parent
54d805dac0
commit
263cf96d81
|
@ -15,6 +15,21 @@
|
|||
*/
|
||||
|
||||
locals {
|
||||
annotations = merge(
|
||||
var.ingress_settings == null ? {} : {
|
||||
"run.googleapis.com/ingress" = var.ingress_settings
|
||||
},
|
||||
var.vpc_connector == null ? {} : {
|
||||
"run.googleapis.com/vpc-access-connector" = (
|
||||
try(var.vpc_connector.create, false)
|
||||
? google_vpc_access_connector.connector.0.id
|
||||
: var.vpc_connector.name
|
||||
)
|
||||
},
|
||||
try(var.vpc_connector.egress_settings, null) == null ? {} : {
|
||||
"run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings
|
||||
}
|
||||
)
|
||||
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
||||
service_account_email = (
|
||||
var.service_account_create
|
||||
|
@ -25,21 +40,10 @@ locals {
|
|||
)
|
||||
: var.service_account
|
||||
)
|
||||
|
||||
annotations = merge(var.ingress_settings == null ? {} : { "run.googleapis.com/ingress" = var.ingress_settings },
|
||||
var.vpc_connector == null
|
||||
? {}
|
||||
: try(var.vpc_connector.create, false)
|
||||
? { "run.googleapis.com/vpc-access-connector" = var.vpc_connector.name }
|
||||
: { "run.googleapis.com/vpc-access-connector" = google_vpc_access_connector.connector.0.id }
|
||||
,
|
||||
try(var.vpc_connector.egress_settings, null) == null
|
||||
? {}
|
||||
: { "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings })
|
||||
}
|
||||
|
||||
resource "google_vpc_access_connector" "connector" {
|
||||
count = try(var.vpc_connector.create, false) == false ? 0 : 1
|
||||
count = try(var.vpc_connector.create, false) ? 1 : 0
|
||||
project = var.project_id
|
||||
name = var.vpc_connector.name
|
||||
region = var.region
|
||||
|
@ -56,20 +60,30 @@ resource "google_cloud_run_service" "service" {
|
|||
template {
|
||||
spec {
|
||||
dynamic "containers" {
|
||||
for_each = var.containers == null ? {} : { for i, container in var.containers : i => container }
|
||||
for_each = var.containers == null ? {} : {
|
||||
for i, container in var.containers : i => container
|
||||
}
|
||||
content {
|
||||
image = containers.value["image"]
|
||||
command = try(containers.value["options"]["command"], null)
|
||||
args = try(containers.value["options"]["args"], null)
|
||||
dynamic "env" {
|
||||
for_each = try(containers.value["options"]["env"], null) == null ? {} : containers.value["options"]["env"]
|
||||
for_each = (
|
||||
try(containers.value["options"]["env"], null) == null
|
||||
? {}
|
||||
: containers.value["options"]["env"]
|
||||
)
|
||||
content {
|
||||
name = env.key
|
||||
value = env.value
|
||||
}
|
||||
}
|
||||
dynamic "env" {
|
||||
for_each = try(containers.value["options"]["env_from"], null) == null ? {} : containers.value["options"]["env_from"]
|
||||
for_each = (
|
||||
try(containers.value["options"]["env_from"], null) == null
|
||||
? {}
|
||||
: containers.value["options"]["env_from"]
|
||||
)
|
||||
content {
|
||||
name = env.key
|
||||
value_from {
|
||||
|
@ -81,7 +95,14 @@ resource "google_cloud_run_service" "service" {
|
|||
}
|
||||
}
|
||||
dynamic "ports" {
|
||||
for_each = containers.value["ports"] == null ? {} : { for port in containers.value["ports"] : "${port.name}-${port.container_port}" => port }
|
||||
for_each = (
|
||||
containers.value["ports"] == null
|
||||
? {}
|
||||
: {
|
||||
for port in containers.value["ports"] :
|
||||
"${port.name}-${port.container_port}" => port
|
||||
}
|
||||
)
|
||||
content {
|
||||
name = ports.value["name"]
|
||||
protocol = ports.value["protocol"]
|
||||
|
@ -96,7 +117,11 @@ resource "google_cloud_run_service" "service" {
|
|||
}
|
||||
}
|
||||
dynamic "volume_mounts" {
|
||||
for_each = containers.value["volume_mounts"] == null ? {} : containers.value["volume_mounts"]
|
||||
for_each = (
|
||||
containers.value["volume_mounts"] == null
|
||||
? {}
|
||||
: containers.value["volume_mounts"]
|
||||
)
|
||||
content {
|
||||
name = volume_mounts.key
|
||||
mount_path = volume_mounts.value
|
||||
|
@ -112,7 +137,11 @@ resource "google_cloud_run_service" "service" {
|
|||
secret {
|
||||
secret_name = volumes.value["secret_name"]
|
||||
dynamic "items" {
|
||||
for_each = volumes.value["items"] == null ? [] : volumes.value["items"]
|
||||
for_each = (
|
||||
volumes.value["items"] == null
|
||||
? []
|
||||
: volumes.value["items"]
|
||||
)
|
||||
content {
|
||||
key = items.value["key"]
