Cloudrun v2 service (GoogleCloudPlatform#6850)

hao-nan-li · Dec 6, 2022 · f167928 · f167928
1 parent fbfb40c
commit f167928
Show file tree

Hide file tree

Showing 8 changed files with 1,381 additions and 1 deletion.
diff --git a/mmv1/products/cloudrunv2/api.yaml b/mmv1/products/cloudrunv2/api.yaml
diff --git a/mmv1/products/cloudrunv2/terraform.yaml b/mmv1/products/cloudrunv2/terraform.yaml
@@ -87,4 +87,83 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       template.template.containers.startupProbe: !ruby/object:Overrides::Terraform::PropertyOverride
         default_from_api: true
       template.template.containers.startupProbe.tcpSocket.port: !ruby/object:Overrides::Terraform::PropertyOverride
-        default_from_api: true
+        default_from_api: true
+  Service:  !ruby/object:Overrides::Terraform::ResourceOverride
+    id_format: 'projects/{{project}}/locations/{{location}}/services/{{name}}'
+    import_format: ["projects/{{project}}/locations/{{location}}/services/{{name}}"]
+    autogen_async: true
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "cloudrunv2_service_basic"
+        primary_resource_id: "default"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
+        vars:
+          cloud_run_service_name: "cloudrun-service"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "cloudrunv2_service_sql"
+        primary_resource_id: "default"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
+        vars:
+          cloud_run_service_name: "cloudrun-service"
+          secret_id: "secret-1"
+          cloud_run_sql_name: "cloudrun-sql"
+          deletion_protection: "true"
+        test_vars_overrides:
+          deletion_protection: "false"
+        oics_vars_overrides:
+          deletion_protection: "false"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "cloudrunv2_service_vpcaccess"
+        primary_resource_id: "default"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
+        vars:
+          cloud_run_service_name: "cloudrun-service"
+          vpc_access_connector_name: "run-vpc"
+          vpc_compute_subnetwork_name: "run-subnetwork"
+          compute_network_name: "run-network"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "cloudrunv2_service_probes"
+        primary_resource_id: "default"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
+        vars:
+          cloud_run_service_name: "cloudrun-service"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "cloudrunv2_service_secret"
+        primary_resource_id: "default"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-srv%s\", context[\"random_suffix\"])"
+        vars:
+          cloud_run_service_name: "cloudrun-service"
+          secret_id: "secret-1"
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        diff_suppress_func: 'compareSelfLinkOrResourceName'
+        custom_expand: templates/terraform/custom_expand/resource_from_self_link.go.erb
+        custom_flatten: templates/terraform/custom_flatten/name_from_self_link.erb
+      launchStage: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      ingress: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.maxInstanceRequestConcurrency: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.serviceAccount: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.timeout: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.ports: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.ports.name: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.resources: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.resources.limits: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.startupProbe: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.containers.startupProbe.tcpSocket.port: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      template.scaling: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      traffic: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
+      traffic.percent: !ruby/object:Overrides::Terraform::PropertyOverride
+        default_from_api: true
diff --git a/mmv1/templates/terraform/examples/cloudrunv2_service_basic.tf.erb b/mmv1/templates/terraform/examples/cloudrunv2_service_basic.tf.erb
@@ -0,0 +1,15 @@
+resource "google_cloud_run_v2_service" "<%= ctx[:primary_resource_id] %>" {
+  name     = "<%= ctx[:vars]['cloud_run_service_name'] %>"
+  location = "us-central1"
+  ingress = "INGRESS_TRAFFIC_ALL"
+
+  binary_authorization {
+    use_default = true
+    breakglass_justification = "Some justification"
+  }
+  template {
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+    }
+  }
+}
diff --git a/mmv1/templates/terraform/examples/cloudrunv2_service_probes.tf.erb b/mmv1/templates/terraform/examples/cloudrunv2_service_probes.tf.erb
@@ -0,0 +1,24 @@
+resource "google_cloud_run_v2_service" "<%= ctx[:primary_resource_id] %>" {
+  name     = "<%= ctx[:vars]['cloud_run_service_name'] %>"
+  location = "us-central1"
+
+  template {
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+      startup_probe {
