From 43f88951cacc8224fb872c55e5594df4ee7ef75f Mon Sep 17 00:00:00 2001 From: Niel Markwick Date: Mon, 16 Sep 2024 18:41:41 +0200 Subject: [PATCH] fix: use a custom service account for Cloud Build New projects by default do not give the default compute service account the required roles to run a cloud build. Therefore the cloud functions do not deploy. Update the TF scripts to create a build-sa service account and use that when deploying the Cloud Functions. Also update versions of Terraform modules to the latest --- .github/workflows/codehealth.yaml | 6 + .husky/pre-commit | 2 + package.json | 1 + .../app-project/.terraform.lock.hcl | 90 ++++++-------- .../distributed/app-project/main.tf | 2 +- .../autoscaler-project/.terraform.lock.hcl | 64 ++++------ .../distributed/autoscaler-project/main.tf | 9 +- .../per-project/.terraform.lock.hcl | 90 ++++++-------- terraform/cloud-functions/per-project/main.tf | 9 +- terraform/gke/decoupled/.terraform.lock.hcl | 116 ++++++++---------- terraform/gke/decoupled/main.tf | 10 +- terraform/gke/unified/.terraform.lock.hcl | 116 ++++++++---------- terraform/gke/unified/main.tf | 8 +- terraform/modules/autoscaler-base/main.tf | 7 ++ .../modules/autoscaler-base/variables.tf | 4 + terraform/modules/autoscaler-cluster/main.tf | 34 +---- .../modules/autoscaler-functions/main.tf | 2 + .../modules/autoscaler-functions/variables.tf | 5 + terraform/modules/forwarder/main.tf | 14 +++ 19 files changed, 290 insertions(+), 299 deletions(-) diff --git a/.github/workflows/codehealth.yaml b/.github/workflows/codehealth.yaml index cdb6e895..04cfdfb1 100644 --- a/.github/workflows/codehealth.yaml +++ b/.github/workflows/codehealth.yaml @@ -44,3 +44,9 @@ jobs: - name: Execute "npm run markdown-link-check" run: npm run markdown-link-check + + - name: Use terraform + uses: hashicorp/setup-terraform@v3 + + - name: terraform validate deployments + run: npm run terraform-validate diff --git a/.husky/pre-commit b/.husky/pre-commit index 827d30ca..5568068b 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -5,4 +5,6 @@ npm run eslint npm run markdown-link-check npm run mdlint npm run typecheck +npm run terraform-validate npm test + diff --git a/package.json b/package.json index 5642e35b..db69c415 100644 --- a/package.json +++ b/package.json @@ -24,6 +24,7 @@ "start-forwarder-function": "functions-framework --target=forwardFromHTTP", "start-poller-function": "functions-framework --target=checkSpannerScaleMetricsHTTP", "start-scaler-function": "functions-framework --target=scaleSpannerInstanceHTTP --port=8081", + "terraform-validate": "set -e ; package_root=\"$(pwd)\"; for x in gke/decoupled gke/unified cloud-functions/distributed/app-project cloud-functions/distributed/autoscaler-project cloud-functions/per-project ; do cd \"$package_root/terraform/$x\" ; echo \"\n\nValidating Terraform in $PWD\n\n\" ; terraform init ; terraform validate; done", "test": "NODE_ENV=test nyc --reporter=text mocha --recursive src --extension=.test.js", "test-e2e": "pushd terraform/cloud-functions/per-project/test && go test -run . -timeout 60m --tags=e2e && popd", "typecheck": "tsc --project jsconfig.json --maxNodeModuleJsDepth 0 --noEmit", diff --git a/terraform/cloud-functions/distributed/app-project/.terraform.lock.hcl b/terraform/cloud-functions/distributed/app-project/.terraform.lock.hcl index 69b6013b..b89963c3 100644 --- a/terraform/cloud-functions/distributed/app-project/.terraform.lock.hcl +++ b/terraform/cloud-functions/distributed/app-project/.terraform.lock.hcl @@ -2,69 +2,59 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/archive" { - version = "2.4.2" + version = "2.6.0" hashes = [ - "h1:G4v6F6Lhqlo3EKGBKEK/kJRhNcQiRrhEdUiVpBHKHOA=", - "zh:08faed7c9f42d82bc3d406d0d9d4971e2d1c2d34eae268ad211b8aca57b7f758", - "zh:3564112ed2d097d7e0672378044a69b06642c326f6f1584d81c7cdd32ebf3a08", - "zh:53cd9afd223c15828c1916e68cb728d2be1cbccb9545568d6c2b122d0bac5102", - "zh:5ae4e41e3a1ce9d40b6458218a85bbde44f21723943982bca4a3b8bb7c103670", - "zh:5b65499218b315b96e95c5d3463ea6d7c66245b59461217c99eaa1611891cd2c", + "h1:rYAubRk7UHC/fzYqFV/VHc+7VIY01ugCxauyTYCNf9E=", + "zh:29273484f7423b7c5b3f5df34ccfc53e52bb5e3d7f46a81b65908e7a8fd69072", + "zh:3cba58ec3aea5f301caf2acc31e184c55d994cc648126cac39c63ae509a14179", + "zh:55170cd17dbfdea842852c6ae2416d057fec631ba49f3bb6466a7268cd39130e", + "zh:7197db402ba35631930c3a4814520f0ebe980ae3acb7f8b5a6f70ec90dc4a388", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7f45b35a8330bebd184c2545a41782ff58240ed6ba947274d9881dd5da44b02e", - "zh:87e67891033214e55cfead1391d68e6a3bf37993b7607753237e82aa3250bb71", - "zh:de3590d14037ad81fc5cedf7cfa44614a92452d7b39676289b704a962050bc5e", - "zh:e7e6f2ea567f2dbb3baa81c6203be69f9cd6aeeb01204fd93e3cf181e099b610", - "zh:fd24d03c89a7702628c2e5a3c732c0dede56fa75a08da4a1efe17b5f881c88e2", - "zh:febf4b7b5f3ff2adff0573ef6361f09b6638105111644bdebc0e4f575373935f", + "zh:8bf7fe0915d7fb152a3a6b9162614d2ec82749a06dba13fab3f98d33c020ec4f", + "zh:8ce811844fd53adb0dabc9a541f8cb43aacfa7d8e39324e4bd3592b3428f5bfb", + "zh:bca795bca815b8ac90e3054c0a9ab1ccfb16eedbb3418f8ad473fc5ad6bf0ef7", + "zh:d9355a18df5a36cf19580748b23249de2eb445c231c36a353709f8f40a6c8432", + "zh:dc32cc32cfd8abf8752d34f2a783de0d3f7200c573b885ecb64ece5acea173b4", + "zh:ef498e20391bf7a280d0fd6fd6675621c85fbe4e92f0f517ae4394747db89bde", + "zh:f2bc5226c765b0c8055a7b6207d0fe1eb9484e3ec8880649d158827ac6ed3b22", ] } provider "registry.terraform.io/hashicorp/google" { - version = "5.43.0" - constraints = "~> 5.43.0" + version = "6.2.0" + constraints = ">= 6.2.0" hashes = [ - "h1:7Qw/quj9F4AE53kJS48byB+NUYaugb2CHfW23RUcBLY=", - "h1:AfTLsVfVuFcrM9s5oAiM4OcoJoKbF6x7eVqB+mAAYdg=", - "h1:Ev9JrhjCtDC4BV2WMufxBgO1XlgEBKkd4peZcTiKWcE=", - "h1:GK1PWZKzB/K2bEAuB6WVUid2CuKEi1BD11YzfJ4zOtU=", - "h1:LAcXtqGT5N/keqPpd3JfAPu1DOf8fMCig7/TMtjhg9k=", - "h1:SAxsn9XcGNM5qKzyG4ZiHzt94DWoI637MRz9vJRuGfU=", - "h1:XAILPdJY1ORNbtfdHeOyhE+4JwhOA52IqsP7nKiMMWo=", - "h1:oxJ6lIjf63FQtDkrTRCKHQuTT8VmjCEzDZI1TXdgSSY=", - "h1:tMAjc0lcYWL0BovtJQ5Y5WuB5CxQoDIc81S5a1xc0i4=", - "h1:xxSmSmPhqfTrfo1aLEMNXatBPKbkz5sXALrPTyK5ml4=", - "h1:zEDAm/LWw1yI7InD7lkWXS2catyqvKlQhjxD7jYSMQg=", - "zh:0384250be647ed36b08c043a6dc7f99e75ca54d2b7270961ecaeada3a1eb67b0", - "zh:0d4cc69f3181d5871c3039acac17881d9156ad9803fe46ead51c1abe90dc6b2e", - "zh:29ac5b392eb9a5287aab4d28b6c2b0b6e919b4688768b7456118e9c828d8acdd", - "zh:4490fafa669754d903892efa8034a1f82073ce54e47d6148b7674bb04cd9bf49", - "zh:5c8d36a7da1e2b071f748fe3502b99373900bb8fdb44fe06a7885dc8399f8daf", - "zh:847c1de3f5c579dda4e35f1af9935421ff3324f7140b9223af86dd8085971a40", - "zh:93dfad5c7791e59ba14aa73b50d61dc2f100dde3299f21466e36e3ee87456864", - "zh:9844b672988660770caf249516f293508210d74e192c23104b8b2652df755af9", - "zh:b51abf3834c2272f388fc4581c119ce0405b87762575fac04a1b564656536e06", - "zh:b753fbf840fd443e74f5e51aba415ea43e065c9ce104355be8fac3dc88c61021", + "h1:7JIgzQKRW0AT6UliiYSjYUKxDr03baZpQmt5XVkrujs=", + "zh:08a7dc0b53d2b63baab928e66086bf3e09107516af078ce011d2667456e64834", + "zh:1cf9a1373e516844b43fdcea36e73f5a68f19ad07afcf6093788eb235c710163", + "zh:2d4a7cb26c3f0d036d51db219a09013d3d779e44d584e0fc631df0f2cd5e5550", + "zh:47e1fc68e455f99f1875deaed9aa5434a852e2a70a3cb5a5e9b5a2d8c25d7b74", + "zh:78531a8624ddcd45277e1b465e773ac92001ea0e200e9dc1147ebeb24d56359e", + "zh:a76751723c034d44764df22925178f78d8b4852e3e6ac6c5d86f51666c9e666c", + "zh:a83a59a7e667cfffb0d501a501e9b3d2d4fcc83deb07a318c9690d537cbdc4b6", + "zh:b16473b7e59e01690d8234a0044c304505688f5518b205e9ed06fc63ddc82977", + "zh:b957648ad0383e17149bf3a02def81ebc6bd55ca0cffb6ec1c368a1b4f33c4fd", + "zh:e2f3f4a27b41a20bdbb7a80fbcde1a4c36bbd1c83edb9256bc1724754f8d370f", + "zh:ecfce738f85a81603aa51162d5237d6faaa2ffc0f0e52694f8b420ad761a8957", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7067b1c3015bb0870798ef6c87b7962e7409f480f4a2be77d67977628e9f365", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" + version = "3.6.3" hashes = [ - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/terraform/cloud-functions/distributed/app-project/main.tf b/terraform/cloud-functions/distributed/app-project/main.tf index 1a83f73e..58df8e3c 100644 --- a/terraform/cloud-functions/distributed/app-project/main.tf +++ b/terraform/cloud-functions/distributed/app-project/main.tf @@ -18,7 +18,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 5.43.0" + version = ">= 6.2.0" } } } diff --git a/terraform/cloud-functions/distributed/autoscaler-project/.terraform.lock.hcl b/terraform/cloud-functions/distributed/autoscaler-project/.terraform.lock.hcl index ce3e8244..0d01970f 100644 --- a/terraform/cloud-functions/distributed/autoscaler-project/.terraform.lock.hcl +++ b/terraform/cloud-functions/distributed/autoscaler-project/.terraform.lock.hcl @@ -2,50 +2,40 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/archive" { - version = "2.4.2" + version = "2.6.0" hashes = [ - "h1:G4v6F6Lhqlo3EKGBKEK/kJRhNcQiRrhEdUiVpBHKHOA=", - "zh:08faed7c9f42d82bc3d406d0d9d4971e2d1c2d34eae268ad211b8aca57b7f758", - "zh:3564112ed2d097d7e0672378044a69b06642c326f6f1584d81c7cdd32ebf3a08", - "zh:53cd9afd223c15828c1916e68cb728d2be1cbccb9545568d6c2b122d0bac5102", - "zh:5ae4e41e3a1ce9d40b6458218a85bbde44f21723943982bca4a3b8bb7c103670", - "zh:5b65499218b315b96e95c5d3463ea6d7c66245b59461217c99eaa1611891cd2c", + "h1:rYAubRk7UHC/fzYqFV/VHc+7VIY01ugCxauyTYCNf9E=", + "zh:29273484f7423b7c5b3f5df34ccfc53e52bb5e3d7f46a81b65908e7a8fd69072", + "zh:3cba58ec3aea5f301caf2acc31e184c55d994cc648126cac39c63ae509a14179", + "zh:55170cd17dbfdea842852c6ae2416d057fec631ba49f3bb6466a7268cd39130e", + "zh:7197db402ba35631930c3a4814520f0ebe980ae3acb7f8b5a6f70ec90dc4a388", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7f45b35a8330bebd184c2545a41782ff58240ed6ba947274d9881dd5da44b02e", - "zh:87e67891033214e55cfead1391d68e6a3bf37993b7607753237e82aa3250bb71", - "zh:de3590d14037ad81fc5cedf7cfa44614a92452d7b39676289b704a962050bc5e", - "zh:e7e6f2ea567f2dbb3baa81c6203be69f9cd6aeeb01204fd93e3cf181e099b610", - "zh:fd24d03c89a7702628c2e5a3c732c0dede56fa75a08da4a1efe17b5f881c88e2", - "zh:febf4b7b5f3ff2adff0573ef6361f09b6638105111644bdebc0e4f575373935f", + "zh:8bf7fe0915d7fb152a3a6b9162614d2ec82749a06dba13fab3f98d33c020ec4f", + "zh:8ce811844fd53adb0dabc9a541f8cb43aacfa7d8e39324e4bd3592b3428f5bfb", + "zh:bca795bca815b8ac90e3054c0a9ab1ccfb16eedbb3418f8ad473fc5ad6bf0ef7", + "zh:d9355a18df5a36cf19580748b23249de2eb445c231c36a353709f8f40a6c8432", + "zh:dc32cc32cfd8abf8752d34f2a783de0d3f7200c573b885ecb64ece5acea173b4", + "zh:ef498e20391bf7a280d0fd6fd6675621c85fbe4e92f0f517ae4394747db89bde", + "zh:f2bc5226c765b0c8055a7b6207d0fe1eb9484e3ec8880649d158827ac6ed3b22", ] } provider "registry.terraform.io/hashicorp/google" { - version = "5.43.0" - constraints = "~> 5.43.0" + version = "6.2.0" + constraints = ">= 6.2.0" hashes = [ - "h1:7Qw/quj9F4AE53kJS48byB+NUYaugb2CHfW23RUcBLY=", - "h1:AfTLsVfVuFcrM9s5oAiM4OcoJoKbF6x7eVqB+mAAYdg=", - "h1:Ev9JrhjCtDC4BV2WMufxBgO1XlgEBKkd4peZcTiKWcE=", - "h1:GK1PWZKzB/K2bEAuB6WVUid2CuKEi1BD11YzfJ4zOtU=", - "h1:LAcXtqGT5N/keqPpd3JfAPu1DOf8fMCig7/TMtjhg9k=", - "h1:SAxsn9XcGNM5qKzyG4ZiHzt94DWoI637MRz9vJRuGfU=", - "h1:XAILPdJY1ORNbtfdHeOyhE+4JwhOA52IqsP7nKiMMWo=", - "h1:oxJ6lIjf63FQtDkrTRCKHQuTT8VmjCEzDZI1TXdgSSY=", - "h1:tMAjc0lcYWL0BovtJQ5Y5WuB5CxQoDIc81S5a1xc0i4=", - "h1:xxSmSmPhqfTrfo1aLEMNXatBPKbkz5sXALrPTyK5ml4=", - "h1:zEDAm/LWw1yI7InD7lkWXS2catyqvKlQhjxD7jYSMQg=", - "zh:0384250be647ed36b08c043a6dc7f99e75ca54d2b7270961ecaeada3a1eb67b0", - "zh:0d4cc69f3181d5871c3039acac17881d9156ad9803fe46ead51c1abe90dc6b2e", - "zh:29ac5b392eb9a5287aab4d28b6c2b0b6e919b4688768b7456118e9c828d8acdd", - "zh:4490fafa669754d903892efa8034a1f82073ce54e47d6148b7674bb04cd9bf49", - "zh:5c8d36a7da1e2b071f748fe3502b99373900bb8fdb44fe06a7885dc8399f8daf", - "zh:847c1de3f5c579dda4e35f1af9935421ff3324f7140b9223af86dd8085971a40", - "zh:93dfad5c7791e59ba14aa73b50d61dc2f100dde3299f21466e36e3ee87456864", - "zh:9844b672988660770caf249516f293508210d74e192c23104b8b2652df755af9", - "zh:b51abf3834c2272f388fc4581c119ce0405b87762575fac04a1b564656536e06", - "zh:b753fbf840fd443e74f5e51aba415ea43e065c9ce104355be8fac3dc88c61021", + "h1:7JIgzQKRW0AT6UliiYSjYUKxDr03baZpQmt5XVkrujs=", + "zh:08a7dc0b53d2b63baab928e66086bf3e09107516af078ce011d2667456e64834", + "zh:1cf9a1373e516844b43fdcea36e73f5a68f19ad07afcf6093788eb235c710163", + "zh:2d4a7cb26c3f0d036d51db219a09013d3d779e44d584e0fc631df0f2cd5e5550", + "zh:47e1fc68e455f99f1875deaed9aa5434a852e2a70a3cb5a5e9b5a2d8c25d7b74", + "zh:78531a8624ddcd45277e1b465e773ac92001ea0e200e9dc1147ebeb24d56359e", + "zh:a76751723c034d44764df22925178f78d8b4852e3e6ac6c5d86f51666c9e666c", + "zh:a83a59a7e667cfffb0d501a501e9b3d2d4fcc83deb07a318c9690d537cbdc4b6", + "zh:b16473b7e59e01690d8234a0044c304505688f5518b205e9ed06fc63ddc82977", + "zh:b957648ad0383e17149bf3a02def81ebc6bd55ca0cffb6ec1c368a1b4f33c4fd", + "zh:e2f3f4a27b41a20bdbb7a80fbcde1a4c36bbd1c83edb9256bc1724754f8d370f", + "zh:ecfce738f85a81603aa51162d5237d6faaa2ffc0f0e52694f8b420ad761a8957", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7067b1c3015bb0870798ef6c87b7962e7409f480f4a2be77d67977628e9f365", ] } diff --git a/terraform/cloud-functions/distributed/autoscaler-project/main.tf b/terraform/cloud-functions/distributed/autoscaler-project/main.tf index 32d256f8..bd6039d9 100644 --- a/terraform/cloud-functions/distributed/autoscaler-project/main.tf +++ b/terraform/cloud-functions/distributed/autoscaler-project/main.tf @@ -18,7 +18,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 5.43.0" + version = ">= 6.2.0" } } } @@ -38,12 +38,18 @@ resource "google_service_account" "scaler_sa" { display_name = "Autoscaler - Scaler Function Service Account" } +resource "google_service_account" "build_sa" { + account_id = "build-sa" + display_name = "Autoscaler - Cloud Build Builder Service Account" +} + module "autoscaler-base" { source = "../../../modules/autoscaler-base" project_id = var.project_id poller_sa_email = google_service_account.poller_sa.email scaler_sa_email = google_service_account.scaler_sa.email + build_sa_email = google_service_account.build_sa.email } module "autoscaler-functions" { @@ -54,6 +60,7 @@ module "autoscaler-functions" { poller_sa_email = google_service_account.poller_sa.email