feat: add api gateway

NandosUK · Sep 1, 2023 · c3e8814 · c3e8814
1 parent 6e34ece
commit c3e8814
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 11 deletions.
diff --git a/gcp/cloud-run-v1/main.tf b/gcp/cloud-run-v1/main.tf
@@ -1,3 +1,4 @@
+
 # Resource configuration for deploying a Google Cloud Run service
 resource "google_cloud_run_service" "default" {
   name                       = var.name           # Service name
@@ -106,7 +107,7 @@ module "lb-http" {
 }
 
 # Cloud Build trigger configuration
-module "trigger_okta_provision" {
+module "trigger_provision" {
   count        = var.create_trigger == true ? 1 : 0
   source       = "../cloud-cloudbuild-trigger"
   name         = "service-${var.name}-provision"

diff --git a/gcp/nandos-api-gateway/README.md b/gcp/nandos-api-gateway/README.md
@@ -6,9 +6,12 @@ This Terraform module provisions a complete API environment on Google Cloud Plat
 
 ```hcl
 module "nandos_api" {
-  source              = "github.com/NandosUK/infrastructure-terraform-modules//gcp/nandos-api-gateway"
-  project_id          = "test-project-id"
-  api_name            = "test-api"
+  source                 = "github.com/NandosUK/infrastructure-terraform-modules//gcp/nandos-api-gateway"
+  project_id             = "test-project-id"
+  api_name               = "test-api"
   openapi_spec_file_path = "./path/to/spec.yaml"
+  project_region         = "europe-west2"
+  cloud_run_url          = "https://test-project-id-ew2-abc-1234.a.run.app"
 }
+
 ```
diff --git a/gcp/nandos-api-gateway/main.tf b/gcp/nandos-api-gateway/main.tf
@@ -5,6 +5,20 @@ resource "google_service_account" "api_gateway_sa" {
   project      = var.project_id
 }
 
+# Add permission for service account to invoke the Cloud Run service
+resource "google_project_iam_member" "cloud_run_invoker" {
+  role    = "roles/run.invoker"
+  member  = "serviceAccount:${google_service_account.api_gateway_sa.email}"
+  project = var.project_id
+}
+
+# Add permission for service account to invoke the Cloud Function
+resource "google_project_iam_member" "cloud_function_invoker" {
+  role    = "roles/cloudfunctions.invoker"
+  member  = "serviceAccount:${google_service_account.api_gateway_sa.email}"
+  project = var.project_id
+}
+
 # API Gateway API Resource
 resource "google_api_gateway_api" "nandos_api" {
   provider = google-beta

diff --git a/gcp/nandos-api-gateway/variables.tf b/gcp/nandos-api-gateway/variables.tf
@@ -8,11 +8,6 @@ variable "project_region" {
   type        = string
 }
 
-variable "cloud_run_url" {
-  description = "The URL for the Cloud Run service."
-  type        = string
-}
-
 variable "api_name" {
   description = "The name for the API Gateway API."
   type        = string

diff --git a/test/gcp/nandos-api-gateway.tf b/test/gcp/nandos-api-gateway.tf
@@ -1,8 +1,8 @@
 module "nandos_api" {
   source                 = "../../gcp/nandos-api-gateway"
   project_id             = "test-project-id"
-  project_region         = "europe-west2"
-  cloud_run_url          = "https://test-cloud-run-service-xyz.a.run.app"
   api_name               = "test-api"
   openapi_spec_file_path = "../assets/api-gateway-example.yml"
+  project_region         = "europe-west2"
+  cloud_run_url          = "https://test-project-id-ew2-abc-1234.a.run.app"
 }