From 9706d2c386be8106e761e5de13a209e48ce76616 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lcaggioni@google.com>
Date: Tue, 9 Jun 2020 02:40:26 +0200
Subject: [PATCH] Add BigTable module

---
 modules/bigtable-instance/README.md    |  59 ++++++++++++++
 modules/bigtable-instance/main.tf      |  68 ++++++++++++++++
 modules/bigtable-instance/outputs.tf   |  46 +++++++++++
 modules/bigtable-instance/variables.tf | 105 +++++++++++++++++++++++++
 modules/bigtable-instance/versions.tf  |  19 +++++
 5 files changed, 297 insertions(+)
 create mode 100644 modules/bigtable-instance/README.md
 create mode 100644 modules/bigtable-instance/main.tf
 create mode 100644 modules/bigtable-instance/outputs.tf
 create mode 100644 modules/bigtable-instance/variables.tf
 create mode 100644 modules/bigtable-instance/versions.tf

diff --git a/modules/bigtable-instance/README.md b/modules/bigtable-instance/README.md
new file mode 100644
index 000000000..d34e6bbca
--- /dev/null
+++ b/modules/bigtable-instance/README.md
@@ -0,0 +1,59 @@
+# Google Cloud BigTable Module
+
+This module allows managing a single BigTable instance, including access configuration and tables.
+
+## TODO
+
+- [ ] support bigtable_gc_policy
+- [ ] support bigtable_app_profile
+
+## Examples
+
+### Simple instance with access configuration
+
+```hcl
+
+module "big-table-instance" {
+  source               = "./modules/bigtable-instance"
+  project_id           = "my-project"
+  name                 = "instance"
+  cluster_id           = "instance"
+  instance_type        = "PRODUCTION"
+  tables               = ["table1","table2"]
+  access_roles         = ["viewer"]
+  access_roles_binding = {
+    viewer = ["user:viewer@testdomain.com"]
+  }
+}
+```
+
+<!-- BEGIN TFDOC -->
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| name | he name of the Cloud Bigtable instance. | <code title="">string</code> | ✓ |  |
+| project_id | Id of the project where datasets will be created. | <code title="">string</code> | ✓ |  |
+| *access_roles* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *access_roles_binding* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
+| *cluster_id* | The ID of the Cloud Bigtable cluster. | <code title="">string</code> |  | <code title="">europe-west1</code> |
+| *deletion_protection* | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | <code title=""></code> |  | <code title="">true</code> |
+| *display_name* | The human-readable display name of the Bigtable instance. | <code title=""></code> |  | <code title="">null</code> |
+| *instance_type* | None | <code title="">string</code> |  | <code title="">DEVELOPMENT</code> |
+| *num_nodes* | The number of nodes in your Cloud Bigtable cluster. | <code title="">number</code> |  | <code title="">1</code> |
+| *storage_type* | The storage type to use. | <code title="">string</code> |  | <code title="">SSD</code> |
+| *table_options_default* | Default option of tables created in the BigTable instnace. | <code title="object&#40;&#123;&#10;split_keys    &#61; list&#40;string&#41;&#10;column_family &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;split_keys    &#61; &#91;&#93;&#10;column_family &#61; null&#10;&#125;">...</code> |
+| *tables* | Tables to be created in the BigTable instnace. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *tables_options* | Tables to be created in the BigTable instnace. | <code title="map&#40;object&#40;&#123;&#10;split_keys    &#61; list&#40;string&#41;&#10;column_family &#61; string&#10;&#125;&#41;&#10;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
+| *zone* | The zone to create the Cloud Bigtable cluster in. | <code title="">string</code> |  | <code title="">europe-west1-b</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| id | An identifier for the resource with format projects/{{project}}/instances/{{name}}. |  |
+| instance | BigTable intance. |  |
+| table_ids | Map of fully qualified table ids keyed by table name. |  |
+| tables | Table resources. |  |
+<!-- END TFDOC -->
+
diff --git a/modules/bigtable-instance/main.tf b/modules/bigtable-instance/main.tf
new file mode 100644
index 000000000..e8beacf85
--- /dev/null
+++ b/modules/bigtable-instance/main.tf
@@ -0,0 +1,68 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  tables = {
+    for k in var.tables : k => lookup(var.tables_options, k, var.table_options_default)
+  }
+
+  access_roles_bindings = {
+    for k in var.access_roles : k => lookup(var.access_roles_binding, k, [])
+  }
+}
+
+resource "google_bigtable_instance" "default" {
+  project = var.project_id
+  name    = var.name
+  cluster {
+    cluster_id   = var.cluster_id
