-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
126 lines (113 loc) · 3.92 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
enable_eventarc = var.workflow_trigger.event_arc == null ? 0 : 1
enable_scheduler = var.workflow_trigger.cloud_scheduler == null ? 0 : 1
service_account_email = (
var.service_account_create
? (
length(module.service_account) > 0
? module.service_account[0].email
: null
)
: var.service_account_email
)
cloud_scheduler_args = (
try(var.workflow_trigger.cloud_scheduler.argument, null) == null ?
jsonencode({}) :
var.workflow_trigger.cloud_scheduler.argument
)
pubsub = try(var.workflow_trigger.event_arc.pubsub_topic_id, null) == null ? [] : [{ "pubsub_topic_id" = var.workflow_trigger.event_arc.pubsub_topic_id }]
}
resource "google_eventarc_trigger" "workflow" {
count = local.enable_eventarc
project = var.project_id
name = var.workflow_trigger.event_arc.name
location = var.region
service_account = var.workflow_trigger.event_arc.service_account_email
dynamic "matching_criteria" {
for_each = var.workflow_trigger.event_arc.matching_criteria
content {
attribute = matching_criteria.value["attribute"]
value = matching_criteria.value["value"]
operator = matching_criteria.value["operator"]
}
}
dynamic "transport" {
for_each = local.pubsub
content {
dynamic "pubsub" {
for_each = local.pubsub
content {
topic = pubsub.value["pubsub_topic_id"]
}
}
}
}
destination {
workflow = google_workflows_workflow.workflow.id
}
}
resource "google_cloud_scheduler_job" "workflow" {
count = local.enable_scheduler
project = var.project_id
name = var.workflow_trigger.cloud_scheduler.name
description = "Cloud Scheduler for Workflow Job"
schedule = var.workflow_trigger.cloud_scheduler.cron
time_zone = var.workflow_trigger.cloud_scheduler.time_zone
attempt_deadline = var.workflow_trigger.cloud_scheduler.deadline
region = var.region
http_target {
http_method = "POST"
uri = "https://workflowexecutions.googleapis.com/v1/${google_workflows_workflow.workflow.id}/executions"
body = base64encode(
jsonencode({
"argument" : local.cloud_scheduler_args,
"callLogLevel" : "CALL_LOG_LEVEL_UNSPECIFIED"
}
))
oauth_token {
service_account_email = var.workflow_trigger.cloud_scheduler.service_account_email
scope = "https://www.googleapis.com/auth/cloud-platform"
}
}
}
resource "random_string" "string" {
count = var.service_account_create ? 1 : 0
length = 6
lower = true
upper = false
special = false
numeric = false
}
module "service_account" {
count = var.service_account_create ? 1 : 0
source = "terraform-google-modules/service-accounts/google"
version = "~> 4.4.0"
project_id = var.project_id
prefix = "wf-${random_string.string[0].result}"
names = ["simple"]
project_roles = ["${var.project_id}=>roles/workflows.invoker"]
}
resource "google_workflows_workflow" "workflow" {
name = var.workflow_name
region = var.region
description = var.workflow_description
service_account = local.service_account_email
project = var.project_id
labels = var.workflow_labels
source_contents = var.workflow_source
}