2021-10-31 14:40:28 -07:00
|
|
|
/**
|
2023-03-21 03:54:07 -07:00
|
|
|
* Copyright 2023 Google LLC
|
2021-10-31 14:40:28 -07:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
locals {
|
2022-08-09 05:06:30 -07:00
|
|
|
_vpcaccess_annotation = (
|
|
|
|
|
local.vpc_connector_create
|
|
|
|
|
? {
|
|
|
|
|
"run.googleapis.com/vpc-access-connector" = google_vpc_access_connector.connector.0.id
|
|
|
|
|
}
|
|
|
|
|
: (
|
|
|
|
|
try(var.revision_annotations.vpcaccess_connector, null) == null
|
|
|
|
|
? {}
|
|
|
|
|
: {
|
|
|
|
|
"run.googleapis.com/vpc-access-connector" = var.revision_annotations.vpcaccess_connector
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
)
|
2022-07-10 02:34:41 -07:00
|
|
|
annotations = merge(
|
|
|
|
|
var.ingress_settings == null ? {} : {
|
|
|
|
|
"run.googleapis.com/ingress" = var.ingress_settings
|
2022-07-13 12:06:28 -07:00
|
|
|
}
|
|
|
|
|
)
|
2022-08-09 05:06:30 -07:00
|
|
|
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
|
|
|
|
revision_annotations = merge(
|
|
|
|
|
try(var.revision_annotations.autoscaling.max_scale, null) == null ? {} : {
|
|
|
|
|
"autoscaling.knative.dev/maxScale" = var.revision_annotations.autoscaling.max_scale
|
2022-07-10 02:34:41 -07:00
|
|
|
},
|
2022-08-23 08:43:07 -07:00
|
|
|
try(var.revision_annotations.autoscaling.min_scale, null) == null ? {} : {
|
|
|
|
|
"autoscaling.knative.dev/minScale" = var.revision_annotations.autoscaling.min_scale
|
|
|
|
|
},
|
2022-08-09 05:06:30 -07:00
|
|
|
try(var.revision_annotations.cloudsql_instances, null) == null ? {} : {
|
|
|
|
|
"run.googleapis.com/cloudsql-instances" = join(",", coalesce(
|
|
|
|
|
var.revision_annotations.cloudsql_instances, []
|
|
|
|
|
))
|
|
|
|
|
},
|
|
|
|
|
local._vpcaccess_annotation,
|
|
|
|
|
try(var.revision_annotations.vpcaccess_egress, null) == null ? {} : {
|
|
|
|
|
"run.googleapis.com/vpc-access-egress" = var.revision_annotations.vpcaccess_egress
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
revision_name = (
|
|
|
|
|
try(var.revision_name, null) == null
|
|
|
|
|
? null
|
|
|
|
|
: "${var.name}-${var.revision_name}"
|
2022-07-10 02:34:41 -07:00
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
service_account_email = (
|
|
|
|
|
var.service_account_create
|
|
|
|
|
? (
|
|
|
|
|
length(google_service_account.service_account) > 0
|
|
|
|
|
? google_service_account.service_account[0].email
|
|
|
|
|
: null
|
|
|
|
|
)
|
|
|
|
|
: var.service_account
|
|
|
|
|
)
|
2022-08-09 05:06:30 -07:00
|
|
|
vpc_connector_create = var.vpc_connector_create != null
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_vpc_access_connector" "connector" {
|
2022-08-09 05:06:30 -07:00
|
|
|
count = local.vpc_connector_create ? 1 : 0
|
2021-10-31 14:40:28 -07:00
|
|
|
project = var.project_id
|
2022-08-09 05:06:30 -07:00
|
|
|
name = var.vpc_connector_create.name
|
2021-10-31 14:40:28 -07:00
|
|
|
region = var.region
|
2022-08-09 05:06:30 -07:00
|
|
|
ip_cidr_range = var.vpc_connector_create.ip_cidr_range
|
|
|
|
|
network = var.vpc_connector_create.vpc_self_link
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_cloud_run_service" "service" {
|
|
|
|
|
provider = google-beta
|
|
|
|
|
project = var.project_id
|
|
|
|
|
location = var.region
|
|
|
|
|
name = "${local.prefix}${var.name}"
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
spec {
|
|
|
|
|
dynamic "containers" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = var.containers == null ? {} : {
|
|
|
|
|
for i, container in var.containers : i => container
|
|
|
|
|
}
