Google Run - Look I did it

.cloud/terraform/cloud-run.tf

@@ -1,6 +1,6 @@
 # Now create our Google Cloud Run service
 resource "google_cloud_run_service" "default" {
-  name     = "${var.app_prefix}-laravel-app"
+  name     = "${local.server_prefix}-laravel-app"
   location = var.region
 
   template {
@@ -31,6 +31,10 @@ resource "google_cloud_run_service" "default" {
           name  = "LOG_CHANNEL"
           value = "stackdriver"
         }
+        env {
+          name  = "GOOGLE_CLOUD"
+          value = "run"
+        }
 
         # Mail
         env {

.cloud/terraform/cloud-secret-definitions.tf

@@ -11,9 +11,9 @@ resource "google_secret_manager_secret" "app_token" {
   }
 }
 
-# MySQL database
-resource "google_secret_manager_secret" "cloud_sql_database" {
-  secret_id = "${var.app_prefix}-cloud-sql-database"
+# MySQL settings
+resource "google_secret_manager_secret" "cloud_sql" {
+  secret_id = "${var.app_prefix}-cloud-sql"
 
   replication {
     user_managed {
@@ -24,9 +24,9 @@ resource "google_secret_manager_secret" "cloud_sql_database" {
   }
 }
 
-# MySQL username
-resource "google_secret_manager_secret" "cloud_sql_username" {
-  secret_id = "${var.app_prefix}-cloud-sql-username"
+# Messagebird
+resource "google_secret_manager_secret" "messagebird" {
+  secret_id = "${var.app_prefix}-messagebird"
 
   replication {
     user_managed {
@@ -37,74 +37,9 @@ resource "google_secret_manager_secret" "cloud_sql_username" {
   }
 }
 
-# MySQL password
-resource "google_secret_manager_secret" "cloud_sql_password" {
-  secret_id = "${var.app_prefix}-cloud-sql-password"
-
-  replication {
-    user_managed {
-      replicas {
-        location = var.region
-      }
-    }
-  }
-}
-
-# Messagebird, access key
-resource "google_secret_manager_secret" "messagebird_access_key" {
-  secret_id = "${var.app_prefix}-messagebird-access-key"
-
-  replication {
-    user_managed {
-      replicas {
-        location = var.region
-      }
-    }
-  }
-}
-
-# Messagebird, origin
-resource "google_secret_manager_secret" "messagebird_origin" {
-  secret_id = "${var.app_prefix}-messagebird-origin"
-
-  replication {
-    user_managed {
-      replicas {
-        location = var.region
-      }
-    }
-  }
-}
-
-# Conscribo, account
-resource "google_secret_manager_secret" "conscribo_account" {
-  secret_id = "conscribo-account"
-
-  replication {
-    user_managed {
-      replicas {
-        location = var.region
-      }
-    }
-  }
-}
-
-# Conscribo, username
-resource "google_secret_manager_secret" "conscribo_username" {
-  secret_id = "conscribo-username"
-
-  replication {
-    user_managed {
-      replicas {
-        location = var.region
-      }
-    }
-  }
-}
-
-# Conscribo, password
-resource "google_secret_manager_secret" "conscribo_password" {
-  secret_id = "conscribo-password"
+# Conscribo
+resource "google_secret_manager_secret" "conscribo" {
+  secret_id = "conscribo"
 
   replication {
     user_managed {

.cloud/terraform/cloud-secret-values.tf

@@ -3,42 +3,17 @@ data "google_secret_manager_secret_version" "app_token" {
   secret = google_secret_manager_secret.app_token.name
 }
 
-# MySQL database
-data "google_secret_manager_secret_version" "cloud_sql_database" {
-  secret = google_secret_manager_secret.cloud_sql_database.name
+# Cloud SQL
+data "google_secret_manager_secret_version" "cloud_sql" {
+  secret = google_secret_manager_secret.cloud_sql.name
 }
 
-# MySQL username
-data "google_secret_manager_secret_version" "cloud_sql_username" {
-  secret = google_secret_manager_secret.cloud_sql_username.name
+# Messagebird Settings
+data "google_secret_manager_secret_version" "messagebird" {
+  secret = google_secret_manager_secret.messagebird.name
 }
 
