145 lines
4.4 KiB
HCL
145 lines
4.4 KiB
HCL
/**
|
|
* Copyright 2022 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
locals {
|
|
discovery_roles = ["roles/compute.viewer", "roles/cloudasset.viewer"]
|
|
}
|
|
|
|
resource "random_string" "default" {
|
|
count = var.cloud_function_config.bucket_name == null ? 1 : 0
|
|
length = 8
|
|
special = false
|
|
upper = false
|
|
}
|
|
|
|
module "project" {
|
|
source = "../../../../modules/project"
|
|
name = var.project_id
|
|
billing_account = try(var.project_create_config.billing_account_id, null)
|
|
labels = var.project_create_config != null ? var.labels : null
|
|
parent = try(var.project_create_config.parent_id, null)
|
|
project_create = var.project_create_config != null
|
|
services = [
|
|
"cloudasset.googleapis.com",
|
|
"cloudbuild.googleapis.com",
|
|
"cloudfunctions.googleapis.com",
|
|
"cloudscheduler.googleapis.com",
|
|
"compute.googleapis.com",
|
|
"monitoring.googleapis.com"
|
|
]
|
|
}
|
|
|
|
module "pubsub" {
|
|
source = "../../../../modules/pubsub"
|
|
project_id = module.project.project_id
|
|
name = var.name
|
|
regions = [var.region]
|
|
subscriptions = { "${var.name}-default" = null }
|
|
}
|
|
|
|
module "cloud-function" {
|
|
source = "../../../../modules/cloud-function"
|
|
project_id = module.project.project_id
|
|
name = var.name
|
|
bucket_name = coalesce(
|
|
var.cloud_function_config.bucket_name,
|
|
"${var.name}-${random_string.default.0.id}"
|
|
)
|
|
bucket_config = {
|
|
location = var.region
|
|
}
|
|
build_worker_pool = var.cloud_function_config.build_worker_pool_id
|
|
bundle_config = {
|
|
source_dir = var.cloud_function_config.source_dir
|
|
output_path = var.cloud_function_config.bundle_path
|
|
}
|
|
environment_variables = (
|
|
var.cloud_function_config.debug != true ? {} : { DEBUG = "1" }
|
|
)
|
|
function_config = {
|
|
entry_point = "main_cf_pubsub"
|
|
memory_mb = var.cloud_function_config.memory_mb
|
|
timeout_seconds = var.cloud_function_config.timeout_seconds
|
|
}
|
|
service_account_create = true
|
|
trigger_config = {
|
|
v1 = {
|
|
event = "google.pubsub.topic.publish"
|
|
resource = module.pubsub.topic.id
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "google_cloud_scheduler_job" "default" {
|
|
project = var.project_id
|
|
region = var.region
|
|
name = var.name
|
|
schedule = var.schedule_config
|
|
time_zone = "UTC"
|
|
|
|
pubsub_target {
|
|
attributes = {}
|
|
topic_name = module.pubsub.topic.id
|
|
data = base64encode(jsonencode({
|
|
discovery_root = var.discovery_config.discovery_root
|
|
folders = var.discovery_config.monitored_folders
|
|
projects = var.discovery_config.monitored_projects
|
|
monitoring_project = module.project.project_id
|
|
custom_quota = (
|
|
var.discovery_config.custom_quota_file == null
|
|
? { networks = {}, projects = {} }
|
|
: yamldecode(file(var.discovery_config.custom_quota_file))
|
|
)
|
|
}))
|
|
}
|
|
}
|
|
|
|
resource "google_organization_iam_member" "discovery" {
|
|
for_each = toset(
|
|
var.grant_discovery_iam_roles &&
|
|
startswith(var.discovery_config.discovery_root, "organizations/")
|
|
? local.discovery_roles
|
|
: []
|
|
)
|
|
org_id = split("/", var.discovery_config.discovery_root)[1]
|
|
role = each.key
|
|
member = module.cloud-function.service_account_iam_email
|
|
}
|
|
|
|
resource "google_folder_iam_member" "discovery" {
|
|
for_each = toset(
|
|
var.grant_discovery_iam_roles &&
|
|
startswith(var.discovery_config.discovery_root, "folders/")
|
|
? local.discovery_roles
|
|
: []
|
|
)
|
|
folder = var.discovery_config.discovery_root
|
|
role = each.key
|
|
member = module.cloud-function.service_account_iam_email
|
|
}
|
|
|
|
resource "google_project_iam_member" "monitoring" {
|
|
project = module.project.project_id
|
|
role = "roles/monitoring.metricWriter"
|
|
member = module.cloud-function.service_account_iam_email
|
|
}
|
|
|
|
resource "google_monitoring_dashboard" "dashboard" {
|
|
count = var.dashboard_json_path == null ? 0 : 1
|
|
project = var.project_id
|
|
dashboard_json = file(var.dashboard_json_path)
|
|
}
|