: /bucket
name: bucket
execution_environment: EXECUTION_ENVIRONMENT_GEN1
execution_environment: EXECUTION_ENVIRONMENT_GEN2
volumes:
- cloud_sql_instance: []
empty_dir: []

2
tests/modules/cloud_run_v2/examples/service-beta-features.yaml → tests/modules/cloud_run_v2/examples/service-direct-vpc.yaml
View File

@@ -34,7 +34,7 @@ values:
- connector: null
egress: ALL_TRAFFIC
network_interfaces:
- subnetwork: default
- subnetwork: subnet_name
tags:
- tag1
- tag2

21
tests/modules/pubsub/examples/bigquery-subscription-with-service-account.yaml
View File

@@ -13,6 +13,12 @@
# limitations under the License.
values:
module.iam-service-account.google_project_iam_member.project-roles["project-id-roles/bigquery.dataEditor"]:
project: project-id
role: roles/bigquery.dataEditor
module.iam-service-account.google_service_account.service_account[0]:
account_id: fixture-service-account
project: project-id
module.pubsub.google_pubsub_subscription.default["test-bigquery-with-service-account"]:
bigquery_config:
- drop_unknown_fields: false
@@ -23,8 +29,6 @@ values:
write_metadata: false
cloud_storage_config: []
dead_letter_policy: []
effective_labels:
goog-terraform-provisioned: 'true'
enable_exactly_once_delivery: false
enable_message_ordering: false
filter: null
@@ -35,13 +39,8 @@ values:
push_config: []
retain_acked_messages: false
retry_policy: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
topic: my-topic
module.pubsub.google_pubsub_topic.default:
effective_labels:
goog-terraform-provisioned: 'true'
ingestion_data_source_settings: []
kms_key_name: null
labels: null
@@ -49,16 +48,10 @@ values:
name: my-topic
project: project-id
schema_settings: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
counts:
google_bigquery_dataset: 1
google_bigquery_dataset_iam_binding: 1
google_bigquery_table: 1
google_project_iam_member: 1
google_pubsub_subscription: 1
google_pubsub_topic: 1
google_service_account: 1
modules: 3
resources: 6