-# MySQL password
-data "google_secret_manager_secret_version" "cloud_sql_password" {
-  secret = google_secret_manager_secret.cloud_sql_password.name
-}
-
-# Messagebird, access key
-data "google_secret_manager_secret_version" "messagebird_access_key" {
-  secret = google_secret_manager_secret.messagebird_access_key.name
-}
-
-# Messagebird, origin
-data "google_secret_manager_secret_version" "messagebird_origin" {
-  secret = google_secret_manager_secret.messagebird_origin.name
-}
-
-# Conscribo, account
-data "google_secret_manager_secret_version" "conscribo_account" {
-  secret = google_secret_manager_secret.conscribo_account.name
-}
-
-# Conscribo, username
-data "google_secret_manager_secret_version" "conscribo_username" {
-  secret = google_secret_manager_secret.conscribo_username.name
-}
-
-# Conscribo, password
-data "google_secret_manager_secret_version" "conscribo_password" {
-  secret = google_secret_manager_secret.conscribo_password.name
+# Conscribo Settings
+data "google_secret_manager_secret_version" "conscribo" {
+  secret = google_secret_manager_secret.conscribo.name
 }

.cloud/terraform/cloud-sql.tf

@@ -1,6 +1,6 @@
 # Create a MySQL sever
 resource "google_sql_database_instance" "db_mysql" {
-  name                = "${var.app_prefix}-mysql"
+  name                = "${local.server_prefix}-mysql"
   database_version    = "MYSQL_8_0"
   deletion_protection = false
 

.cloud/terraform/cloud-storage.tf

@@ -1,5 +1,5 @@
 resource "google_storage_bucket" "site_object_cache" {
-  name          = "${var.app_prefix}-app-storage"
+  name          = "${local.server_prefix}-app-storage"
   location      = var.region
   force_destroy = true
 

.cloud/terraform/locals.tf

@@ -1,18 +1,24 @@
 locals {
+  # Randoms
+  server_prefix = random_id.server_prefix.hex
+
   # App key
   app_token = data.google_secret_manager_secret_version.app_token.secret_data
 
   # Cloud SQL
-  cloud_sql_database = data.google_secret_manager_secret_version.cloud_sql_database.secret_data
-  cloud_sql_username = data.google_secret_manager_secret_version.cloud_sql_username.secret_data
-  cloud_sql_password = data.google_secret_manager_secret_version.cloud_sql_password.secret_data
+  cloud_sql_raw      = jsondecode(data.google_secret_manager_secret_version.cloud_sql.secret_data)
+  cloud_sql_database = tostring(try(local.cloud_sql_raw.database, null))
+  cloud_sql_username = tostring(try(local.cloud_sql_raw.username, null))
+  cloud_sql_password = tostring(try(local.cloud_sql_raw.password, null))
 
   # Messagebird
-  messagebird_access_key = data.google_secret_manager_secret_version.messagebird_access_key.secret_data
-  messagebird_origin     = data.google_secret_manager_secret_version.messagebird_origin.secret_data
+  messagebird_raw        = jsondecode(data.google_secret_manager_secret_version.messagebird.secret_data)
+  messagebird_access_key = tostring(try(local.messagebird_raw.access_key, null))
+  messagebird_origin     = tostring(try(local.messagebird_raw.origin, null))
 
   # Conscribo API
-  conscribo_account  = data.google_secret_manager_secret_version.conscribo_account.secret_data
-  conscribo_username = data.google_secret_manager_secret_version.conscribo_username.secret_data
-  conscribo_password = data.google_secret_manager_secret_version.conscribo_password.secret_data
+  conscribo_raw      = jsondecode(data.google_secret_manager_secret_version.conscribo.secret_data)
+  conscribo_account  = tostring(try(local.conscribo_raw.account, null))
+  conscribo_username = tostring(try(local.conscribo_raw.username, null))
+  conscribo_password = tostring(try(local.conscribo_raw.password, null))
 }

.cloud/terraform/main.tf

@@ -12,6 +12,11 @@ terraform {
       source  = "hashicorp/google"
       version = "3.52.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "3.0.1"
+    }
   }
 }
 

.cloud/terraform/random-values.tf

@@ -0,0 +1,7 @@
+resource "random_id" "server_prefix" {
+  keepers = {
+    app_prefix = var.app_prefix
+  }
+
+  byte_length = 8
+}

.cloud/terraform/terraform.example.tfvars

@@ -2,10 +2,5 @@
 # Should have the Project:Editor permission
 credentials_file = ""
 
-# Your SQL login data
-cloud_sql_database = "laravel"
-cloud_sql_username = "laravel"
-cloud_sql_password = "laravel"
-
 # Application name
 app_prefix = "evoting2021"