From 3fde3e86e8e66f93eef4fbfcea36a0dae431163b Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:35:46 +0900 Subject: [PATCH 01/44] feat: add gcp service --- .../terraform/modules/gcp_service/main.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 deployments/terraform/modules/gcp_service/main.tf diff --git a/deployments/terraform/modules/gcp_service/main.tf b/deployments/terraform/modules/gcp_service/main.tf new file mode 100644 index 000000000..51db96d06 --- /dev/null +++ b/deployments/terraform/modules/gcp_service/main.tf @@ -0,0 +1,17 @@ +locals { + services = toset([ + "sqladmin.googleapis.com", + "run.googleapis.com", + "secretmanager.googleapis.com", + "appengine.googleapis.com", + "iam.googleapis.com", + "artifactregistry.googleapis.com", + "iamcredentials.googleapis.com" + ]) +} + +resource "google_project_service" "service" { + for_each = local.services + project = var.project + service = each.value +} From 03adbb435d64602e4ff4f56888d88332f687a526 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:35:49 +0900 Subject: [PATCH 02/44] feat: add gcp service --- deployments/terraform/modules/gcp_service/variables.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 deployments/terraform/modules/gcp_service/variables.tf diff --git a/deployments/terraform/modules/gcp_service/variables.tf b/deployments/terraform/modules/gcp_service/variables.tf new file mode 100644 index 000000000..cc7bcb49a --- /dev/null +++ b/deployments/terraform/modules/gcp_service/variables.tf @@ -0,0 +1,3 @@ +variable "project" { + type = string +} From 10fb7a005de1805d667ef7aeada5e80975ee877a Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:36:04 +0900 Subject: [PATCH 03/44] feat: add github actions workload identity --- .../modules/github_actions_workload_identity/locals.tf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deployments/terraform/modules/github_actions_workload_identity/locals.tf diff --git a/deployments/terraform/modules/github_actions_workload_identity/locals.tf b/deployments/terraform/modules/github_actions_workload_identity/locals.tf new file mode 100644 index 000000000..2267e22f2 --- /dev/null +++ b/deployments/terraform/modules/github_actions_workload_identity/locals.tf @@ -0,0 +1,9 @@ +locals { + roles = [ + "roles/cloudsql.client", + "roles/run.admin", + "roles/iam.serviceAccountUser", + "roles/storage.admin", + "roles/artifactregistry.writer" + ] +} From 9d256cdf096f9be5c3210ddeadc353595d3974ef Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:36:07 +0900 Subject: [PATCH 04/44] feat: add github actions workload identity --- .../github_actions_workload_identity/main.tf | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 deployments/terraform/modules/github_actions_workload_identity/main.tf diff --git a/deployments/terraform/modules/github_actions_workload_identity/main.tf b/deployments/terraform/modules/github_actions_workload_identity/main.tf new file mode 100644 index 000000000..8c92741a2 --- /dev/null +++ b/deployments/terraform/modules/github_actions_workload_identity/main.tf @@ -0,0 +1,49 @@ +resource "google_service_account" "github_actions" { + project = var.project + account_id = "github-actions-agent" + display_name = "A service account for GitHub Actions" +} + +resource "google_project_service" "project" { + project = var.project + service = "iamcredentials.googleapis.com" +} + +resource "google_iam_workload_identity_pool" "github_actions" { + provider = google-beta + project = var.project + workload_identity_pool_id = "gh-oidc-pool" + display_name = "gh-oidc-pool" + description = "Workload Identity Pool for GitHub Actions" +} + + +resource "google_iam_workload_identity_pool_provider" "github_actions" { + provider = google-beta + project = var.project + workload_identity_pool_id = google_iam_workload_identity_pool.github_actions.workload_identity_pool_id + workload_identity_pool_provider_id = "github-actions" + display_name = "github-actions" + description = "OIDC identity pool provider for GitHub Actions" + attribute_mapping = { + "google.subject" = "assertion.sub" + "attribute.repository" = "assertion.repository" + } + oidc { + issuer_uri = "https://token.actions.githubusercontent.com" + } +} + +resource "google_service_account_iam_member" "repository" { + service_account_id = google_service_account.github_actions.name + role = "roles/iam.workloadIdentityUser" + member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions.name}/attribute.repository/${var.repository}" +} + + +resource "google_project_iam_member" "github_actions_roles" { + for_each = toset(local.roles) + project = var.project + role = each.value + member = "serviceAccount:${google_service_account.github_actions.email}" +} From f0cc6fd90f263700407f71b1f215933a188aac7f Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:36:09 +0900 Subject: [PATCH 05/44] feat: add github actions workload identity --- .../github_actions_workload_identity/variables.