Merge pull request #69 from NandosUK/add-optional-trigger-sa-capability

Add optional trigger sa capability
NandosUK · Sep 12, 2024 · ec5ac8a · ec5ac8a
2 parents d658b57 + 348260a
commit ec5ac8a
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 11 deletions.
diff --git a/gcp/cloud-cloudbuild-trigger/main.tf b/gcp/cloud-cloudbuild-trigger/main.tf
@@ -11,6 +11,8 @@ resource "google_cloudbuild_trigger" "trigger_main" {
  invert_regex = var.branching_strategy[var.environment]["provision"]["invert_regex"]
  }
  }
+ service_account = var.trigger_service_account
+
  substitutions = var.substitutions
  filename = var.filename
  included_files = var.include

diff --git a/gcp/cloud-cloudbuild-trigger/variables.tf b/gcp/cloud-cloudbuild-trigger/variables.tf
@@ -133,3 +133,9 @@ variable "disabled" {
  default = false
  description = "Flag to specify if the trigger is disabled."
 }
+
+variable "trigger_service_account" {
+ type = string
+ description = "Service account to use for the Cloud Build trigger."
+ default = ""
+}
diff --git a/gcp/cloud-run-v2/main.tf b/gcp/cloud-run-v2/main.tf
@@ -11,7 +11,7 @@ locals {
  custom_request_headers = ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"]
  custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"]
  log_config = {
- enable = var.enable_lb_logging
+ enable  = var.enable_lb_logging
  sample_rate = var.enable_lb_logging ? 1 : 0
  }
  iap_config = {
@@ -332,6 +332,8 @@ module "trigger_provision" {
  exclude = ["${var.service_path}/functions/**", "${var.service_path}/jobs/**"]
  environment = var.environment
 
+ trigger_service_account = var.trigger_service_account
+
  # Substitution variables for Cloud Build Trigger
  substitutions = merge({
  _STAGE = "provision"

diff --git a/gcp/cloud-run-v2/variables.tf b/gcp/cloud-run-v2/variables.tf
@@ -348,3 +348,9 @@ variable "enable_lb_logging" {
  type = bool
  default = false
 }
+
+variable "trigger_service_account" {
+ type = string
+ description = "Service account to use for the Cloud Build trigger."
+ default = ""
+}
diff --git a/test/gcp/cloud-run-v2.tf b/test/gcp/cloud-run-v2.tf
@@ -1,14 +1,15 @@
 module "cloud-run-api-my-awesome-api" {
- source = "../../gcp/cloud-run-v2"
- project_id = "mgt-build-56d2ff6b"
- name = "my-awesome-api"
- project_region = "europe-west2"
- allow_public_access = true
- create_trigger = true
- environment = "preview"
- repository_name = "my-repo-in-github"
- service_path = "/services/my-awesome-api"
- dependencies = ["services/shared/**", "services/types/**"]
+ source = "../../gcp/cloud-run-v2"
+ project_id = "mgt-build-56d2ff6b"
+ name = "my-awesome-api"
+ project_region = "europe-west2"
+ allow_public_access = true
+ create_trigger = true
+ environment = "preview"
+ repository_name = "my-repo-in-github"
+ service_path = "/services/my-awesome-api"
+ dependencies = ["services/shared/**", "services/types/**"]
+ cloud_run_service_account = "example-service-account@example.iam.gserviceaccount.com"
 
  startup_probe_initial_delay = 5
  liveness_probe_initial_delay = 10