zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/cloud-operations/network-dashboard/deploy-cloud-function/main.tf

158 lines
4.7 KiB
Terraform
Raw Normal View History

Networking dashboard and discovery tool refactor (#1020) * wip * wip * wip * wip * wip * discovery * single discovery * page token * batch requests * remove plugin name * streamline * streamline * dynamic routes * dynamic routes * forwarding rules and addresses * batch requests * metrics * notes * notes * streamline * fixes, dump * streamline * remove globals * wip metrics * subnet time series * networks per project plugin * firewall rules timeseries * use names in metric labels * firewall policies timeseries * wip * instances per network timeseries * routes timeseries * custom quota * simpler quota, network peering timeseries * peering timeseries * timeseries names * wip descriptors * metric descriptors * fixes * wip * Use partial for all cf init functions * Add requirements.txt * fix org key mismatch * Fix folder short cli name * Fix instance_networks when iterable is empty * more readability and fixing some strings * replace() -> removeprefix and remove unneeded quoting * setdefault in init()s * Fix next hop type * Remove unneeded fstring * create descriptors * create descriptors log * rename descriptor requests function * non-working metrics implementation (duplicate timeseries batched) * timeseries * fixes * write timseries * fix timeseries plugins * start documenting code * docstrings and comments * docstrings comments and small fixes * rename cf to src * discover nodes instead of just projects * discovery node can be a folder or org * cf entrypoint and fixes * cf deployment * remove old paths * cloud function deploy readme * diagrams * resource ids in example * discovery tool readme * top-level README * Some documentation fixes * Add secondary ranges * Update README.md * add legend to scope diagram * improve description of discovery configuration variable * add comment in example for custom quotas file * rename op_project to monitoring_project * dashboard metric rename wip * Update discover-cai-compute.py * deploy sample dashboard Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Aurélien Legrand <aurelien.legrand01@gmail.com>
2022-12-18 01:07:24 -08:00
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
discovery_roles = ["roles/compute.viewer", "roles/cloudasset.viewer"]
}
resource "random_string" "default" {
count = var.cloud_function_config.bucket_name == null ? 1 : 0
length = 8
special = false
upper = false
}
module "project" {
source = "../../../../modules/project"
name = var.project_id
billing_account = try(var.project_create_config.billing_account_id, null)
labels = var.project_create_config != null ? var.labels : null
parent = try(var.project_create_config.parent_id, null)
project_create = var.project_create_config != null
services = [
"cloudasset.googleapis.com",
"cloudbuild.googleapis.com",
"cloudfunctions.googleapis.com",
"cloudscheduler.googleapis.com",
"compute.googleapis.com",
"monitoring.googleapis.com"
]
}
module "pubsub" {
source = "../../../../modules/pubsub"
project_id = module.project.project_id
name = var.name
regions = [var.region]
subscriptions = { "${var.name}-default" = null }
}
module "cloud-function" {
source = "../../../../modules/cloud-function"
project_id = module.project.project_id
name = var.name
bucket_name = coalesce(
var.cloud_function_config.bucket_name,
"${var.name}-${random_string.default.0.id}"
)
bucket_config = {
location = var.region
}
build_worker_pool = var.cloud_function_config.build_worker_pool_id
bundle_config = {
source_dir = var.cloud_function_config.source_dir
output_path = var.cloud_function_config.bundle_path
}
environment_variables = (
var.cloud_function_config.debug != true ? {} : { DEBUG = "1" }
)
function_config = {
entry_point = "main_cf_pubsub"
memory_mb = var.cloud_function_config.memory_mb
timeout_seconds = var.cloud_function_config.timeout_seconds
}
service_account_create = true
trigger_config = {
v1 = {
event = "google.pubsub.topic.publish"
resource = module.pubsub.topic.id
}
}
port mauri's changes to new code (#1274)
2023-03-24 07:29:12 -07:00
vpc_connector = (
var.cloud_function_config.vpc_connector == null
? null
: {
create = false
name = var.cloud_function_config.vpc_connector.name
egress_settings = var.cloud_function_config.vpc_connector.egress_settings
}
)
Networking dashboard and discovery tool refactor (#1020) * wip * wip * wip * wip * wip * discovery * single discovery * page token * batch requests * remove plugin name * streamline * streamline * dynamic routes * dynamic routes * forwarding rules and addresses * batch requests * metrics * notes * notes * streamline * fixes, dump * streamline * remove globals * wip metrics * subnet time series * networks per project plugin * firewall rules timeseries * use names in metric labels * firewall policies timeseries * wip * instances per network timeseries * routes timeseries * custom quota * simpler quota, network peering timeseries * peering timeseries * timeseries names * wip descriptors * metric descriptors * fixes * wip * Use partial for all cf init functions * Add requirements.txt * fix org key mismatch * Fix folder short cli name * Fix instance_networks when iterable is empty * more readability and fixing some strings * replace() -> removeprefix and remove unneeded quoting * setdefault in init()s * Fix next hop type * Remove unneeded fstring * create descriptors * create descriptors log * rename descriptor requests function * non-working metrics implementation (duplicate timeseries batched) * timeseries * fixes * write timseries * fix timeseries plugins * start documenting code * docstrings and comments * docstrings comments and small fixes * rename cf to src * discover nodes instead of just projects * discovery node can be a folder or org * cf entrypoint and fixes * cf deployment * remove old paths * cloud function deploy readme * diagrams * resource ids in example * discovery tool readme * top-level README * Some documentation fixes * Add secondary ranges * Update README.md * add legend to scope diagram * improve description of discovery configuration variable * add comment in example for custom quotas file * rename op_project to monitoring_project * dashboard metric rename wip * Update discover-cai-compute.py * deploy sample dashboard Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Aurélien Legrand <aurelien.legrand01@gmail.com>
2022-12-18 01:07:24 -08:00
}
resource "google_cloud_scheduler_job" "default" {
project = var.project_id
region = var.region
name = var.name
schedule = var.schedule_config
time_zone = "UTC"
pubsub_target {
attributes = {}
topic_name = module.pubsub.topic.id
data = base64encode(jsonencode({
port mauri's changes to new code (#1274)
2023-03-24 07:29:12 -07:00
discovery_root = var.discovery_config.discovery_root
folders = var.discovery_config.monitored_folders
projects = var.discovery_config.monitored_projects
monitoring_project = (
var.monitoring_project == null
? module.project.project_id
: var.monitoring_project
)
Networking dashboard and discovery tool refactor (#1020) * wip * wip * wip * wip * wip * discovery * single discovery * page token * batch requests * remove plugin name * streamline * streamline * dynamic routes * dynamic routes * forwarding rules and addresses * batch requests * metrics * notes * notes * streamline * fixes, dump * streamline * remove globals * wip metrics * subnet time series * networks per project plugin * firewall rules timeseries * use names in metric labels * firewall policies timeseries * wip * instances per network timeseries * routes timeseries * custom quota * simpler quota, network peering timeseries * peering timeseries * timeseries names * wip descriptors * metric descriptors * fixes * wip * Use partial for all cf init functions * Add requirements.txt * fix org key mismatch * Fix folder short cli name * Fix instance_networks when iterable is empty * more readability and fixing some strings * replace() -> removeprefix and remove unneeded quoting * setdefault in init()s * Fix next hop type * Remove unneeded fstring * create descriptors * create descriptors log * rename descriptor requests function * non-working metrics implementation (duplicate timeseries batched) * timeseries * fixes * write timseries * fix timeseries plugins * start documenting code * docstrings and comments * docstrings comments and small fixes * rename cf to src * discover nodes instead of just projects * discovery node can be a folder or org * cf entrypoint and fixes * cf deployment * remove old paths * cloud function deploy readme * diagrams * resource ids in example * discovery tool readme * top-level README * Some documentation fixes * Add secondary ranges * Update README.md * add legend to scope diagram * improve description of discovery configuration variable * add comment in example for custom quotas file * rename op_project to monitoring_project * dashboard metric rename wip * Update discover-cai-compute.py * deploy sample dashboard Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Aurélien Legrand <aurelien.legrand01@gmail.com>
2022-12-18 01:07:24 -08:00
custom_quota = (
var.discovery_config.custom_quota_file == null
? { networks = {}, projects = {} }
: yamldecode(file(var.discovery_config.custom_quota_file))
)
}))
}
}
resource "google_organization_iam_member" "discovery" {
for_each = toset(
var.grant_discovery_iam_roles &&
startswith(var.discovery_config.discovery_root, "organizations/")
? local.discovery_roles
: []
)
org_id = split("/", var.discovery_config.discovery_root)[1]
role = each.key
member = module.cloud-function.service_account_iam_email
}
resource "google_folder_iam_member" "discovery" {
for_each = toset(
var.grant_discovery_iam_roles &&
startswith(var.discovery_config.discovery_root, "folders/")
? local.discovery_roles
: []
)
folder = var.discovery_config.discovery_root
role = each.key
member = module.cloud-function.service_account_iam_email
}
resource "google_project_iam_member" "monitoring" {
project = module.project.project_id
role = "roles/monitoring.metricWriter"
member = module.cloud-function.service_account_iam_email
}
resource "google_monitoring_dashboard" "dashboard" {
count = var.dashboard_json_path == null ? 0 : 1
project = var.project_id
dashboard_json = file(var.dashboard_json_path)
}