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 deployments/terraform/modules/github_actions_workload_identity/variables.tf diff --git a/deployments/terraform/modules/github_actions_workload_identity/variables.tf b/deployments/terraform/modules/github_actions_workload_identity/variables.tf new file mode 100644 index 000000000..7f2c62f3a --- /dev/null +++ b/deployments/terraform/modules/github_actions_workload_identity/variables.tf @@ -0,0 +1,11 @@ +variable "location" { + type = string +} + +variable "project" { + type = string +} + +variable "repository" { + type = string +} \ No newline at end of file From 52427da4a1a347481c44e45730ab71eeed3002ef Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:39:23 +0900 Subject: [PATCH 06/44] feat: artifact registry --- deployments/terraform/modules/artifact_registry/main.tf | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 deployments/terraform/modules/artifact_registry/main.tf diff --git a/deployments/terraform/modules/artifact_registry/main.tf b/deployments/terraform/modules/artifact_registry/main.tf new file mode 100644 index 000000000..c4c4dedce --- /dev/null +++ b/deployments/terraform/modules/artifact_registry/main.tf @@ -0,0 +1,5 @@ +resource "google_artifact_registry_repository" "registry" { + location = var.location + repository_id = var.repository_id + format = "DOCKER" +} From 08e199bc3fdedb7c581357bbd6d42e7c3fc48666 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:39:24 +0900 Subject: [PATCH 07/44] feat: artifact registry --- deployments/terraform/modules/artifact_registry/output.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 deployments/terraform/modules/artifact_registry/output.tf diff --git a/deployments/terraform/modules/artifact_registry/output.tf b/deployments/terraform/modules/artifact_registry/output.tf new file mode 100644 index 000000000..8fd9c3bb8 --- /dev/null +++ b/deployments/terraform/modules/artifact_registry/output.tf @@ -0,0 +1,3 @@ +output "container_registry_path" { + value = "${var.location}-docker.pkg.dev/${var.project}/${google_artifact_registry_repository.registry.repository_id}" +} From d0f96c2189dd898eb17f073bf766f42311383dab Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:39:27 +0900 Subject: [PATCH 08/44] feat: artifact registry --- .../terraform/modules/artifact_registry/variables.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 deployments/terraform/modules/artifact_registry/variables.tf diff --git a/deployments/terraform/modules/artifact_registry/variables.tf b/deployments/terraform/modules/artifact_registry/variables.tf new file mode 100644 index 000000000..783bdc3d0 --- /dev/null +++ b/deployments/terraform/modules/artifact_registry/variables.tf @@ -0,0 +1,11 @@ +variable "location" { + type = string +} + +variable "project" { + type = string +} + +variable "repository_id" { + type = string +} \ No newline at end of file From 39e194f4c651a34a1caa2210155f659652f60dba Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:42:56 +0900 Subject: [PATCH 09/44] feat: add cloudsql --- .../terraform/modules/cloudsql/main.tf | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 deployments/terraform/modules/cloudsql/main.tf diff --git a/deployments/terraform/modules/cloudsql/main.tf b/deployments/terraform/modules/cloudsql/main.tf new file mode 100644 index 000000000..9203ddebe --- /dev/null +++ b/deployments/terraform/modules/cloudsql/main.tf @@ -0,0 +1,38 @@ +resource "google_sql_database_instance" "instance" { + name = var.db_instance_name + database_version = "MYSQL_8_0" + region = var.location + + settings { + tier = var.tier + disk_type = var.disk_type + availability_type = var.availability_type + + database_flags { + name = "character_set_server" + value = "utf8mb4" + } + + backup_configuration { + location = "asia" + enabled = true + binary_log_enabled = true + } + + } +} + +resource "google_sql_database" "database" { + name = var.db_name + instance = google_sql_database_instance.instance.name +} + +resource "random_password" "db_password" { + length = 16 +} + +resource "google_sql_user" "app_user" { + name = var.db_user + instance = google_sql_database_instance.instance.name + password = random_password.db_password.result +} From 53aa6e59e139fa0b514f7b0d69e20da63533ca64 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:42:58 +0900 Subject: [PATCH 10/44] feat: add cloudsql --- deployments/terraform/modules/cloudsql/output.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 deployments/terraform/modules/cloudsql/output.tf diff --git a/deployments/terraform/modules/cloudsql/output.tf b/deployments/terraform/modules/cloudsql/output.tf new file mode 100644 index 000000000..b18d55dd3 --- /dev/null +++ b/deployments/terraform/modules/cloudsql/output.tf @@ -0,0 +1,15 @@ +output "db_password" { + value = random_password.db_password.result +} + +output "db_user" { + value = google_sql_user.app_user +} + +output "db_connection_name" { + value = google_sql_database_instance.instance.connection_name +} + +output "db_name" { + value = google_sql_database.database.name +} From 409f925c21fe655154f319e8150fd75de36b55b4 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:42:59 +0900 Subject: [PATCH 11/44] feat: add cloudsql --- .../terraform/modules/cloudsql/variables.tf | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 deployments/terraform/modules/cloudsql/variables.tf diff --git a/deployments/terraform/modules/cloudsql/variables.tf b/deployments/terraform/modules/cloudsql/variables.tf new file mode 100644 index 000000000..6774c4e6c --- /dev/null +++ b/deployments/terraform/modules/cloudsql/variables.tf @@ -0,0 +1,27 @@ +variable "location" { + type = string +} + +variable "tier" { + type = string +} + +variable "disk_type" { + type = string +} + +variable "availability_type" { + type = string +} + +variable "db_instance_name" { + type = string +} + +variable "db_name" { + type = string +} + +variable "db_user" { + type = string +} \ No newline at end of file From a03adf77729774fa19ccdc0ccb993bf8998069b4 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:27 +0900 Subject: [PATCH 12/44] fix: rename --- .../terraform/modules/cloud_sql/main.tf | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 deployments/terraform/modules/cloud_sql/main.tf diff --git a/deployments/terraform/modules/cloud_sql/main.tf b/deployments/terraform/modules/cloud_sql/main.tf new file mode 100644 index 000000000..9203ddebe --- /dev/null +++ b/deployments/terraform/modules/cloud_sql/main.tf @@ -0,0 +1,38 @@ +resource "google_sql_database_instance" "instance" { + name = var.db_instance_name + database_version = "MYSQL_8_0" + region = var.location + + settings { + tier = var.tier + disk_type = var.disk_type + availability_type = var.availability_type + + database_flags { + name = "character_set_server" + value = "utf8mb4" + } + + backup_configuration { + location = "asia" + enabled = true + binary_log_enabled = true + } + + } +} + +resource "google_sql_database" "database" { + name = var.db_name + instance = google_sql_database_instance.instance.name +} + +resource "random_password" "db_password" { + length = 16 +} + +resource "google_sql_user" "app_user" { + name = var.db_user + instance = google_sql_database_instance.instance.name + password = random_password.db_password.result +} From 43a85f9c750b0bd2c2642ebdfa02ea22e8512545 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:29 +0900 Subject: [PATCH 13/44] fix: rename --- deployments/terraform/modules/cloud_sql/output.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 deployments/terraform/modules/cloud_sql/output.tf diff --git a/deployments/terraform/modules/cloud_sql/output.tf b/deployments/terraform/modules/cloud_sql/output.tf new file mode 100644 index 000000000..b18d55dd3 --- /dev/null +++ b/deployments/terraform/modules/cloud_sql/output.tf @@ -0,0 +1,15 @@ +output "db_password" { + value = random_password.db_password.result +} + +output "db_user" { + value = google_sql_user.app_user +} + +output "db_connection_name" { + value = google_sql_database_instance.instance.connection_name +} + +output "db_name" { + value = google_sql_database.database.name +} From 6cb03c12f8979b11d81f3d2682d28e48219361b6 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:31 +0900 Subject: [PATCH 14/44] fix: rename --- .../terraform/modules/cloud_sql/variables.tf | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 deployments/terraform/modules/cloud_sql/variables.tf diff --git a/deployments/terraform/modules/cloud_sql/variables.tf b/deployments/terraform/modules/cloud_sql/variables.tf new file mode 100644 index 000000000..6774c4e6c --- /dev/null +++ b/deployments/terraform/modules/cloud_sql/variables.tf @@ -0,0 +1,27 @@ +variable "location" { + type = string +} + +variable "tier" { + type = string +} + +variable "disk_type" { + type = string +} + +variable "availability_type" { + type = string +} + +variable "db_instance_name" { + type = string +} + +variable "db_name" { + type = string +} + +variable "db_user" { + type = string +} \ No newline at end of file From 85c40fa536a964b54da321f2bccf66900b2efe42 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:33 +0900 Subject: [PATCH 15/44] fix: rename --- .../terraform/modules/cloudsql/main.tf | 38 ------------------- 1 file changed, 38 deletions(-) delete mode 100644 deployments/terraform/modules/cloudsql/main.tf diff --git a/deployments/terraform/modules/cloudsql/main.tf b/deployments/terraform/modules/cloudsql/main.tf deleted file mode 100644 index 9203ddebe..000000000 --- a/deployments/terraform/modules/cloudsql/main.tf +++ /dev/null @@ -1,38 +0,0 @@ -resource "google_sql_database_instance" "instance" { - name = var.db_instance_name - database_version = "MYSQL_8_0" - region = var.location - - settings { - tier = var.tier - disk_type = var.disk_type - availability_type = var.availability_type - - database_flags { - name = "character_set_server" - value = "utf8mb4" - } - - backup_configuration { - location = "asia" - enabled = true - binary_log_enabled = true - } - - } -} - -resource "google_sql_database" "database" { - name = var.db_name - instance = google_sql_database_instance.instance.name -} - -resource "random_password" "db_password" { - length = 16 -} - -resource "google_sql_user" "app_user" { - name = var.db_user - instance = google_sql_database_instance.instance.name - password = random_password.db_password.result -} From f6da576c79d15e3a82ced1b0afe994c1c955d700 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:35 +0900 Subject: [PATCH 16/44] fix: rename --- deployments/terraform/modules/cloudsql/output.tf | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 deployments/terraform/modules/cloudsql/output.tf diff --git a/deployments/terraform/modules/cloudsql/output.tf b/deployments/terraform/modules/cloudsql/output.tf deleted file mode 100644 index b18d55dd3..000000000 --- a/deployments/terraform/modules/cloudsql/output.