chore: Add service account creation in each example (GoogleCloudPlatf…

…orm#38) * Adds service account creation in each example * Updates README
datadrivers · Jun 13, 2022 · 9591595 · 9591595
1 parent 49c7bc1
commit 9591595
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 22 deletions.
diff --git a/examples/cloud_run_vpc_connector/README.md b/examples/cloud_run_vpc_connector/README.md
@@ -4,11 +4,12 @@ This example showcases the basic deployment of containerized applications on Clo
 
 The resources/services/activations/deletions that this example will create/trigger are:
 
-* Creates a Cloud Run service with provided name and container with Serverless VPC Connector
+* Creates a Cloud Run service with provided name and container with Serverless VPC Connector.
+* Creates a Service Account to be used by Cloud Run Service.
 
 ## Assumptions and Prerequisites
 
-This example assumes that below mentioend prerequisites are in place before consuming the example.
+This example assumes that below mentioned prerequisites are in place before consuming the example.
 
 * All required APIs are enabled in the GCP Project
 * VPC Connector
@@ -41,16 +42,17 @@ This example assumes that below mentioend prerequisites are in place before cons
 These sections describe requirements for using this example.
 
 ### Software
-- [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+
-- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> v3.53+
-- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~>
+
+* [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+
+* [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> v3.53+
+* [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~>
   v3.53+
 
 ### Service Account
 
 A service account can be used with required roles to execute this example:
 
-- Cloud Run Admin: `roles/run.admin`
+* Cloud Run Admin: `roles/run.admin`
 
 Know more about [Cloud Run Deployment Permissions](https://cloud.google.com/run/docs/reference/iam/roles#additional-configuration).
 
@@ -61,5 +63,5 @@ The [Project Factory module](https://registry.terraform.io/modules/terraform-goo
 
 A project with the following APIs enabled must be used to host the main resource of this example:
 
-- Google Cloud Run: `run.googleapis.com`
-- Serverless VPC Access:`vpcaccess.googleapis.com`
+* Google Cloud Run: `run.googleapis.com`
+* Serverless VPC Access:`vpcaccess.googleapis.com`
diff --git a/examples/cloud_run_vpc_connector/main.tf b/examples/cloud_run_vpc_connector/main.tf
@@ -14,13 +14,22 @@
  * limitations under the License.
  */
 
+module "service_account" {
+  source     = "terraform-google-modules/service-accounts/google"
+  version    = "~> 4.1.1"
+  project_id = var.project_id
+  prefix     = "sa-cloud-run"
+  names      = ["vpc-connector"]
+}
+
 module "cloud_run" {
   source = "../../"
 
-  service_name = "ci-cloud-run-sc"
-  project_id   = var.project_id
-  location     = "us-central1"
-  image        = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_name          = "ci-cloud-run-sc"
+  project_id            = var.project_id
+  location              = "us-central1"
+  image                 = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_account_email = module.service_account.email
 
   template_annotations = {
     "autoscaling.knative.dev/maxScale"        = 4

diff --git a/examples/simple_cloud_run/README.md b/examples/simple_cloud_run/README.md
@@ -5,6 +5,7 @@ This example showcases the basic deployment of containerized applications on Clo
 The resources/services/activations/deletions that this example will create/trigger are:
 
 * Creates a Cloud Run service with provided name and container
+* Creates a Service Account to be used by Cloud Run Service.
 
 ## Assumptions and Prerequisites
 
@@ -38,7 +39,7 @@ These sections describe requirements for using this example.
 
 ### Software
 
-- [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+
+* [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+
 * [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> v3.53+
 * [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~>
   v3.53+

diff --git a/examples/simple_cloud_run/main.tf b/examples/simple_cloud_run/main.tf
@@ -14,11 +14,20 @@
  * limitations under the License.
  */
 
+module "service_account" {
+  source     = "terraform-google-modules/service-accounts/google"
+  version    = "~> 4.1.1"
+  project_id = var.project_id
+  prefix     = "sa-cloud-run"
+  names      = ["simple"]
+}
+
 module "cloud_run" {
   source = "../../"
 
-  service_name = "ci-cloud-run"
-  project_id   = var.project_id
-  location     = "us-central1"
-  image        = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_name          = "ci-cloud-run"
+  project_id            = var.project_id
+  location              = "us-central1"
+  image                 = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_account_email = module.service_account.email
 }
diff --git a/examples/simple_cloud_run_with_cmek/README.md b/examples/simple_cloud_run_with_cmek/README.md
@@ -5,6 +5,8 @@ This example showcases the basic deployment of containerized applications on Clo
 The resources/services/activations/deletions that this example will create/trigger are:
 
 * Creates a Cloud Run service with provided name and container
+* Creates a Service Account to be used by Cloud Run Service.
+* Creates a Key Ring and a Key to be used by Cloud Run.
 
 ## Assumptions and Prerequisites
 
@@ -41,7 +43,6 @@ These sections describe requirements for using this example.
 ### Software
 
 * [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+
-
 * [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> v4.0+
 * [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~>
   v4.0+

diff --git a/examples/simple_cloud_run_with_cmek/main.tf b/examples/simple_cloud_run_with_cmek/main.tf
@@ -18,6 +18,14 @@ locals {
   key_name = "crypto-key-example"
 }
 
+module "service_account" {
+  source     = "terraform-google-modules/service-accounts/google"
+  version    = "~> 4.1.1"
+  project_id = var.project_id
+  prefix     = "sa-cloud-run"
+  names      = ["cmek"]
+}
+
 module "kms" {
   source  = "terraform-google-modules/kms/google"
   version = "~> 2.1"
@@ -46,10 +54,11 @@ resource "google_project_service_identity" "serverless_sa" {
 module "cloud_run" {
   source = "../../"
 
-  service_name = "ci-cloud-run"
-  project_id   = var.project_id
-  location     = "us-central1"
-  image        = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_name          = "ci-cloud-run"
+  project_id            = var.project_id
+  location              = "us-central1"
+  image                 = "us-docker.pkg.dev/cloudrun/container/hello"
+  service_account_email = module.service_account.email
 
   encryption_key = module.kms.keys[local.key_name]
 }