Additional examples

- Cloud Run - mounting Cloud SQL - Cloud SQL - creating users for IAM service account
GoogleCloudPlatform · Nov 9, 2024 · 1bf1490 · 1bf1490
1 parent 02d14da
commit 1bf1490
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 3 deletions.
diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md
@@ -5,6 +5,7 @@ Cloud Run Services and Jobs, with support for IAM roles and Eventarc trigger cre
 <!-- BEGIN TOC -->
 - [IAM and environment variables](#iam-and-environment-variables)
 - [Mounting secrets as volumes](#mounting-secrets-as-volumes)
+- [Connecting to Cloud SQL database](#connecting-to-cloud-sql-database)
 - [Beta features](#beta-features)
 - [VPC Access Connector](#vpc-access-connector)
 - [Using Customer-Managed Encryption Key](#using-customer-managed-encryption-key)
@@ -83,6 +84,33 @@ module "cloud_run" {
 # tftest modules=2 resources=4 fixtures=fixtures/secret-credentials.tf inventory=service-volume-secretes.yaml e2e
 ```
 
+## Connecting to Cloud SQL database
+
+```hcl
+module "cloud_run" {
+  source     = "./fabric/modules/cloud-run-v2"
+  project_id = var.project_id
+  region     = var.region
+  name       = "hello"
+  containers = {
+    hello = {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+      volume_mounts = {
+        cloudsql = "/cloudsql"
+      }
+    }
+  }
+  volumes = {
+    "cloudsql" = {
+      cloud_sql_instances = [module.cloudsql-instance.connection_name]
+    }
+  }
+  deletion_protection = false
+}
+# tftest fixtures=fixtures/cloudsql-instance.tf inventory=cloudsql.yaml e2e
+```
+
+
 ## Beta features
 
 To use beta features like Direct VPC Egress, set the launch stage to a preview stage.
@@ -518,6 +546,7 @@ module "cloud_run" {
 
 ## Fixtures
 
+- [cloudsql-instance.tf](../../tests/fixtures/cloudsql-instance.tf)
 - [iam-service-account.tf](../../tests/fixtures/iam-service-account.tf)
 - [pubsub.tf](../../tests/fixtures/pubsub.tf)
 - [secret-credentials.tf](../../tests/fixtures/secret-credentials.tf)

diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
@@ -19,6 +19,7 @@ Note that this module assumes that some options are the same for both the primar
   - [SSL Config](#ssl-config)
 - [Variables](#variables)
 - [Outputs](#outputs)
+- [Fixtures](#fixtures)
 <!-- END TOC -->
 
 ## Examples
@@ -143,11 +144,15 @@ module "db" {
     user2 = {
       password = "mypassword"
     }
+    # IAM Service Account
+    (module.iam-service-account.email) = {
+      type = "CLOUD_IAM_SERVICE_ACCOUNT"
+    }
   }
   gcp_deletion_protection       = false
   terraform_deletion_protection = false
 }
-# tftest modules=1 resources=6 inventory=custom.yaml e2e
+# tftest fixtures=fixtures/iam-service-account.tf inventory=custom.yaml e2e
 ```
 
 ### CMEK encryption
@@ -413,4 +418,8 @@ module "db" {
 | [self_link](outputs.tf#L114) | Self link of the primary instance. |  |
 | [self_links](outputs.tf#L119) | Self links of all instances. |  |
 | [user_passwords](outputs.tf#L127) | Map of containing the password of all users created through terraform. | ✓ |
+
+## Fixtures
+
+- [iam-service-account.tf](../../tests/fixtures/iam-service-account.tf)
 <!-- END TFDOC -->
diff --git a/tests/modules/cloud_run_v2/examples/cloudsql.yaml b/tests/modules/cloud_run_v2/examples/cloudsql.yaml
@@ -0,0 +1,35 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_v2_service.service[0]:
+    location: europe-west8
+    name: hello
+    project: project-id
+    template:
+    - containers:
+      - image: us-docker.pkg.dev/cloudrun/container/hello
+        name: hello
+        volume_mounts:
+        - mount_path: /cloudsql
+          name: cloudsql
+      volumes:
+      - cloud_sql_instance:
+        - {}
+        name: cloudsql
+
+counts:
+  google_cloud_run_v2_service: 1
+  google_sql_database_instance: 1
+  modules: 2
diff --git a/tests/modules/cloudsql_instance/examples/custom.yaml b/tests/modules/cloudsql_instance/examples/custom.yaml
@@ -24,6 +24,13 @@ values:
     name: people
     project: project-id
   module.db.google_sql_database_instance.primary: {}
+  module.db.google_sql_user.users["[email protected]"]:
+    instance: db
+    name: [email protected]
+    password: null
+    password_policy: []
+    project: project-id
+    type: CLOUD_IAM_SERVICE_ACCOUNT
   module.db.google_sql_user.users["user1"]:
     deletion_policy: null
     instance: db
@@ -55,5 +62,5 @@ values:
 counts:
   google_sql_database: 2
   google_sql_database_instance: 1
-  google_sql_user: 2
-  modules: 1
+  google_sql_user: 3
+  modules: 2