From c3e8814d3944943a0e73f05ab914df1e9ff43c25 Mon Sep 17 00:00:00 2001 From: miguelpuiggarcia Date: Fri, 1 Sep 2023 12:55:03 +0100 Subject: [PATCH] feat: add api gateway --- gcp/cloud-run-v1/main.tf | 3 ++- gcp/nandos-api-gateway/README.md | 9 ++++++--- gcp/nandos-api-gateway/main.tf | 14 ++++++++++++++ gcp/nandos-api-gateway/variables.tf | 5 ----- test/gcp/nandos-api-gateway.tf | 4 ++-- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/gcp/cloud-run-v1/main.tf b/gcp/cloud-run-v1/main.tf index 58b2dfb..80cfee2 100644 --- a/gcp/cloud-run-v1/main.tf +++ b/gcp/cloud-run-v1/main.tf @@ -1,3 +1,4 @@ + # Resource configuration for deploying a Google Cloud Run service resource "google_cloud_run_service" "default" { name = var.name # Service name @@ -106,7 +107,7 @@ module "lb-http" { } # Cloud Build trigger configuration -module "trigger_okta_provision" { +module "trigger_provision" { count = var.create_trigger == true ? 1 : 0 source = "../cloud-cloudbuild-trigger" name = "service-${var.name}-provision" diff --git a/gcp/nandos-api-gateway/README.md b/gcp/nandos-api-gateway/README.md index bd2b727..0a5ab51 100644 --- a/gcp/nandos-api-gateway/README.md +++ b/gcp/nandos-api-gateway/README.md @@ -6,9 +6,12 @@ This Terraform module provisions a complete API environment on Google Cloud Plat ```hcl module "nandos_api" { - source = "github.com/NandosUK/infrastructure-terraform-modules//gcp/nandos-api-gateway" - project_id = "test-project-id" - api_name = "test-api" + source = "github.com/NandosUK/infrastructure-terraform-modules//gcp/nandos-api-gateway" + project_id = "test-project-id" + api_name = "test-api" openapi_spec_file_path = "./path/to/spec.yaml" + project_region = "europe-west2" + cloud_run_url = "https://test-project-id-ew2-abc-1234.a.run.app" } + ``` diff --git a/gcp/nandos-api-gateway/main.tf b/gcp/nandos-api-gateway/main.tf index dfb14ba..04d0e77 100644 --- a/gcp/nandos-api-gateway/main.tf +++ b/gcp/nandos-api-gateway/main.tf @@ -5,6 +5,20 @@ resource "google_service_account" "api_gateway_sa" { project = var.project_id } +# Add permission for service account to invoke the Cloud Run service +resource "google_project_iam_member" "cloud_run_invoker" { + role = "roles/run.invoker" + member = "serviceAccount:${google_service_account.api_gateway_sa.email}" + project = var.project_id +} + +# Add permission for service account to invoke the Cloud Function +resource "google_project_iam_member" "cloud_function_invoker" { + role = "roles/cloudfunctions.invoker" + member = "serviceAccount:${google_service_account.api_gateway_sa.email}" + project = var.project_id +} + # API Gateway API Resource resource "google_api_gateway_api" "nandos_api" { provider = google-beta diff --git a/gcp/nandos-api-gateway/variables.tf b/gcp/nandos-api-gateway/variables.tf index ae8b2f9..d294e60 100644 --- a/gcp/nandos-api-gateway/variables.tf +++ b/gcp/nandos-api-gateway/variables.tf @@ -8,11 +8,6 @@ variable "project_region" { type = string } -variable "cloud_run_url" { - description = "The URL for the Cloud Run service." - type = string -} - variable "api_name" { description = "The name for the API Gateway API." type = string diff --git a/test/gcp/nandos-api-gateway.tf b/test/gcp/nandos-api-gateway.tf index 9645427..319c15a 100644 --- a/test/gcp/nandos-api-gateway.tf +++ b/test/gcp/nandos-api-gateway.tf @@ -1,8 +1,8 @@ module "nandos_api" { source = "../../gcp/nandos-api-gateway" project_id = "test-project-id" - project_region = "europe-west2" - cloud_run_url = "https://test-cloud-run-service-xyz.a.run.app" api_name = "test-api" openapi_spec_file_path = "../assets/api-gateway-example.yml" + project_region = "europe-west2" + cloud_run_url = "https://test-project-id-ew2-abc-1234.a.run.app" }