2022-01-17 23:58:14 -08:00
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
2022-02-01 00:30:29 -08:00
# tfdoc:file:description Load project and VPC.
2022-01-31 21:41:33 -08:00
2022-01-17 23:58:14 -08:00
locals {
2023-02-19 15:39:37 -08:00
iam_load = {
" roles/bigquery.jobUser " = [ module . load - sa - df -0 . iam_email ]
" roles/dataflow.admin " = [
2023-02-21 16:36:01 -08:00
module . orch - sa - cmp -0 . iam_email ,
module . load - sa - df -0 . iam_email ,
local . groups_iam . data - engineers
]
" roles/dataflow.developer " = [
local . groups_iam . data - engineers
2023-02-19 15:39:37 -08:00
]
" roles/dataflow.worker " = [ module . load - sa - df -0 . iam_email ]
" roles/storage.objectAdmin " = local . load_service_accounts
}
2022-02-09 08:01:25 -08:00
load_service_accounts = [
" serviceAccount: ${ module . load - project . service_accounts . robots . data flow } " ,
module . load - sa - df -0 . iam_email
]
load_subnet = (
local . use_shared_vpc
? var . network_config . subnet_self_links . orchestration
: values ( module . load - vpc . 0 . subnet_self_links ) [ 0 ]
)
load_vpc = (
local . use_shared_vpc
? var . network_config . network_self_link
: module . load - vpc . 0 . self_link
)
}
# Project
module " load-project " {
source = " ../../../modules/project "
2023-02-19 15:39:37 -08:00
parent = var . project_config . parent
2023-02-19 13:37:32 -08:00
billing_account = var . project_config . billing_account_id
project_create = var . project_config . billing_account_id ! = null
prefix = var . project_config . billing_account_id == null ? null : var . prefix
name = var . project_config . billing_account_id == null ? var . project_config . project_ids . load : " ${ var . project_config . project_ids . load } ${ local . project_suffix } "
2023-02-21 16:36:01 -08:00
iam = var . project_config . billing_account_id ! = null ? local . iam_load : null
iam_additive = var . project_config . billing_account_id == null ? local . iam_load : null
2022-01-17 23:58:14 -08:00
services = concat ( var . project_services , [
" bigquery.googleapis.com " ,
" bigqueryreservation.googleapis.com " ,
" bigquerystorage.googleapis.com " ,
" cloudkms.googleapis.com " ,
" compute.googleapis.com " ,
" dataflow.googleapis.com " ,
2022-01-21 09:40:11 -08:00
" dlp.googleapis.com " ,
2022-01-17 23:58:14 -08:00
" pubsub.googleapis.com " ,
" servicenetworking.googleapis.com " ,
" storage.googleapis.com " ,
" storage-component.googleapis.com "
] )
2022-01-19 12:33:24 -08:00
service_encryption_key_ids = {
2022-01-31 08:11:06 -08:00
pubsub = [ try ( local . service_encryption_keys . pubsub , null ) ]
dataflow = [ try ( local . service_encryption_keys . data flow , null ) ]
storage = [ try ( local . service_encryption_keys . storage , null ) ]
2022-01-19 12:33:24 -08:00
}
2022-02-09 08:01:25 -08:00
shared_vpc_service_config = local . shared_vpc_project == null ? null : {
2022-10-06 23:55:47 -07:00
attach = true
host_project = local . shared_vpc_project
2022-02-09 08:01:25 -08:00
}
2022-01-17 23:58:14 -08:00
}
2022-02-01 00:30:29 -08:00
2022-02-09 08:01:25 -08:00
module " load-sa-df-0 " {
2022-02-12 01:20:14 -08:00
source = " ../../../modules/iam-service-account "
project_id = module . load - project . project_id
prefix = var . prefix
name = " load-df-0 "
display_name = " Data platform Dataflow load service account "
2022-02-09 08:01:25 -08:00
iam = {
2023-02-21 16:36:01 -08:00
" roles/iam.serviceAccountTokenCreator " = [
local . groups_iam . data - engineers ,
module . orch - sa - cmp -0 . iam_email
] ,
" roles/iam.serviceAccountUser " = [
module . orch - sa - cmp -0 . iam_email
]
2022-02-09 08:01:25 -08:00
}
}
module " load-cs-df-0 " {
source = " ../../../modules/gcs "
project_id = module . load - project . project_id
prefix = var . prefix
name = " load-cs-0 "
2022-02-11 15:50:38 -08:00
location = var . location
storage_class = " MULTI_REGIONAL "
2022-02-09 08:01:25 -08:00
encryption_key = try ( local . service_encryption_keys . storage , null )
}
# internal VPC resources
module " load-vpc " {
2022-02-01 00:30:29 -08:00
source = " ../../../modules/net-vpc "
2022-02-09 08:01:25 -08:00
count = local . use_shared_vpc ? 0 : 1
project_id = module . load - project . project_id
2023-02-19 15:39:37 -08:00
name = " ${ var . prefix } -lod "
2022-02-01 00:30:29 -08:00
subnets = [
{
2022-10-14 02:02:33 -07:00
ip_cidr_range = " 10.10.0.0/24 "
2023-02-19 15:39:37 -08:00
name = " ${ var . prefix } -lod "
2022-10-14 02:02:33 -07:00
region = var . region
2022-02-01 00:30:29 -08:00
}
]
}
2022-02-09 08:01:25 -08:00
module " load-vpc-firewall " {
2022-11-04 05:56:07 -07:00
source = " ../../../modules/net-vpc-firewall "
count = local . use_shared_vpc ? 0 : 1
project_id = module . load - project . project_id
network = module . load - vpc . 0 . name
default_rules_config = {
admin_ranges = [ " 10.10.0.0/24 " ]
}
2022-02-01 00:30:29 -08:00
}
2022-02-09 08:01:25 -08:00
module " load-nat " {
2022-02-01 00:30:29 -08:00
source = " ../../../modules/net-cloudnat "
2022-02-09 08:01:25 -08:00
count = local . use_shared_vpc ? 0 : 1
project_id = module . load - project . project_id
2023-02-19 15:39:37 -08:00
name = " ${ var . prefix } -lod "
2022-02-09 08:01:25 -08:00
region = var . region
router_network = module . load - vpc . 0 . name
2022-02-01 00:30:29 -08:00
}