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "db_password" { - value = random_password.db_password.result -} - -output "db_user" { - value = google_sql_user.app_user -} - -output "db_connection_name" { - value = google_sql_database_instance.instance.connection_name -} - -output "db_name" { - value = google_sql_database.database.name -} From c2212254af0635a05998116177c1dd00e7b8bb23 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:43:37 +0900 Subject: [PATCH 17/44] fix: rename --- .../terraform/modules/cloudsql/variables.tf | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 deployments/terraform/modules/cloudsql/variables.tf diff --git a/deployments/terraform/modules/cloudsql/variables.tf b/deployments/terraform/modules/cloudsql/variables.tf deleted file mode 100644 index 6774c4e6c..000000000 --- a/deployments/terraform/modules/cloudsql/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -variable "location" { - type = string -} - -variable "tier" { - type = string -} - -variable "disk_type" { - type = string -} - -variable "availability_type" { - type = string -} - -variable "db_instance_name" { - type = string -} - -variable "db_name" { - type = string -} - -variable "db_user" { - type = string -} \ No newline at end of file From 034aa823b6574a76d5d27625a532f7afb46dabbb Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:52:26 +0900 Subject: [PATCH 18/44] feat: add secret manager --- deployments/terraform/modules/secret_manager/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 deployments/terraform/modules/secret_manager/main.tf diff --git a/deployments/terraform/modules/secret_manager/main.tf b/deployments/terraform/modules/secret_manager/main.tf new file mode 100644 index 000000000..df823cbda --- /dev/null +++ b/deployments/terraform/modules/secret_manager/main.tf @@ -0,0 +1,12 @@ +resource "google_secret_manager_secret" "secret" { + secret_id = "db-password" + replication { + automatic = true + } +} + +resource "google_secret_manager_secret_version" "db_password" { + secret = google_secret_manager_secret.secret.id + + secret_data = var.value +} \ No newline at end of file From 5a7314e3b2fa7bc3427828f94f94d09f05e8bc73 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:52:29 +0900 Subject: [PATCH 19/44] feat: add secret manager --- .../terraform/modules/secret_manager/output.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 deployments/terraform/modules/secret_manager/output.tf diff --git a/deployments/terraform/modules/secret_manager/output.tf b/deployments/terraform/modules/secret_manager/output.tf new file mode 100644 index 000000000..fc65b33e5 --- /dev/null +++ b/deployments/terraform/modules/secret_manager/output.tf @@ -0,0 +1,11 @@ +output "db_password_secret_id" { + value = google_secret_manager_secret.db_password.secret_id +} + +output "fincode_api_key_secret_id" { + value = google_secret_manager_secret.fincode_api_key.secret_id +} + +output "onchain_private_key_secret_id" { + value = google_secret_manager_secret.onchain_private_key.secret_id +} From 22234cd0d4828998dd9645662071775b274bcd9b Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 03:52:31 +0900 Subject: [PATCH 20/44] feat: add secret manager --- deployments/terraform/modules/secret_manager/variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/terraform/modules/secret_manager/variables.tf diff --git a/deployments/terraform/modules/secret_manager/variables.tf b/deployments/terraform/modules/secret_manager/variables.tf new file mode 100644 index 000000000..dbe9c5da3 --- /dev/null +++ b/deployments/terraform/modules/secret_manager/variables.tf @@ -0,0 +1,7 @@ +variable "secret_id" { + type = string +} + +variable "value" { + type = string +} From e5413fc0150aeb1e8b0d2b546f56b1c7da52ac87 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 04:26:40 +0900 Subject: [PATCH 21/44] feat: add cloud run backend --- .../terraform/apps/cloud_run_backend/locals.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 deployments/terraform/apps/cloud_run_backend/locals.tf diff --git a/deployments/terraform/apps/cloud_run_backend/locals.tf b/deployments/terraform/apps/cloud_run_backend/locals.tf new file mode 100644 index 000000000..6a3cbc18e --- /dev/null +++ b/deployments/terraform/apps/cloud_run_backend/locals.tf @@ -0,0 +1,17 @@ +locals { + backend_roles = [ + "roles/cloudsql.client", + "roles/storage.admin", + "roles/firebase.admin", + "roles/secretmanager.secretAccessor", + "roles/iam.serviceAccountTokenCreator", + "roles/pubsub.publisher", + "roles/pubsub.subscriber", + "roles/cloudprofiler.agent", + "roles/cloudkms.signerVerifier" + ] + + cloud_run_services = { + api = { name = "api", args = ["http-server", "run"], min_scale = 0, max_scale = 5, }, + } +} \ No newline at end of file From 1fd757b47e02f337974247a2ed7d8b0ce34ff3e7 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 04:26:42 +0900 Subject: [PATCH 22/44] feat: add cloud run backend --- .../terraform/apps/cloud_run_backend/main.tf | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 deployments/terraform/apps/cloud_run_backend/main.tf diff --git a/deployments/terraform/apps/cloud_run_backend/main.tf b/deployments/terraform/apps/cloud_run_backend/main.tf new file mode 100644 index 000000000..3e48d6863 --- /dev/null +++ b/deployments/terraform/apps/cloud_run_backend/main.tf @@ -0,0 +1,103 @@ +resource "google_service_account" "backend" { + account_id = "app-backend" + display_name = "Backend Service Account" +} + +resource "google_project_iam_member" "backend" { + for_each = toset(local.backend_roles) + project = var.project + role = each.value + member = "serviceAccount:${google_service_account.api.email}" +} + +resource "google_cloud_run_service" "services" { + for_each = local.cloud_run_services + name = each.value.name + location = var.location + project = var.project + + template { + spec { + service_account_name = google_service_account.backend.email + + containers { + image = "${var.registry_path}/backend:latest" + ports { + container_port = 80 + } + args = each.value.args + + env { + name = "ENV" + value = var.enviroment + } + env { + name = "PROJECT_ID" + value = var.project + } + env { + name = "SERVICE_NAME" + value = each.value.name + } + env { + name = "MIN_LOG_SEVERITY" + value = "DEBUG" + } + env { + name = "DB_HOST" + value = "unix(/cloudsql/${var.db_connection_name})" + } + env { + name = "DB_DATABASE" + value = var.db_name + } + env { + name = "DB_USER" + value = var.db_user + } + env { + name = "DB_PASSWORD" + value_from { + secret_key_ref { + name = var.db_password_secret_id + key = var.db_password_secret_version + } + } + } + } + } + + metadata { + annotations = { + "autoscaling.knative.dev/minScale" = each.value.min_scale + "autoscaling.knative.dev/maxScale" = each.value.max_scale + "run.googleapis.com/cpu-throttling" = each.value.min_scale == 0 ? "true" : "false" + "run.googleapis.com/cloudsql-instances" = var.db_connection_name + "run.googleapis.com/client-name" = "terraform" + } + } + } + + autogenerate_revision_name = true + + traffic { + percent = 100 + latest_revision = true + } + + lifecycle { + ignore_changes = [ + template[0].spec[0].containers[0].image, + template[0].metadata[0].annotations["run.googleapis.com/client-name"], + template[0].metadata[0].annotations["run.googleapis.com/client-version"], + template[0].metadata[0].annotations["client.knative.dev/user-image"], + ] + } +} + +resource "google_cloud_run_service_iam_member" "run_all_users" { + service = "api" + location = var.location + role = "roles/run.invoker" + member = "allUsers" +} \ No newline at end of file From 06ed6a67391677371b2dc47531d36a992e4a06e6 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 04:26:44 +0900 Subject: [PATCH 23/44] feat: add cloud run backend --- .../apps/cloud_run_backend/variables.tf | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 deployments/terraform/apps/cloud_run_backend/variables.tf diff --git a/deployments/terraform/apps/cloud_run_backend/variables.tf b/deployments/terraform/apps/cloud_run_backend/variables.tf new file mode 100644 index 000000000..d4d9d5e0e --- /dev/null +++ b/deployments/terraform/apps/cloud_run_backend/variables.tf @@ -0,0 +1,35 @@ +variable "location" { + type = string +} + +variable "project" { + type = string +} + +variable "registry_path" { + type = string +} + +variable "enviroment" { + type = string +} + +variable "db_connection_name" { + type = string +} + +variable "db_name" { + type = string +} + +variable "db_user" { + type = string +} + +variable "db_password_secret_id" { + type = string +} + +variable "db_password_secret_version" { + type = number +} \ No newline at end of file From 22e9282e226b1bea4493c2191cd3a81d5fe6adcb Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:13:58 +0900 Subject: [PATCH 24/44] feat: add development --- deployments/terraform/env/development/locals.tf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/terraform/env/development/locals.tf diff --git a/deployments/terraform/env/development/locals.tf b/deployments/terraform/env/development/locals.tf new file mode 100644 index 000000000..4ab010d17 --- /dev/null +++ b/deployments/terraform/env/development/locals.tf @@ -0,0 +1,6 @@ +locals { + enviroment = "development" + db_tier = "db-f1-micro" + db_disk_type = "PD_HDD" + db_availability_type = "ZONAL" +} From 4f3912bcefc27de22b20533a2b6093484dc01fda Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:00 +0900 Subject: [PATCH 25/44] feat: add development --- deployments/terraform/env/development/main.tf | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 deployments/terraform/env/development/main.tf diff --git a/deployments/terraform/env/development/main.tf b/deployments/terraform/env/development/main.tf new file mode 100644 index 000000000..61ac720d8 --- /dev/null +++ b/deployments/terraform/env/development/main.tf @@ -0,0 +1,70 @@ +module "gcp_services" { + source = "../../modules/gcp_services" + project = var.project +} + +module "github_actions_workload_identity" { + source = "../../modules/github_actions_workload_identity" + + project = var.project + location = var.location + repositories = ["abyssparanoia/rapid-go"] + + depends_on = [ + module.gcp_services + ] +} + + +module "cloud_sql" { + source = "../../modules/cloud_sql" + location = var.location + tier = local.db_tier + disk_type = local.db_disk_type + availability_type = local.db_availability_type + db_instance_name = "master" + db_name = "maindb" + db_user = "app_user" + + depends_on = [ + module.gcp_services + ] +} + +module "secret_manager_db_password" { + source = "../../modules/secret_manager" + secret_id = "db-passowrd" + value = module.cloudsql.db_password + + depends_on = [ + module.gcp_services + ] +} + +module "artifact_registry" { + source = "../../modules/artifact_registry" + project = var.project + location = var.location + repository_id = "rapid-go" + + depends_on = [ + module.gcp_services + ] +} + +module "cloudrun_api" { + source = "../../apps/cloud_run_backend" + + project = var.project + location = var.location + registry_path = module.artifact_registry.container_registry_path + db_connection_name = module.cloudsql.db_connection_name + db_name = module.cloudsql.db_name + db_user = module.cloudsql.db_user + db_password_secret_id = module.secret_manager_db_password.secret_id + db_password_secret_version = module.secret_manager_db_password.version + + depends_on = [ + module.gcp_services + ] +} From 27f606485d0f90ef6fbf57c9a02fcdbcb10a9f0c Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:02 +0900 Subject: [PATCH 26/44] feat: add development --- deployments/terraform/env/development/provider.