feat(terraform): automate firestore setup (#163)

* feat(terraform): automate firestore setup * terraform: add provider to service enablement and correct project designation for app * terraform-style: Apply suggestions from code review Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * docs: add instructions on running terraform * derive firestore location from Cloud Run region * Update standard project assignment Co-authored-by: Dina Graves Portman <dinagraves@google.com> * Improve comment on app engine location limitations Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Dina Graves Portman <dinagraves@google.com>
GoogleCloudPlatform · Sep 15, 2021 · 748db4f · 748db4f
1 parent 92330f4
commit 748db4f
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -63,3 +63,30 @@ The following automated checks are run against every Pull Request:
 If no Google Cloud resources are needed, use [GitHub Actions](https://docs.github.com/en/actions) to drive automation.
 
 Based on the philosophy [Positive & Helpful Feedback](#positive-helpful-feedback), where it's possible to [make suggestions to a Pull Request](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) to help it conform with a check, do that in addition to any required failures. [googleapis/code-suggester](https://github.com/googleapis/code-suggester) is a good example of a tool that minimizes contributor toil.
+
+## Running Tests
+
+### Terraform
+
+Run terraform and manually verify the intended configuration change.
+
+1. Retrieve a billing account. To use gcloud to retrieve the billing account for another project:
+
+    ```sh
+    basename $(gcloud alpha billing projects describe [PROJECT] \
+      --format 'value(billingAccountName)')
+    ```
+
+1. Authenticate Terraform with credentials that can create projects. This approach assumes your user account can create projects. **Warning: This grants terraform your user access to manage all Cloud resources. Use for learning purposes only.**
+
+   ```sh
+   gcloud auth application-default login
+   ```
+
+1. Run terraform apply:
+
+   ```sh
+   terraform apply \
+     -var billing_account=[BILLING ACCOUNT] \
+     -var suffix=[USER NAME]
+   ```
diff --git a/terraform/prod.tf b/terraform/prod.tf
@@ -32,6 +32,11 @@ resource "google_project_service" "prod_cloudbuild_api" {
   service  = "cloudbuild.googleapis.com"
 }
 
+resource "google_project_service" "prod_firestore_api" {
+  provider = google.prod
+  service  = "firestore.googleapis.com"
+}
+
 resource "google_project_service" "prod_run_api" {
   provider = google.prod
   service  = "run.googleapis.com"
@@ -57,3 +62,23 @@ resource "google_project_iam_member" "prod_cloudbuild_run_admin_iam" {
   depends_on = [google_project_service.prod_cloudbuild_api]
 }
 
+# Set up Firestore in Native Mode
+# https://firebase.google.com/docs/firestore/solutions/automate-database-create#create_a_database_with_terraform
+resource "google_project_service" "prod_appengine_api" {
+  provider = google.prod
+  service  = "appengine.googleapis.com"
+}
+
+resource "google_app_engine_application" "prod_app" {
+  project = google_project.prod_project.project_id
+  # Standard region names (e.g., for Cloud Run) are not valid for App Engine.
+  # App Engine locations do not use the numeric suffix. Strip that to colocate
+  # the Firestore instance with Cloud Run. (us-central1 => us-central)
+  # https://cloud.google.com/appengine/docs/locations
+  # https://www.terraform.io/docs/language/functions/regex.html
+  location_id   = replace(trimspace(var.google_region), "/\\d+$/", "")
+  database_type = "CLOUD_FIRESTORE"
+  depends_on = [
+    google_project_service.prod_appengine_api,
+  ]
+}
diff --git a/terraform/stage.tf b/terraform/stage.tf
@@ -32,6 +32,11 @@ resource "google_project_service" "stage_cloudbuild_api" {
   service  = "cloudbuild.googleapis.com"
 }
 
+resource "google_project_service" "stage_firestore_api" {
+  provider = google.stage
+  service  = "firestore.googleapis.com"
+}
+
 resource "google_project_service" "stage_run_api" {
   provider = google.stage
   service  = "run.googleapis.com"
@@ -57,3 +62,23 @@ resource "google_project_iam_member" "stage_cloudbuild_run_admin_iam" {
   depends_on = [google_project_service.stage_cloudbuild_api]
 }
 
+# Set up Firestore in Native Mode
+# https://firebase.google.com/docs/firestore/solutions/automate-database-create#create_a_database_with_terraform
+resource "google_project_service" "stage_appengine_api" {
+  provider = google.stage
+  service  = "appengine.googleapis.com"
+}
+
+resource "google_app_engine_application" "stage_app" {
+  project = google_project.stage_project.project_id
+  # Standard region names (e.g., for Cloud Run) are not valid for App Engine.
+  # App Engine locations do not use the numeric suffix. Strip that to colocate
+  # the Firestore instance with Cloud Run. (us-central1 => us-central)
+  # https://cloud.google.com/appengine/docs/locations
+  # https://www.terraform.io/docs/language/functions/regex.html
+  location_id   = replace(trimspace(var.google_region), "/\\d+$/", "")
+  database_type = "CLOUD_FIRESTORE"
+  depends_on = [
+    google_project_service.prod_appengine_api,
+  ]
+}