From 8f96f05372023111ab5a6997dc26f87ccd1a48e9 Mon Sep 17 00:00:00 2001 From: August Dahl Date: Tue, 8 Oct 2024 08:52:53 +0200 Subject: [PATCH 1/2] Legg inn ny service account --- terraform/modules/cloud_function/function.tf | 59 +++++++++++--------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/terraform/modules/cloud_function/function.tf b/terraform/modules/cloud_function/function.tf index e093e4b..bd8ad84 100644 --- a/terraform/modules/cloud_function/function.tf +++ b/terraform/modules/cloud_function/function.tf @@ -1,25 +1,26 @@ -data "archive_file" "this" { +# Compress the function source code into a ZIP file +data "archive_file" "function_zip" { type = "zip" output_path = "${path.module}/lambda-files.zip" source_dir = var.function_folder_location excludes = var.excludes } -resource "google_storage_bucket_object" "this" { - name = "${var.name}.${data.archive_file.this.output_sha}.zip" +# Upload the ZIP file to a GCS bucket +resource "google_storage_bucket_object" "function_zip" { + name = "${var.name}-${data.archive_file.function_zip.output_sha}.zip" bucket = var.bucket_id - source = data.archive_file.this.output_path + source = data.archive_file.function_zip.output_path } -resource "google_cloudfunctions2_function" "this" { +# Define the Cloud Function resource +resource "google_cloudfunctions2_function" "cloud_function" { name = var.name location = var.location description = var.description project = var.project labels = var.labels - lifecycle { ignore_changes = [build_config[0].source[0].storage_source[0].generation, build_config[0].docker_repository] } - build_config { runtime = var.runtime entry_point = var.entry_point @@ -27,49 +28,49 @@ resource "google_cloudfunctions2_function" "this" { source { storage_source { bucket = var.bucket_id - object = google_storage_bucket_object.this.name + object = google_storage_bucket_object.function_zip.name } } } service_config { - available_memory = var.available_memory - min_instance_count = var.min_instance_count - max_instance_count = var.max_instance_count - timeout_seconds = var.timeout_seconds - environment_variables = var.environment_variables - ingress_settings = var.ingress_settings - all_traffic_on_latest_revision = var.all_traffic_on_latest_revision - service_account_email = var.service_account_email + available_memory = var.available_memory + min_instance_count = var.min_instance_count + max_instance_count = var.max_instance_count + timeout_seconds = var.timeout_seconds + environment_variables = var.environment_variables + ingress_settings = var.ingress_settings + service_account_email = var.service_account_email } + + depends_on = [ + google_project_iam_member.cloud_build_function_access, + google_project_iam_member.cloud_build_storage_access + ] } +# Grant permissions for invoking the function resource "google_cloudfunctions2_function_iam_member" "invoker" { project = var.project location = var.location - cloud_function = google_cloudfunctions2_function.this.name + cloud_function = google_cloudfunctions2_function.cloud_function.name role = "roles/cloudfunctions.invoker" member = "serviceAccount:${var.service_account_email}" } -resource "google_project_iam_member" "token_creator" { - project = var.project - role = "roles/iam.serviceAccountTokenCreator" - member = "serviceAccount:${var.service_account_email}" -} - -resource "google_cloud_scheduler_job" "invoke_cloud_function" { +# Define the Cloud Scheduler job that triggers the Cloud Function +resource "google_cloud_scheduler_job" "cloud_scheduler_job" { for_each = { for idx, val in var.schedule_params : idx => val } name = "invoke-${var.name}${each.value.body != null ? each.value.body.job_postfix : ""}" description = "Schedule the HTTPS trigger for cloud function" schedule = each.value.schedule time_zone = "Europe/Oslo" - project = google_cloudfunctions2_function.this.project - region = google_cloudfunctions2_function.this.location + project = google_cloudfunctions2_function.cloud_function.project + region = google_cloudfunctions2_function.cloud_function.location attempt_deadline = "${var.timeout_seconds}s" http_target { - uri = google_cloudfunctions2_function.this.service_config[0].uri + uri = google_cloudfunctions2_function.cloud_function.service_config[0].uri http_method = "POST" body = base64encode(jsonencode(each.value.body)) headers = { @@ -80,4 +81,8 @@ resource "google_cloud_scheduler_job" "invoke_cloud_function" { service_account_email = var.service_account_email } } + + depends_on = [ + google_cloudfunctions2_function.cloud_function + ] } From 0644ff51913354a49cf25cad1d9f53366bafd71b Mon Sep 17 00:00:00 2001 From: August Dahl Date: Tue, 8 Oct 2024 09:03:17 +0200 Subject: [PATCH 2/2] Fjern outputs --- terraform/modules/cloud_function/function.tf | 5 ---- terraform/modules/cloud_function/outputs.tf | 24 -------------------- 2 files changed, 29 deletions(-) delete mode 100644 terraform/modules/cloud_function/outputs.tf diff --git a/terraform/modules/cloud_function/function.tf b/terraform/modules/cloud_function/function.tf index bd8ad84..952c61b 100644 --- a/terraform/modules/cloud_function/function.tf +++ b/terraform/modules/cloud_function/function.tf @@ -42,11 +42,6 @@ resource "google_cloudfunctions2_function" "cloud_function" { ingress_settings = var.ingress_settings service_account_email = var.service_account_email } - - depends_on = [ - google_project_iam_member.cloud_build_function_access, - google_project_iam_member.cloud_build_storage_access - ] } # Grant permissions for invoking the function diff --git a/terraform/modules/cloud_function/outputs.tf b/terraform/modules/cloud_function/outputs.tf deleted file mode 100644 index a232119..0000000 --- a/terraform/modules/cloud_function/outputs.tf +++ /dev/null @@ -1,24 +0,0 @@ -output "id" { - description = "An identifier for the resource with format `projects/{{project}}/locations/{{location}}/functions/{{name}}`" - value = google_cloudfunctions2_function.this.id -} - -output "environment" { - description = "The environment the function is hosted on" - value = google_cloudfunctions2_function.this.environment -} - -output "state" { - description = "Describes the current state of the function" - value = google_cloudfunctions2_function.this.state -} - -output "update_time" { - description = "The last update timestamp of a Cloud Function" - value = google_cloudfunctions2_function.this.update_time -} - -output "uri" { - description = "The uri to reach the function" - value = google_cloudfunctions2_function.this.service_config[0].uri -}