94 lines
2.9 KiB
HCL
94 lines
2.9 KiB
HCL
/**
|
|
* Copyright 2023 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
locals {
|
|
envgroups = {
|
|
test = [var.hostname]
|
|
}
|
|
environments = {
|
|
apis-test = {
|
|
envgroups = ["test"]
|
|
}
|
|
}
|
|
org_short_name = (length(module.project.project_id) < 16 ?
|
|
module.project.project_id :
|
|
substr(module.project.project_id, 0, 15))
|
|
org_hash = format("%s-%s", local.org_short_name, substr(sha256(module.project.project_id), 0, 7))
|
|
org_env_hashes = {
|
|
for k, v in local.environments :
|
|
k => format("%s-%s-%s", local.org_short_name, length(k) < 16 ? k : substr(k, 0, 15), substr(sha256("${module.project.project_id}:${k}"), 0, 7))
|
|
}
|
|
google_sas = {
|
|
apigee-metrics = [
|
|
"apigee-metrics-sa"
|
|
]
|
|
apigee-cassandra = [
|
|
"apigee-cassandra-schema-setup-${local.org_hash}-sa",
|
|
"apigee-cassandra-user-setup-${local.org_hash}-sa"
|
|
]
|
|
apigee-mart = [
|
|
"apigee-mart-${local.org_hash}-sa",
|
|
"apigee-connect-agent-${local.org_hash}-sa"
|
|
]
|
|
apigee-watcher = [
|
|
"apigee-watcher-${local.org_hash}-sa"
|
|
]
|
|
apigee-udca = concat([
|
|
"apigee-udca-${local.org_hash}-sa"
|
|
],
|
|
[for k, v in local.org_env_hashes :
|
|
"apigee-udca-${local.org_env_hashes[k]}-sa"
|
|
])
|
|
apigee-synchronizer = [
|
|
for k, v in local.org_env_hashes :
|
|
"apigee-synchronizer-${local.org_env_hashes[k]}-sa"
|
|
]
|
|
apigee-runtime = [for k, v in local.org_env_hashes :
|
|
"apigee-runtime-${local.org_env_hashes[k]}-sa"
|
|
]
|
|
}
|
|
}
|
|
|
|
module "apigee" {
|
|
source = "../../../modules/apigee"
|
|
project_id = module.project.project_id
|
|
organization = {
|
|
analytics_region = var.region
|
|
runtime_type = "HYBRID"
|
|
}
|
|
envgroups = local.envgroups
|
|
environments = local.environments
|
|
}
|
|
|
|
module "sas" {
|
|
for_each = local.google_sas
|
|
source = "../../../modules/iam-service-account"
|
|
project_id = module.project.project_id
|
|
name = each.key
|
|
# authoritative roles granted *on* the service accounts to other identities
|
|
iam = {
|
|
"roles/iam.workloadIdentityUser" = [for v in each.value : "serviceAccount:${module.project.project_id}.svc.id.goog[apigee/${v}]"]
|
|
}
|
|
}
|
|
|
|
resource "local_file" "deploy_apiproxy_file" {
|
|
content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", {
|
|
org = module.project.project_id
|
|
})
|
|
filename = "${path.module}/deploy-apiproxy.sh"
|
|
file_permission = "0755"
|
|
}
|