2020-06-28 23:05:44 -07:00
|
|
|
/**
|
2022-01-01 06:52:31 -08:00
|
|
|
* Copyright 2022 Google LLC
|
2020-06-28 23:05:44 -07:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
locals {
|
|
|
|
bucket = (
|
|
|
|
var.bucket_name != null
|
|
|
|
? var.bucket_name
|
|
|
|
: (
|
|
|
|
length(google_storage_bucket.bucket) > 0
|
|
|
|
? google_storage_bucket.bucket[0].name
|
|
|
|
: null
|
|
|
|
)
|
|
|
|
)
|
2022-10-12 23:09:00 -07:00
|
|
|
function = (
|
|
|
|
var.v2
|
|
|
|
? google_cloudfunctions2_function.function[0]
|
|
|
|
: google_cloudfunctions_function.function[0]
|
|
|
|
)
|
2022-11-16 06:24:42 -08:00
|
|
|
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
|
|
|
service_account_email = var.service_account_create ? google_service_account.service_account[0].email : var.service_account
|
2022-11-15 04:35:27 -08:00
|
|
|
trigger_service_account_email = (
|
2022-11-16 05:23:48 -08:00
|
|
|
coalesce(try(var.trigger_config.v2.service_account_create, false), false)
|
|
|
|
? google_service_account.trigger_service_account[0].email
|
|
|
|
: null
|
2022-11-15 04:35:27 -08:00
|
|
|
)
|
2020-07-23 23:55:58 -07:00
|
|
|
vpc_connector = (
|
2021-11-17 08:24:24 -08:00
|
|
|
var.vpc_connector == null
|
2020-07-23 23:55:58 -07:00
|
|
|
? null
|
|
|
|
: (
|
2021-11-17 08:24:24 -08:00
|
|
|
try(var.vpc_connector.create, false) == false
|
|
|
|
? var.vpc_connector.name
|
2020-07-23 23:55:58 -07:00
|
|
|
: google_vpc_access_connector.connector.0.id
|
|
|
|
)
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_vpc_access_connector" "connector" {
|
2021-11-17 08:24:24 -08:00
|
|
|
count = try(var.vpc_connector.create, false) == false ? 0 : 1
|
2020-07-23 23:55:58 -07:00
|
|
|
project = var.project_id
|
2021-11-17 08:24:24 -08:00
|
|
|
name = var.vpc_connector.name
|
2020-07-23 23:55:58 -07:00
|
|
|
region = var.region
|
2021-11-17 08:24:24 -08:00
|
|
|
ip_cidr_range = var.vpc_connector_config.ip_cidr_range
|
|
|
|
network = var.vpc_connector_config.network
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_cloudfunctions_function" "function" {
|
2022-10-12 23:09:00 -07:00
|
|
|
count = var.v2 ? 0 : 1
|
2020-06-28 23:05:44 -07:00
|
|
|
project = var.project_id
|
|
|
|
region = var.region
|
|
|
|
name = "${local.prefix}${var.name}"
|
2021-10-19 12:10:43 -07:00
|
|
|
description = var.description
|
2020-06-28 23:05:44 -07:00
|
|
|
runtime = var.function_config.runtime
|
2022-11-16 00:31:43 -08:00
|
|
|
available_memory_mb = var.function_config.memory_mb
|
|
|
|
max_instances = var.function_config.instance_count
|
|
|
|
timeout = var.function_config.timeout_seconds
|
2020-06-28 23:05:44 -07:00
|
|
|
entry_point = var.function_config.entry_point
|
|
|
|
environment_variables = var.environment_variables
|
|
|
|
service_account_email = local.service_account_email
|
|
|
|
source_archive_bucket = local.bucket
|
|
|
|
source_archive_object = google_storage_bucket_object.bundle.name
|
|
|
|
labels = var.labels
|
2022-11-15 08:03:56 -08:00
|
|
|
trigger_http = var.trigger_config.v1 == null ? true : null
|
2022-11-15 05:01:18 -08:00