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
2022-08-09 05:06:30 -07:00
|
|
|
image = containers.value.image
|
|
|
|
|
command = try(containers.value.options.command, null)
|
|
|
|
|
args = try(containers.value.options.args, null)
|
2021-10-31 14:40:28 -07:00
|
|
|
dynamic "env" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = (
|
2022-08-09 05:06:30 -07:00
|
|
|
try(containers.value.options.env, null) == null
|
2022-07-10 02:34:41 -07:00
|
|
|
? {}
|
2022-08-09 05:06:30 -07:00
|
|
|
: containers.value.options.env
|
2022-07-10 02:34:41 -07:00
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
|
|
|
|
name = env.key
|
|
|
|
|
value = env.value
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dynamic "env" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = (
|
2022-08-09 05:06:30 -07:00
|
|
|
try(containers.value.options.env_from, null) == null
|
2022-07-10 02:34:41 -07:00
|
|
|
? {}
|
2022-08-09 05:06:30 -07:00
|
|
|
: containers.value.options.env_from
|
2022-07-10 02:34:41 -07:00
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
|
|
|
|
name = env.key
|
|
|
|
|
value_from {
|
|
|
|
|
secret_key_ref {
|
2022-08-09 05:06:30 -07:00
|
|
|
name = env.value.name
|
|
|
|
|
key = env.value.key
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dynamic "ports" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = (
|
2022-08-09 05:06:30 -07:00
|
|
|
containers.value.ports == null
|
2022-07-10 02:34:41 -07:00
|
|
|
? {}
|
|
|
|
|
: {
|
2022-08-09 05:06:30 -07:00
|
|
|
for port in containers.value.ports :
|
2022-07-10 02:34:41 -07:00
|
|
|
"${port.name}-${port.container_port}" => port
|
|
|
|
|
}
|
|
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
2022-08-09 05:06:30 -07:00
|
|
|
name = ports.value.name
|
|
|
|
|
protocol = ports.value.protocol
|
|
|
|
|
container_port = ports.value.container_port
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dynamic "resources" {
|
2022-08-09 05:06:30 -07:00
|
|
|
for_each = containers.value.resources == null ? [] : [""]
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
2022-08-09 05:06:30 -07:00
|
|
|
limits = containers.value.resources.limits
|
|
|
|
|
requests = containers.value.resources.requests
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dynamic "volume_mounts" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = (
|
2022-08-09 05:06:30 -07:00
|
|
|
containers.value.volume_mounts == null
|
2022-07-10 02:34:41 -07:00
|
|
|
? {}
|
2022-08-09 05:06:30 -07:00
|
|
|
: containers.value.volume_mounts
|
2022-07-10 02:34:41 -07:00
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
2021-11-01 11:12:39 -07:00
|
|
|
name = volume_mounts.key
|
|
|
|
|
mount_path = volume_mounts.value
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
service_account_name = local.service_account_email
|
|
|
|
|
dynamic "volumes" {
|
|
|
|
|
for_each = var.volumes == null ? [] : var.volumes
|
|
|
|
|
content {
|
2022-08-09 05:06:30 -07:00
|
|
|
name = volumes.value.name
|
2021-10-31 14:40:28 -07:00
|
|
|
secret {
|
2022-08-09 05:06:30 -07:00
|
|
|
secret_name = volumes.value.secret_name
|
2021-10-31 14:40:28 -07:00
|
|
|
dynamic "items" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = (
|
2022-08-09 05:06:30 -07:00
|
|
|
volumes.value.items == null ? [] : volumes.value.items
|
2022-07-10 02:34:41 -07:00
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
content {
|
2022-08-09 05:06:30 -07:00
|
|
|
key = items.value.key
|
|
|
|
|
path = items.value.path
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-13 12:06:28 -07:00
