-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create module and entrypoint for gcp (#13)
- Loading branch information
Showing
14 changed files
with
1,761 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package pg_db_admin | ||
|
||
// This is the entrypoint for a GCP Cloud Function | ||
// A Cloud Function (2nd gen) *must* be built using GCP Cloud Build | ||
// This requires us to do the following: | ||
// - Package all source code (including vendor) in the zip file | ||
// - main.go *must* be at the root of the zip file | ||
// - package name in main.go must match module name defined in go.mod (cannot be `package main`) | ||
// | ||
// This entrypoint does not run code; it only registers a trigger that is used by the runtime upon execution | ||
|
||
import ( | ||
"fmt" | ||
_ "github.com/GoogleCloudPlatform/functions-framework-go/funcframework" | ||
"github.com/GoogleCloudPlatform/functions-framework-go/functions" | ||
"github.com/nullstone-modules/pg-db-admin/api" | ||
"github.com/nullstone-modules/pg-db-admin/postgresql" | ||
"os" | ||
) | ||
|
||
var ( | ||
dbConnUrlEnvVar = "DB_CONN_URL" | ||
) | ||
|
||
func init() { | ||
fmt.Println("Initializing pg-db-admin...") | ||
store := postgresql.NewStore(os.Getenv(dbConnUrlEnvVar)) | ||
router := api.CreateRouter(store) | ||
functions.HTTP("pg-db-admin", router.ServeHTTP) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
org_name: nullstone | ||
name: gcp-pg-db-admin | ||
friendly_name: GCP Cloud Function for PostgreSQL Admin | ||
description: Creates a Google Cloud Function to administer a postgresql database without the use of SSH Tunnel or VPN | ||
category: block | ||
subcategory: "" | ||
provider_types: | ||
- gcp | ||
platform: postgres | ||
subplatform: "" | ||
type: "" | ||
appCategories: [] | ||
is_public: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
resource "google_secret_manager_secret" "db_admin_pg" { | ||
secret_id = "${var.name}_conn_url" | ||
labels = var.labels | ||
|
||
replication { | ||
automatic = true | ||
} | ||
} | ||
|
||
resource "google_secret_manager_secret_version" "db_admin_pg" { | ||
secret = google_secret_manager_secret.db_admin_pg.id | ||
secret_data = "postgres://${urlencode(var.username)}:${urlencode(var.password)}@${var.host}:${var.port}/${urlencode(var.database)}" | ||
enabled = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
locals { | ||
truncated_executor_len = min(length(var.name), 28 - length("executor-")) | ||
executor_name = "executor-${substr(var.name, 0, local.truncated_executor_len)}" | ||
} | ||
|
||
resource "google_service_account" "executor" { | ||
account_id = local.executor_name | ||
display_name = "Executor for pg db admin ${var.name}" | ||
} | ||
|
||
resource "google_project_iam_member" "executor_artifacts" { | ||
project = local.project_id | ||
role = "roles/artifactregistry.reader" | ||
member = "serviceAccount:${google_service_account.executor.email}" | ||
} | ||
|
||
resource "google_secret_manager_secret_iam_member" "executor_secrets" { | ||
project = local.project_id | ||
secret_id = google_secret_manager_secret.db_admin_pg.secret_id | ||
role = "roles/secretmanager.secretAccessor" | ||
member = "serviceAccount:${google_service_account.executor.email}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
resource "google_cloudfunctions2_function" "function" { | ||
name = var.name | ||
location = local.region | ||
description = "${var.name} Postgresql DB Admin" | ||
labels = var.labels | ||
|
||
build_config { | ||
runtime = "go120" | ||
entry_point = "pg-db-admin" | ||
|
||
environment_variables = { | ||
"SOURCE_HASH" : google_storage_bucket_object.binary.detect_md5hash | ||
} | ||
|
||
source { | ||
storage_source { | ||
bucket = google_storage_bucket.binaries.name | ||
object = google_storage_bucket_object.binary.name | ||
} | ||
} | ||
} | ||
|
||
service_config { | ||
service_account_email = google_service_account.executor.email | ||
available_cpu = "2" | ||
