From e593916d40dc38a6ea5b542d68b69bcbcea1b074 Mon Sep 17 00:00:00 2001 From: Sam Royal Date: Mon, 23 Oct 2023 12:28:45 +0100 Subject: [PATCH] Disable API key auth --- gcp/api-gateway/main.tf | 68 +++++++++++++++++------------------- gcp/api-gateway/variables.tf | 2 +- 2 files changed, 34 insertions(+), 36 deletions(-) diff --git a/gcp/api-gateway/main.tf b/gcp/api-gateway/main.tf index 937494a..8d4adfd 100644 --- a/gcp/api-gateway/main.tf +++ b/gcp/api-gateway/main.tf @@ -60,38 +60,6 @@ resource "google_api_gateway_gateway" "nandos_api_gateway" { region = var.project_region } -resource "google_project_service" "enable_api_gateway" { - service = google_api_gateway_api.nandos_api.managed_service - project = var.project_id - disable_on_destroy = false -} - -resource "google_apikeys_key" "api_keys" { - for_each = { for key in var.api_keys : key.name => key } - - name = "key-${each.value.name}" - display_name = each.value.display_name - project = var.project_id - - restrictions { - api_targets { - service = google_api_gateway_api.nandos_api.managed_service - methods = each.value.methods - } - - dynamic "server_key_restrictions" { - for_each = each.value.allowed_ips != null ? [1] : [] - content { - allowed_ips = each.value.allowed_ips - } - } - } - - depends_on = [ - google_project_service.enable_api_gateway - ] -} - resource "google_compute_region_network_endpoint_group" "api_g_neg" { provider = google-beta project = var.project_id @@ -116,7 +84,6 @@ resource "google_compute_url_map" "urlmap" { name = "${var.api_name}-urlmap" description = "URL map for ${var.api_name}" default_service = google_compute_backend_service.api_g_backend_service.id - } resource "google_compute_managed_ssl_certificate" "default" { @@ -131,10 +98,8 @@ resource "google_compute_managed_ssl_certificate" "default" { lifecycle { create_before_destroy = true } - } - resource "google_compute_target_https_proxy" "default" { project = var.project_id name = "${var.api_name}-https-proxy" @@ -152,6 +117,39 @@ resource "google_compute_global_forwarding_rule" "https" { port_range = "443" } +# in development: api keys +# resource "google_project_service" "enable_api_gateway" { +# service = google_api_gateway_api.nandos_api.managed_service +# project = var.project_id +# disable_on_destroy = false +# } + +# resource "google_apikeys_key" "api_keys" { +# for_each = { for key in var.api_keys : key.name => key } + +# name = "key-${each.value.name}" +# display_name = each.value.display_name +# project = var.project_id + +# restrictions { +# api_targets { +# service = google_api_gateway_api.nandos_api.managed_service +# methods = each.value.methods +# } + +# dynamic "server_key_restrictions" { +# for_each = each.value.allowed_ips != null ? [1] : [] +# content { +# allowed_ips = each.value.allowed_ips +# } +# } +# } + +# depends_on = [ +# google_project_service.enable_api_gateway +# ] +# } + output "api_gateway_url_text" { value = "Your API Gateway URL is: ${google_api_gateway_gateway.nandos_api_gateway.default_hostname}" } diff --git a/gcp/api-gateway/variables.tf b/gcp/api-gateway/variables.tf index ac4242a..d8514c8 100644 --- a/gcp/api-gateway/variables.tf +++ b/gcp/api-gateway/variables.tf @@ -39,7 +39,7 @@ variable "environment" { } variable "api_keys" { - description = "List of API keys configurations" + description = "in development: List of API keys configurations. This is only needed if you require 3rd party access." type = list(object({ name = string display_name = string