|
|
|
metadata {
|
|
|
|
|
name = local.revision_name
|
2022-08-09 05:06:30 -07:00
|
|
|
annotations = local.revision_annotations
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
metadata {
|
|
|
|
|
annotations = local.annotations
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dynamic "traffic" {
|
|
|
|
|
for_each = var.traffic == null ? {} : var.traffic
|
|
|
|
|
content {
|
|
|
|
|
percent = traffic.value
|
|
|
|
|
revision_name = "${var.name}-${traffic.key}"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-21 03:54:07 -07:00
|
|
|
lifecycle {
|
|
|
|
|
ignore_changes = [
|
|
|
|
|
metadata.0.annotations
|
|
|
|
|
]
|
|
|
|
|
}
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_cloud_run_service_iam_binding" "binding" {
|
|
|
|
|
for_each = var.iam
|
|
|
|
|
project = google_cloud_run_service.service.project
|
|
|
|
|
location = google_cloud_run_service.service.location
|
|
|
|
|
service = google_cloud_run_service.service.name
|
|
|
|
|
role = each.key
|
|
|
|
|
members = each.value
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_service_account" "service_account" {
|
|
|
|
|
count = var.service_account_create ? 1 : 0
|
|
|
|
|
project = var.project_id
|
|
|
|
|
account_id = "tf-cr-${var.name}"
|
|
|
|
|
display_name = "Terraform Cloud Run ${var.name}."
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_eventarc_trigger" "audit_log_triggers" {
|
2022-07-10 02:34:41 -07:00
|
|
|
for_each = var.audit_log_triggers == null ? {} : {
|
|
|
|
|
for trigger in var.audit_log_triggers :
|
|
|
|
|
"${trigger.service_name}-${trigger.method_name}" => trigger
|
|
|
|
|
}
|
2021-10-31 14:40:28 -07:00
|
|
|
name = "${local.prefix}${each.key}-audit-log-trigger"
|
|
|
|
|
location = google_cloud_run_service.service.location
|
|
|
|
|
project = google_cloud_run_service.service.project
|
|
|
|
|
matching_criteria {
|
|
|
|
|
attribute = "type"
|
|
|
|
|
value = "google.cloud.audit.log.v1.written"
|
|
|
|
|
}
|
|
|
|
|
matching_criteria {
|
|
|
|
|
attribute = "serviceName"
|
2022-08-09 05:06:30 -07:00
|
|
|
value = each.value.service_name
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
matching_criteria {
|
|
|
|
|
attribute = "methodName"
|
2022-08-09 05:06:30 -07:00
|
|
|
value = each.value.method_name
|
2021-10-31 14:40:28 -07:00
|
|
|
}
|
|
|
|
|
destination {
|
|
|
|
|
cloud_run_service {
|
|
|
|
|
service = google_cloud_run_service.service.name
|
|
|
|
|
region = google_cloud_run_service.service.location
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_eventarc_trigger" "pubsub_triggers" {
|
|
|
|
|
for_each = var.pubsub_triggers == null ? [] : toset(var.pubsub_triggers)
|
2022-07-10 02:34:41 -07:00
|
|
|
name = (
|
|
|
|
|
each.value == ""
|
|
|
|
|
? "${local.prefix}default-pubsub-trigger"
|
|
|
|
|
: "${local.prefix}${each.value}-pubsub-trigger"
|
|
|
|
|
)
|
2021-10-31 14:40:28 -07:00
|
|
|
location = google_cloud_run_service.service.location
|
|
|
|
|
project = google_cloud_run_service.service.project
|
|
|
|
|
matching_criteria {
|
|
|
|
|
attribute = "type"
|
|
|
|
|
value = "google.cloud.pubsub.topic.v1.messagePublished"
|
|
|
|
|
}
|
|
|
|
|
dynamic "transport" {
|
|
|
|
|
for_each = each.value == null ? [] : [""]
|
|
|
|
|
content {
|
|
|
|
|
pubsub {
|
|
|
|
|
topic = each.value
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
destination {
|
|
|
|
|
cloud_run_service {
|
|
|
|
|
service = google_cloud_run_service.service.name
|
|
|
|
|
region = google_cloud_run_service.service.location
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
