From c770abd88d575b9ad6f271f86a2910940da14a5c Mon Sep 17 00:00:00 2001 From: Natalia Strelkova Date: Thu, 6 Oct 2022 14:25:30 +0000 Subject: [PATCH] files restructured, connector added separately --- .../wordpress/cloudrun/cloudsql.tf | 78 +++++++++++++++++ .../wordpress/cloudrun/locals.tf | 40 +++++++++ .../wordpress/cloudrun/main.tf | 85 +------------------ 3 files changed, 119 insertions(+), 84 deletions(-) create mode 100644 blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf create mode 100644 blueprints/third-party-solutions/wordpress/cloudrun/locals.tf diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf new file mode 100644 index 00000000..d726d761 --- /dev/null +++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf @@ -0,0 +1,78 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +resource "random_password" "cloudsql_password" { + length = 8 +} + +# create a VPC for CloudSQL +module "vpc" { + source = "../../../../modules/net-vpc" + project_id = module.project.project_id + name = "${local.prefix}sql-vpc" + subnets = [ + { + ip_cidr_range = var.ip_ranges.sql_vpc + name = "subnet" + region = var.region + secondary_ip_range = {} + } + ] + + # Private Service Access + psa_config = { + ranges = { + cloud-sql = var.ip_ranges.psa + } + routes = null + } +} + + +# set up firewall for CloudSQL +module "firewall" { + source = "../../../../modules/net-vpc-firewall" + project_id = module.project.project_id + network = module.vpc.name + admin_ranges = [var.ip_ranges.sql_vpc] +} + + +# create a VPC connector for the ClouSQL VPC +resource "google_vpc_access_connector" "connector" { + project = module.project.project_id + name = "${local.prefix}wp-connector" + region = var.region + ip_cidr_range = var.ip_ranges.connector + network = module.vpc.self_link +} + + +# Set up CloudSQL +module "cloudsql" { + source = "../../../../modules/cloudsql-instance" + project_id = module.project.project_id + network = module.vpc.self_link + name = "${local.prefix}mysql" + region = var.region + database_version = local.cloudsql_conf.database_version + tier = local.cloudsql_conf.tier + databases = [local.cloudsql_conf.db] + users = { + "${local.cloudsql_conf.user}" = "${local.cloudsql_conf.pass}" + } +} \ No newline at end of file diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/locals.tf b/blueprints/third-party-solutions/wordpress/cloudrun/locals.tf new file mode 100644 index 00000000..acf9220a --- /dev/null +++ b/blueprints/third-party-solutions/wordpress/cloudrun/locals.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +locals { + all_principals_iam = [for k in var.principals : "user:${k}"] + cloudsql_conf = { + database_version = "MYSQL_8_0" + tier = "db-g1-small" + db = "wp-mysql" + user = "admin" + pass = var.cloudsql_password == null ? random_password.cloudsql_password.result : var.cloudsql_password + } + iam = { + # CloudSQL + "roles/cloudsql.admin" = local.all_principals_iam + "roles/cloudsql.client" = local.all_principals_iam + "roles/cloudsql.instanceUser" = local.all_principals_iam + # common roles + "roles/logging.admin" = local.all_principals_iam + "roles/iam.serviceAccountUser" = local.all_principals_iam + "roles/iam.serviceAccountTokenCreator" = local.all_principals_iam + } + prefix = var.prefix == null ? "" : "${var.prefix}-" + wp_user = "user" + wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password +} \ No newline at end of file diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf index afd23cf3..41dda2e7 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf @@ -15,30 +15,6 @@ */ -locals { - all_principals_iam = [for k in var.principals : "user:${k}"] - cloudsql_conf = { - database_version = "MYSQL_8_0" - tier = "db-g1-small" - db = "wp-mysql" - user = "admin" - pass = var.cloudsql_password == null ? random_password.cloudsql_password.result : var.cloudsql_password - } - iam = { - # CloudSQL - "roles/cloudsql.admin" = local.all_principals_iam - "roles/cloudsql.client" = local.all_principals_iam - "roles/cloudsql.instanceUser" = local.all_principals_iam - # common roles - "roles/logging.admin" = local.all_principals_iam - "roles/iam.serviceAccountUser" = local.all_principals_iam - "roles/iam.serviceAccountTokenCreator" = local.all_principals_iam - } - prefix = var.prefix == null ? "" : "${var.prefix}-" - wp_user = "user" - wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password -} - # either create a project or set up the given one module "project" { source = "../../../../modules/project" @@ -64,10 +40,6 @@ resource "random_password" "wp_password" { length = 8 } -resource "random_password" "cloudsql_password" { - length = 8 -} - # create the Cloud Run service module "cloud_run" { source = "../../../../modules/cloud-run" @@ -115,62 +87,7 @@ module "cloud_run" { vpcaccess_connector = null # allow all traffic vpcaccess_egress = "all-traffic" + vpcaccess_connector = google_vpc_access_connector.connector.self_link } ingress_settings = "all" - - # create a VPC connector for the ClouSQL VPC - vpc_connector_create = { - ip_cidr_range = var.ip_ranges.connector - name = "${local.prefix}wp-connector" - vpc_self_link = module.vpc.self_link - } -} - - -# create a VPC for CloudSQL -module "vpc" { - source = "../../../../modules/net-vpc" - project_id = module.project.project_id - name = "${local.prefix}sql-vpc" - subnets = [ - { - ip_cidr_range = var.ip_ranges.sql_vpc - name = "subnet" - region = var.region - secondary_ip_range = {} - } - ] - - # Private Service Access - psa_config = { - ranges = { - cloud-sql = var.ip_ranges.psa - } - routes = null - } -} - - -# set up firewall for CloudSQL -module "firewall" { - source = "../../../../modules/net-vpc-firewall" - project_id = module.project.project_id - network = module.vpc.name - admin_ranges = [var.ip_ranges.sql_vpc] -} - - -# Set up CloudSQL -module "cloudsql" { - source = "../../../../modules/cloudsql-instance" - project_id = module.project.project_id - network = module.vpc.self_link - name = "${local.prefix}mysql" - region = var.region - database_version = local.cloudsql_conf.database_version - tier = local.cloudsql_conf.tier - databases = [local.cloudsql_conf.db] - users = { - "${local.cloudsql_conf.user}" = "${local.cloudsql_conf.pass}" - } } \ No newline at end of file