From efc11a7f56bed9a3cb0746db5fbf8279d3f6bec2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Thu, 28 Mar 2024 18:07:34 +0100 Subject: [PATCH] chore: iterate --- examples/mysql/README.md | 2 + examples/mysql/main.tf | 35 +++++++++++- examples/postgres/README.md | 12 +++- examples/postgres/main.tf | 2 +- .../mysql-instance/basic/README.md | 42 ++++++++++++++ .../mysql-instance/basic/main.tf | 40 ++++++++++++++ .../mysql-instance/basic/outputs.tf | 3 + .../mysql-instance/basic/providers.tf | 10 ++++ .../basic/terraform.tfvars.example | 29 ++++++++++ .../mysql-instance/basic/variables.tf | 55 +++++++++++++++++++ humanitec-resource-defs/mysql/basic/README.md | 4 +- humanitec-resource-defs/mysql/basic/main.tf | 12 ++-- .../mysql/basic/terraform.tfvars.example | 14 ++--- .../mysql/basic/variables.tf | 14 +---- .../postgres-instance/basic/README.md | 42 ++++++++++++++ .../basic/terraform.tfvars.example | 29 ++++++++++ .../postgres/basic/README.md | 4 +- .../postgres/basic/main.tf | 2 +- .../postgres/basic/terraform.tfvars.example | 14 ++--- .../postgres/workload-identity/README.md | 41 ++++++++++++++ .../postgres/workload-identity/main.tf | 4 +- .../terraform.tfvars.example | 26 +++++++++ modules/cloudsql-instance/basic/README.md | 46 ++++++++++++++++ .../basic/terraform.tfvars.example | 29 ++++++++++ modules/cloudsql/basic/README.md | 7 +-- .../cloudsql/basic/terraform.tfvars.example | 19 ++----- modules/cloudsql/workload-identity/README.md | 53 ++++++++++++++++++ .../terraform.tfvars.example | 22 ++++++++ .../gcp-service-account/workload/README.md | 1 + 29 files changed, 543 insertions(+), 70 deletions(-) create mode 100644 humanitec-resource-defs/mysql-instance/basic/README.md create mode 100644 humanitec-resource-defs/mysql-instance/basic/main.tf create mode 100644 humanitec-resource-defs/mysql-instance/basic/outputs.tf create mode 100644 humanitec-resource-defs/mysql-instance/basic/providers.tf create mode 100644 humanitec-resource-defs/mysql-instance/basic/terraform.tfvars.example create mode 100644 humanitec-resource-defs/mysql-instance/basic/variables.tf create mode 100644 humanitec-resource-defs/postgres-instance/basic/terraform.tfvars.example create mode 100644 humanitec-resource-defs/postgres/workload-identity/terraform.tfvars.example create mode 100644 modules/cloudsql-instance/basic/terraform.tfvars.example create mode 100644 modules/cloudsql/workload-identity/README.md create mode 100644 modules/cloudsql/workload-identity/terraform.tfvars.example diff --git a/examples/mysql/README.md b/examples/mysql/README.md index ce310eb..f26cd5d 100644 --- a/examples/mysql/README.md +++ b/examples/mysql/README.md @@ -63,6 +63,7 @@ graph LR; | Name | Source | Version | |------|--------|---------| | mysql | ../../humanitec-resource-defs/mysql/basic | n/a | +| mysql\_instance | ../../humanitec-resource-defs/mysql-instance/basic | n/a | ## Resources @@ -77,6 +78,7 @@ graph LR; | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | | [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [humanitec_resource_definition_criteria.mysql_instance](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [google_compute_network.network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source | ## Inputs diff --git a/examples/mysql/main.tf b/examples/mysql/main.tf index ac99e12..c07f7bf 100644 --- a/examples/mysql/main.tf +++ b/examples/mysql/main.tf @@ -35,6 +35,14 @@ resource "humanitec_application" "example" { name = var.name } +# MySQL instance + +locals { + # Define the shared mysql-instance resource id and class + mysql_instance_res_id = "main-mysql" + mysql_instance_class = "default" +} + data "google_compute_network" "network" { name = var.private_network } @@ -64,8 +72,8 @@ resource "google_service_networking_connection" "private_vpc_connection" { depends_on = [google_project_service.servicenetworking] } -module "mysql" { - source = "../../humanitec-resource-defs/mysql/basic" +module "mysql_instance" { + source = "../../humanitec-resource-defs/mysql-instance/basic" prefix = var.prefix resource_packs_gcp_rev = var.resource_packs_gcp_rev @@ -82,6 +90,29 @@ module "mysql" { depends_on = [google_service_networking_connection.private_vpc_connection] } +resource "humanitec_resource_definition_criteria" "mysql_instance" { + resource_definition_id = module.mysql.id + app_id = humanitec_application.example.id + class = local.mysql_instance_class + res_id = local.mysql_instance_res_id + force_delete = true +} + + +module "mysql" { + source = "../../humanitec-resource-defs/mysql/basic" + + prefix = var.prefix + resource_packs_gcp_rev = var.resource_packs_gcp_rev + resource_packs_gcp_url = var.resource_packs_gcp_url + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id + project = var.project + region = var.region + + instance_resource = "mysql-instance.