Merge branch 'master' into fast/fast-fundation
This commit is contained in:
Ludovico Magnocavallo
@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
|
||||
|
||||
- add support for IAM and Cloud Build triggers to source repository module
|
||||
- add `id` output to service account module
|
||||
- add support for secrets to cloud function module
|
||||
|
||||
**FAST**
|
||||
|
||||
|
||||
@@ -173,11 +173,12 @@ module "cf-http" {
|
||||
| [labels](variables.tf#L82) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [prefix](variables.tf#L93) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L104) | Region used for all resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [service_account](variables.tf#L110) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L116) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [trigger_config](variables.tf#L122) | Function trigger configuration. Leave null for HTTP trigger. | <code title="object({ event = string resource = string retry = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector](variables.tf#L132) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object({ create = bool name = string egress_settings = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector_config](variables.tf#L142) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object({ ip_cidr_range = string network = string })">object({…})</code> | | <code>null</code> |
|
||||
| [secrets](variables.tf#L110) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | <code title="map(object({ is_volume = bool project_id = number secret = string versions = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [service_account](variables.tf#L122) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L128) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [trigger_config](variables.tf#L134) | Function trigger configuration. Leave null for HTTP trigger. | <code title="object({ event = string resource = string retry = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector](variables.tf#L144) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object({ create = bool name = string egress_settings = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector_config](variables.tf#L154) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object({ ip_cidr_range = string network = string })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -91,6 +91,35 @@ resource "google_cloudfunctions_function" "function" {
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "secret_environment_variables" {
|
||||
for_each = { for k, v in var.secrets : k => v if !v.is_volume }
|
||||
iterator = secret
|
||||
content {
|
||||
key = secret.key
|
||||
project_id = secret.value.project_id
|
||||
secret = secret.value.secret
|
||||
version = try(secret.value.versions.0, "latest")
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "secret_volumes" {
|
||||
for_each = { for k, v in var.secrets : k => v if v.is_volume }
|
||||
iterator = secret
|
||||
content {
|
||||
mount_path = secret.key
|
||||
project_id = secret.value.project_id
|
||||
secret = secret.value.secret
|
||||
dynamic "versions" {
|
||||
for_each = secret.value.versions
|
||||
iterator = version
|
||||
content {
|
||||
path = split(":", version)[1]
|
||||
version = split(":", version)[0]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
resource "google_cloudfunctions_function_iam_binding" "default" {
|
||||
|
||||
@@ -107,6 +107,18 @@ variable "region" {
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "secrets" {
|
||||
description = "Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format."
|
||||
type = map(object({
|
||||
is_volume = bool
|
||||
project_id = number
|
||||
secret = string
|
||||
versions = list(string)
|
||||
}))
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "service_account" {
|
||||
description = "Service account email. Unused if service account is auto-created."
|
||||
type = string
|
||||
|
||||
@@ -84,13 +84,21 @@ def main(dirs, prefix_length=None):
|
||||
source_just = max(len(k) for k in MOD_LIMITS)
|
||||
name_just = max(len(n.name) for n in names)
|
||||
value_just = max(len(n.value) for n in names)
|
||||
errors = []
|
||||
for name in names:
|
||||
name_length = name.length + prefix_length
|
||||
flag = '✗' if name_length >= MOD_LIMITS[name.source] else '✓'
|
||||
print(f'[{flag}] {name.source.ljust(source_just)} '
|
||||
f'{name.name.ljust(name_just)} '
|
||||
f'{name.value.ljust(value_just)} '
|
||||
f'({name_length})')
|
||||
if name_length >= MOD_LIMITS[name.source]:
|
||||
flag = "✗"
|
||||
errors += [f"{name.source}:{name.name}:{name_length}"]
|
||||
else:
|
||||
flag = "✓"
|
||||
|
||||
print(f"[{flag}] {name.source.ljust(source_just)} "
|
||||
f"{name.name.ljust(name_just)} "
|
||||
f"{name.value.ljust(value_just)} "
|
||||
f"({name_length})")
|
||||
if errors:
|
||||
raise ValueError(errors)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
Reference in New Issue
Block a user