feat!: changes harness module to be re-used by cloud function (Google…

…CloudPlatform#113)

Co-authored-by: Prabhu <18209477+prabhu34@users.noreply.github.com>

examples/secure_cloud_run_standalone/main.tf

@@ -27,7 +27,7 @@ resource "random_id" "random_folder_suffix" {
 }
 
 module "secure_harness" {
-  source                                      = "../../modules/secure-cloud-run-harness"
+  source                                      = "../../modules/secure-cloud-serverless-harness"
   billing_account                             = var.billing_account
   security_project_name                       = "prj-kms-secure-cloud-run"
   serverless_project_name                     = "prj-secure-cloud-run"
@@ -48,6 +48,7 @@ module "secure_harness" {
   artifact_registry_repository_name           = local.repository_name
   egress_policies                             = var.egress_policies
   ingress_policies                            = var.ingress_policies
+  serverless_type                             = "CLOUD_RUN"
 }
 
 resource "null_resource" "copy_image" {

modules/secure-cloud-run-harness/README.md → modules/secure-cloud-serverless-harness/README.md

@@ -79,6 +79,7 @@ module "secure_cloud_run_harness" {
 | security\_project\_name | The name to give the security project. | `string` | n/a | yes |
 | serverless\_folder\_suffix | The suffix to be concat in the Serverless folder name fldr-serverless-<SUFFIX>. | `string` | `""` | no |
 | serverless\_project\_name | The name to give the Cloud Run project. | `string` | n/a | yes |
+| serverless\_type | The type of resource to be used. It supports only CLOUD\_RUN or CLOUD\_FUNCTION | `string` | n/a | yes |
 | service\_account\_project\_roles | Common roles to apply to the Cloud Run service account in the serverless project. | `list(string)` | `[]` | no |
 | subnet\_ip | The CDIR IP range of the subnetwork. | `string` | n/a | yes |
 | vpc\_name | The name of the network. | `string` | n/a | yes |

modules/secure-cloud-run-harness/main.tf → modules/secure-cloud-serverless-harness/main.tf

@@ -15,12 +15,13 @@
  */
 
 locals {
+  api = var.serverless_type == "CLOUD_RUN" ? "run" : "cloudfunctions"
   serverless_apis = [
     "vpcaccess.googleapis.com",
     "compute.googleapis.com",
     "container.googleapis.com",
     "artifactregistry.googleapis.com",
-    "run.googleapis.com",
+    "${local.api}.googleapis.com",
     "cloudkms.googleapis.com",
     "dns.googleapis.com"
   ]
@@ -66,7 +67,7 @@ module "service_accounts" {
   version    = "~> 3.0"
   project_id = module.serverless_project.project_id
   prefix     = "sa"
-  names      = ["cloud-run"]
+  names      = ["serverless-${local.api}"]
 
   depends_on = [
     time_sleep.wait_90_seconds
@@ -88,7 +89,7 @@ resource "google_project_service_identity" "serverless_sa" {
   provider = google-beta
 
   project = module.serverless_project.project_id
-  service = "run.googleapis.com"
+  service = "${local.api}.googleapis.com"
 
   depends_on = [
     time_sleep.wait_90_seconds

modules/secure-cloud-run-harness/network.tf → modules/secure-cloud-serverless-harness/network.tf

@@ -20,7 +20,7 @@ locals {
 
 module "network" {
   source                                 = "terraform-google-modules/network/google"
-  version                                = "~> 5.2"
+  version                                = "~> 6.0"
   project_id                             = module.serverless_project.project_id
   network_name                           = local.network_name
   shared_vpc_host                        = "false"

modules/secure-cloud-run-harness/private_service_connect.tf → modules/secure-cloud-serverless-harness/private_service_connect.tf

@@ -16,7 +16,7 @@
 
 module "private_service_connect" {
   source                     = "terraform-google-modules/network/google//modules/private-service-connect"
-  version                    = "~> 5.2"
+  version                    = "~> 6.0"
   project_id                 = module.serverless_project.project_id
   network_self_link          = module.network.network_self_link
   private_service_connect_ip = var.private_service_connect_ip

modules/secure-cloud-run-harness/variables.tf → modules/secure-cloud-serverless-harness/variables.tf

@@ -19,6 +19,11 @@ variable "billing_account" {
   type        = string
 }
 
+variable "serverless_type" {
+  description = "The type of resource to be used. It supports only CLOUD_RUN or CLOUD_FUNCTION"
+  type        = string
+}
+
 variable "security_project_name" {
   description = "The name to give the security project."
   type        = string