+    zone         = var.zone
+    storage_type = var.storage_type
+  }
+  instance_type = var.instance_type
+
+  display_name        = var.display_name == null ? var.display_name : var.name
+  deletion_protection = var.deletion_protection
+}
+
+resource "google_bigtable_instance_iam_binding" "default" {
+  for_each = local.access_roles_bindings
+
+  project  = var.project_id
+  instance = google_bigtable_instance.default.name
+  role     = "roles/bigtable.${each.key}"
+  members  = each.value
+}
+
+resource "google_bigtable_table" "default" {
+  for_each      = local.tables
+  project       = var.project_id
+  instance_name = google_bigtable_instance.default.name
+  name          = each.key
+  split_keys    = each.value.split_keys
+
+  dynamic column_family {
+    for_each = each.value.column_family != null ? [""] : []
+
+    content {
+      family = each.value.column_family
+    }
+  }
+
+  # lifecycle {
+  #   prevent_destroy = true
+  # }
+}
diff --git a/modules/bigtable-instance/outputs.tf b/modules/bigtable-instance/outputs.tf
new file mode 100644
index 000000000..2012b5c63
--- /dev/null
+++ b/modules/bigtable-instance/outputs.tf
@@ -0,0 +1,46 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "id" {
+  description = "An identifier for the resource with format projects/{{project}}/instances/{{name}}."
+  value       = google_bigtable_instance.default.id
+  depends_on = [
+    google_bigtable_instance_iam_binding,
+    google_bigtable_table
+  ]
+}
+
+output "instance" {
+  description = "BigTable intance."
+  value       = google_bigtable_instance.default
+  depends_on = [
+    google_bigtable_instance_iam_binding,
+    google_bigtable_table
+  ]
+}
+
+output "tables" {
+  description = "Table resources."
+  value       = google_bigtable_table.default
+}
+
+output "table_ids" {
+  description = "Map of fully qualified table ids keyed by table name."
+  value       = { for k, v in google_bigtable_table.default : v.name => v.id }
+}
+
+
+
diff --git a/modules/bigtable-instance/variables.tf b/modules/bigtable-instance/variables.tf
new file mode 100644
index 000000000..16066b13b
--- /dev/null
+++ b/modules/bigtable-instance/variables.tf
@@ -0,0 +1,105 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "access_roles" {
+  description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members."
+  type        = list(string)
+  default     = []
+}
+
+variable "access_roles_binding" {
+  description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved."
+  type        = map(list(string))
+  default     = {}
+}
+
+variable "cluster_id" {
+  description = "The ID of the Cloud Bigtable cluster."
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "deletion_protection" {
+  description = "Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail."
+  default     = true
+}
+
+variable "display_name" {
+  description = "The human-readable display name of the Bigtable instance."
+  default     = null
+}
+
+variable "instance_type" {
+  description = "The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"DEVELOPMENT\""
+  type        = string
+  default     = "DEVELOPMENT"
+}
+
+variable "name" {
+  description = "he name of the Cloud Bigtable instance."
+  type        = string
+}
+
+variable "num_nodes" {
+  description = "The number of nodes in your Cloud Bigtable cluster."
+  type        = number
+  default     = 1
+}
+
+variable "project_id" {
+  description = "Id of the project where datasets will be created."
+  type        = string
+}
+
+variable "storage_type" {
+  description = "The storage type to use."
+  type        = string
+  default     = "SSD"
+}
+
+variable "tables" {
+  description = "Tables to be created in the BigTable instnace."
+  type        = list(string)
+  default     = []
+}
+
+variable "tables_options" {
+  description = "Tables to be created in the BigTable instnace."
+  type = map(object({
+    split_keys    = list(string)
+    column_family = string
+    })
+  )
+  default = {}
+}
+
+variable "table_options_default" {
+  description = "Default option of tables created in the BigTable instnace."
+  type = object({
+    split_keys    = list(string)
+    column_family = string
+  })
+  default = {
+    split_keys    = []
+    column_family = null
+  }
+}
+
+variable "zone" {
+  description = "The zone to create the Cloud Bigtable cluster in."
+  type        = string
+  default     = "europe-west1-b"
+}
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
new file mode 100644
index 000000000..ce6918e09
--- /dev/null
+++ b/modules/bigtable-instance/versions.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.12.6"
+}