scaler_sa_email = google_service_account.scaler_sa.email forwarder_sa_emails = var.forwarder_sa_emails + build_sa_id = google_service_account.build_sa.id } module "firestore" { diff --git a/terraform/cloud-functions/per-project/.terraform.lock.hcl b/terraform/cloud-functions/per-project/.terraform.lock.hcl index 69b6013b..b89963c3 100644 --- a/terraform/cloud-functions/per-project/.terraform.lock.hcl +++ b/terraform/cloud-functions/per-project/.terraform.lock.hcl @@ -2,69 +2,59 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/archive" { - version = "2.4.2" + version = "2.6.0" hashes = [ - "h1:G4v6F6Lhqlo3EKGBKEK/kJRhNcQiRrhEdUiVpBHKHOA=", - "zh:08faed7c9f42d82bc3d406d0d9d4971e2d1c2d34eae268ad211b8aca57b7f758", - "zh:3564112ed2d097d7e0672378044a69b06642c326f6f1584d81c7cdd32ebf3a08", - "zh:53cd9afd223c15828c1916e68cb728d2be1cbccb9545568d6c2b122d0bac5102", - "zh:5ae4e41e3a1ce9d40b6458218a85bbde44f21723943982bca4a3b8bb7c103670", - "zh:5b65499218b315b96e95c5d3463ea6d7c66245b59461217c99eaa1611891cd2c", + "h1:rYAubRk7UHC/fzYqFV/VHc+7VIY01ugCxauyTYCNf9E=", + "zh:29273484f7423b7c5b3f5df34ccfc53e52bb5e3d7f46a81b65908e7a8fd69072", + "zh:3cba58ec3aea5f301caf2acc31e184c55d994cc648126cac39c63ae509a14179", + "zh:55170cd17dbfdea842852c6ae2416d057fec631ba49f3bb6466a7268cd39130e", + "zh:7197db402ba35631930c3a4814520f0ebe980ae3acb7f8b5a6f70ec90dc4a388", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7f45b35a8330bebd184c2545a41782ff58240ed6ba947274d9881dd5da44b02e", - "zh:87e67891033214e55cfead1391d68e6a3bf37993b7607753237e82aa3250bb71", - "zh:de3590d14037ad81fc5cedf7cfa44614a92452d7b39676289b704a962050bc5e", - "zh:e7e6f2ea567f2dbb3baa81c6203be69f9cd6aeeb01204fd93e3cf181e099b610", - "zh:fd24d03c89a7702628c2e5a3c732c0dede56fa75a08da4a1efe17b5f881c88e2", - "zh:febf4b7b5f3ff2adff0573ef6361f09b6638105111644bdebc0e4f575373935f", + "zh:8bf7fe0915d7fb152a3a6b9162614d2ec82749a06dba13fab3f98d33c020ec4f", + "zh:8ce811844fd53adb0dabc9a541f8cb43aacfa7d8e39324e4bd3592b3428f5bfb", + "zh:bca795bca815b8ac90e3054c0a9ab1ccfb16eedbb3418f8ad473fc5ad6bf0ef7", + "zh:d9355a18df5a36cf19580748b23249de2eb445c231c36a353709f8f40a6c8432", + "zh:dc32cc32cfd8abf8752d34f2a783de0d3f7200c573b885ecb64ece5acea173b4", + "zh:ef498e20391bf7a280d0fd6fd6675621c85fbe4e92f0f517ae4394747db89bde", + "zh:f2bc5226c765b0c8055a7b6207d0fe1eb9484e3ec8880649d158827ac6ed3b22", ] } provider "registry.terraform.io/hashicorp/google" { - version = "5.43.0" - constraints = "~> 5.43.0" + version = "6.2.0" + constraints = ">= 6.2.0" hashes = [ - "h1:7Qw/quj9F4AE53kJS48byB+NUYaugb2CHfW23RUcBLY=", - "h1:AfTLsVfVuFcrM9s5oAiM4OcoJoKbF6x7eVqB+mAAYdg=", - "h1:Ev9JrhjCtDC4BV2WMufxBgO1XlgEBKkd4peZcTiKWcE=", - "h1:GK1PWZKzB/K2bEAuB6WVUid2CuKEi1BD11YzfJ4zOtU=", - "h1:LAcXtqGT5N/keqPpd3JfAPu1DOf8fMCig7/TMtjhg9k=", - "h1:SAxsn9XcGNM5qKzyG4ZiHzt94DWoI637MRz9vJRuGfU=", - "h1:XAILPdJY1ORNbtfdHeOyhE+4JwhOA52IqsP7nKiMMWo=", - "h1:oxJ6lIjf63FQtDkrTRCKHQuTT8VmjCEzDZI1TXdgSSY=", - "h1:tMAjc0lcYWL0BovtJQ5Y5WuB5CxQoDIc81S5a1xc0i4=", - "h1:xxSmSmPhqfTrfo1aLEMNXatBPKbkz5sXALrPTyK5ml4=", - "h1:zEDAm/LWw1yI7InD7lkWXS2catyqvKlQhjxD7jYSMQg=", - "zh:0384250be647ed36b08c043a6dc7f99e75ca54d2b7270961ecaeada3a1eb67b0", - "zh:0d4cc69f3181d5871c3039acac17881d9156ad9803fe46ead51c1abe90dc6b2e", - "zh:29ac5b392eb9a5287aab4d28b6c2b0b6e919b4688768b7456118e9c828d8acdd", - "zh:4490fafa669754d903892efa8034a1f82073ce54e47d6148b7674bb04cd9bf49", - "zh:5c8d36a7da1e2b071f748fe3502b99373900bb8fdb44fe06a7885dc8399f8daf", - "zh:847c1de3f5c579dda4e35f1af9935421ff3324f7140b9223af86dd8085971a40", - "zh:93dfad5c7791e59ba14aa73b50d61dc2f100dde3299f21466e36e3ee87456864", - "zh:9844b672988660770caf249516f293508210d74e192c23104b8b2652df755af9", - "zh:b51abf3834c2272f388fc4581c119ce0405b87762575fac04a1b564656536e06", - "zh:b753fbf840fd443e74f5e51aba415ea43e065c9ce104355be8fac3dc88c61021", + "h1:7JIgzQKRW0AT6UliiYSjYUKxDr03baZpQmt5XVkrujs=", + "zh:08a7dc0b53d2b63baab928e66086bf3e09107516af078ce011d2667456e64834", + "zh:1cf9a1373e516844b43fdcea36e73f5a68f19ad07afcf6093788eb235c710163", + "zh:2d4a7cb26c3f0d036d51db219a09013d3d779e44d584e0fc631df0f2cd5e5550", + "zh:47e1fc68e455f99f1875deaed9aa5434a852e2a70a3cb5a5e9b5a2d8c25d7b74", + "zh:78531a8624ddcd45277e1b465e773ac92001ea0e200e9dc1147ebeb24d56359e", + "zh:a76751723c034d44764df22925178f78d8b4852e3e6ac6c5d86f51666c9e666c", + "zh:a83a59a7e667cfffb0d501a501e9b3d2d4fcc83deb07a318c9690d537cbdc4b6", + "zh:b16473b7e59e01690d8234a0044c304505688f5518b205e9ed06fc63ddc82977", + "zh:b957648ad0383e17149bf3a02def81ebc6bd55ca0cffb6ec1c368a1b4f33c4fd", + "zh:e2f3f4a27b41a20bdbb7a80fbcde1a4c36bbd1c83edb9256bc1724754f8d370f", + "zh:ecfce738f85a81603aa51162d5237d6faaa2ffc0f0e52694f8b420ad761a8957", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7067b1c3015bb0870798ef6c87b7962e7409f480f4a2be77d67977628e9f365", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" + version = "3.6.3" hashes = [ - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/terraform/cloud-functions/per-project/main.tf b/terraform/cloud-functions/per-project/main.tf index 7abd09d5..a289daa2 100644 --- a/terraform/cloud-functions/per-project/main.tf +++ b/terraform/cloud-functions/per-project/main.tf @@ -18,7 +18,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 5.43.0" + version = ">= 6.2.0" } } } @@ -38,12 +38,18 @@ resource "google_service_account" "scaler_sa" { display_name = "Autoscaler - Scaler Function Service Account" } +resource "google_service_account" "build_sa" { + account_id = "build-sa" + display_name = "Autoscaler - Cloud Build Builder Service Account" +} + module "autoscaler-base" { source = "../../modules/autoscaler-base" project_id = var.project_id poller_sa_email = google_service_account.poller_sa.email scaler_sa_email = google_service_account.scaler_sa.email + build_sa_email = google_service_account.build_sa.email } module "autoscaler-functions" { @@ -53,6 +59,7 @@ module "autoscaler-functions" { region = var.region poller_sa_email = google_service_account.poller_sa.email scaler_sa_email = google_service_account.scaler_sa.email + build_sa_id = google_service_account.build_sa.id } module "firestore" { diff --git a/terraform/gke/decoupled/.terraform.lock.hcl b/terraform/gke/decoupled/.terraform.lock.hcl index 1991fb95..5e1a6809 100644 --- a/terraform/gke/decoupled/.terraform.lock.hcl +++ b/terraform/gke/decoupled/.terraform.lock.hcl @@ -2,52 +2,42 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/external" { - version = "2.3.3" + version = "2.3.4" constraints = ">= 2.2.2" hashes = [ - "h1:H+3QlVPs/7CDa3I4KU/a23wYeGeJxeBlgvR7bfK1t1w=", - "zh:03d81462f9578ec91ce8e26f887e34151eda0e100f57e9772dbea86363588239", - "zh:37ec2a20f6a3ec3a0fd95d3f3de26da6cb9534b30488bc45723e118a0911c0d8", - "zh:4eb5b119179539f2749ce9de0e1b9629d025990f062f4f4dddc161562bb89d37", - "zh:5a31bb58414f41bee5e09b939012df5b88654120b0238a89dfd6691ba197619a", - "zh:6221a05e52a6a2d4f520ffe7cbc741f4f6080e0855061b0ed54e8be4a84eb9b7", + "h1:XWkRZOLKMjci9/JAtE8X8fWOt7A4u+9mgXSUjc4Wuyo=", + "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", + "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", + "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", + "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", + "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", + "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8bb068496b4679bef625e4710d9f3432e301c3a56602271f04e60eadf7f8a94c", - "zh:94742aa5378bab626ce34f79bcef6a373e4f86ea7a8b762e9f71270a899e0d00", - "zh:a485831b5a525cd8f40e8982fa37da40ff70b1ae092c8b755fcde123f0b1238d", - "zh:a647ff16d071eabcabd87ea8183eb90a775a0294ddd735d742075d62fff09193", - "zh:b74710c5954aaa3faf262c18d36a8c2407862d9f842c63e7fa92fa4de3d29df6", - "zh:fa73d83edc92af2e551857594c2232ba6a9e3603ad34b0a5940865202c08d8d7", + "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", + "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", + "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", + "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", + "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", ] } provider "registry.terraform.io/hashicorp/google" { - version = "5.43.0" - constraints = ">= 3.39.0, >= 3.53.0, >= 5.9.0, ~> 5.43.0, < 6.0.0" + version = "6.2.0" + constraints = ">= 3.39.0, >= 3.53.0, >= 5.40.0, >= 6.2.0, < 7.0.0" hashes = [ - "h1:7Qw/quj9F4AE53kJS48byB+NUYaugb2CHfW23RUcBLY=", - "h1:AfTLsVfVuFcrM9s5oAiM4OcoJoKbF6x7eVqB+mAAYdg=", - "h1:Ev9JrhjCtDC4BV2WMufxBgO1XlgEBKkd4peZcTiKWcE=", - "h1:GK1PWZKzB/K2bEAuB6WVUid2CuKEi1BD11YzfJ4zOtU=", - "h1:LAcXtqGT5N/keqPpd3JfAPu1DOf8fMCig7/TMtjhg9k=", - "h1:SAxsn9XcGNM5qKzyG4ZiHzt94DWoI637MRz9vJRuGfU=", - "h1:XAILPdJY1ORNbtfdHeOyhE+4JwhOA52IqsP7nKiMMWo=", - "h1:oxJ6lIjf63FQtDkrTRCKHQuTT8VmjCEzDZI1TXdgSSY=", - "h1:tMAjc0lcYWL0BovtJQ5Y5WuB5CxQoDIc81S5a1xc0i4=", - "h1:xxSmSmPhqfTrfo1aLEMNXatBPKbkz5sXALrPTyK5ml4=", - "h1:zEDAm/LWw1yI7InD7lkWXS2catyqvKlQhjxD7jYSMQg=", - "zh:0384250be647ed36b08c043a6dc7f99e75ca54d2b7270961ecaeada3a1eb67b0", - "zh:0d4cc69f3181d5871c3039acac17881d9156ad9803fe46ead51c1abe90dc6b2e", - "zh:29ac5b392eb9a5287aab4d28b6c2b0b6e919b4688768b7456118e9c828d8acdd", - "zh:4490fafa669754d903892efa8034a1f82073ce54e47d6148b7674bb04cd9bf49", - "zh:5c8d36a7da1e2b071f748fe3502b99373900bb8fdb44fe06a7885dc8399f8daf", - "zh:847c1de3f5c579dda4e35f1af9935421ff3324f7140b9223af86dd8085971a40", - "zh:93dfad5c7791e59ba14aa73b50d61dc2f100dde3299f21466e36e3ee87456864", - "zh:9844b672988660770caf249516f293508210d74e192c23104