|
|
|
|
|
|
|
ingress_settings = var.ingress_settings
|
|
|
|
build_worker_pool = var.build_worker_pool
|
2020-07-23 23:55:58 -07:00
|
|
|
|
|
|
|
vpc_connector = local.vpc_connector
|
|
|
|
vpc_connector_egress_settings = try(
|
2021-11-17 08:24:24 -08:00
|
|
|
var.vpc_connector.egress_settings, null
|
2020-07-23 23:55:58 -07:00
|
|
|
)
|
2020-06-28 23:05:44 -07:00
|
|
|
|
2021-08-12 08:30:53 -07:00
|
|
|
dynamic "event_trigger" {
|
2022-11-15 08:03:56 -08:00
|
|
|
for_each = var.trigger_config.v1 == null ? [] : [""]
|
2020-06-28 23:05:44 -07:00
|
|
|
content {
|
2022-11-12 03:34:09 -08:00
|
|
|
event_type = var.trigger_config.v1.event
|
|
|
|
resource = var.trigger_config.v1.resource
|
2021-08-12 08:30:53 -07:00
|
|
|
dynamic "failure_policy" {
|
2022-11-12 03:34:09 -08:00
|
|
|
for_each = var.trigger_config.v1.retry == null ? [] : [""]
|
2020-06-28 23:05:44 -07:00
|
|
|
content {
|
2022-11-12 03:34:09 -08:00
|
|
|
retry = var.trigger_config.v1.retry
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-16 07:34:46 -07:00
|
|
|
dynamic "secret_environment_variables" {
|
|
|
|
for_each = { for k, v in var.secrets : k => v if !v.is_volume }
|
|
|
|
iterator = secret
|
|
|
|
content {
|
|
|
|
key = secret.key
|
|
|
|
project_id = secret.value.project_id
|
|
|
|
secret = secret.value.secret
|
|
|
|
version = try(secret.value.versions.0, "latest")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dynamic "secret_volumes" {
|
|
|
|
for_each = { for k, v in var.secrets : k => v if v.is_volume }
|
|
|
|
iterator = secret
|
|
|
|
content {
|
|
|
|
mount_path = secret.key
|
|
|
|
project_id = secret.value.project_id
|
|
|
|
secret = secret.value.secret
|
|
|
|
dynamic "versions" {
|
|
|
|
for_each = secret.value.versions
|
|
|
|
iterator = version
|
|
|
|
content {
|
|
|
|
path = split(":", version)[1]
|
|
|
|
version = split(":", version)[0]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
|
2022-10-12 23:09:00 -07:00
|
|
|
resource "google_cloudfunctions2_function" "function" {
|
|
|
|
count = var.v2 ? 1 : 0
|
|
|
|
provider = google-beta
|
|
|
|
project = var.project_id
|
|
|
|
location = var.region
|
|
|
|
name = "${local.prefix}${var.name}"
|
|
|
|
description = var.description
|
|
|
|
build_config {
|
2022-11-15 04:52:52 -08:00
|
|
|
worker_pool = var.build_worker_pool
|
2022-10-12 23:09:00 -07:00
|
|
|
runtime = var.function_config.runtime
|
|
|
|
entry_point = "${var.function_config.entry_point}_http" # Set the entry point
|
|
|
|
environment_variables = var.environment_variables
|
|
|
|
source {
|
|
|
|
storage_source {
|
2022-11-06 00:32:38 -07:00
|
|
|
bucket = local.bucket
|
2022-10-12 23:09:00 -07:00
|
|
|
object = google_storage_bucket_object.bundle.name
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-11-08 23:53:23 -08:00
|
|
|
dynamic "event_trigger" {
|
2022-11-15 08:03:56 -08:00
|
|
|
for_each = var.trigger_config.v2 == null ? [] : [""]
|
2022-11-08 23:53:23 -08:00
|
|
|
content {
|
2022-11-12 03:34:09 -08:00
|
|
|
trigger_region = var.trigger_config.v2.region
|
|
|
|
