fix #728 (#729)

2022-07-10 11:34:41 +02:00 · 2022-07-10 11:34:41 +02:00 · 263cf96d81
parent 54d805dac0
commit 263cf96d81
4 changed files with 107 additions and 40 deletions
--- a/modules/cloud-run/main.tf
+++ b/modules/cloud-run/main.tf
@ -15,6 +15,21 @@
 */

 locals {
+  annotations = merge(
+    var.ingress_settings == null ? {} : {
+      "run.googleapis.com/ingress" = var.ingress_settings
+    },
+    var.vpc_connector == null ? {} : {
+      "run.googleapis.com/vpc-access-connector" = (
+        try(var.vpc_connector.create, false)
+        ? google_vpc_access_connector.connector.0.id
+        : var.vpc_connector.name
+      )
+    },
+    try(var.vpc_connector.egress_settings, null) == null ? {} : {
+      "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings
+    }
+  )
  prefix = var.prefix == null ? "" : "${var.prefix}-"
  service_account_email = (
    var.service_account_create
@ -25,21 +40,10 @@ locals {
    )
    : var.service_account
  )
-
-  annotations = merge(var.ingress_settings == null ? {} : { "run.googleapis.com/ingress" = var.ingress_settings },
-    var.vpc_connector == null
-    ? {}
-    : try(var.vpc_connector.create, false)
-    ? { "run.googleapis.com/vpc-access-connector" = var.vpc_connector.name }
-    : { "run.googleapis.com/vpc-access-connector" = google_vpc_access_connector.connector.0.id }
-    ,
-    try(var.vpc_connector.egress_settings, null) == null
-    ? {}
-  : { "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings })
 }

 resource "google_vpc_access_connector" "connector" {
-  count         = try(var.vpc_connector.create, false) == false ? 0 : 1
+  count         = try(var.vpc_connector.create, false) ? 1 : 0
  project       = var.project_id
  name          = var.vpc_connector.name
  region        = var.region
@ -56,20 +60,30 @@ resource "google_cloud_run_service" "service" {
  template {
    spec {
      dynamic "containers" {
-        for_each = var.containers == null ? {} : { for i, container in var.containers : i => container }
+        for_each = var.containers == null ? {} : {
+          for i, container in var.containers : i => container
+        }
        content {
          image   = containers.value["image"]
          command = try(containers.value["options"]["command"], null)
          args    = try(containers.value["options"]["args"], null)
          dynamic "env" {
-            for_each = try(containers.value["options"]["env"], null) == null ? {} : containers.value["options"]["env"]
+            for_each = (
+              try(containers.value["options"]["env"], null) == null
+              ? {}
+              : containers.value["options"]["env"]
+            )
            content {
              name  = env.key
              value = env.value
            }
          }
          dynamic "env" {
-            for_each = try(containers.value["options"]["env_from"], null) == null ? {} : containers.value["options"]["env_from"]
+            for_each = (
+              try(containers.value["options"]["env_from"], null) == null
+              ? {}
+              : containers.value["options"]["env_from"]
+            )
            content {
              name = env.key
              value_from {
@ -81,7 +95,14 @@ resource "google_cloud_run_service" "service" {
            }
          }
          dynamic "ports" {
-            for_each = containers.value["ports"] == null ? {} : { for port in containers.value["ports"] : "${port.name}-${port.container_port}" => port }
+            for_each = (
+              containers.value["ports"] == null
+              ? {}
+              : {
+                for port in containers.value["ports"] :
+                "${port.name}-${port.container_port}" => port
+              }
+            )
            content {
              name           = ports.value["name"]
              protocol       = ports.value["protocol"]
@ -96,7 +117,11 @@ resource "google_cloud_run_service" "service" {
            }
          }
          dynamic "volume_mounts" {
-            for_each = containers.value["volume_mounts"] == null ? {} : containers.value["volume_mounts"]
+            for_each = (
+              containers.value["volume_mounts"] == null
+              ? {}
+              : containers.value["volume_mounts"]
+            )
            content {
              name       = volume_mounts.key
              mount_path = volume_mounts.value
@ -112,7 +137,11 @@ resource "google_cloud_run_service" "service" {
          secret {
            secret_name = volumes.value["secret_name"]
            dynamic "items" {
-              for_each = volumes.value["items"] == null ? [] : volumes.value["items"]
+              for_each = (
+                volumes.value["items"] == null
+                ? []
+                : volumes.value["items"]
+              )
              content {
                key  = items.value["key"]
                path = items.value["path"]
@ -130,7 +159,6 @@ resource "google_cloud_run_service" "service" {
    }
  }

