Bumps harness to 0.9

GoogleCloudPlatform · Jul 11, 2023 · 60f1054 · 60f1054
1 parent 7c67e53
commit 60f1054
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 42 deletions.
diff --git a/examples/secure_cloud_function_bigquery_trigger/main.tf b/examples/secure_cloud_function_bigquery_trigger/main.tf
@@ -61,22 +61,17 @@ module "secure_harness" {
     "prj-secure-cloud-function" = ["roles/eventarc.eventReceiver", "roles/viewer", "roles/compute.networkViewer", "roles/run.invoker"]
   }
 
-  network_project_extra_apis = ["networksecurity.googleapis.com"]
+  network_project_extra_apis = [
+    "networksecurity.googleapis.com",
+    "networkservices.googleapis.com",
+    "certificatemanager.googleapis.com"
+  ]
 
   serverless_project_extra_apis = {
     "prj-secure-cloud-function" = ["networksecurity.googleapis.com"]
   }
 }
 
-resource "google_project_service" "network_project_apis" {
-  for_each           = toset(["networkservices.googleapis.com", "certificatemanager.googleapis.com"])
-  project            = module.secure_harness.network_project_id[0]
-  service            = each.value
-  disable_on_destroy = false
-
-  depends_on = [module.secure_harness]
-}
-
 data "archive_file" "cf_bigquery_source" {
   type        = "zip"
   source_dir  = "${path.module}/functions/bq-to-cf/"
@@ -185,8 +180,7 @@ resource "null_resource" "generate_certificate" {
   }
 
   depends_on = [
-    module.secure_harness,
-    google_project_service.network_project_apis
+    module.secure_harness
   ]
 }
 

diff --git a/examples/secure_cloud_function_internal_server/main.tf b/examples/secure_cloud_function_internal_server/main.tf
@@ -29,7 +29,7 @@ resource "random_id" "random_folder_suffix" {
 
 module "secure_harness" {
   source  = "GoogleCloudPlatform/cloud-run/google//modules/secure-serverless-harness"
-  version = "~> 0.8"
+  version = "~> 0.9"
 
   billing_account                             = var.billing_account
   security_project_name                       = "prj-security"
@@ -52,7 +52,6 @@ module "secure_harness" {
   artifact_registry_repository_name           = local.repository_name
   egress_policies                             = var.egress_policies
   ingress_policies                            = var.ingress_policies
-  serverless_type                             = "CLOUD_FUNCTION"
   use_shared_vpc                              = true
   time_to_wait_vpc_sc_propagation             = "660s"
 
@@ -66,7 +65,9 @@ module "secure_harness" {
   }
 
   network_project_extra_apis = [
-    "networksecurity.googleapis.com"
+    "networksecurity.googleapis.com",
+    "networkservices.googleapis.com",
+    "certificatemanager.googleapis.com"
   ]
 
   serverless_project_extra_apis = {
@@ -76,15 +77,6 @@ module "secure_harness" {
   }
 }
 
-resource "google_project_service" "network_project_apis" {
-  for_each           = toset(["networkservices.googleapis.com", "certificatemanager.googleapis.com"])
-  project            = module.secure_harness.network_project_id[0]
-  service            = each.value
-  disable_on_destroy = false
-
-  depends_on = [module.secure_harness]
-}
-
 data "archive_file" "cf-internal-server-source" {
   type        = "zip"
   source_dir  = "${path.module}/function"
@@ -130,8 +122,7 @@ resource "null_resource" "generate_certificate" {
   }
 
   depends_on = [
-    module.secure_harness,
-    google_project_service.network_project_apis
+    module.secure_harness
   ]
 }
 

diff --git a/examples/secure_cloud_function_with_sql/main.tf b/examples/secure_cloud_function_with_sql/main.tf
@@ -34,7 +34,7 @@ resource "random_id" "random_folder_suffix" {
 
 module "secure_harness" {
   source  = "GoogleCloudPlatform/cloud-run/google//modules/secure-serverless-harness"
-  version = "~> 0.8"
+  version = "~> 0.9"
 
   billing_account                             = var.billing_account
   security_project_name                       = "prj-security"
@@ -57,11 +57,10 @@ module "secure_harness" {
   artifact_registry_repository_name           = local.repository_name
   egress_policies                             = var.egress_policies
   ingress_policies                            = var.ingress_policies
-  serverless_type                             = "CLOUD_FUNCTION"
   use_shared_vpc                              = true
   time_to_wait_vpc_sc_propagation             = "600s"
 
-  network_project_extra_apis = ["networksecurity.googleapis.com"]
+  network_project_extra_apis = ["networksecurity.googleapis.com", "networkservices.googleapis.com", "certificatemanager.googleapis.com"]
 
   security_project_extra_apis = ["secretmanager.googleapis.com"]
 
@@ -76,15 +75,6 @@ module "secure_harness" {
   }
 }
 
-resource "google_project_service" "network_project_apis" {
-  for_each           = toset(["networkservices.googleapis.com", "certificatemanager.googleapis.com"])
-  project            = module.secure_harness.network_project_id[0]
-  service            = each.value
-  disable_on_destroy = false
-
-  depends_on = [module.secure_harness]
-}
-
 resource "google_project_service_identity" "pubsub_sa" {
   provider = google-beta
 
@@ -160,8 +150,7 @@ resource "null_resource" "generate_certificate" {
   }
 
   depends_on = [
-    module.secure_harness,
-    google_project_service.network_project_apis
+    module.secure_harness
   ]
 }
 

diff --git a/modules/secure-cloud-function/main.tf b/modules/secure-cloud-function/main.tf
@@ -17,11 +17,11 @@
 
 module "cloud_serverless_network" {
   source  = "GoogleCloudPlatform/cloud-run/google//modules/secure-serverless-net"
-  version = "~> 0.8"
+  version = "~> 0.9"
 
   connector_name            = var.connector_name
   subnet_name               = var.subnet_name
-  serverless_type           = "CLOUD_FUNCTION"
+  enable_load_balancer_fw   = false
   location                  = var.location
   vpc_project_id            = var.vpc_project_id
   serverless_project_id     = var.serverless_project_id