event_type = var.trigger_config.v2.event_type
|
|
|
|
pubsub_topic = var.trigger_config.v2.pubsub_topic
|
2022-11-08 23:53:23 -08:00
|
|
|
dynamic "event_filters" {
|
2022-11-12 03:34:09 -08:00
|
|
|
for_each = var.trigger_config.v2.event_filters == null ? [] : var.trigger_config.v2.event_filters
|
2022-11-08 23:53:23 -08:00
|
|
|
iterator = event_filter
|
|
|
|
content {
|
|
|
|
attribute = event_filter.attribute
|
|
|
|
value = event_filter.value
|
|
|
|
operator = event_filter.operator
|
|
|
|
}
|
|
|
|
}
|
2022-11-12 03:34:09 -08:00
|
|
|
service_account_email = var.trigger_config.v2.service_account_email
|
|
|
|
retry_policy = var.trigger_config.v2.retry_policy
|
2022-11-08 23:53:23 -08:00
|
|
|
}
|
|
|
|
}
|
2022-10-12 23:09:00 -07:00
|
|
|
service_config {
|
2022-11-16 00:31:43 -08:00
|
|
|
max_instance_count = var.function_config.instance_count
|
2022-10-12 23:09:00 -07:00
|
|
|
min_instance_count = 0
|
2022-11-16 00:31:43 -08:00
|
|
|
available_memory = "${var.function_config.memory_mb}M"
|
|
|
|
timeout_seconds = var.function_config.timeout_seconds
|
2022-10-12 23:09:00 -07:00
|
|
|
environment_variables = var.environment_variables
|
|
|
|
ingress_settings = var.ingress_settings
|
|
|
|
all_traffic_on_latest_revision = true
|
|
|
|
service_account_email = local.service_account_email
|
|
|
|
vpc_connector = local.vpc_connector
|
|
|
|
vpc_connector_egress_settings = try(
|
|
|
|
var.vpc_connector.egress_settings, null)
|
|
|
|
|
|
|
|
dynamic "secret_environment_variables" {
|
|
|
|
for_each = { for k, v in var.secrets : k => v if !v.is_volume }
|
|
|
|
iterator = secret
|
|
|
|
content {
|
|
|
|
key = secret.key
|
|
|
|
project_id = secret.value.project_id
|
|
|
|
secret = secret.value.secret
|
|
|
|
version = try(secret.value.versions.0, "latest")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dynamic "secret_volumes" {
|
|
|
|
for_each = { for k, v in var.secrets : k => v if v.is_volume }
|
|
|
|
iterator = secret
|
|
|
|
content {
|
|
|
|
mount_path = secret.key
|
|
|
|
project_id = secret.value.project_id
|
|
|
|
secret = secret.value.secret
|
|
|
|
dynamic "versions" {
|
|
|
|
for_each = secret.value.versions
|
|
|
|
iterator = version
|
|
|
|
content {
|
|
|
|
path = split(":", version)[1]
|
|
|
|
version = split(":", version)[0]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
labels = var.labels
|
|
|
|
}
|
|
|
|
|
2020-06-28 23:05:44 -07:00
|
|
|
resource "google_cloudfunctions_function_iam_binding" "default" {
|
2022-11-15 08:03:56 -08:00
|
|
|
for_each = !var.v2 ? var.iam : {}
|
2020-06-28 23:05:44 -07:00
|
|
|
project = var.project_id
|
|
|
|
region = var.region
|
2022-10-12 23:09:00 -07:00
|
|
|
cloud_function = local.function.name
|
2020-10-30 10:55:54 -07:00
|
|
|
role = each.key
|
|
|
|
members = each.value
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
|
2022-11-15 04:35:27 -08:00
|
|
|
resource "google_cloudfunctions2_function_iam_binding" "default" {
|
2022-11-15 08:03:56 -08:00
|
|
|
for_each = var.v2 ? var.iam : {}
|
2022-11-15 04:35:27 -08:00
|
|
|
project = var.project_id
|
|
|
|
