zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/tests/examples_e2e/setup_module/main.tf

140 lines
4.6 KiB
HCL
Raw Blame History

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
locals {
prefix = "${var.prefix}-${var.timestamp}${var.suffix}"
jit_services = [
"storage.googleapis.com", # no permissions granted by default
]
services = [
# trimmed down list of services, to be extended as needed
"apigee.googleapis.com",
"bigquery.googleapis.com",
"cloudbuild.googleapis.com",
"cloudfunctions.googleapis.com",
"cloudkms.googleapis.com",
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"eventarc.googleapis.com",
"iam.googleapis.com",
"run.googleapis.com",
"secretmanager.googleapis.com",
"serviceusage.googleapis.com",
"stackdriver.googleapis.com",
"storage-component.googleapis.com",
"storage.googleapis.com",
"vpcaccess.googleapis.com",
]
}
resource "google_folder" "folder" {
display_name = "E2E Tests ${var.timestamp}-${var.suffix}"
parent = var.parent
}
resource "google_project" "project" {
name = "${local.prefix}-prj"
billing_account = var.billing_account
folder_id = google_folder.folder.id
project_id = "${local.prefix}-prj"
}
resource "google_project_service" "project_service" {
for_each = toset(local.services)
service = each.value
project = google_project.project.project_id
disable_dependent_services = true
}
resource "google_storage_bucket" "bucket" {
location = var.region
name = "${local.prefix}-bucket"
project = google_project.project.project_id
force_destroy = true
depends_on = [google_project_service.project_service]
}
resource "google_compute_network" "network" {
name = "e2e-test"
project = google_project.project.project_id
auto_create_subnetworks = false
depends_on = [google_project_service.project_service]
}
resource "google_compute_subnetwork" "subnetwork" {
ip_cidr_range = "10.0.16.0/24"
name = "e2e-test-1"
network = google_compute_network.network.name
project = google_project.project.project_id
region = var.region
}
resource "google_service_account" "service_account" {
account_id = "e2e-service-account"
project = google_project.project.project_id
depends_on = [google_project_service.project_service]
}
resource "google_kms_key_ring" "keyring" {
name = "keyring"
project = google_project.project.project_id
location = var.region
depends_on = [google_project_service.project_service]
}
resource "google_kms_crypto_key" "key" {
name = "crypto-key-example"
key_ring = google_kms_key_ring.keyring.id
rotation_period = "100000s"
}
resource "google_project_service_identity" "jit_si" {
for_each = toset(local.jit_services)
provider = google-beta
project = google_project.project.project_id
service = each.value
depends_on = [google_project_service.project_service]
}
resource "local_file" "terraform_tfvars" {
filename = "e2e_tests.tfvars"
content = templatefile("e2e_tests.tfvars.tftpl", {
bucket = google_storage_bucket.bucket.name
billing_account_id = var.billing_account
folder_id = google_folder.folder.folder_id
group_email = var.group_email
kms_key_id = google_kms_crypto_key.key.id
organization_id = var.organization_id
project_id = google_project.project.project_id
region = var.region
service_account = {
id = google_service_account.service_account.id
email = google_service_account.service_account.email
iam_email = "serviceAccount:${google_service_account.service_account.email}"
}
subnet = {
name = google_compute_subnetwork.subnetwork.name
region = google_compute_subnetwork.subnetwork.region
ip_cidr_range = google_compute_subnetwork.subnetwork.ip_cidr_range
self_link = google_compute_subnetwork.subnetwork.self_link
}
vpc = {
name = google_compute_network.network.name
self_link = google_compute_network.network.self_link
id = google_compute_network.network.id
}
})
}
Reference in New Issue View Git Blame Copy Permalink