diff --git a/examples/secure_cloud_run_standalone/main.tf b/examples/secure_cloud_run_standalone/main.tf index a9aa30d3..242e066a 100644 --- a/examples/secure_cloud_run_standalone/main.tf +++ b/examples/secure_cloud_run_standalone/main.tf @@ -27,7 +27,7 @@ resource "random_id" "random_folder_suffix" { } module "secure_harness" { - source = "../../modules/secure-cloud-run-harness" + source = "../../modules/secure-cloud-serverless-harness" billing_account = var.billing_account security_project_name = "prj-kms-secure-cloud-run" serverless_project_name = "prj-secure-cloud-run" @@ -48,6 +48,7 @@ module "secure_harness" { artifact_registry_repository_name = local.repository_name egress_policies = var.egress_policies ingress_policies = var.ingress_policies + serverless_type = "CLOUD_RUN" } resource "null_resource" "copy_image" { diff --git a/modules/secure-cloud-run-harness/README.md b/modules/secure-cloud-serverless-harness/README.md similarity index 98% rename from modules/secure-cloud-run-harness/README.md rename to modules/secure-cloud-serverless-harness/README.md index 37a9bcdb..c58dad57 100644 --- a/modules/secure-cloud-run-harness/README.md +++ b/modules/secure-cloud-serverless-harness/README.md @@ -79,6 +79,7 @@ module "secure_cloud_run_harness" { | security\_project\_name | The name to give the security project. | `string` | n/a | yes | | serverless\_folder\_suffix | The suffix to be concat in the Serverless folder name fldr-serverless-. | `string` | `""` | no | | serverless\_project\_name | The name to give the Cloud Run project. | `string` | n/a | yes | +| serverless\_type | The type of resource to be used. It supports only CLOUD\_RUN or CLOUD\_FUNCTION | `string` | n/a | yes | | service\_account\_project\_roles | Common roles to apply to the Cloud Run service account in the serverless project. | `list(string)` | `[]` | no | | subnet\_ip | The CDIR IP range of the subnetwork. | `string` | n/a | yes | | vpc\_name | The name of the network. | `string` | n/a | yes | diff --git a/modules/secure-cloud-run-harness/main.tf b/modules/secure-cloud-serverless-harness/main.tf similarity index 96% rename from modules/secure-cloud-run-harness/main.tf rename to modules/secure-cloud-serverless-harness/main.tf index 066baa0c..bef51058 100644 --- a/modules/secure-cloud-run-harness/main.tf +++ b/modules/secure-cloud-serverless-harness/main.tf @@ -15,12 +15,13 @@ */ locals { + api = var.serverless_type == "CLOUD_RUN" ? "run" : "cloudfunctions" serverless_apis = [ "vpcaccess.googleapis.com", "compute.googleapis.com", "container.googleapis.com", "artifactregistry.googleapis.com", - "run.googleapis.com", + "${local.api}.googleapis.com", "cloudkms.googleapis.com", "dns.googleapis.com" ] @@ -66,7 +67,7 @@ module "service_accounts" { version = "~> 3.0" project_id = module.serverless_project.project_id prefix = "sa" - names = ["cloud-run"] + names = ["serverless-${local.api}"] depends_on = [ time_sleep.wait_90_seconds @@ -88,7 +89,7 @@ resource "google_project_service_identity" "serverless_sa" { provider = google-beta project = module.serverless_project.project_id - service = "run.googleapis.com" + service = "${local.api}.googleapis.com" depends_on = [ time_sleep.wait_90_seconds diff --git a/modules/secure-cloud-run-harness/network.tf b/modules/secure-cloud-serverless-harness/network.tf similarity index 97% rename from modules/secure-cloud-run-harness/network.tf rename to modules/secure-cloud-serverless-harness/network.tf index 93565e18..506d8414 100644 --- a/modules/secure-cloud-run-harness/network.tf +++ b/modules/secure-cloud-serverless-harness/network.tf @@ -20,7 +20,7 @@ locals { module "network" { source = "terraform-google-modules/network/google" - version = "~> 5.2" + version = "~> 6.0" project_id = module.serverless_project.project_id network_name = local.network_name shared_vpc_host = "false" diff --git a/modules/secure-cloud-run-harness/outputs.tf b/modules/secure-cloud-serverless-harness/outputs.tf similarity index 100% rename from modules/secure-cloud-run-harness/outputs.tf rename to modules/secure-cloud-serverless-harness/outputs.tf diff --git a/modules/secure-cloud-run-harness/private_service_connect.tf b/modules/secure-cloud-serverless-harness/private_service_connect.tf similarity index 96% rename from modules/secure-cloud-run-harness/private_service_connect.tf rename to modules/secure-cloud-serverless-harness/private_service_connect.tf index b147a13d..7a42a8fe 100644 --- a/modules/secure-cloud-run-harness/private_service_connect.tf +++ b/modules/secure-cloud-serverless-harness/private_service_connect.tf @@ -16,7 +16,7 @@ module "private_service_connect" { source = "terraform-google-modules/network/google//modules/private-service-connect" - version = "~> 5.2" + version = "~> 6.0" project_id = module.serverless_project.project_id network_self_link = module.network.network_self_link private_service_connect_ip = var.private_service_connect_ip diff --git a/modules/secure-cloud-run-harness/service_perimeter.tf b/modules/secure-cloud-serverless-harness/service_perimeter.tf similarity index 100% rename from modules/secure-cloud-run-harness/service_perimeter.tf rename to modules/secure-cloud-serverless-harness/service_perimeter.tf diff --git a/modules/secure-cloud-run-harness/variables.tf b/modules/secure-cloud-serverless-harness/variables.tf similarity index 97% rename from modules/secure-cloud-run-harness/variables.tf rename to modules/secure-cloud-serverless-harness/variables.tf index 6007edfd..fcf993f8 100644 --- a/modules/secure-cloud-run-harness/variables.tf +++ b/modules/secure-cloud-serverless-harness/variables.tf @@ -19,6 +19,11 @@ variable "billing_account" { type = string } +variable "serverless_type" { + description = "The type of resource to be used. It supports only CLOUD_RUN or CLOUD_FUNCTION" + type = string +} + variable "security_project_name" { description = "The name to give the security project." type = string diff --git a/modules/secure-cloud-run-harness/versions.tf b/modules/secure-cloud-serverless-harness/versions.tf similarity index 100% rename from modules/secure-cloud-run-harness/versions.tf rename to modules/secure-cloud-serverless-harness/versions.tf