available_memory = "512Mi" | ||
timeout_seconds = 20 | ||
max_instance_count = 100 | ||
max_instance_request_concurrency = 50 | ||
all_traffic_on_latest_revision = true | ||
ingress_settings = "ALLOW_ALL" | ||
vpc_connector_egress_settings = "ALL_TRAFFIC" | ||
vpc_connector = var.vpc_access_connector_name | ||
|
||
secret_environment_variables { | ||
key = "DB_CONN_URL" | ||
project_id = local.project_id | ||
secret = google_secret_manager_secret.db_admin_pg.secret_id | ||
version = google_secret_manager_secret_version.db_admin_pg.version | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
data "google_client_config" "this" {} | ||
|
||
locals { | ||
project_id = data.google_client_config.this.project | ||
region = data.google_client_config.this.region | ||
region_prefix = lower(substr(local.region, 0, 2)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
locals { | ||
truncated_len = min(length(var.name), 28 - length("invoker-")) | ||
invoker_name = "invoker-${substr(var.name, 0, local.truncated_len)}" | ||
} | ||
|
||
resource "google_service_account" "invoker" { | ||
account_id = local.invoker_name | ||
display_name = "Invoker for pg db admin ${var.name}" | ||
} | ||
|
||
resource "google_service_account_key" "invoker" { | ||
service_account_id = google_service_account.invoker.account_id | ||
} | ||
|
||
resource "google_project_iam_member" "invoker_basic" { | ||
project = local.project_id | ||
role = "roles/run.invoker" | ||
member = "serviceAccount:${google_service_account.invoker.email}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
output "function_name" { | ||
value = google_cloudfunctions2_function.function.name | ||
} | ||
|
||
output "function_url" { | ||
value = try(google_cloudfunctions2_function.function.service_config[0].uri, "") | ||
} | ||
|
||
output "invoker" { | ||
value = { | ||
email = google_service_account.invoker.email | ||
private_key = google_service_account_key.invoker.private_key | ||
} | ||
|
||
description = "object({ email: string, private_key: string }) ||| A GCP service account with explicit privilege invoke db admin cloud function." | ||
sensitive = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
locals { | ||
storage_location = local.region_prefix == "us" ? "US" : (local.region_prefix == "eu" ? "EU" : "ASIA") | ||
package_filename = "${path.module}/files/pg-db-admin.zip" | ||
} | ||
|
||
resource "google_storage_bucket" "binaries" { | ||
name = "${var.name}-binaries" | ||
location = local.storage_location | ||
labels = var.labels | ||
force_destroy = true | ||
} | ||
|
||
resource "google_storage_bucket_object" "binary" { | ||
bucket = google_storage_bucket.binaries.name | ||
name = "pg-db-admin.zip" | ||
source = local.package_filename | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
variable "name" { | ||
description = "The name of the cloud function function and " | ||
type = string | ||
} | ||
|
||
variable "labels" { | ||
description = "A map of labels that are applied to GCP resources" | ||
type = map(string) | ||
} | ||
|
||
variable "host" { | ||
description = "The database cluster host to connect" | ||
type = string | ||
} | ||
|
||
variable "port" { | ||
description = "The database cluster port to connect" | ||
type = string | ||
default = "3306" | ||
} | ||
|
||
variable "database" { | ||
description = "The initial database to connect" | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "username" { | ||
description = "Postgresql username" | ||
type = string | ||
} | ||
|
||
variable "password" { | ||
description = "Postgresql password" | ||
type = string | ||
} | ||
|
||
variable "vpc_access_connector_name" { | ||
type = string | ||
description = <<EOF | ||
This module requires a VPC Serverless Access Connector to reach the Cloud SQL instance in a private network. | ||
This variable configures the function to use an existing access connector. | ||
EOF | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.