Disable API key auth

NandosUK · Oct 23, 2023 · e593916 · e593916
1 parent ec3aee1
commit e593916
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 36 deletions.
diff --git a/gcp/api-gateway/main.tf b/gcp/api-gateway/main.tf
@@ -60,38 +60,6 @@ resource "google_api_gateway_gateway" "nandos_api_gateway" {
   region     = var.project_region
 }
 
-resource "google_project_service" "enable_api_gateway" {
-  service             = google_api_gateway_api.nandos_api.managed_service
-  project             = var.project_id
-  disable_on_destroy  = false
-}
-
-resource "google_apikeys_key" "api_keys" {
-  for_each = { for key in var.api_keys : key.name => key }
-
-  name         = "key-${each.value.name}"
-  display_name = each.value.display_name
-  project      = var.project_id
-
-  restrictions {
-    api_targets {
-      service = google_api_gateway_api.nandos_api.managed_service
-      methods = each.value.methods
-    }
-
-    dynamic "server_key_restrictions" {
-      for_each = each.value.allowed_ips != null ? [1] : []
-      content {
-        allowed_ips = each.value.allowed_ips
-      }
-    }
-  }
-
-  depends_on = [
-    google_project_service.enable_api_gateway
-  ]
-}
-
 resource "google_compute_region_network_endpoint_group" "api_g_neg" {
   provider              = google-beta
   project               = var.project_id
@@ -116,7 +84,6 @@ resource "google_compute_url_map" "urlmap" {
   name            = "${var.api_name}-urlmap"
   description     = "URL map for ${var.api_name}"
   default_service = google_compute_backend_service.api_g_backend_service.id
-
 }
 
 resource "google_compute_managed_ssl_certificate" "default" {
@@ -131,10 +98,8 @@ resource "google_compute_managed_ssl_certificate" "default" {
   lifecycle {
     create_before_destroy = true
   }
-
 }
 
-
 resource "google_compute_target_https_proxy" "default" {
   project = var.project_id
   name    = "${var.api_name}-https-proxy"
@@ -152,6 +117,39 @@ resource "google_compute_global_forwarding_rule" "https" {
   port_range = "443"
 }
 
+# in development: api keys
+# resource "google_project_service" "enable_api_gateway" {
+#   service             = google_api_gateway_api.nandos_api.managed_service
+#   project             = var.project_id
+#   disable_on_destroy  = false
+# }
+
+# resource "google_apikeys_key" "api_keys" {
+#   for_each = { for key in var.api_keys : key.name => key }
+
+#   name         = "key-${each.value.name}"
+#   display_name = each.value.display_name
+#   project      = var.project_id
+
+#   restrictions {
+#     api_targets {
+#       service = google_api_gateway_api.nandos_api.managed_service
+#       methods = each.value.methods
+#     }
+
+#     dynamic "server_key_restrictions" {
+#       for_each = each.value.allowed_ips != null ? [1] : []
+#       content {
+#         allowed_ips = each.value.allowed_ips
+#       }
+#     }
+#   }
+
+#   depends_on = [
+#     google_project_service.enable_api_gateway
+#   ]
+# }
+
 output "api_gateway_url_text" {
   value = "Your API Gateway URL is: ${google_api_gateway_gateway.nandos_api_gateway.default_hostname}"
 }
diff --git a/gcp/api-gateway/variables.tf b/gcp/api-gateway/variables.tf
@@ -39,7 +39,7 @@ variable "environment" {
 }
 
 variable "api_keys" {
-  description = "List of API keys configurations"
+  description = "in development: List of API keys configurations. This is only needed if you require 3rd party access."
   type        = list(object({
     name          = string
     display_name  = string