+        initial_delay_seconds = 0
+        timeout_seconds = 1
+        period_seconds = 3
+        failure_threshold = 1
+        tcp_socket {
+          port = 8080
+        }
+      }
+      liveness_probe {
+        http_get {
+          path = "/"
+        }
+      }
+    }
+  }
+}
diff --git a/mmv1/templates/terraform/examples/cloudrunv2_service_secret.tf.erb b/mmv1/templates/terraform/examples/cloudrunv2_service_secret.tf.erb
@@ -0,0 +1,50 @@
+resource "google_cloud_run_v2_service" "<%= ctx[:primary_resource_id] %>" {
+  name     = "<%= ctx[:vars]['cloud_run_service_name'] %>"
+  location = "us-central1"
+  ingress = "INGRESS_TRAFFIC_ALL"
+
+  template {
+    volumes {
+      name = "a-volume"
+      secret {
+        secret = google_secret_manager_secret.secret.secret_id
+        default_mode = 292 # 0444
+        items {
+          version = "1"
+          path = "my-secret"
+          mode = 256 # 0400
+        }
+      }
+    }
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+      volume_mounts {
+        name = "a-volume"
+        mount_path = "/secrets"
+      }
+    }
+  }
+  depends_on = [google_secret_manager_secret_version.secret-version-data]
+}
+
+data "google_project" "project" {
+}
+
+resource "google_secret_manager_secret" "secret" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    automatic = true
+  }
+}
+
+resource "google_secret_manager_secret_version" "secret-version-data" {
+  secret = google_secret_manager_secret.secret.name
+  secret_data = "secret-data"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.secret.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
+  depends_on = [google_secret_manager_secret.secret]
+}
diff --git a/mmv1/templates/terraform/examples/cloudrunv2_service_sql.tf.erb b/mmv1/templates/terraform/examples/cloudrunv2_service_sql.tf.erb
@@ -0,0 +1,79 @@
+resource "google_cloud_run_v2_service" "<%= ctx[:primary_resource_id] %>" {
+  name     = "<%= ctx[:vars]['cloud_run_service_name'] %>"
+  location = "us-central1"
+  ingress = "INGRESS_TRAFFIC_ALL"
+
+  template {
+    scaling {
+      max_instance_count = 2
+    }
+
+    volumes {
+      name = "cloudsql"
+      cloud_sql_instance {
+        instances = [google_sql_database_instance.instance.connection_name]
+      }
+    }
+
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+
+      env {
+        name = "FOO"
+        value = "bar"
+      }
+      env {
+        name = "SECRET_ENV_VAR"
+        value_source {
+          secret_key_ref {
+            secret = google_secret_manager_secret.secret.secret_id
+            version = "1"
+          }
+        }
+      }
+      volume_mounts {
+        name = "cloudsql"
+        mount_path = "/cloudsql"
+      }
+    }
+  }
+
+  traffic {
+    type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+    percent = 100
+  }
+  depends_on = [google_secret_manager_secret_version.secret-version-data]
+}
+
+data "google_project" "project" {
+}
+
+resource "google_secret_manager_secret" "secret" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    automatic = true
+  }
+}
+
+resource "google_secret_manager_secret_version" "secret-version-data" {
+  secret = google_secret_manager_secret.secret.name
+  secret_data = "secret-data"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.secret.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
+  depends_on = [google_secret_manager_secret.secret]
+}
+
+resource "google_sql_database_instance" "instance" {
+  name             = "<%= ctx[:vars]['cloud_run_sql_name'] %>"
+  region           = "us-central1"
+  database_version = "MYSQL_5_7"
+  settings {
+    tier = "db-f1-micro"
+  }
+
+  deletion_protection  = "<%= ctx[:vars]['deletion_protection'] %>"
+}
diff --git a/mmv1/templates/terraform/examples/cloudrunv2_service_vpcaccess.tf.erb b/mmv1/templates/terraform/examples/cloudrunv2_service_vpcaccess.tf.erb
@@ -0,0 +1,35 @@
+resource "google_cloud_run_v2_service" "<%= ctx[:primary_resource_id] %>" {
+  name     = "<%= ctx[:vars]['cloud_run_service_name'] %>"
+  location = "us-central1"
+
+  template {
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+    }
+    vpc_access{
+      connector = google_vpc_access_connector.connector.id
+      egress = "ALL_TRAFFIC"
+    }
+  }
+}
+
+resource "google_vpc_access_connector" "connector" {
+  name          = "<%= ctx[:vars]['vpc_access_connector_name'] %>"
+  subnet {
+    name = google_compute_subnetwork.custom_test.name
+  }
+  machine_type = "e2-standard-4"
+  min_instances = 2
+  max_instances = 3
+  region        = "us-central1"
+}
+resource "google_compute_subnetwork" "custom_test" {
+  name          = "<%= ctx[:vars]['vpc_compute_subnetwork_name'] %>"
+  ip_cidr_range = "10.2.0.0/28"
+  region        = "us-central1"
+  network       = google_compute_network.custom_test.id
+}
+resource "google_compute_network" "custom_test" {
+  name                    = "<%= ctx[:vars]['compute_network_name'] %>"
+  auto_create_subnetworks = false
+}