From 1843e87bde813fc908f08ec066c7ff35cd75304b Mon Sep 17 00:00:00 2001 From: Roelof Roos Date: Mon, 18 Jan 2021 22:09:56 +0100 Subject: [PATCH] Google Run - Look I did it --- .cloud/terraform/.terraform.lock.hcl | 18 +++++ .cloud/terraform/cloud-run.tf | 6 +- .cloud/terraform/cloud-secret-definitions.tf | 83 +++----------------- .cloud/terraform/cloud-secret-values.tf | 43 +++------- .cloud/terraform/cloud-sql.tf | 2 +- .cloud/terraform/cloud-storage.tf | 2 +- .cloud/terraform/locals.tf | 22 ++++-- .cloud/terraform/main.tf | 5 ++ .cloud/terraform/random-values.tf | 7 ++ .cloud/terraform/terraform.example.tfvars | 5 -- 10 files changed, 69 insertions(+), 124 deletions(-) create mode 100644 .cloud/terraform/random-values.tf diff --git a/.cloud/terraform/.terraform.lock.hcl b/.cloud/terraform/.terraform.lock.hcl index df1099b..663b3dc 100755 --- a/.cloud/terraform/.terraform.lock.hcl +++ b/.cloud/terraform/.terraform.lock.hcl @@ -18,3 +18,21 @@ provider "registry.terraform.io/hashicorp/google" { "zh:f3603917de36faa1e45358605c80db722bb920f8b91a7425a6358b6406740397", ] } + +provider "registry.terraform.io/hashicorp/random" { + version = "3.0.1" + constraints = "3.0.1" + hashes = [ + "h1:SzM8nt2wzLMI28A3CWAtW25g3ZCm1O4xD0h3Ps/rU1U=", + "zh:0d4f683868324af056a9eb2b06306feef7c202c88dbbe6a4ad7517146a22fb50", + "zh:4824b3c7914b77d41dfe90f6f333c7ac9860afb83e2a344d91fbe46e5dfbec26", + "zh:4b82e43712f3cf0d0cbc95b2cbcd409ba8f0dc7848fdfb7c13633c27468ed04a", + "zh:78b3a2b860c3ebc973a794000015f5946eb59b82705d701d487475406b2612f1", + "zh:88bc65197bd74ff408d147b32f0045372ae3a3f2a2fdd7f734f315d988c0e4a2", + "zh:91bd3c9f625f177f3a5d641a64e54d4b4540cb071070ecda060a8261fb6eb2ef", + "zh:a6818842b28d800f784e0c93284ff602b0c4022f407e4750da03f50b853a9a2c", + "zh:c4a1a2b52abd05687e6cfded4a789dcd7b43e7a746e4d02dd1055370cf9a994d", + "zh:cf65041bf12fc3bde709c1d267dbe94142bc05adcabc4feb17da3b12249132ac", + "zh:e385e00e7425dda9d30b74ab4ffa4636f4b8eb23918c0b763f0ffab84ece0c5c", + ] +} diff --git a/.cloud/terraform/cloud-run.tf b/.cloud/terraform/cloud-run.tf index 5483fd8..2b0412d 100644 --- a/.cloud/terraform/cloud-run.tf +++ b/.cloud/terraform/cloud-run.tf @@ -1,6 +1,6 @@ # Now create our Google Cloud Run service resource "google_cloud_run_service" "default" { - name = "${var.app_prefix}-laravel-app" + name = "${local.server_prefix}-laravel-app" location = var.region template { @@ -31,6 +31,10 @@ resource "google_cloud_run_service" "default" { name = "LOG_CHANNEL" value = "stackdriver" } + env { + name = "GOOGLE_CLOUD" + value = "run" + } # Mail env { diff --git a/.cloud/terraform/cloud-secret-definitions.tf b/.cloud/terraform/cloud-secret-definitions.tf index 0703faf..63e0aaa 100644 --- a/.cloud/terraform/cloud-secret-definitions.tf +++ b/.cloud/terraform/cloud-secret-definitions.tf @@ -11,9 +11,9 @@ resource "google_secret_manager_secret" "app_token" { } } -# MySQL database -resource "google_secret_manager_secret" "cloud_sql_database" { - secret_id = "${var.app_prefix}-cloud-sql-database" +# MySQL settings +resource "google_secret_manager_secret" "cloud_sql" { + secret_id = "${var.app_prefix}-cloud-sql" replication { user_managed { @@ -24,9 +24,9 @@ resource "google_secret_manager_secret" "cloud_sql_database" { } } -# MySQL username -resource "google_secret_manager_secret" "cloud_sql_username" { - secret_id = "${var.app_prefix}-cloud-sql-username" +# Messagebird +resource "google_secret_manager_secret" "messagebird" { + secret_id = "${var.app_prefix}-messagebird" replication { user_managed { @@ -37,74 +37,9 @@ resource "google_secret_manager_secret" "cloud_sql_username" { } } -# MySQL password -resource "google_secret_manager_secret" "cloud_sql_password" { - secret_id = "${var.app_prefix}-cloud-sql-password" - - replication { - user_managed { - replicas { - location = var.region - } - } - } -} - -# Messagebird, access key -resource "google_secret_manager_secret" "messagebird_access_key" { - secret_id = "${var.app_prefix}-messagebird-access-key" - - replication { - user_managed { - replicas { - location = var.region - } - } - } -} - -# Messagebird, origin -resource "google_secret_manager_secret" "messagebird_origin" { - secret_id = "${var.app_prefix}-messagebird-origin" - - replication { - user_managed { - replicas { - location = var.region - } - } - } -} - -# Conscribo, account -resource "google_secret_manager_secret" "conscribo_account" { - secret_id = "conscribo-account" - - replication { - user_managed { - replicas { - location = var.region - } - } - } -} - -# Conscribo, username -resource "google_secret_manager_secret" "conscribo_username" { - secret_id = "conscribo-username" - - replication { - user_managed { - replicas { - location = var.region - } - } - } -} - -# Conscribo, password -resource "google_secret_manager_secret" "conscribo_password" { - secret_id = "conscribo-password" +# Conscribo +resource "google_secret_manager_secret" "conscribo" { + secret_id = "conscribo" replication { user_managed { diff --git a/.cloud/terraform/cloud-secret-values.tf b/.cloud/terraform/cloud-secret-values.tf index ac17a89..dc166f6 100644 --- a/.cloud/terraform/cloud-secret-values.tf +++ b/.cloud/terraform/cloud-secret-values.tf @@ -3,42 +3,17 @@ data "google_secret_manager_secret_version" "app_token" { secret = google_secret_manager_secret.app_token.name } -# MySQL database -data "google_secret_manager_secret_version" "cloud_sql_database" { - secret = google_secret_manager_secret.cloud_sql_database.name +# Cloud SQL +data "google_secret_manager_secret_version" "cloud_sql" { + secret = google_secret_manager_secret.cloud_sql.name } -# MySQL username -data "google_secret_manager_secret_version" "cloud_sql_username" { - secret = google_secret_manager_secret.cloud_sql_username.name +# Messagebird Settings +data "google_secret_manager_secret_version" "messagebird" { + secret = google_secret_manager_secret.messagebird.name } -# MySQL password -data "google_secret_manager_secret_version" "cloud_sql_password" { - secret = google_secret_manager_secret.cloud_sql_password.name -} - -# Messagebird, access key -data "google_secret_manager_secret_version" "messagebird_access_key" { - secret = google_secret_manager_secret.messagebird_access_key.name -} - -# Messagebird, origin -data "google_secret_manager_secret_version" "messagebird_origin" { - secret = google_secret_manager_secret.messagebird_origin.name -} - -# Conscribo, account -data "google_secret_manager_secret_version" "conscribo_account" { - secret = google_secret_manager_secret.conscribo_account.name -} - -# Conscribo, username -data "google_secret_manager_secret_version" "conscribo_username" { - secret = google_secret_manager_secret.conscribo_username.name -} - -# Conscribo, password -data "google_secret_manager_secret_version" "conscribo_password" { - secret = google_secret_manager_secret.conscribo_password.name +# Conscribo Settings +data "google_secret_manager_secret_version" "conscribo" { + secret = google_secret_manager_secret.conscribo.name } diff --git a/.cloud/terraform/cloud-sql.tf b/.cloud/terraform/cloud-sql.tf index ffdd56a..fbbea4a 100644 --- a/.cloud/terraform/cloud-sql.tf +++ b/.cloud/terraform/cloud-sql.tf @@ -1,6 +1,6 @@ # Create a MySQL sever resource "google_sql_database_instance" "db_mysql" { - name = "${var.app_prefix}-mysql" + name = "${local.server_prefix}-mysql" database_version = "MYSQL_8_0" deletion_protection = false diff --git a/.cloud/terraform/cloud-storage.tf b/.cloud/terraform/cloud-storage.tf index e215b47..216ed68 100644 --- a/.cloud/terraform/cloud-storage.tf +++ b/.cloud/terraform/cloud-storage.tf @@ -1,5 +1,5 @@ resource "google_storage_bucket" "site_object_cache" { - name = "${var.app_prefix}-app-storage" + name = "${local.server_prefix}-app-storage" location = var.region force_destroy = true diff --git a/.cloud/terraform/locals.tf b/.cloud/terraform/locals.tf index 9e71ffb..ac70fb4 100644 --- a/.cloud/terraform/locals.tf +++ b/.cloud/terraform/locals.tf @@ -1,18 +1,24 @@ locals { + # Randoms + server_prefix = random_id.server_prefix.hex + # App key app_token = data.google_secret_manager_secret_version.app_token.secret_data # Cloud SQL - cloud_sql_database = data.google_secret_manager_secret_version.cloud_sql_database.secret_data - cloud_sql_username = data.google_secret_manager_secret_version.cloud_sql_username.secret_data - cloud_sql_password = data.google_secret_manager_secret_version.cloud_sql_password.secret_data + cloud_sql_raw = jsondecode(data.google_secret_manager_secret_version.cloud_sql.secret_data) + cloud_sql_database = tostring(try(local.cloud_sql_raw.database, null)) + cloud_sql_username = tostring(try(local.cloud_sql_raw.username, null)) + cloud_sql_password = tostring(try(local.cloud_sql_raw.password, null)) # Messagebird - messagebird_access_key = data.google_secret_manager_secret_version.messagebird_access_key.secret_data - messagebird_origin = data.google_secret_manager_secret_version.messagebird_origin.secret_data + messagebird_raw = jsondecode(data.google_secret_manager_secret_version.messagebird.secret_data) + messagebird_access_key = tostring(try(local.messagebird_raw.access_key, null)) + messagebird_origin = tostring(try(local.messagebird_raw.origin, null)) # Conscribo API - conscribo_account = data.google_secret_manager_secret_version.conscribo_account.secret_data - conscribo_username = data.google_secret_manager_secret_version.conscribo_username.secret_data - conscribo_password = data.google_secret_manager_secret_version.conscribo_password.secret_data + conscribo_raw = jsondecode(data.google_secret_manager_secret_version.conscribo.secret_data) + conscribo_account = tostring(try(local.conscribo_raw.account, null)) + conscribo_username = tostring(try(local.conscribo_raw.username, null)) + conscribo_password = tostring(try(local.conscribo_raw.password, null)) } diff --git a/.cloud/terraform/main.tf b/.cloud/terraform/main.tf index ee39a76..10c48ac 100644 --- a/.cloud/terraform/main.tf +++ b/.cloud/terraform/main.tf @@ -12,6 +12,11 @@ terraform { source = "hashicorp/google" version = "3.52.0" } + + random = { + source = "hashicorp/random" + version = "3.0.1" + } } } diff --git a/.cloud/terraform/random-values.tf b/.cloud/terraform/random-values.tf new file mode 100644 index 0000000..ae2509d --- /dev/null +++ b/.cloud/terraform/random-values.tf @@ -0,0 +1,7 @@ +resource "random_id" "server_prefix" { + keepers = { + app_prefix = var.app_prefix + } + + byte_length = 8 +} diff --git a/.cloud/terraform/terraform.example.tfvars b/.cloud/terraform/terraform.example.tfvars index 1c96f2d..13fd1e2 100644 --- a/.cloud/terraform/terraform.example.tfvars +++ b/.cloud/terraform/terraform.example.tfvars @@ -2,10 +2,5 @@ # Should have the Project:Editor permission credentials_file = "" -# Your SQL login data -cloud_sql_database = "laravel" -cloud_sql_username = "laravel" -cloud_sql_password = "laravel" - # Application name app_prefix = "evoting2021"