From 1bf14907704186772aff90e691a7fd0db925b242 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Sat, 9 Nov 2024 21:44:35 +0000 Subject: [PATCH] Additional examples - Cloud Run - mounting Cloud SQL - Cloud SQL - creating users for IAM service account --- modules/cloud-run-v2/README.md | 29 +++++++++++++++ modules/cloudsql-instance/README.md | 11 +++++- .../cloud_run_v2/examples/cloudsql.yaml | 35 +++++++++++++++++++ .../cloudsql_instance/examples/custom.yaml | 11 ++++-- 4 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 tests/modules/cloud_run_v2/examples/cloudsql.yaml diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md index e9fb7b61a8..7630c9438c 100644 --- a/modules/cloud-run-v2/README.md +++ b/modules/cloud-run-v2/README.md @@ -5,6 +5,7 @@ Cloud Run Services and Jobs, with support for IAM roles and Eventarc trigger cre - [IAM and environment variables](#iam-and-environment-variables) - [Mounting secrets as volumes](#mounting-secrets-as-volumes) +- [Connecting to Cloud SQL database](#connecting-to-cloud-sql-database) - [Beta features](#beta-features) - [VPC Access Connector](#vpc-access-connector) - [Using Customer-Managed Encryption Key](#using-customer-managed-encryption-key) @@ -83,6 +84,33 @@ module "cloud_run" { # tftest modules=2 resources=4 fixtures=fixtures/secret-credentials.tf inventory=service-volume-secretes.yaml e2e ``` +## Connecting to Cloud SQL database + +```hcl +module "cloud_run" { + source = "./fabric/modules/cloud-run-v2" + project_id = var.project_id + region = var.region + name = "hello" + containers = { + hello = { + image = "us-docker.pkg.dev/cloudrun/container/hello" + volume_mounts = { + cloudsql = "/cloudsql" + } + } + } + volumes = { + "cloudsql" = { + cloud_sql_instances = [module.cloudsql-instance.connection_name] + } + } + deletion_protection = false +} +# tftest fixtures=fixtures/cloudsql-instance.tf inventory=cloudsql.yaml e2e +``` + + ## Beta features To use beta features like Direct VPC Egress, set the launch stage to a preview stage. @@ -518,6 +546,7 @@ module "cloud_run" { ## Fixtures +- [cloudsql-instance.tf](../../tests/fixtures/cloudsql-instance.tf) - [iam-service-account.tf](../../tests/fixtures/iam-service-account.tf) - [pubsub.tf](../../tests/fixtures/pubsub.tf) - [secret-credentials.tf](../../tests/fixtures/secret-credentials.tf) diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index e64ed36fe0..50c59cca7e 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -19,6 +19,7 @@ Note that this module assumes that some options are the same for both the primar - [SSL Config](#ssl-config) - [Variables](#variables) - [Outputs](#outputs) +- [Fixtures](#fixtures) ## Examples @@ -143,11 +144,15 @@ module "db" { user2 = { password = "mypassword" } + # IAM Service Account + (module.iam-service-account.email) = { + type = "CLOUD_IAM_SERVICE_ACCOUNT" + } } gcp_deletion_protection = false terraform_deletion_protection = false } -# tftest modules=1 resources=6 inventory=custom.yaml e2e +# tftest fixtures=fixtures/iam-service-account.tf inventory=custom.yaml e2e ``` ### CMEK encryption @@ -413,4 +418,8 @@ module "db" { | [self_link](outputs.tf#L114) | Self link of the primary instance. | | | [self_links](outputs.tf#L119) | Self links of all instances. | | | [user_passwords](outputs.tf#L127) | Map of containing the password of all users created through terraform. | ✓ | + +## Fixtures + +- [iam-service-account.tf](../../tests/fixtures/iam-service-account.tf) diff --git a/tests/modules/cloud_run_v2/examples/cloudsql.yaml b/tests/modules/cloud_run_v2/examples/cloudsql.yaml new file mode 100644 index 0000000000..d34e887a82 --- /dev/null +++ b/tests/modules/cloud_run_v2/examples/cloudsql.yaml @@ -0,0 +1,35 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.cloud_run.google_cloud_run_v2_service.service[0]: + location: europe-west8 + name: hello + project: project-id + template: + - containers: + - image: us-docker.pkg.dev/cloudrun/container/hello + name: hello + volume_mounts: + - mount_path: /cloudsql + name: cloudsql + volumes: + - cloud_sql_instance: + - {} + name: cloudsql + +counts: + google_cloud_run_v2_service: 1 + google_sql_database_instance: 1 + modules: 2 diff --git a/tests/modules/cloudsql_instance/examples/custom.yaml b/tests/modules/cloudsql_instance/examples/custom.yaml index 7130fe209b..1e2fff50f2 100644 --- a/tests/modules/cloudsql_instance/examples/custom.yaml +++ b/tests/modules/cloudsql_instance/examples/custom.yaml @@ -24,6 +24,13 @@ values: name: people project: project-id module.db.google_sql_database_instance.primary: {} + module.db.google_sql_user.users["fixture-service-account@project-id.iam.gserviceaccount.com"]: + instance: db + name: fixture-service-account@project-id.iam.gserviceaccount.com + password: null + password_policy: [] + project: project-id + type: CLOUD_IAM_SERVICE_ACCOUNT module.db.google_sql_user.users["user1"]: deletion_policy: null instance: db @@ -55,5 +62,5 @@ values: counts: google_sql_database: 2 google_sql_database_instance: 1 - google_sql_user: 2 - modules: 1 + google_sql_user: 3 + modules: 2