kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support pre-made bundle archives in cloud function modules (#2358)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2024-06-13 14:58:23 +02:00
committed by GitHub
parent bbf81752a4
commit 97d77d263b
16 changed files with 227 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
modules/cloud-function-v1/README.md
View File

@@ -39,7 +39,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = var.bucket
bundle_config = {
source_dir = "assets/sample-function/"
path = "assets/sample-function/"
output_path = "bundle.zip"
}
}
@@ -58,7 +58,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets/"
path = "fabric/assets/"
output_path = "bundle.zip"
}
trigger_config = {
@@ -81,7 +81,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets/"
path = "fabric/assets/"
output_path = "bundle.zip"
}
iam = {
@@ -107,7 +107,7 @@ module "cf-http" {
lifecycle_delete_age_days = 1
}
bundle_config = {
source_dir = "fabric/assets/"
path = "fabric/assets/"
}
}
# tftest modules=1 resources=3 inventory=bucket-creation.yaml
@@ -125,7 +125,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets/"
path = "fabric/assets/"
output_path = "bundle.zip"
}
service_account_create = true
@@ -143,7 +143,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets/"
path = "fabric/assets/"
output_path = "bundle.zip"
}
service_account = "non-existent@serice.account.email"
@@ -153,6 +153,10 @@ module "cf-http" {
### Custom bundle config
The Cloud Function bundle can be configured via the `bundle_config` variable, so that either a `zip` archive or a source folder can be used.
If a `zip` archive is already available, simply set the archive path in `bundle_config.path`. If a dynamically generated archive is needed, set `bundle_config.path` to the source folder path, then optionally configure the path where the archive will be created, and any exclusions needed in the archive.
In order to help prevent `archive_zip.output_md5` from changing cross platform (e.g. Cloud Build vs your local development environment), you'll have to make sure that the files included in the zip are always the same.
```hcl
@@ -163,7 +167,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets/"
output_path = "bundle.zip"
excludes = ["__pycache__"]
}
@@ -184,7 +188,7 @@ module "cf-http" {
bucket_name = "test-cf-bundles"
build_worker_pool = "projects/my-project/locations/europe-west1/workerPools/my_build_worker_pool"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets/"
output_path = "bundle.zip"
}
}
@@ -203,7 +207,7 @@ module "cf-http-one" {
name = "test-cf-http-one"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets"
}
}
@@ -214,17 +218,20 @@ module "cf-http-two" {
name = "test-cf-http-two"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets"
}
}
# tftest modules=2 resources=4 inventory=multiple_functions.yaml
```
### Mounting secrets from Secret Manager
This provides the latest value of the secret `var_secret` as `VARIABLE_SECRET` environment variable and three values of `path_secret` mounted in filesystem:
* `/app/secret/first` contains version 1
* `/app/secret/second` contains version 2
* `/app/secret/latest` contains latest version of the secret
- `/app/secret/first` contains version 1
- `/app/secret/second` contains version 2
- `/app/secret/latest` contains latest version of the secret
```hcl
module "cf-http" {
source = "./fabric/modules/cloud-function-v1"
@@ -233,7 +240,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets/"
output_path = "bundle.zip"
}
secrets = {
@@ -261,6 +268,7 @@ module "cf-http" {
```
### Using CMEK to encrypt function resources
This encrypt bucket _gcf-sources-*_ with the provided kms key. The repository has to be encrypted with the same kms key.
```hcl
@@ -271,7 +279,7 @@ module "cf-http" {
name = "test-cf-http"
bucket_name = "test-cf-bundles"
bundle_config = {
source_dir = "fabric/assets"
path = "fabric/assets/"
output_path = "bundle.zip"
}
kms_key = "projects/my-project/locations/europe-west1/keyRings/mykeyring/cryptoKeys/mykey"
@@ -287,7 +295,7 @@ module "cf-http" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [bucket_name](variables.tf#L26) | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | <code>string</code> | ✓ | |
| [bundle_config](variables.tf#L44) | Cloud function source folder and generated zip bundle paths. Output path defaults to '/tmp/bundle.zip' if null. | <code title="object&#40;&#123;&#10; source_dir &#61; string&#10; output_path &#61; optional&#40;string&#41;&#10; excludes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [bundle_config](variables.tf#L44) | Cloud function source. If path points to a .zip archive it is uploaded as-is, otherwise an archive is created on the fly. A null output path will use a unique name for the bundle in /tmp. | <code title="object&#40;&#123;&#10; path &#61; string&#10; excludes &#61; optional&#40;list&#40;string&#41;&#41;&#10; output_path &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [name](variables.tf#L115) | Name used for cloud function and associated resources. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L130) | Project id used for all resources. | <code>string</code> | ✓ | |
| [region](variables.tf#L135) | Region used for all resources. | <code>string</code> | ✓ | |