location = google_cloudfunctions2_function.function[0].location
|
|
|
|
cloud_function = local.function.name
|
|
|
|
role = each.key
|
|
|
|
members = each.value
|
|
|
|
}
|
|
|
|
|
2020-06-28 23:05:44 -07:00
|
|
|
resource "google_storage_bucket" "bucket" {
|
2022-03-28 22:42:15 -07:00
|
|
|
count = var.bucket_config == null ? 0 : 1
|
|
|
|
project = var.project_id
|
|
|
|
name = "${local.prefix}${var.bucket_name}"
|
|
|
|
uniform_bucket_level_access = true
|
2020-06-28 23:05:44 -07:00
|
|
|
location = (
|
|
|
|
var.bucket_config.location == null
|
|
|
|
? var.region
|
|
|
|
: var.bucket_config.location
|
|
|
|
)
|
|
|
|
labels = var.labels
|
|
|
|
|
2021-08-12 08:30:53 -07:00
|
|
|
dynamic "lifecycle_rule" {
|
2022-11-16 00:31:43 -08:00
|
|
|
for_each = var.bucket_config.lifecycle_delete_age_days == null ? [] : [""]
|
2020-06-28 23:05:44 -07:00
|
|
|
content {
|
|
|
|
action { type = "Delete" }
|
2022-03-28 22:42:15 -07:00
|
|
|
condition {
|
2022-11-16 00:31:43 -08:00
|
|
|
age = var.bucket_config.lifecycle_delete_age_days
|
2022-03-28 22:42:15 -07:00
|
|
|
with_state = "ARCHIVED"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dynamic "versioning" {
|
2022-11-16 00:31:43 -08:00
|
|
|
for_each = var.bucket_config.lifecycle_delete_age_days == null ? [] : [""]
|
2022-03-28 22:42:15 -07:00
|
|
|
content {
|
|
|
|
enabled = true
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_storage_bucket_object" "bundle" {
|
|
|
|
name = "bundle-${data.archive_file.bundle.output_md5}.zip"
|
|
|
|
bucket = local.bucket
|
|
|
|
source = data.archive_file.bundle.output_path
|
|
|
|
}
|
|
|
|
|
|
|
|
data "archive_file" "bundle" {
|
2022-11-08 23:53:23 -08:00
|
|
|
type = "zip"
|
|
|
|
source_dir = var.bundle_config.source_dir
|
|
|
|
output_path = var.bundle_config.output_path
|
2021-11-07 01:46:22 -08:00
|
|
|
output_file_mode = "0666"
|
2021-11-06 06:48:22 -07:00
|
|
|
excludes = var.bundle_config.excludes
|
2020-06-28 23:05:44 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_service_account" "service_account" {
|
|
|
|
count = var.service_account_create ? 1 : 0
|
|
|
|
project = var.project_id
|
|
|
|
account_id = "tf-cf-${var.name}"
|
|
|
|
display_name = "Terraform Cloud Function ${var.name}."
|
|
|
|
}
|
2022-11-15 04:35:27 -08:00
|
|
|
|
|
|
|
resource "google_service_account" "trigger_service_account" {
|
2022-11-16 05:23:48 -08:00
|
|
|
count = coalesce(try(var.trigger_config.v2.service_account_create, false), false) ? 1 : 0
|
2022-11-15 04:35:27 -08:00
|
|
|
project = var.project_id
|
|
|
|
account_id = "tf-cf-trigger-${var.name}"
|
|
|
|
display_name = "Terraform trigger for Cloud Function ${var.name}."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_project_iam_member" "trigger_iam" {
|
2022-11-16 05:23:48 -08:00
|
|
|
count = coalesce(try(var.trigger_config.v2.service_account_create, false), false) ? 1 : 0
|
2022-11-15 04:35:27 -08:00
|
|
|
project = var.project_id
|
|
|
|
member = "serviceAccount:${google_service_account.trigger_service_account[0].email}"
|
|
|
|
role = "roles/run.invoker"
|
|
|
|
}
|