b8b2652df755af9", - "zh:b51abf3834c2272f388fc4581c119ce0405b87762575fac04a1b564656536e06", - "zh:b753fbf840fd443e74f5e51aba415ea43e065c9ce104355be8fac3dc88c61021", + "h1:7JIgzQKRW0AT6UliiYSjYUKxDr03baZpQmt5XVkrujs=", + "zh:08a7dc0b53d2b63baab928e66086bf3e09107516af078ce011d2667456e64834", + "zh:1cf9a1373e516844b43fdcea36e73f5a68f19ad07afcf6093788eb235c710163", + "zh:2d4a7cb26c3f0d036d51db219a09013d3d779e44d584e0fc631df0f2cd5e5550", + "zh:47e1fc68e455f99f1875deaed9aa5434a852e2a70a3cb5a5e9b5a2d8c25d7b74", + "zh:78531a8624ddcd45277e1b465e773ac92001ea0e200e9dc1147ebeb24d56359e", + "zh:a76751723c034d44764df22925178f78d8b4852e3e6ac6c5d86f51666c9e666c", + "zh:a83a59a7e667cfffb0d501a501e9b3d2d4fcc83deb07a318c9690d537cbdc4b6", + "zh:b16473b7e59e01690d8234a0044c304505688f5518b205e9ed06fc63ddc82977", + "zh:b957648ad0383e17149bf3a02def81ebc6bd55ca0cffb6ec1c368a1b4f33c4fd", + "zh:e2f3f4a27b41a20bdbb7a80fbcde1a4c36bbd1c83edb9256bc1724754f8d370f", + "zh:ecfce738f85a81603aa51162d5237d6faaa2ffc0f0e52694f8b420ad761a8957", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7067b1c3015bb0870798ef6c87b7962e7409f480f4a2be77d67977628e9f365", ] } @@ -82,41 +72,41 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" + version = "3.2.3" constraints = ">= 2.1.0" hashes = [ - "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" + version = "3.6.3" constraints = ">= 2.1.0" hashes = [ - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/terraform/gke/decoupled/main.tf b/terraform/gke/decoupled/main.tf index f3e6ef7e..3bcc8cb8 100644 --- a/terraform/gke/decoupled/main.tf +++ b/terraform/gke/decoupled/main.tf @@ -18,11 +18,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 5.43.0" + version = ">= 6.2.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.32.0" + version = ">= 2.32.0" } } } @@ -42,12 +42,18 @@ resource "google_service_account" "scaler_sa" { display_name = "Autoscaler - Scaler Function Service Account" } +resource "google_service_account" "build_sa" { + account_id = "build-sa" + display_name = "Autoscaler - Cloud Build builder Service Account" +} + module "autoscaler-base" { source = "../../modules/autoscaler-base" project_id = var.project_id poller_sa_email = google_service_account.poller_sa.email scaler_sa_email = google_service_account.scaler_sa.email + build_sa_email = google_service_account.build_sa.email } module "autoscaler-cluster" { diff --git a/terraform/gke/unified/.terraform.lock.hcl b/terraform/gke/unified/.terraform.lock.hcl index 1991fb95..5e1a6809 100644 --- a/terraform/gke/unified/.terraform.lock.hcl +++ b/terraform/gke/unified/.terraform.lock.hcl @@ -2,52 +2,42 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/external" { - version = "2.3.3" + version = "2.3.4" constraints = ">= 2.2.2" hashes = [ - "h1:H+3QlVPs/7CDa3I4KU/a23wYeGeJxeBlgvR7bfK1t1w=", - "zh:03d81462f9578ec91ce8e26f887e34151eda0e100f57e9772dbea86363588239", - "zh:37ec2a20f6a3ec3a0fd95d3f3de26da6cb9534b30488bc45723e118a0911c0d8", - "zh:4eb5b119179539f2749ce9de0e1b9629d025990f062f4f4dddc161562bb89d37", - "zh:5a31bb58414f41bee5e09b939012df5b88654120b0238a89dfd6691ba197619a", - "zh:6221a05e52a6a2d4f520ffe7cbc741f4f6080e0855061b0ed54e8be4a84eb9b7", + "h1:XWkRZOLKMjci9/JAtE8X8fWOt7A4u+9mgXSUjc4Wuyo=", + "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", + "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", + "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", + "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", + "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", + "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8bb068496b4679bef625e4710d9f3432e301c3a56602271f04e60eadf7f8a94c", - "zh:94742aa5378bab626ce34f79bcef6a373e4f86ea7a8b762e9f71270a899e0d00", - "zh:a485831b5a525cd8f40e8982fa37da40ff70b1ae092c8b755fcde123f0b1238d", - "zh:a647ff16d071eabcabd87ea8183eb90a775a0294ddd735d742075d62fff09193", - "zh:b74710c5954aaa3faf262c18d36a8c2407862d9f842c63e7fa92fa4de3d29df6", - "zh:fa73d83edc92af2e551857594c2232ba6a9e3603ad34b0a5940865202c08d8d7", + "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", + "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", + "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", + "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", + "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", ] } provider "registry.terraform.io/hashicorp/google" { - version = "5.43.0" - constraints = ">= 3.39.0, >= 3.53.0, >= 5.9.0, ~> 5.43.0, < 6.0.0" + version = "6.2.0" + constraints = ">= 3.39.0, >= 3.53.0, >= 5.40.0, >= 6.2.0, < 7.0.0" hashes = [ - "h1:7Qw/quj9F4AE53kJS48byB+NUYaugb2CHfW23RUcBLY=", - "h1:AfTLsVfVuFcrM9s5oAiM4OcoJoKbF6x7eVqB+mAAYdg=", - "h1:Ev9JrhjCtDC4BV2WMufxBgO1XlgEBKkd4peZcTiKWcE=", - "h1:GK1PWZKzB/K2bEAuB6WVUid2CuKEi1BD11YzfJ4zOtU=", - "h1:LAcXtqGT5N/keqPpd3JfAPu1DOf8fMCig7/TMtjhg9k=", - "h1:SAxsn9XcGNM5qKzyG4ZiHzt94DWoI637MRz9vJRuGfU=", - "h1:XAILPdJY1ORNbtfdHeOyhE+4JwhOA52IqsP7nKiMMWo=", - "h1:oxJ6lIjf63FQtDkrTRCKHQuTT8VmjCEzDZI1TXdgSSY=", - "h1:tMAjc0lcYWL0BovtJQ5Y5WuB5CxQoDIc81S5a1xc0i4=", - "h1:xxSmSmPhqfTrfo1aLEMNXatBPKbkz5sXALrPTyK5ml4=", - "h1:zEDAm/LWw1yI7InD7lkWXS2catyqvKlQhjxD7jYSMQg=", - "zh:0384250be647ed36b08c043a6dc7f99e75ca54d2b7270961ecaeada3a1eb67b0", - "zh:0d4cc69f3181d5871c3039acac17881d9156ad9803fe46ead51c1abe90dc6b2e", - "zh:29ac5b392eb9a5287aab4d28b6c2b0b6e919b4688768b7456118e9c828d8acdd", - "zh:4490fafa669754d903892efa8034a1f82073ce54e47d6148b7674bb04cd9bf49", - "zh:5c8d36a7da1e2b071f748fe3502b99373900bb8fdb44fe06a7885dc8399f8daf", - "zh:847c1de3f5c579dda4e35f1af9935421ff3324f7140b9223af86dd8085971a40", - "zh:93dfad5c7791e59ba14aa73b50d61dc2f100dde3299f21466e36e3ee87456864", - "zh:9844b672988660770caf249516f293508210d74e192c23104b8b2652df755af9", - "zh:b51abf3834c2272f388fc4581c119ce0405b87762575fac04a1b564656536e06", - "zh:b753fbf840fd443e74f5e51aba415ea43e065c9ce104355be8fac3dc88c61021", + "h1:7JIgzQKRW0AT6UliiYSjYUKxDr03baZpQmt5XVkrujs=", + "zh:08a7dc0b53d2b63baab928e66086bf3e09107516af078ce011d2667456e64834", + "zh:1cf9a1373e516844b43fdcea36e73f5a68f19ad07afcf6093788eb235c710163", + "zh:2d4a7cb26c3f0d036d51db219a09013d3d779e44d584e0fc631df0f2cd5e5550", + "zh:47e1fc68e455f99f1875deaed9aa5434a852e2a70a3cb5a5e9b5a2d8c25d7b74", + "zh:78531a8624ddcd45277e1b465e773ac92001ea0e200e9dc1147ebeb24d56359e", + "zh:a76751723c034d44764df22925178f78d8b4852e3e6ac6c5d86f51666c9e666c", + "zh:a83a59a7e667cfffb0d501a501e9b3d2d4fcc83deb07a318c9690d537cbdc4b6", + "zh:b16473b7e59e01690d8234a0044c304505688f5518b205e9ed06fc63ddc82977", + "zh:b957648ad0383e17149bf3a02def81ebc6bd55ca0cffb6ec1c368a1b4f33c4fd", + "zh:e2f3f4a27b41a20bdbb7a80fbcde1a4c36bbd1c83edb9256bc1724754f8d370f", + "zh:ecfce738f85a81603aa51162d5237d6faaa2ffc0f0e52694f8b420ad761a8957", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7067b1c3015bb0870798ef6c87b7962e7409f480f4a2be77d67977628e9f365", ] } @@ -82,41 +72,41 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" + version = "3.2.3" constraints = ">= 2.1.0" hashes = [ - "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" + version = "3.6.3" constraints = ">= 2.1.0" hashes = [ - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/terraform/gke/unified/main.tf b/terraform/gke/unified/main.tf index fd8bc7bb..85d2b4fb 100644 --- a/terraform/gke/unified/main.tf +++ b/terraform/gke/unified/main.tf @@ -18,7 +18,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 5.43.0" + version = ">= 6.2.0" } kubernetes = { source = "hashicorp/kubernetes" @@ -38,12 +38,18 @@ resource "google_service_account" "autoscaler_sa" { display_name = "Spanner Autoscaler - Metrics Poller/Scaler Service Account" } +resource "google_service_account" "build_sa" { + account_id = "build-sa" + display_name = "Autoscaler - Cloud Build builder Service Account" +} + module "autoscaler-base" { source = "../../modules/autoscaler-base" project_id = var.project_id poller_sa_email = google_service_account.autoscaler_sa.email scaler_sa_email = google_service_account.autoscaler_sa.email + build_sa_email = google_service_account.build_sa.email } module "autoscaler-cluster" { diff --git a/terraform/modules/autoscaler-base/main.tf b/terraform/modules/autoscaler-base/main.tf index 4d3437f0..406c2a0b 100644 --- a/terraform/modules/autoscaler-base/main.tf +++ b/terraform/modules/autoscaler-base/main.tf @@ -62,3 +62,10 @@ resource "google_project_iam_member" "metrics_publisher_iam_scaler" { role = "roles/monitoring.metricWriter" member = "serviceAccount:${var.scaler_sa_email}" } + +resource "google_project_iam_binding" "build_iam" { + for_each = toset(["roles/storage.objectViewer", "roles/logging.logWriter", "roles/artifactregistry.writer"]) + project = var.project_id + role = each.value + members = ["serviceAccount:${var.build_sa_email}"] +} diff --git a/terraform/modules/autoscaler-base/variables.tf b/terraform/modules/autoscaler-base/variables.tf index 2814306a..79b35325 100644 --- a/terraform/modules/autoscaler-base/variables.tf +++ b/terraform/modules/autoscaler-base/variables.tf @@ -25,3 +25,7 @@ variable "poller_sa_email" { variable "scaler_sa_email" { type = string } + +variable "build_sa_email" { + type = string +} diff --git a/terraform/modules/autoscaler-cluster/main.tf b/terraform/modules/autoscaler-cluster/main.tf index 1ffa6707..b454ad87 100644 --- a/terraform/modules/autoscaler-cluster/main.tf +++ b/terraform/modules/autoscaler-cluster/main.tf @@ -77,32 +77,6 @@ resource "google_project_iam_member" "cluster_iam_artifactregistryreader" { member = "serviceAccount:${google_service_account.service_account.email}" } -// Cloud Build SA - TODO move to base module pending Cloud Functions update - -resource "google_service_account" "build_service_account" { - project = var.project_id - account_id = "build-sa" - display_name = "Spanner Autoscaler - Cloud Build SA" -} - -resource "google_project_iam_member" "build_iam_storageviewer" { - project = var.project_id - role = "roles/storage.objectViewer" - member = "serviceAccount:${google_service_account.build_service_account.email}" -} - -resource "google_project_iam_member" "build_iam_logginglogwriter" { - project = var.project_id - role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.build_service_account.email}" -} - -resource "google_project_iam_member" "build_iam_artifactwriter" { - project = var.project_id - role = "roles/artifactregistry.writer" - member = "serviceAccount:${google_service_account.build_service_account.email}" -} - // Other resources resource "google_compute_network" "network" { @@ -159,7 +133,7 @@ resource "kubernetes_namespace" "autoscaler_namespace" { module "workload_identity_poller" { count = var.unified_components ? 0 : 1 source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 31.1.0" + version = ">= 33.0.3" project_id = var.project_id namespace = "spanner-autoscaler" @@ -171,7 +145,7 @@ module "workload_identity_poller" { module "workload_identity_scaler" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 31.1.0" + version = ">= 33.0.3" project_id = var.project_id namespace = "spanner-autoscaler" @@ -184,7 +158,7 @@ module "workload_identity_scaler" { module "workload_identity_otel_collector" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 31.1.0" + version = ">= 33.0.3" project_id = var.project_id namespace = "spanner-autoscaler" @@ -197,7 +171,7 @@ module "workload_identity_otel_collector" { module "cluster" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 31.1.0" + version = ">= 33.0.3" project_id = var.project_id name = var.name diff --git a/terraform/modules/autoscaler-functions/main.tf b/terraform/modules/autoscaler-functions/main.tf index ccb21cf3..36e9037e 100644 --- a/terraform/modules/autoscaler-functions/main.tf +++ b/terraform/modules/autoscaler-functions/main.tf @@ -98,6 +98,7 @@ resource "google_cloudfunctions_function" "poller_function" { source_archive_bucket = google_storage_bucket.bucket_gcf_source.name source_archive_object = google_storage_bucket_object.gcs_functions_source.name service_account_email = var.poller_sa_email + build_service_account = var.build_sa_id lifecycle { ignore_changes = [max_instances] @@ -119,6 +120,7 @@ resource "google_cloudfunctions_function" "scaler_function" { source_archive_bucket = google_storage_bucket.bucket_gcf_source.name source_archive_object = google_storage_bucket_object.gcs_functions_source.name service_account_email = var.scaler_sa_email + build_service_account = var.build_sa_id lifecycle { ignore_changes = [max_instances] diff --git a/terraform/modules/autoscaler-functions/variables.tf b/terraform/modules/autoscaler-functions/variables.tf index 0cdac1af..ee55183f 100644 --- a/terraform/modules/autoscaler-functions/variables.tf +++ b/terraform/modules/autoscaler-functions/variables.tf @@ -45,6 +45,11 @@ variable "scaler_sa_email" { type = string } +variable "build_sa_id" { + type = string + // projects/{{project}}/serviceAccounts/{{email}} +} + variable "forwarder_sa_emails" { type = list(string) // Example ["serviceAccount:forwarder_sa@app-project.iam.gserviceaccount.com"] diff --git a/terraform/modules/forwarder/main.tf b/terraform/modules/forwarder/main.tf index 5ad2298e..fe145aca 100644 --- a/terraform/modules/forwarder/main.tf +++ b/terraform/modules/forwarder/main.tf @@ -17,6 +17,19 @@ // Service Accounts +resource "google_service_account" "build_sa" { + account_id = "build-sa" + display_name = "Autoscaler - Cloud Build Builder Service Account" +} + +resource "google_project_iam_binding" "build_iam" { + for_each = toset(["roles/storage.objectViewer", "roles/logging.logWriter", "roles/artifactregistry.writer"]) + project = var.project_id + role = each.value + members = ["serviceAccount:${google_service_account.build_sa.email}"] +} + + resource "google_service_account" "forwarder_sa" { account_id = "forwarder-sa" display_name = "Autoscaler - PubSub Forwarder Service Account" @@ -83,4 +96,5 @@ resource "google_cloudfunctions_function" "forwarder_function" { source_archive_bucket = google_storage_bucket.bucket_gcf_source.name source_archive_object = google_storage_bucket_object.gcs_functions_forwarder_source.name service_account_email = google_service_account.forwarder_sa.email + build_service_account = google_service_account.build_sa.id }