Fixes terraform-google-modules#2: Pull useful example code into submo…

…dule

terraform-google-modules#2

Added submodule for artifacts.

README.md

@@ -17,6 +17,7 @@ Please see the [examples](./examples/) folder.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| create\_firewall\_rules | If worker firewall rules should be created | bool | `"false"` | no |
 | gcs\_bucket | The name of an existing GCS bucket to associate with the created service account, allowing build artifacts to be uploaded. Leave blank to skip | string | `""` | no |
 | jenkins\_boot\_disk\_source\_image | The name of the disk image to use as the boot disk for the Jenkins master | string | `"bitnami-jenkins-2-176-2-0-linux-debian-9-x86-64"` | no |
 | jenkins\_boot\_disk\_source\_image\_project | The project within which the disk image to use as the Jenkins master boot disk exists | string | `"bitnami-launchpad"` | no |

examples/simple_example/main.tf

@@ -18,10 +18,6 @@ provider "google" {
   region = var.region
 }
 
-locals {
-  worker_network_project_id = coalesce(var.jenkins_network_project_id, var.project_id)
-}
-
 resource "google_project_service" "cloudresourcemanager" {
   project            = var.project_id
   service            = "cloudresourcemanager.googleapis.com"
@@ -34,67 +30,39 @@ resource "google_project_service" "iam" {
   disable_on_destroy = "false"
 }
 
-data "google_compute_image" "jenkins_agent" {
-  project = google_project_service.cloudresourcemanager.project
-  family  = "jenkins-agent"
-}
-
-resource "google_storage_bucket" "artifacts" {
-  name          = "${var.project_id}-jenkins-artifacts"
-  project       = var.project_id
-  force_destroy = true
-}
-
-data "local_file" "example_job_template" {
-  filename = "${path.module}/templates/example_job.xml.tpl"
-}
-
-data "template_file" "example_job" {
-  template = data.local_file.example_job_template.content
-
-  vars = {
-    project_id            = var.project_id
-    build_artifact_bucket = google_storage_bucket.artifacts.url
-  }
-}
+module "artifacts" {
+  source = "../../modules/artifact_storage"
 
-resource "google_compute_firewall" "jenkins_agent_ssh_from_instance" {
-  name    = "jenkins-agent-ssh-access"
-  network = var.network
-  project = local.worker_network_project_id
+  project_id = var.project_id
+  jobs_count = 1
 
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-
-  source_tags = ["jenkins"]
-  target_tags = ["jenkins-agent"]
+  jobs = [
+    {
+      name = "testjob"
+
+      builders = [
+        <<EOF
+<hudson.tasks.Shell>
+  <command>echo &quot;hello world from testjob&quot;
+  env &gt; build-log.txt</command>
+</hudson.tasks.Shell>
+EOF
+      ]
+    }
+  ]
 }
 
-resource "google_compute_firewall" "jenkins_agent_discovery_from_agent" {
-  name    = "jenkins-agent-udp-discovery"
-  network = var.network
-  project = local.worker_network_project_id
-
-  allow {
-    protocol = "udp"
-  }
-
-  allow {
-    protocol = "tcp"
-  }
-
-  source_tags = ["jenkins", "jenkins-agent"]
-  target_tags = ["jenkins", "jenkins-agent"]
+data "google_compute_image" "jenkins_agent" {
+  project = google_project_service.cloudresourcemanager.project
+  family  = "jenkins-agent"
 }
 
 module "jenkins-gce" {
   source                                         = "../../"
   project_id                                     = google_project_service.iam.project
   region                                         = var.region
-  gcs_bucket                                     = google_storage_bucket.artifacts.name
   jenkins_instance_zone                          = var.jenkins_instance_zone
+  gcs_bucket                                     = module.artifacts.artifact_bucket
   jenkins_instance_network                       = var.network
   jenkins_instance_subnetwork                    = var.subnetwork
   jenkins_instance_additional_metadata           = var.jenkins_instance_metadata
@@ -108,11 +76,8 @@ module "jenkins-gce" {
   jenkins_workers_boot_disk_source_image         = data.google_compute_image.jenkins_agent.name
   jenkins_workers_boot_disk_source_image_project = var.project_id
 
-  jenkins_jobs = [
-    {
-      name     = "testjob"
-      manifest = data.template_file.example_job.rendered
-    },
-  ]
+  create_firewall_rules = true
+
+  jenkins_jobs = module.artifacts.jobs
 }
 

firewall.tf

@@ -42,3 +42,56 @@ resource "google_compute_firewall" "jenkins-external-443" {
   target_service_accounts = [google_service_account.jenkins.email]
 }
 