-
  metadata {
    annotations = local.annotations
  }
@ -162,7 +190,10 @@ resource "google_service_account" "service_account" {
 }

 resource "google_eventarc_trigger" "audit_log_triggers" {
-  for_each = var.audit_log_triggers == null ? {} : { for trigger in var.audit_log_triggers : "${trigger.service_name}-${trigger.method_name}" => trigger }
+  for_each = var.audit_log_triggers == null ? {} : {
+    for trigger in var.audit_log_triggers :
+    "${trigger.service_name}-${trigger.method_name}" => trigger
+  }
  name     = "${local.prefix}${each.key}-audit-log-trigger"
  location = google_cloud_run_service.service.location
  project  = google_cloud_run_service.service.project
@ -188,7 +219,11 @@ resource "google_eventarc_trigger" "audit_log_triggers" {

 resource "google_eventarc_trigger" "pubsub_triggers" {
  for_each = var.pubsub_triggers == null ? [] : toset(var.pubsub_triggers)
-  name     = each.value == "" ? "${local.prefix}default-pubsub-trigger" : "${local.prefix}${each.value}-pubsub-trigger"
+  name = (
+    each.value == ""
+    ? "${local.prefix}default-pubsub-trigger"
+    : "${local.prefix}${each.value}-pubsub-trigger"
+  )
  location = google_cloud_run_service.service.location
  project  = google_cloud_run_service.service.project
  matching_criteria {
--- a/tests/modules/cloud_run/fixture/main.tf
+++ b/tests/modules/cloud_run/fixture/main.tf
@ -12,6 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+variable "vpc_connector" {
+  type    = any
+  default = null
+}
+
+variable "vpc_connector_config" {
+  type    = any
+  default = null
+}
+
 module "cloud_run" {
  source        = "../../../../modules/cloud-run"
  project_id    = "my-project"
@ -37,4 +47,6 @@ module "cloud_run" {
  iam = {
    "roles/run.invoker" = ["allUsers"]
  }
+  vpc_connector        = var.vpc_connector
+  vpc_connector_config = var.vpc_connector_config
 }
--- a/tests/modules/cloud_run/fixture/variables.tf
+++ b/tests/modules/cloud_run/fixture/variables.tf
@ -1,13 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--- a/tests/modules/cloud_run/test_plan.py
+++ b/tests/modules/cloud_run/test_plan.py
@ -28,21 +28,54 @@ def test_resource_count(resources):

 def test_iam(resources):
  "Test IAM binding resources."
-  bindings = [r['values'] for r in resources if r['type']
-              == 'google_cloud_run_service_iam_binding']
+  bindings = [
+      r['values']
+      for r in resources
+      if r['type'] == 'google_cloud_run_service_iam_binding'
+  ]
  assert len(bindings) == 1
  assert bindings[0]['role'] == 'roles/run.invoker'


 def test_audit_log_triggers(resources):
  "Test audit logs Eventarc trigger resources."
-  audit_log_triggers = [r['values'] for r in resources if r['type']
-                        == 'google_eventarc_trigger' and r['name'] == 'audit_log_triggers']
+  audit_log_triggers = [
+      r['values']
+      for r in resources
+      if r['type'] == 'google_eventarc_trigger' and
+      r['name'] == 'audit_log_triggers'
+  ]
  assert len(audit_log_triggers) == 1


 def test_pubsub_triggers(resources):
  "Test Pub/Sub Eventarc trigger resources."
-  pubsub_triggers = [r['values'] for r in resources if r['type']
-                     == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers']
+  pubsub_triggers = [
+      r['values'] for r in resources if
+      r['type'] == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers'
+  ]
  assert len(pubsub_triggers) == 2
+
+
+def test_vpc_connector_none(plan_runner):
+  "Test VPC connector creation."
+  _, resources = plan_runner()
+  assert len(
+      [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0
+
+
+def test_vpc_connector_nocreate(plan_runner):
+  "Test VPC connector creation."
+  _, resources = plan_runner(
+      vpc_connector='{create=false, name="foo", egress_settings=null}')
+  assert len(
+      [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0
+
+
+def test_vpc_connector_create(plan_runner):
+  "Test VPC connector creation."
+  _, resources = plan_runner(
+      vpc_connector='{create=true, name="foo", egress_settings=null}',
+      vpc_connector_config='{ip_cidr_range="10.0.0.0/28", network="default"}')
+  assert len(
+      [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 1