|
||||
path = items.value["path"]
|
||||
|
@ -130,7 +159,6 @@ resource "google_cloud_run_service" "service" {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
metadata {
|
||||
annotations = local.annotations
|
||||
}
|
||||
|
@ -162,7 +190,10 @@ resource "google_service_account" "service_account" {
|
|||
}
|
||||
|
||||
resource "google_eventarc_trigger" "audit_log_triggers" {
|
||||
for_each = var.audit_log_triggers == null ? {} : { for trigger in var.audit_log_triggers : "${trigger.service_name}-${trigger.method_name}" => trigger }
|
||||
for_each = var.audit_log_triggers == null ? {} : {
|
||||
for trigger in var.audit_log_triggers :
|
||||
"${trigger.service_name}-${trigger.method_name}" => trigger
|
||||
}
|
||||
name = "${local.prefix}${each.key}-audit-log-trigger"
|
||||
location = google_cloud_run_service.service.location
|
||||
project = google_cloud_run_service.service.project
|
||||
|
@ -188,7 +219,11 @@ resource "google_eventarc_trigger" "audit_log_triggers" {
|
|||
|
||||
resource "google_eventarc_trigger" "pubsub_triggers" {
|
||||
for_each = var.pubsub_triggers == null ? [] : toset(var.pubsub_triggers)
|
||||
name = each.value == "" ? "${local.prefix}default-pubsub-trigger" : "${local.prefix}${each.value}-pubsub-trigger"
|
||||
name = (
|
||||
each.value == ""
|
||||
? "${local.prefix}default-pubsub-trigger"
|
||||
: "${local.prefix}${each.value}-pubsub-trigger"
|
||||
)
|
||||
location = google_cloud_run_service.service.location
|
||||
project = google_cloud_run_service.service.project
|
||||
matching_criteria {
|
||||
|
|
|
@ -12,6 +12,16 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "vpc_connector" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_connector_config" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
module "cloud_run" {
|
||||
source = "../../../../modules/cloud-run"
|
||||
project_id = "my-project"
|
||||
|
@ -37,4 +47,6 @@ module "cloud_run" {
|
|||
iam = {
|
||||
"roles/run.invoker" = ["allUsers"]
|
||||
}
|
||||
vpc_connector = var.vpc_connector
|
||||
vpc_connector_config = var.vpc_connector_config
|
||||
}
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -28,21 +28,54 @@ def test_resource_count(resources):
|
|||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_cloud_run_service_iam_binding']
|
||||
bindings = [
|
||||
r['values']
|
||||
for r in resources
|
||||
if r['type'] == 'google_cloud_run_service_iam_binding'
|
||||
]
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/run.invoker'
|
||||
|
||||
|
||||
def test_audit_log_triggers(resources):
|
||||
"Test audit logs Eventarc trigger resources."
|
||||
audit_log_triggers = [r['values'] for r in resources if r['type']
|
||||
== 'google_eventarc_trigger' and r['name'] == 'audit_log_triggers']
|
||||
audit_log_triggers = [
|
||||
r['values']
|
||||
for r in resources
|
||||
if r['type'] == 'google_eventarc_trigger' and
|
||||
r['name'] == 'audit_log_triggers'
|
||||
]
|
||||
assert len(audit_log_triggers) == 1
|
||||
|
||||
|
||||
def test_pubsub_triggers(resources):
|
||||
"Test Pub/Sub Eventarc trigger resources."
|
||||
pubsub_triggers = [r['values'] for r in resources if r['type']
|
||||
== 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers']
|
||||
pubsub_triggers = [
|
||||
r['values'] for r in resources if
|
||||
r['type'] == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers'
|
||||
]
|
||||
assert len(pubsub_triggers) == 2
|
||||
|
||||
|
||||
def test_vpc_connector_none(plan_runner):
|
||||
"Test VPC connector creation."
|
||||
_, resources = plan_runner()
|
||||
assert len(
|
||||
[r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0
|
||||
|
||||
|
||||
def test_vpc_connector_nocreate(plan_runner):
|
||||
"Test VPC connector creation."
|
||||
_, resources = plan_runner(
|
||||
vpc_connector='{create=false, name="foo", egress_settings=null}')
|
||||
assert len(
|
||||
[r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0
|
||||
|
||||
|
||||
def test_vpc_connector_create(plan_runner):
|
||||
"Test VPC connector creation."
|
||||
_, resources = plan_runner(
|
||||
vpc_connector='{create=true, name="foo", egress_settings=null}',
|
||||
vpc_connector_config='{ip_cidr_range="10.0.0.0/28", network="default"}')
|
||||
assert len(
|
||||
[r for r in resources if r['type'] == 'google_vpc_access_connector']) == 1
|
||||
|
|
Loading…
Reference in New Issue