${local.mysql_instance_class}#${local.mysql_instance_res_id}" +} + resource "humanitec_resource_definition_criteria" "mysql" { resource_definition_id = module.mysql.id app_id = humanitec_application.example.id diff --git a/examples/postgres/README.md b/examples/postgres/README.md index bf07337..b307193 100644 --- a/examples/postgres/README.md +++ b/examples/postgres/README.md @@ -62,7 +62,12 @@ graph LR; | Name | Source | Version | |------|--------|---------| -| postgres | ../../humanitec-resource-defs/postgres/basic | n/a | +| gcp\_service\_account\_workload | ../../humanitec-resource-defs/gcp-service-account/workload | n/a | +| iam\_role\_binding\_service\_account\_workload\_identity | ../../humanitec-resource-defs/gcp-iam-policy-binding/basic | n/a | +| k8s\_service\_account | ../../humanitec-resource-defs/k8s/service-account | n/a | +| postgres | ../../humanitec-resource-defs/postgres/workload-identity | n/a | +| postgres\_instance | ../../humanitec-resource-defs/postgres-instance/basic | n/a | +| workload | ../../humanitec-resource-defs/workload/service-account | n/a | ## Resources @@ -76,7 +81,12 @@ graph LR; | [google_service_networking_connection.private_vpc_connection](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | | [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | +| [humanitec_resource_definition_criteria.gcp_service_account_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [humanitec_resource_definition_criteria.iam_role_binding_service_account_workload_identity](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [humanitec_resource_definition_criteria.k8s_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [humanitec_resource_definition_criteria.postgres_instance](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [humanitec_resource_definition_criteria.workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [google_compute_network.network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source | ## Inputs diff --git a/examples/postgres/main.tf b/examples/postgres/main.tf index 963ac5c..52d7f56 100644 --- a/examples/postgres/main.tf +++ b/examples/postgres/main.tf @@ -134,7 +134,7 @@ module "iam_role_binding_service_account_workload_identity" { prefix = var.prefix name = "gcp-iam-policy-binding-sa-workload-identity" - type = "storage_account" + type = "service_account" scope_key = "service_account_id" scope_value = "$${resources['postgres.${local.postgres_basic_class}'].outputs.service_account_id}" role = "roles/iam.workloadIdentityUser" diff --git a/humanitec-resource-defs/mysql-instance/basic/README.md b/humanitec-resource-defs/mysql-instance/basic/README.md new file mode 100644 index 0000000..6b37838 --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/README.md @@ -0,0 +1,42 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| humanitec | ~> 1.0 | + +## Providers + +| Name | Version | +|------|---------| +| humanitec | ~> 1.0 | + +## Resources + +| Name | Type | +|------|------| +| [humanitec_resource_definition.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | +| prefix | Prefix for all resources | `string` | n/a | yes | +| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | +| project | n/a | `string` | n/a | yes | +| region | GCP region | `string` | n/a | yes | +| tier | The machine type to use. | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | +| name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | +| resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | +| resource\_packs\_gcp\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + \ No newline at end of file diff --git a/humanitec-resource-defs/mysql-instance/basic/main.tf b/humanitec-resource-defs/mysql-instance/basic/main.tf new file mode 100644 index 0000000..994b9c6 --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/main.tf @@ -0,0 +1,40 @@ +resource "humanitec_resource_definition" "main" { + driver_type = "humanitec/terraform" + id = "${var.prefix}cloudsql-mysql-instance-basic" + name = "${var.prefix}cloudsql-mysql-instance-basic" + type = "mysql-instance" + + driver_account = var.driver_account + driver_inputs = { + values_string = jsonencode({ + source = { + path = "modules/cloudsql-instance/basic" + rev = var.resource_packs_gcp_rev + url = var.resource_packs_gcp_url + } + + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + + variables = { + name = var.name + project = var.project + region = var.region + prefix = var.prefix + app_id = "$${context.app.id}" + env_id = "$${context.env.id}" + res_id = "$${context.res.id}" + + database_version = var.database_version + tier = var.tier + private_network = var.private_network + port = 3306 + } + }) + } +} diff --git a/humanitec-resource-defs/mysql-instance/basic/outputs.tf b/humanitec-resource-defs/mysql-instance/basic/outputs.tf new file mode 100644 index 0000000..28542ec --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = humanitec_resource_definition.main.id +} diff --git a/humanitec-resource-defs/mysql-instance/basic/providers.tf b/humanitec-resource-defs/mysql-instance/basic/providers.tf new file mode 100644 index 0000000..5d76dcf --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/providers.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + humanitec = { + source = "humanitec/humanitec" + version = "~> 1.0" + } + } + + required_version = ">= 1.3.0" +} diff --git a/humanitec-resource-defs/mysql-instance/basic/terraform.tfvars.example b/humanitec-resource-defs/mysql-instance/basic/terraform.tfvars.example new file mode 100644 index 0000000..d45ab4b --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/terraform.tfvars.example @@ -0,0 +1,29 @@ + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The MySQL, PostgreSQL or SQL Server version to use. +database_version = "" + +# The ID of the Resource Account which should be used. +driver_account = "" + +# Resource name (can contain placeholders like ${context.app.id}) +name = "" + +# Prefix for all resources +prefix = "" + +# The VPC network from which the Cloud SQL instance is accessible for private IP. +private_network = "" + +project = "" + +# GCP region +region = "" + +resource_packs_gcp_rev = "ref/heads/main" +resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" + +# The machine type to use. +tier = "" \ No newline at end of file diff --git a/humanitec-resource-defs/mysql-instance/basic/variables.tf b/humanitec-resource-defs/mysql-instance/basic/variables.tf new file mode 100644 index 0000000..84a323c --- /dev/null +++ b/humanitec-resource-defs/mysql-instance/basic/variables.tf @@ -0,0 +1,55 @@ +variable "prefix" { + description = "Prefix for all resources" + type = string +} + +variable "resource_packs_gcp_rev" { + type = string + default = "ref/heads/main" +} + +variable "resource_packs_gcp_url" { + type = string + default = "https://github.com/humanitec-architecture/resource-packs-gcp.git" +} + +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string +} + +variable "project" { + type = string +} + +variable "region" { + description = "GCP region" + type = string +} + +variable "name" { + type = string + description = "Resource name (can contain placeholders like $${context.app.id})" + default = "" +} + +variable "database_version" { + type = string + description = "The MySQL, PostgreSQL or SQL Server version to use." +} + +variable "tier" { + type = string + description = "The machine type to use." +} + +variable "private_network" { + type = string + description = "The VPC network from which the Cloud SQL instance is accessible for private IP." +} diff --git a/humanitec-resource-defs/mysql/basic/README.md b/humanitec-resource-defs/mysql/basic/README.md index 6b37838..250f41f 100644 --- a/humanitec-resource-defs/mysql/basic/README.md +++ b/humanitec-resource-defs/mysql/basic/README.md @@ -22,13 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | | driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | +| instance\_resource | Identifier of the PostgreSQL instance resource. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | -| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | | project | n/a | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | -| tier | The machine type to use. | `string` | n/a | yes | | append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | diff --git a/humanitec-resource-defs/mysql/basic/main.tf b/humanitec-resource-defs/mysql/basic/main.tf index 123bf58..1c949ad 100644 --- a/humanitec-resource-defs/mysql/basic/main.tf +++ b/humanitec-resource-defs/mysql/basic/main.tf @@ -1,7 +1,7 @@ resource "humanitec_resource_definition" "main" { driver_type = "humanitec/terraform" - id = "${var.prefix}cloudsql-mysql" - name = "${var.prefix}cloudsql-mysql" + id = "${var.prefix}cloudsql-mysql-basic" + name = "${var.prefix}cloudsql-mysql-basic" type = "mysql" driver_account = var.driver_account @@ -25,15 +25,13 @@ resource "humanitec_resource_definition" "main" { name = var.name project = var.project region = var.region - prefix = var.prefix app_id = "$${context.app.id}" env_id = "$${context.env.id}" res_id = "$${context.res.id}" - database_version = var.database_version - tier = var.tier - private_network = var.private_network - port = 3306 + host = "$${resources['${var.instance_resource}'].outputs.host}" + port = "$${resources['${var.instance_resource}'].outputs.port}" + instance = "$${resources['${var.instance_resource}'].outputs.instance}" } }) } diff --git a/humanitec-resource-defs/mysql/basic/terraform.tfvars.example b/humanitec-resource-defs/mysql/basic/terraform.tfvars.example index d45ab4b..c8f8fc0 100644 --- a/humanitec-resource-defs/mysql/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/mysql/basic/terraform.tfvars.example @@ -2,28 +2,22 @@ # Append Terraform logs to error messages. append_logs_to_error = false -# The MySQL, PostgreSQL or SQL Server version to use. -database_version = "" - # The ID of the Resource Account which should be used. driver_account = "" +# Identifier of the PostgreSQL instance resource. +instance_resource = "" + # Resource name (can contain placeholders like ${context.app.id}) name = "" # Prefix for all resources prefix = "" -# The VPC network from which the Cloud SQL instance is accessible for private IP. -private_network = "" - project = "" # GCP region region = "" resource_packs_gcp_rev = "ref/heads/main" -resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" - -# The machine type to use. -tier = "" \ No newline at end of file +resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" \ No newline at end of file diff --git a/humanitec-resource-defs/mysql/basic/variables.tf b/humanitec-resource-defs/mysql/basic/variables.tf index 84a323c..a1ae064 100644 --- a/humanitec-resource-defs/mysql/basic/variables.tf +++ b/humanitec-resource-defs/mysql/basic/variables.tf @@ -39,17 +39,7 @@ variable "name" { default = "" } -variable "database_version" { +variable "instance_resource" { + description = "Identifier of the PostgreSQL instance resource." type = string - description = "The MySQL, PostgreSQL or SQL Server version to use." -} - -variable "tier" { - type = string - description = "The machine type to use." -} - -variable "private_network" { - type = string - description = "The VPC network from which the Cloud SQL instance is accessible for private IP." } diff --git a/humanitec-resource-defs/postgres-instance/basic/README.md b/humanitec-resource-defs/postgres-instance/basic/README.md index e69de29..6b37838 100644 --- a/humanitec-resource-defs/postgres-instance/basic/README.md +++ b/humanitec-resource-defs/postgres-instance/basic/README.md @@ -0,0 +1,42 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| humanitec | ~> 1.0 | + +## Providers + +| Name | Version | +|------|---------| +| humanitec | ~> 1.0 | + +## Resources + +| Name | Type | +|------|------| +| [humanitec_resource_definition.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | +| prefix | Prefix for all resources | `string` | n/a | yes | +| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | +| project | n/a | `string` | n/a | yes | +| region | GCP region | `string` | n/a | yes | +| tier | The machine type to use. | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | +| name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | +| resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | +| resource\_packs\_gcp\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + \ No newline at end of file diff --git a/humanitec-resource-defs/postgres-instance/basic/terraform.tfvars.example b/humanitec-resource-defs/postgres-instance/basic/terraform.tfvars.example new file mode 100644 index 0000000..d45ab4b --- /dev/null +++ b/humanitec-resource-defs/postgres-instance/basic/terraform.tfvars.example @@ -0,0 +1,29 @@ + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The MySQL, PostgreSQL or SQL Server version to use. +database_version = "" + +# The ID of the Resource Account which should be used. +driver_account = "" + +# Resource name (can contain placeholders like ${context.app.id}) +name = "" + +# Prefix for all resources +prefix = "" + +# The VPC network from which the Cloud SQL instance is accessible for private IP. +private_network = "" + +project = "" + +# GCP region +region = "" + +resource_packs_gcp_rev = "ref/heads/main" +resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" + +# The machine type to use. +tier = "" \ No newline at end of file diff --git a/humanitec-resource-defs/postgres/basic/README.md b/humanitec-resource-defs/postgres/basic/README.md index 6b37838..250f41f 100644 --- a/humanitec-resource-defs/postgres/basic/README.md +++ b/humanitec-resource-defs/postgres/basic/README.md @@ -22,13 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | | driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | +| instance\_resource | Identifier of the PostgreSQL instance resource. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | -| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | | project | n/a | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | -| tier | The machine type to use. | `string` | n/a | yes | | append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | diff --git a/humanitec-resource-defs/postgres/basic/main.tf b/humanitec-resource-defs/postgres/basic/main.tf index 319bd09..b24795d 100644 --- a/humanitec-resource-defs/postgres/basic/main.tf +++ b/humanitec-resource-defs/postgres/basic/main.tf @@ -30,8 +30,8 @@ resource "humanitec_resource_definition" "main" { res_id = "$${context.res.id}" host = "$${resources['${var.instance_resource}'].outputs.host}" + port = "$${resources['${var.instance_resource}'].outputs.port}" instance = "$${resources['${var.instance_resource}'].outputs.instance}" - port = 5432 } }) } diff --git a/humanitec-resource-defs/postgres/basic/terraform.tfvars.example b/humanitec-resource-defs/postgres/basic/terraform.tfvars.example index d45ab4b..c8f8fc0 100644 --- a/humanitec-resource-defs/postgres/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/postgres/basic/terraform.tfvars.example @@ -2,28 +2,22 @@ # Append Terraform logs to error messages. append_logs_to_error = false -# The MySQL, PostgreSQL or SQL Server version to use. -database_version = "" - # The ID of the Resource Account which should be used. driver_account = "" +# Identifier of the PostgreSQL instance resource. +instance_resource = "" + # Resource name (can contain placeholders like ${context.app.id}) name = "" # Prefix for all resources prefix = "" -# The VPC network from which the Cloud SQL instance is accessible for private IP. -private_network = "" - project = "" # GCP region region = "" resource_packs_gcp_rev = "ref/heads/main" -resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" - -# The machine type to use. -tier = "" \ No newline at end of file +resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" \ No newline at end of file diff --git a/humanitec-resource-defs/postgres/workload-identity/README.md b/humanitec-resource-defs/postgres/workload-identity/README.md index e69de29..71dfe9d 100644 --- a/humanitec-resource-defs/postgres/workload-identity/README.md +++ b/humanitec-resource-defs/postgres/workload-identity/README.md @@ -0,0 +1,41 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| humanitec | ~> 1.0 | + +## Providers + +| Name | Version | +|------|---------| +| humanitec | ~> 1.0 | + +## Resources + +| Name | Type | +|------|------| +| [humanitec_resource_definition.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | +| instance\_resource | Identifier of the PostgreSQL instance resource. | `string` | n/a | yes | +| policy\_resource\_class | The class of the gcp-iam-policy-binding resource to be co-provisioned. | `string` | n/a | yes | +| prefix | Prefix for all resources | `string` | n/a | yes | +| project | n/a | `string` | n/a | yes | +| region | GCP region | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | +| name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | +| resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | +| resource\_packs\_gcp\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + \ No newline at end of file diff --git a/humanitec-resource-defs/postgres/workload-identity/main.tf b/humanitec-resource-defs/postgres/workload-identity/main.tf index 79594b3..7e2f94f 100644 --- a/humanitec-resource-defs/postgres/workload-identity/main.tf +++ b/humanitec-resource-defs/postgres/workload-identity/main.tf @@ -31,8 +31,8 @@ resource "humanitec_resource_definition" "main" { host = "$${resources['${var.instance_resource}'].outputs.host}" instance = "$${resources['${var.instance_resource}'].outputs.instance}" - instance_connection_name = "$${resources['${var.instance_resource}'].outputs.instance_connection_name}" - port = 5432 + instance_connection_name = "$${resources['${var.instance_resource}'].outputs.connection_name}" + port = "$${resources['${var.instance_resource}'].outputs.port}" } manifests_output = "manifests" diff --git