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 deployments/terraform/env/development/provider.tf diff --git a/deployments/terraform/env/development/provider.tf b/deployments/terraform/env/development/provider.tf new file mode 100644 index 000000000..f23e7522b --- /dev/null +++ b/deployments/terraform/env/development/provider.tf @@ -0,0 +1,10 @@ +provider "google" { + project = var.project + region = var.location +} + +terraform { + backend "gcs" { + bucket = "dev-rapid-go-terraform-state-store" + } +} From 8aec2b96eb3adab0fd9ddec7e062cd8aaf8f73d0 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:04 +0900 Subject: [PATCH 27/44] feat: add development --- deployments/terraform/env/development/variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/terraform/env/development/variables.tf diff --git a/deployments/terraform/env/development/variables.tf b/deployments/terraform/env/development/variables.tf new file mode 100644 index 000000000..2319b70c1 --- /dev/null +++ b/deployments/terraform/env/development/variables.tf @@ -0,0 +1,7 @@ +variable "project" { + default = "dev-rapid-go" +} + +variable "location" { + default = "asia-northeast1" +} From 57d381cc041f3e75e85927b85a1cc9e2bc2e49cb Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:06 +0900 Subject: [PATCH 28/44] feat: add development --- .../terraform/modules/github_actions_workload_identity/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployments/terraform/modules/github_actions_workload_identity/main.tf b/deployments/terraform/modules/github_actions_workload_identity/main.tf index 8c92741a2..9b5031507 100644 --- a/deployments/terraform/modules/github_actions_workload_identity/main.tf +++ b/deployments/terraform/modules/github_actions_workload_identity/main.tf @@ -35,9 +35,10 @@ resource "google_iam_workload_identity_pool_provider" "github_actions" { } resource "google_service_account_iam_member" "repository" { + for_each = var.repositories service_account_id = google_service_account.github_actions.name role = "roles/iam.workloadIdentityUser" - member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions.name}/attribute.repository/${var.repository}" + member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions.name}/attribute.repository/${each.value}" } From 83cf4753e6f01949786a6882bec7527e93cbe68f Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:08 +0900 Subject: [PATCH 29/44] feat: add development --- .../modules/github_actions_workload_identity/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/terraform/modules/github_actions_workload_identity/variables.tf b/deployments/terraform/modules/github_actions_workload_identity/variables.tf index 7f2c62f3a..8f6c6dabc 100644 --- a/deployments/terraform/modules/github_actions_workload_identity/variables.tf +++ b/deployments/terraform/modules/github_actions_workload_identity/variables.tf @@ -6,6 +6,6 @@ variable "project" { type = string } -variable "repository" { - type = string +variable "repositories" { + type = list(string) } \ No newline at end of file From e9de2f4342537fca31bae4d9ffd2210cbfec7061 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:10 +0900 Subject: [PATCH 30/44] feat: add development --- deployments/terraform/modules/secret_manager/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/terraform/modules/secret_manager/main.tf b/deployments/terraform/modules/secret_manager/main.tf index df823cbda..944a35296 100644 --- a/deployments/terraform/modules/secret_manager/main.tf +++ b/deployments/terraform/modules/secret_manager/main.tf @@ -5,8 +5,8 @@ resource "google_secret_manager_secret" "secret" { } } -resource "google_secret_manager_secret_version" "db_password" { +resource "google_secret_manager_secret_version" "secret" { secret = google_secret_manager_secret.secret.id secret_data = var.value -} \ No newline at end of file +} From 331b558bca16b55a3f14a8827cdf4538a21d04fb Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:12 +0900 Subject: [PATCH 31/44] feat: add development --- .../terraform/modules/secret_manager/output.tf | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/deployments/terraform/modules/secret_manager/output.tf b/deployments/terraform/modules/secret_manager/output.tf index fc65b33e5..e05e8cc27 100644 --- a/deployments/terraform/modules/secret_manager/output.tf +++ b/deployments/terraform/modules/secret_manager/output.tf @@ -1,11 +1,7 @@ -output "db_password_secret_id" { - value = google_secret_manager_secret.db_password.secret_id +output "secret_id" { + value = google_secret_manager_secret.secret.secret_id } -output "fincode_api_key_secret_id" { - value = google_secret_manager_secret.fincode_api_key.secret_id -} - -output "onchain_private_key_secret_id" { - value = google_secret_manager_secret.onchain_private_key.secret_id +output "google_secret_manager_secret_version" { + value = google_secret_manager_secret_version.secret.id } From 0e21af0f6e96c017bce72b0ea9364c16d60e84a7 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:14:31 +0900 Subject: [PATCH 32/44] feat: add env --- deployments/terraform/env/development/.envrc.tmpl | 1 + 1 file changed, 1 insertion(+) create mode 100644 deployments/terraform/env/development/.envrc.tmpl diff --git a/deployments/terraform/env/development/.envrc.tmpl b/deployments/terraform/env/development/.envrc.tmpl new file mode 100644 index 000000000..54c17c481 --- /dev/null +++ b/deployments/terraform/env/development/.envrc.tmpl @@ -0,0 +1 @@ +export GOOGLE_APPLICATION_CREDENTIALS="./service_account.json" From