zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Module to handle Cloud Endpoints

This commit is contained in:
Lorenzo Caggioni 2020-06-23 18:12:10 +02:00
parent ddc2f9c20d
commit 908371ab91
5 changed files with 193 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
modules/endpoint/README.md Normal file
View File

@ -0,0 +1,42 @@
# Google Cloud Data Fusion Module
This module allows simple management of ['Google Cloud Endpoints'](https://cloud.google.com/endpoints/) services. It supports creating ['OpenAPI'](https://cloud.google.com/endpoints/docs/openapi) or ['gRPC'](https://cloud.google.com/endpoints/docs/grpc/about-grpc).
## Examples
### OpenAPI
```hcl
module "endpoint" {
source = "../../modules/endpoint"
project_id = local.project_id
service_name = local.service_name
openapi_config = local.openapi_config
iam_roles = ["servicemanagement.serviceController"]
iam_members = {
"servicemanagement.serviceController" = ["serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com"]
}
}
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| service_name | The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'. | <code title="">string</code> | ✓ | |
| *grpc_config* | The path to the full text of the Service Config YAML file. | <code title="">string</code> | | <code title="">null</code> |
| *iam_members* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> | | <code title="">{}</code> |
| *iam_roles* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">[]</code> |
| *openapi_config* | The path to the full text of the OpenAPI YAML configuration. Either this, or both of grpc_config and protoc_output_base64 must be specified. | <code title="">string</code> | | <code title="">null</code> |
| *project_id* | The project ID that the service belongs to. | <code title="">string</code> | | <code title="">null</code> |
| *protoc_output_base64* | The path to the full contents of the Service Descriptor File generated by protoc. | <code title="">string</code> | | <code title="">null</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| endpoint_service | The Endpoint service resource. | |
| endpoints | A list of Endpoint objects. | |
| service_name | The name of the service.. | |
<!-- END TFDOC -->

46
modules/endpoint/main.tf Normal file
View File

@ -0,0 +1,46 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
iam_roles_bindings = {
for k in var.iam_roles : k => lookup(var.iam_members, k, [])
}
}
resource "google_endpoints_service" "default" {
project = var.project_id
service_name = var.service_name
openapi_config = var.openapi_config != null ? file(var.openapi_config) : null
grpc_config = var.grpc_config != null ? file(var.grpc_config) : null
protoc_output_base64 = var.protoc_output_base64 != null ? base64encode(file(var.protoc_output_base64)) : null
}
resource "google_project_service" "default" {
project = var.project_id
service = google_endpoints_service.default.service_name
disable_on_destroy = true
disable_dependent_services = true
}
resource "google_endpoints_service_iam_binding" "default" {
for_each = local.iam_roles_bindings
service_name = google_endpoints_service.default.service_name
role = "roles/${each.key}"
members = each.value
}

30
modules/endpoint/outputs.tf Normal file
View File

@ -0,0 +1,30 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "service_name" {
description = "The name of the service.."
value = google_endpoints_service.default.service_name
}
output "endpoint_service" {
description = "The Endpoint service resource."
value = google_endpoints_service.default
}
output "endpoints" {
description = "A list of Endpoint objects."
value = google_endpoints_service.default.endpoints
}

56
modules/endpoint/variables.tf Normal file
View File

@ -0,0 +1,56 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "grpc_config" {
description = "The path to the full text of the Service Config YAML file."
type = string
default = null
}
variable "iam_roles" {
description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members."
type = list(string)
default = []
}
variable "iam_members" {
description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved."
type = map(list(string))
default = {}
}
variable "openapi_config" {
description = "The path to the full text of the OpenAPI YAML configuration. Either this, or both of grpc_config and protoc_output_base64 must be specified."
type = string
default = null
}
variable "project_id" {
description = "The project ID that the service belongs to."
type = string
default = null
}
variable "protoc_output_base64" {
description = "The path to the full contents of the Service Descriptor File generated by protoc."
type = string
default = null
}
variable "service_name" {
description = "The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'."
type = string
}

19
modules/endpoint/versions.tf Normal file
View File

@ -0,0 +1,19 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
terraform {
required_version = ">= 0.12.6"
}