a/humanitec-resource-defs/postgres/workload-identity/terraform.tfvars.example b/humanitec-resource-defs/postgres/workload-identity/terraform.tfvars.example new file mode 100644 index 0000000..1b8498c --- /dev/null +++ b/humanitec-resource-defs/postgres/workload-identity/terraform.tfvars.example @@ -0,0 +1,26 @@ + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" + +# Identifier of the PostgreSQL instance resource. +instance_resource = "" + +# Resource name (can contain placeholders like ${context.app.id}) +name = "" + +# The class of the gcp-iam-policy-binding resource to be co-provisioned. +policy_resource_class = "" + +# Prefix for all resources +prefix = "" + +project = "" + +# GCP region +region = "" + +resource_packs_gcp_rev = "ref/heads/main" +resource_packs_gcp_url = "https://github.com/humanitec-architecture/resource-packs-gcp.git" \ No newline at end of file diff --git a/modules/cloudsql-instance/basic/README.md b/modules/cloudsql-instance/basic/README.md index e69de29..e25bbb6 100644 --- a/modules/cloudsql-instance/basic/README.md +++ b/modules/cloudsql-instance/basic/README.md @@ -0,0 +1,46 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| google | ~> 5.17 | +| random | ~> 3.5 | + +## Providers + +| Name | Version | +|------|---------| +| google | ~> 5.17 | + +## Resources + +| Name | Type | +|------|------| +| [google_sql_database_instance.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| app\_id | n/a | `string` | n/a | yes | +| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | +| env\_id | n/a | `string` | n/a | yes | +| port | The port for the database (needs to match the database type) | `number` | n/a | yes | +| prefix | Prefix for all resources | `string` | n/a | yes | +| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | +| project | GCP project ID | `string` | n/a | yes | +| region | GCP region | `string` | n/a | yes | +| res\_id | n/a | `string` | n/a | yes | +| tier | The machine type to use. | `string` | n/a | yes | +| name | Resource name | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| connection\_name | The connection name that the workload should use to connect to the database. | +| host | The IP address the instance is available on. | +| instance | The name of the instance that the workload should connect to. | +| port | The port on the host that the instance is available on. | + \ No newline at end of file diff --git a/modules/cloudsql-instance/basic/terraform.tfvars.example b/modules/cloudsql-instance/basic/terraform.tfvars.example new file mode 100644 index 0000000..7af62e1 --- /dev/null +++ b/modules/cloudsql-instance/basic/terraform.tfvars.example @@ -0,0 +1,29 @@ +app_id = "" + +# The MySQL, PostgreSQL or SQL Server version to use. +database_version = "" + +env_id = "" + +# Resource name +name = "" + +# The port for the database (needs to match the database type) +port = "" + +# Prefix for all resources +prefix = "" + +# The VPC network from which the Cloud SQL instance is accessible for private IP. +private_network = "" + +# GCP project ID +project = "" + +# GCP region +region = "" + +res_id = "" + +# The machine type to use. +tier = "" \ No newline at end of file diff --git a/modules/cloudsql/basic/README.md b/modules/cloudsql/basic/README.md index 1abb2fc..c0db684 100644 --- a/modules/cloudsql/basic/README.md +++ b/modules/cloudsql/basic/README.md @@ -19,7 +19,6 @@ | Name | Type | |------|------| | [google_sql_database.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database) | resource | -| [google_sql_database_instance.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance) | resource | | [google_sql_user.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource | | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | @@ -28,15 +27,13 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | app\_id | n/a | `string` | n/a | yes | -| database\_version | The MySQL, PostgreSQL or SQL Server version to use. | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | +| host | The host of the Cloud SQL instance. | `string` | n/a | yes | +| instance | The name of the Cloud SQL instance. | `string` | n/a | yes | | port | The port for the database (needs to match the database type) | `number` | n/a | yes | -| prefix | Prefix for all resources | `string` | n/a | yes | -| private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| tier | The machine type to use. | `string` | n/a | yes | | name | Resource name | `string` | `""` | no | ## Outputs diff --git a/modules/cloudsql/basic/terraform.tfvars.example b/modules/cloudsql/basic/terraform.tfvars.example