a353c7f717f8459580ffd053dad6a798fa55cf9d Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:06 +0900 Subject: [PATCH 33/44] feat: add staging --- deployments/terraform/env/staging/.envrc.tmpl | 1 + 1 file changed, 1 insertion(+) create mode 100644 deployments/terraform/env/staging/.envrc.tmpl diff --git a/deployments/terraform/env/staging/.envrc.tmpl b/deployments/terraform/env/staging/.envrc.tmpl new file mode 100644 index 000000000..54c17c481 --- /dev/null +++ b/deployments/terraform/env/staging/.envrc.tmpl @@ -0,0 +1 @@ +export GOOGLE_APPLICATION_CREDENTIALS="./service_account.json" From bb9f44379322de3d154b7b363a7aef41be593ccd Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:08 +0900 Subject: [PATCH 34/44] feat: add staging --- deployments/terraform/env/staging/locals.tf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/terraform/env/staging/locals.tf diff --git a/deployments/terraform/env/staging/locals.tf b/deployments/terraform/env/staging/locals.tf new file mode 100644 index 000000000..3efdcd036 --- /dev/null +++ b/deployments/terraform/env/staging/locals.tf @@ -0,0 +1,6 @@ +locals { + enviroment = "staging" + db_tier = "db-f1-micro" + db_disk_type = "PD_HDD" + db_availability_type = "ZONAL" +} From 05116411afbb432fe6e651223970aa4a6cd9241f Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:11 +0900 Subject: [PATCH 35/44] feat: add staging --- deployments/terraform/env/staging/main.tf | 70 +++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 deployments/terraform/env/staging/main.tf diff --git a/deployments/terraform/env/staging/main.tf b/deployments/terraform/env/staging/main.tf new file mode 100644 index 000000000..61ac720d8 --- /dev/null +++ b/deployments/terraform/env/staging/main.tf @@ -0,0 +1,70 @@ +module "gcp_services" { + source = "../../modules/gcp_services" + project = var.project +} + +module "github_actions_workload_identity" { + source = "../../modules/github_actions_workload_identity" + + project = var.project + location = var.location + repositories = ["abyssparanoia/rapid-go"] + + depends_on = [ + module.gcp_services + ] +} + + +module "cloud_sql" { + source = "../../modules/cloud_sql" + location = var.location + tier = local.db_tier + disk_type = local.db_disk_type + availability_type = local.db_availability_type + db_instance_name = "master" + db_name = "maindb" + db_user = "app_user" + + depends_on = [ + module.gcp_services + ] +} + +module "secret_manager_db_password" { + source = "../../modules/secret_manager" + secret_id = "db-passowrd" + value = module.cloudsql.db_password + + depends_on = [ + module.gcp_services + ] +} + +module "artifact_registry" { + source = "../../modules/artifact_registry" + project = var.project + location = var.location + repository_id = "rapid-go" + + depends_on = [ + module.gcp_services + ] +} + +module "cloudrun_api" { + source = "../../apps/cloud_run_backend" + + project = var.project + location = var.location + registry_path = module.artifact_registry.container_registry_path + db_connection_name = module.cloudsql.db_connection_name + db_name = module.cloudsql.db_name + db_user = module.cloudsql.db_user + db_password_secret_id = module.secret_manager_db_password.secret_id + db_password_secret_version = module.secret_manager_db_password.version + + depends_on = [ + module.gcp_services + ] +} From d1adf8937d8c4160a6f6aa15576b4f9622025006 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:13 +0900 Subject: [PATCH 36/44] feat: add staging --- deployments/terraform/env/staging/provider.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 deployments/terraform/env/staging/provider.tf diff --git a/deployments/terraform/env/staging/provider.tf b/deployments/terraform/env/staging/provider.tf new file mode 100644 index 000000000..f23e7522b --- /dev/null +++ b/deployments/terraform/env/staging/provider.tf @@ -0,0 +1,10 @@ +provider "google" { + project = var.project + region = var.location +} + +terraform { + backend "gcs" { + bucket = "dev-rapid-go-terraform-state-store" + } +} From 55676be5a081327aa64b74aef9d8bbd83659081e Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:16 +0900 Subject: [PATCH 37/44] feat: add staging --- deployments/terraform/env/staging/variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/terraform/env/staging/variables.tf diff --git a/deployments/terraform/env/staging/variables.tf b/deployments/terraform/env/staging/variables.tf new file mode 100644 index 000000000..2319b70c1 --- /dev/null +++ b/deployments/terraform/env/staging/variables.tf @@ -0,0 +1,7 @@ +variable "project" { + default = "dev-rapid-go" +} + +variable "location" { + default = "asia-northeast1" +} From bd118c38f6a2414b383604b2df64b041f1c173b7 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:15:58 +0900 Subject: [PATCH 38/44] feat: add production --- deployments/terraform/env/production/.envrc.tmpl | 1 + 1 file changed, 1 insertion(+) create mode 100644 deployments/terraform/env/production/.envrc.tmpl diff --git a/deployments/terraform/env/production/.envrc.tmpl b/deployments/terraform/env/production/.envrc.tmpl new file mode 100644 index 000000000..54c17c481 --- /dev/null +++ b/deployments/terraform/env/production/.envrc.tmpl @@ -0,0 +1 @@ +export GOOGLE_APPLICATION_CREDENTIALS="./service_account.json" From 79581c1a07c80bdf0fad1439e1cb3dd4aa340c71 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:16:00 +0900 Subject: [PATCH 39/44] feat: add production --- deployments/terraform/env/production/locals.tf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 deployments/terraform/env/production/locals.tf diff --git a/deployments/terraform/env/production/locals.tf b/deployments/terraform/env/production/locals.tf new file mode 100644 index 000000000..10506d0ac --- /dev/null +++ b/deployments/terraform/env/production/locals.tf @@ -0,0 +1,6 @@ +locals { + enviroment = "production" + db_tier = "db-f1-micro" + db_disk_type = "PD_HDD" + db_availability_type = "ZONAL" +} From df2ead2f980080df0e8998be0efa8b489f65f9a5 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:16:02 +0900 Subject: [PATCH 40/44] feat: add production --- deployments/terraform/env/production/main.tf | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 deployments/terraform/env/production/main.tf diff --git a/deployments/terraform/env/production/main.tf b/deployments/terraform/env/production/main.tf new file mode 100644 index 000000000..61ac720d8 --- /dev/null +++ b/deployments/terraform/env/production/main.tf @@ -0,0 +1,70 @@ +module "gcp_services" { + source = "../../modules/gcp_services" + project = var.project +} + +module "github_actions_workload_identity" { + source = "../../modules/github_actions_workload_identity" + + project = var.project + location = var.location + repositories = ["abyssparanoia/rapid-go"] + + depends_on = [ + module.gcp_services + ] +} + + +module "cloud_sql" { + source = "../../modules/cloud_sql" + location = var.location + tier = local.db_tier + disk_type = local.db_disk_type + availability_type = local.db_availability_type + db_instance_name = "master" + db_name = "maindb" + db_user = "app_user" + + depends_on = [ + module.gcp_services + ] +} + +module "secret_manager_db_password" { + source = "../../modules/secret_manager" + secret_id = "db-passowrd" + value = module.cloudsql.db_password + + depends_on = [ + module.gcp_services + ] +} + +module "artifact_registry" { + source = "../../modules/artifact_registry" + project = var.project + location = var.location + repository_id = "rapid-go" + + depends_on = [ + module.gcp_services + ] +} + +module "cloudrun_api" { + source = "../../apps/cloud_run_backend" + + project = var.project + location = var.location + registry_path = module.artifact_registry.container_registry_path + db_connection_name = module.cloudsql.db_connection_name + db_name = module.cloudsql.db_name + db_user = module.cloudsql.db_user + db_password_secret_id = module.secret_manager_db_password.secret_id + db_password_secret_version = module.secret_manager_db_password.version + + depends_on = [ + module.gcp_services + ] +} From 664a53f28119ecdb99f22a4bfbae88567db6fc83 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:16:03 +0900 Subject: [PATCH 41/44] feat: add production --- deployments/terraform/env/production/provider.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 deployments/terraform/env/production/provider.tf diff --git a/deployments/terraform/env/production/provider.tf b/deployments/terraform/env/production/provider.tf new file mode 100644 index 000000000..f23e7522b --- /dev/null +++ b/deployments/terraform/env/production/provider.tf @@ -0,0 +1,10 @@ +provider "google" { + project = var.project + region = var.location +} + +terraform { + backend "gcs" { + bucket = "dev-rapid-go-terraform-state-store" + } +} From 091808414444f80280299c5c555094ef09fe95c4 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:16:05 +0900 Subject: [PATCH 42/44] feat: add production --- deployments/terraform/env/production/variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/terraform/env/production/variables.tf diff --git a/deployments/terraform/env/production/variables.tf b/deployments/terraform/env/production/variables.tf new file mode 100644 index 000000000..2319b70c1 --- /dev/null +++ b/deployments/terraform/env/production/variables.tf @@ -0,0 +1,7 @@ +variable "project" { + default = "dev-rapid-go" +} + +variable "location" { + default = "asia-northeast1" +} From 9f44b7a70f810f6f771431e74a353753cd88ef4d Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:32:37 +0900 Subject: [PATCH 43/44] feat: add cloud storage --- deployments/terraform/modules/cloud_storage/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 deployments/terraform/modules/cloud_storage/main.tf diff --git a/deployments/terraform/modules/cloud_storage/main.tf b/deployments/terraform/modules/cloud_storage/main.tf new file mode 100644 index 000000000..2ec3392a1 --- /dev/null +++ b/deployments/terraform/modules/cloud_storage/main.tf @@ -0,0 +1,12 @@ +resource "google_storage_bucket" "buckets" { + name = var.bucket_name + location = "asia-northeast1" + storage_class = "STANDARD" + + cors { + origin = ["*"] + method = ["GET", "HEAD", "PUT", "POST", "DELETE", "OPTIONS"] + response_header = ["content-type", "cache-control", "x-requested-with"] + max_age_seconds = 3600 + } +} From 50a23f40d9fe473b035187f87e4b38093c31d1d4 Mon Sep 17 00:00:00 2001 From: abyssparanoia Date: Sun, 9 Oct 2022 05:32:39 +0900 Subject: [PATCH 44/44] feat: add cloud storage --- deployments/terraform/modules/cloud_storage/variables.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 deployments/terraform/modules/cloud_storage/variables.tf diff --git a/deployments/terraform/modules/cloud_storage/variables.tf b/deployments/terraform/modules/cloud_storage/variables.tf new file mode 100644 index 000000000..b3aae9bb3 --- /dev/null +++ b/deployments/terraform/modules/cloud_storage/variables.tf @@ -0,0 +1,3 @@ +variable "bucket_name" { + type = string +}