Skip to content

Commit

Permalink
address some comments + add secret example
Browse files Browse the repository at this point in the history
  • Loading branch information
@shuyama1
shuyama1 committed Nov 29, 2022
1 parent 30cd2b2 commit 77f8870
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 5 deletions.
8 changes: 3 additions & 5 deletions mmv1/products/cloudrunv2/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,9 +225,7 @@ objects:
name: "limits"
description: |-
Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
# API always returns `false` for Job,
# discuss with the service team to fail validation if `true` is specified
# omit the field until it's unblocked
# omit the field, blocked by b/260599405
# - !ruby/object:Api::Type::Boolean
# name: "cpuIdle"
# description: |-
Expand Down Expand Up @@ -457,7 +455,7 @@ objects:
name: "mode"
required: true
description: |-
nteger octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.
Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.
- !ruby/object:Api::Type::NestedObject
name: "cloudSqlInstance"
description: |-
Expand Down Expand Up @@ -578,7 +576,7 @@ objects:
description: |-
type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready.
- !ruby/object:Api::Type::String
name: "status"
name: "state"
output: true
description: |-
State of the condition.
Expand Down
7 changes: 7 additions & 0 deletions mmv1/products/cloudrunv2/terraform.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,13 @@ overrides: !ruby/object:Overrides::ResourceOverrides
primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
vars:
cloud_run_job_name: "cloudrun-job"
- !ruby/object:Provider::Terraform::Examples
name: "cloudrunv2_job_secret"
primary_resource_id: "default"
primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
vars:
cloud_run_job_name: "cloudrun-job"
secret_id: "secret"
properties:
name: !ruby/object:Overrides::Terraform::PropertyOverride
diff_suppress_func: 'compareSelfLinkOrResourceName'
Expand Down
51 changes: 51 additions & 0 deletions mmv1/templates/terraform/examples/cloudrunv2_job_secret.tf.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
resource "google_cloud_run_v2_job" "<%= ctx[:primary_resource_id] %>" {
name = "<%= ctx[:vars]['cloud_run_job_name'] %>"
location = "us-central1"
launch_stage = "BETA"

template {
template {
volumes {
name = "a-volume"
secret {
secret = google_secret_manager_secret.secret.secret_id
default_mode = 292 # 0444
items {
version = "1"
path = "my-secret"
mode = 256 # 0400
}
}
}
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
volume_mounts {
name = "a-volume"
mount_path = "/secrets"
}
}
}
}
}

data "google_project" "project" {
}

resource "google_secret_manager_secret" "secret" {
secret_id = "<%= ctx[:vars]['secret_id'] %>"
replication {
automatic = true
}
}

resource "google_secret_manager_secret_version" "secret-version-data" {
secret = google_secret_manager_secret.secret.name
secret_data = "secret-data"
}

resource "google_secret_manager_secret_iam_member" "secret-access" {
secret_id = google_secret_manager_secret.secret.id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
depends_on = [google_secret_manager_secret.secret]
}

0 comments on commit 77f8870

Please sign in to comment.