+resource "google_compute_firewall" "jenkins_agent_ssh_from_instance" {
+  count = var.create_firewall_rules ? 1 : 0
+
+  name    = "jenkins-agent-ssh-access"
+  network = var.jenkins_workers_network
+  project = var.project_id
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  source_tags = var.jenkins_instance_tags
+  target_tags = var.jenkins_workers_network_tags
+}
+
+resource "google_compute_firewall" "jenkins_agent_discovery_from_agent" {
+  count = var.create_firewall_rules ? 1 : 0
+
+  name    = "jenkins-agent-udp-discovery"
+  network = var.jenkins_instance_network
+  project = coalesce(var.jenkins_network_project_id, var.project_id)
+
+  allow {
+    protocol = "udp"
+  }
+
+  allow {
+    protocol = "tcp"
+  }
+
+  source_tags = concat(var.jenkins_instance_tags, var.jenkins_workers_network_tags)
+  target_tags = concat(var.jenkins_instance_tags, var.jenkins_workers_network_tags)
+}
+
+resource "google_compute_firewall" "jenkins_agent_discovery_from_agent_workers" {
+  count = var.create_firewall_rules ? 1 : 0
+
+  name    = "jenkins-agent-udp-discovery-workers"
+  network = var.jenkins_workers_network
+  project = coalesce(var.jenkins_network_project_id, var.project_id)
+
+  allow {
+    protocol = "udp"
+  }
+
+  allow {
+    protocol = "tcp"
+  }
+
+  source_tags = concat(var.jenkins_instance_tags, var.jenkins_workers_network_tags)
+  target_tags = concat(var.jenkins_instance_tags, var.jenkins_workers_network_tags)
+}

modules/artifact_storage/README.md

@@ -0,0 +1,21 @@
+# Artifact storage module
+
+This provisions GCS bucket for artifacts and optionally renders jobs with automatic artifact upload.
+
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| project_id | The project ID to deploy to | string | - | yes |
+| jobs | A list of Jenkins jobs to populate | list | [] | no |
+| jobs_count | Amount of jobs to populate | number | 0 | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| artifact_bucket | Artifact bucket name |
+| jobs | List of rendered jobs |
+
+[^]: (autogen_docs_end)

modules/artifact_storage/main.tf

@@ -0,0 +1,48 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_storage_bucket" "artifacts" {
+  name          = "${var.project_id}-jenkins-artifacts"
+  project       = var.project_id
+  force_destroy = true
+}
+
+data "local_file" "artifact_upload_job_template" {
+  filename = "${path.module}/templates/artifact_upload_job.xml.tpl"
+}
+
+data "template_file" "artifact_upload_job" {
+  count = var.jobs_count
+
+  template = data.local_file.artifact_upload_job_template.content
+
+  vars = {
+    project_id            = var.project_id
+    build_artifact_bucket = google_storage_bucket.artifacts.url
+
+    job_name     = var.jobs[count.index].name
+    job_builders = join("\n", var.jobs[count.index].builders)
+  }
+}
+
+data "null_data_source" "jobs" {
+  count = var.jobs_count
+
+  inputs = {
+    name     = var.jobs[count.index].name
+    manifest = data.template_file.artifact_upload_job[count.index].rendered
+  }
+}

modules/artifact_storage/outputs.tf

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "artifact_bucket" {
+  description = "Artifact bucket name"
+  value       = google_storage_bucket.artifacts.name
+}
+
+output "jobs" {
+  description = "List of rendered jobs"
+  value       = data.null_data_source.jobs.*.outputs
+}

examples/simple_example/templates/example_job.xml.tpl → modules/artifact_storage/templates/artifact_upload_job.xml.tpl

@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <project>
 	<actions/>
-	<description></description>
+	<description>Job ${job_name}</description>
 	<keepDependencies>false</keepDependencies>
 	<properties/>
 	<scm class="hudson.scm.NullSCM"/>
@@ -13,10 +13,7 @@
 	<triggers/>
 	<concurrentBuild>true</concurrentBuild>
 	<builders>
-		<hudson.tasks.Shell>
-			<command>echo &quot;hello world from testjob&quot;
-			env &gt; build-log.txt</command>
-		</hudson.tasks.Shell>
+		${job_builders}
 	</builders>
 	<publishers>
 		<com.google.jenkins.plugins.storage.GoogleCloudStorageUploader plugin="[email protected]">

modules/artifact_storage/variables.tf

@@ -0,0 +1,36 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to deploy to"
+  type        = string
+}
+
+variable "jobs" {
+  description = "A list of Jenkins jobs to populate"
+  default     = []
+
+  type = list(object({
+    name     = string
+    builders = list(string)
+  }))
+}
+
+variable "jobs_count" {
+  description = "Amount of jobs to populate"
+  type        = number
+  default     = 0
+}

variables.tf

@@ -22,6 +22,12 @@ variable "region" {
   description = "The region to deploy to"
 }
 
+variable "create_firewall_rules" {
+  description = "If worker firewall rules should be created"
+  default     = false
+  type        = bool
+}
+
 variable "jenkins_instance_name" {
   description = "The name to assign to the Jenkins VM"
   default     = "jenkins"