index 7af62e1..62db492 100644 --- a/modules/cloudsql/basic/terraform.tfvars.example +++ b/modules/cloudsql/basic/terraform.tfvars.example @@ -1,9 +1,11 @@ app_id = "" +env_id = "" -# The MySQL, PostgreSQL or SQL Server version to use. -database_version = "" +# The host of the Cloud SQL instance. +host = "" -env_id = "" +# The name of the Cloud SQL instance. +instance = "" # Resource name name = "" @@ -11,19 +13,10 @@ name = "" # The port for the database (needs to match the database type) port = "" -# Prefix for all resources -prefix = "" - -# The VPC network from which the Cloud SQL instance is accessible for private IP. -private_network = "" - # GCP project ID project = "" # GCP region region = "" -res_id = "" - -# The machine type to use. -tier = "" \ No newline at end of file +res_id = "" \ No newline at end of file diff --git a/modules/cloudsql/workload-identity/README.md b/modules/cloudsql/workload-identity/README.md new file mode 100644 index 0000000..05995b5 --- /dev/null +++ b/modules/cloudsql/workload-identity/README.md @@ -0,0 +1,53 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| google | ~> 5.17 | +| random | ~> 3.5 | + +## Providers + +| Name | Version | +|------|---------| +| google | ~> 5.17 | +| random | ~> 3.5 | + +## Resources + +| Name | Type | +|------|------| +| [google_project_iam_member.role](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_service_account.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_sql_database.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database) | resource | +| [google_sql_user.iam_service_account_user](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource | +| [random_integer.proxy_port](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource | +| [random_string.service_account_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| app\_id | n/a | `string` | n/a | yes | +| env\_id | n/a | `string` | n/a | yes | +| instance | The name of the Cloud SQL instance. | `string` | n/a | yes | +| instance\_connection\_name | The connection name of the Cloud SQL instance. | `string` | n/a | yes | +| port | The port for the database (needs to match the database type) | `number` | n/a | yes | +| project | GCP project ID | `string` | n/a | yes | +| region | GCP region | `string` | n/a | yes | +| res\_id | n/a | `string` | n/a | yes | +| name | Resource name | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| host | The IP address the instance is available on. | +| manifests | The Kubernetes manifests that should be applied to the cluster to connect to the database. | +| name | The name of the database that the workload should connect to. | +| password | The password for the user. | +| port | The port on the host that the instance is available on. | +| service\_account\_id | Name of the service account that the workload should use to connect to the database. | +| username | The user that the workload should use to connect to the database. | + \ No newline at end of file diff --git a/modules/cloudsql/workload-identity/terraform.tfvars.example b/modules/cloudsql/workload-identity/terraform.tfvars.example new file mode 100644 index 0000000..5e6bd5f --- /dev/null +++ b/modules/cloudsql/workload-identity/terraform.tfvars.example @@ -0,0 +1,22 @@ +app_id = "" +env_id = "" + +# The name of the Cloud SQL instance. +instance = "" + +# The connection name of the Cloud SQL instance. +instance_connection_name = "" + +# Resource name +name = "" + +# The port for the database (needs to match the database type) +port = "" + +# GCP project ID +project = "" + +# GCP region +region = "" + +res_id = "" \ No newline at end of file diff --git a/modules/gcp-service-account/workload/README.md b/modules/gcp-service-account/workload/README.md index ecd5c67..7891ede 100644 --- a/modules/gcp-service-account/workload/README.md +++ b/modules/gcp-service-account/workload/README.md @@ -20,6 +20,7 @@ | [google_pubsub_subscription_iam_member.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription_iam_member) | resource | | [google_pubsub_topic_iam_member.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic_iam_member) | resource | | [google_service_account.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_iam_member.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_member) | resource | | [google_service_account_iam_member.workload_identity_k8s_service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_member) | resource | | [google_storage_bucket_iam_member.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |