diff --git a/modules/cloud-run/main.tf b/modules/cloud-run/main.tf index d471f42e04..28f962f2f3 100644 --- a/modules/cloud-run/main.tf +++ b/modules/cloud-run/main.tf @@ -15,6 +15,21 @@ */ locals { + annotations = merge( + var.ingress_settings == null ? {} : { + "run.googleapis.com/ingress" = var.ingress_settings + }, + var.vpc_connector == null ? {} : { + "run.googleapis.com/vpc-access-connector" = ( + try(var.vpc_connector.create, false) + ? google_vpc_access_connector.connector.0.id + : var.vpc_connector.name + ) + }, + try(var.vpc_connector.egress_settings, null) == null ? {} : { + "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings + } + ) prefix = var.prefix == null ? "" : "${var.prefix}-" service_account_email = ( var.service_account_create @@ -25,21 +40,10 @@ locals { ) : var.service_account ) - - annotations = merge(var.ingress_settings == null ? {} : { "run.googleapis.com/ingress" = var.ingress_settings }, - var.vpc_connector == null - ? {} - : try(var.vpc_connector.create, false) - ? { "run.googleapis.com/vpc-access-connector" = var.vpc_connector.name } - : { "run.googleapis.com/vpc-access-connector" = google_vpc_access_connector.connector.0.id } - , - try(var.vpc_connector.egress_settings, null) == null - ? {} - : { "run.googleapis.com/vpc-access-egress" = var.vpc_connector.egress_settings }) } resource "google_vpc_access_connector" "connector" { - count = try(var.vpc_connector.create, false) == false ? 0 : 1 + count = try(var.vpc_connector.create, false) ? 1 : 0 project = var.project_id name = var.vpc_connector.name region = var.region @@ -56,20 +60,30 @@ resource "google_cloud_run_service" "service" { template { spec { dynamic "containers" { - for_each = var.containers == null ? {} : { for i, container in var.containers : i => container } + for_each = var.containers == null ? {} : { + for i, container in var.containers : i => container + } content { image = containers.value["image"] command = try(containers.value["options"]["command"], null) args = try(containers.value["options"]["args"], null) dynamic "env" { - for_each = try(containers.value["options"]["env"], null) == null ? {} : containers.value["options"]["env"] + for_each = ( + try(containers.value["options"]["env"], null) == null + ? {} + : containers.value["options"]["env"] + ) content { name = env.key value = env.value } } dynamic "env" { - for_each = try(containers.value["options"]["env_from"], null) == null ? {} : containers.value["options"]["env_from"] + for_each = ( + try(containers.value["options"]["env_from"], null) == null + ? {} + : containers.value["options"]["env_from"] + ) content { name = env.key value_from { @@ -81,7 +95,14 @@ resource "google_cloud_run_service" "service" { } } dynamic "ports" { - for_each = containers.value["ports"] == null ? {} : { for port in containers.value["ports"] : "${port.name}-${port.container_port}" => port } + for_each = ( + containers.value["ports"] == null + ? {} + : { + for port in containers.value["ports"] : + "${port.name}-${port.container_port}" => port + } + ) content { name = ports.value["name"] protocol = ports.value["protocol"] @@ -96,7 +117,11 @@ resource "google_cloud_run_service" "service" { } } dynamic "volume_mounts" { - for_each = containers.value["volume_mounts"] == null ? {} : containers.value["volume_mounts"] + for_each = ( + containers.value["volume_mounts"] == null + ? {} + : containers.value["volume_mounts"] + ) content { name = volume_mounts.key mount_path = volume_mounts.value @@ -112,7 +137,11 @@ resource "google_cloud_run_service" "service" { secret { secret_name = volumes.value["secret_name"] dynamic "items" { - for_each = volumes.value["items"] == null ? [] : volumes.value["items"] + for_each = ( + volumes.value["items"] == null + ? [] + : volumes.value["items"] + ) content { key = items.value["key"] path = items.value["path"] @@ -130,7 +159,6 @@ resource "google_cloud_run_service" "service" { } } - metadata { annotations = local.annotations } @@ -162,7 +190,10 @@ resource "google_service_account" "service_account" { } resource "google_eventarc_trigger" "audit_log_triggers" { - for_each = var.audit_log_triggers == null ? {} : { for trigger in var.audit_log_triggers : "${trigger.service_name}-${trigger.method_name}" => trigger } + for_each = var.audit_log_triggers == null ? {} : { + for trigger in var.audit_log_triggers : + "${trigger.service_name}-${trigger.method_name}" => trigger + } name = "${local.prefix}${each.key}-audit-log-trigger" location = google_cloud_run_service.service.location project = google_cloud_run_service.service.project @@ -188,7 +219,11 @@ resource "google_eventarc_trigger" "audit_log_triggers" { resource "google_eventarc_trigger" "pubsub_triggers" { for_each = var.pubsub_triggers == null ? [] : toset(var.pubsub_triggers) - name = each.value == "" ? "${local.prefix}default-pubsub-trigger" : "${local.prefix}${each.value}-pubsub-trigger" + name = ( + each.value == "" + ? "${local.prefix}default-pubsub-trigger" + : "${local.prefix}${each.value}-pubsub-trigger" + ) location = google_cloud_run_service.service.location project = google_cloud_run_service.service.project matching_criteria { diff --git a/tests/modules/cloud_run/fixture/main.tf b/tests/modules/cloud_run/fixture/main.tf index f4aa8afabb..acc3805134 100644 --- a/tests/modules/cloud_run/fixture/main.tf +++ b/tests/modules/cloud_run/fixture/main.tf @@ -12,6 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "vpc_connector" { + type = any + default = null +} + +variable "vpc_connector_config" { + type = any + default = null +} + module "cloud_run" { source = "../../../../modules/cloud-run" project_id = "my-project" @@ -37,4 +47,6 @@ module "cloud_run" { iam = { "roles/run.invoker" = ["allUsers"] } + vpc_connector = var.vpc_connector + vpc_connector_config = var.vpc_connector_config } diff --git a/tests/modules/cloud_run/fixture/variables.tf b/tests/modules/cloud_run/fixture/variables.tf deleted file mode 100644 index 6d6d1266c3..0000000000 --- a/tests/modules/cloud_run/fixture/variables.tf +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. diff --git a/tests/modules/cloud_run/test_plan.py b/tests/modules/cloud_run/test_plan.py index d46cdc55bf..44dec1f6db 100644 --- a/tests/modules/cloud_run/test_plan.py +++ b/tests/modules/cloud_run/test_plan.py @@ -28,21 +28,54 @@ def test_resource_count(resources): def test_iam(resources): "Test IAM binding resources." - bindings = [r['values'] for r in resources if r['type'] - == 'google_cloud_run_service_iam_binding'] + bindings = [ + r['values'] + for r in resources + if r['type'] == 'google_cloud_run_service_iam_binding' + ] assert len(bindings) == 1 assert bindings[0]['role'] == 'roles/run.invoker' def test_audit_log_triggers(resources): "Test audit logs Eventarc trigger resources." - audit_log_triggers = [r['values'] for r in resources if r['type'] - == 'google_eventarc_trigger' and r['name'] == 'audit_log_triggers'] + audit_log_triggers = [ + r['values'] + for r in resources + if r['type'] == 'google_eventarc_trigger' and + r['name'] == 'audit_log_triggers' + ] assert len(audit_log_triggers) == 1 def test_pubsub_triggers(resources): "Test Pub/Sub Eventarc trigger resources." - pubsub_triggers = [r['values'] for r in resources if r['type'] - == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers'] + pubsub_triggers = [ + r['values'] for r in resources if + r['type'] == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers' + ] assert len(pubsub_triggers) == 2 + + +def test_vpc_connector_none(plan_runner): + "Test VPC connector creation." + _, resources = plan_runner() + assert len( + [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0 + + +def test_vpc_connector_nocreate(plan_runner): + "Test VPC connector creation." + _, resources = plan_runner( + vpc_connector='{create=false, name="foo", egress_settings=null}') + assert len( + [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 0 + + +def test_vpc_connector_create(plan_runner): + "Test VPC connector creation." + _, resources = plan_runner( + vpc_connector='{create=true, name="foo", egress_settings=null}', + vpc_connector_config='{ip_cidr_range="10.0.0.0/28", network="default"}') + assert len( + [r for r in resources if r['type'] == 'google_vpc_access_connector']) == 1