diff --git a/examples/dns/README.md b/examples/dns/README.md index 7e053bf..27062ee 100644 --- a/examples/dns/README.md +++ b/examples/dns/README.md @@ -51,12 +51,14 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Providers | Name | Version | |------|---------| +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Modules @@ -69,14 +71,17 @@ graph LR; | Name | Type | |------|------| +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.dns_basic](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | | managed\_zone | The name of the zone in which this record set will reside. | `string` | n/a | yes | | managed\_zone\_dns\_name | The DNS name of the managed zone. | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | diff --git a/examples/dns/main.tf b/examples/dns/main.tf index af55cd4..3eada5f 100644 --- a/examples/dns/main.tf +++ b/examples/dns/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -12,10 +44,11 @@ module "dns_basic" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - project = var.project - region = var.region - credentials = var.credentials + project = var.project + region = var.region managed_zone = var.managed_zone managed_zone_dns_name = var.managed_zone_dns_name @@ -24,4 +57,5 @@ module "dns_basic" { resource "humanitec_resource_definition_criteria" "dns_basic" { resource_definition_id = module.dns_basic.id app_id = humanitec_application.example.id + force_delete = true } diff --git a/examples/dns/providers.tf b/examples/dns/providers.tf index 3fd2e34..32c31f2 100644 --- a/examples/dns/providers.tf +++ b/examples/dns/providers.tf @@ -1,5 +1,9 @@ terraform { required_providers { + google = { + source = "hashicorp/google" + version = "~> 5.17" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" @@ -10,3 +14,13 @@ terraform { } provider "humanitec" {} + +provider "google" { + project = var.project + region = var.region + + default_labels = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-gcp" + } +} diff --git a/examples/dns/terraform.tfvars.example b/examples/dns/terraform.tfvars.example index 9970111..8bf96c6 100644 --- a/examples/dns/terraform.tfvars.example +++ b/examples/dns/terraform.tfvars.example @@ -1,7 +1,4 @@ -# GCP credentials -credentials = "" - # The name of the zone in which this record set will reside. managed_zone = "" diff --git a/examples/dns/variables.tf b/examples/dns/variables.tf index b9f96b4..972b806 100644 --- a/examples/dns/variables.tf +++ b/examples/dns/variables.tf @@ -8,11 +8,6 @@ variable "region" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "managed_zone" { description = "The name of the zone in which this record set will reside." type = string diff --git a/examples/gcp-pubsub/README.md b/examples/gcp-pubsub/README.md index a7de63e..b3c3303 100644 --- a/examples/gcp-pubsub/README.md +++ b/examples/gcp-pubsub/README.md @@ -80,12 +80,14 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Providers | Name | Version | |------|---------| +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Modules @@ -106,7 +108,11 @@ graph LR; | Name | Type | |------|------| +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.gcp_service_account_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.gps_basic_subscriber](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.gpt_basic_publisher](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | @@ -121,7 +127,6 @@ graph LR; | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-gcp-pubsub-example"` | no | | prefix | n/a | `string` | `"hum-rp-gcp-pubsub-ex-"` | no | diff --git a/examples/gcp-pubsub/main.tf b/examples/gcp-pubsub/main.tf index 6458a42..38f0868 100644 --- a/examples/gcp-pubsub/main.tf +++ b/examples/gcp-pubsub/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -36,10 +68,11 @@ module "gcp_service_account_workload" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - project = var.project - credentials = var.credentials - prefix = var.prefix + project = var.project + prefix = var.prefix name = "hrp-ps-$${context.res.id}" } diff --git a/examples/gcp-pubsub/providers.tf b/examples/gcp-pubsub/providers.tf index 3fd2e34..60c6f4b 100644 --- a/examples/gcp-pubsub/providers.tf +++ b/examples/gcp-pubsub/providers.tf @@ -1,5 +1,9 @@ terraform { required_providers { + google = { + source = "hashicorp/google" + version = "~> 5.17" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" @@ -10,3 +14,12 @@ terraform { } provider "humanitec" {} + +provider "google" { + project = var.project + + default_labels = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-gcp" + } +} diff --git a/examples/gcp-pubsub/pubsub_subscription.tf b/examples/gcp-pubsub/pubsub_subscription.tf index bd12163..f2b7c9e 100644 --- a/examples/gcp-pubsub/pubsub_subscription.tf +++ b/examples/gcp-pubsub/pubsub_subscription.tf @@ -5,10 +5,11 @@ module "pubsub_subscription_basic" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - project = var.project - credentials = var.credentials - prefix = var.prefix + project = var.project + prefix = var.prefix } resource "humanitec_resource_definition_criteria" "pubsub_subscription_basic" { diff --git a/examples/gcp-pubsub/pubsub_topic.tf b/examples/gcp-pubsub/pubsub_topic.tf index c06d24d..2b64c21 100644 --- a/examples/gcp-pubsub/pubsub_topic.tf +++ b/examples/gcp-pubsub/pubsub_topic.tf @@ -5,10 +5,11 @@ module "pubsub_topic_basic" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - project = var.project - credentials = var.credentials - prefix = var.prefix + project = var.project + prefix = var.prefix } resource "humanitec_resource_definition_criteria" "pubsub_topic_basic" { diff --git a/examples/gcp-pubsub/terraform.tfvars.example b/examples/gcp-pubsub/terraform.tfvars.example index 6220dc3..c02471c 100644 --- a/examples/gcp-pubsub/terraform.tfvars.example +++ b/examples/gcp-pubsub/terraform.tfvars.example @@ -1,7 +1,4 @@ -# GCP credentials -credentials = "" - # Name of the example application name = "hum-rp-gcp-pubsub-example" diff --git a/examples/gcp-pubsub/variables.tf b/examples/gcp-pubsub/variables.tf index bc79492..3e09349 100644 --- a/examples/gcp-pubsub/variables.tf +++ b/examples/gcp-pubsub/variables.tf @@ -3,11 +3,6 @@ variable "project" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "resource_packs_gcp_url" { description = "GCP Resource Pack git url" type = string diff --git a/examples/gcs/README.md b/examples/gcs/README.md index 301e1f3..5a95dc4 100644 --- a/examples/gcs/README.md +++ b/examples/gcs/README.md @@ -53,12 +53,14 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Providers | Name | Version | |------|---------| +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Modules @@ -78,7 +80,11 @@ graph LR; | Name | Type | |------|------| +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.gcp_service_account_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.gcs_basic](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.gcs_basic_admin](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | @@ -92,7 +98,6 @@ graph LR; | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | | location | The location of the bucket | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-gcs-example"` | no | diff --git a/examples/gcs/main.tf b/examples/gcs/main.tf index 69a4929..4d2da2f 100644 --- a/examples/gcs/main.tf +++ b/examples/gcs/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -22,9 +54,10 @@ module "gcs_basic" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id project = var.project - credentials = var.credentials force_destroy = true location = var.location @@ -140,10 +173,11 @@ module "gcp_service_account_workload" { resource_packs_gcp_url = var.resource_packs_gcp_url resource_packs_gcp_rev = var.resource_packs_gcp_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - project = var.project - credentials = var.credentials - prefix = var.prefix + project = var.project + prefix = var.prefix } resource "humanitec_resource_definition_criteria" "gcp_service_account_workload" { diff --git a/examples/gcs/providers.tf b/examples/gcs/providers.tf index 3fd2e34..60c6f4b 100644 --- a/examples/gcs/providers.tf +++ b/examples/gcs/providers.tf @@ -1,5 +1,9 @@ terraform { required_providers { + google = { + source = "hashicorp/google" + version = "~> 5.17" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" @@ -10,3 +14,12 @@ terraform { } provider "humanitec" {} + +provider "google" { + project = var.project + + default_labels = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-gcp" + } +} diff --git a/examples/gcs/terraform.tfvars.example b/examples/gcs/terraform.tfvars.example index 5a097ae..4136bd6 100644 --- a/examples/gcs/terraform.tfvars.example +++ b/examples/gcs/terraform.tfvars.example @@ -1,7 +1,4 @@ -# GCP credentials -credentials = "" - # The location of the bucket location = "" diff --git a/examples/gcs/variables.tf b/examples/gcs/variables.tf index a24d33e..bb45fb0 100644 --- a/examples/gcs/variables.tf +++ b/examples/gcs/variables.tf @@ -3,11 +3,6 @@ variable "project" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "location" { description = "The location of the bucket" type = string diff --git a/examples/mysql/README.md b/examples/mysql/README.md index 54ea989..ce310eb 100644 --- a/examples/mysql/README.md +++ b/examples/mysql/README.md @@ -69,9 +69,13 @@ graph LR; | Name | Type | |------|------| | [google_compute_global_address.private_ip_address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource | +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | | [google_project_service.servicenetworking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [google_service_networking_connection.private_vpc_connection](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [google_compute_network.network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source | @@ -79,7 +83,6 @@ graph LR; | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | | private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | | project | n/a | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | diff --git a/examples/mysql/main.tf b/examples/mysql/main.tf index 2e77c9b..438f047 100644 --- a/examples/mysql/main.tf +++ b/examples/mysql/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -34,9 +66,10 @@ module "mysql" { prefix = var.prefix resource_packs_gcp_rev = var.resource_packs_gcp_rev resource_packs_gcp_url = var.resource_packs_gcp_url + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id project = var.project region = var.region - credentials = var.credentials database_version = "MYSQL_8_0" tier = "db-f1-micro" diff --git a/examples/mysql/providers.tf b/examples/mysql/providers.tf index 220c196..32c31f2 100644 --- a/examples/mysql/providers.tf +++ b/examples/mysql/providers.tf @@ -16,9 +16,8 @@ terraform { provider "humanitec" {} provider "google" { - project = var.project - region = var.region - credentials = var.credentials + project = var.project + region = var.region default_labels = { "managed_by" = "terraform" diff --git a/examples/mysql/terraform.tfvars.example b/examples/mysql/terraform.tfvars.example index 67420e2..a6a909d 100644 --- a/examples/mysql/terraform.tfvars.example +++ b/examples/mysql/terraform.tfvars.example @@ -1,7 +1,4 @@ -# GCP credentials -credentials = "" - # Name of the example application name = "hum-rp-mysql-example" diff --git a/examples/mysql/variables.tf b/examples/mysql/variables.tf index 4415959..08a0e71 100644 --- a/examples/mysql/variables.tf +++ b/examples/mysql/variables.tf @@ -29,11 +29,6 @@ variable "region" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "private_network" { type = string description = "The VPC network from which the Cloud SQL instance is accessible for private IP." diff --git a/examples/postgres/README.md b/examples/postgres/README.md index 21f0e2a..bf07337 100644 --- a/examples/postgres/README.md +++ b/examples/postgres/README.md @@ -69,9 +69,13 @@ graph LR; | Name | Type | |------|------| | [google_compute_global_address.private_ip_address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource | +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | | [google_project_service.servicenetworking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [google_service_networking_connection.private_vpc_connection](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [google_compute_network.network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source | @@ -79,7 +83,6 @@ graph LR; | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | | private\_network | The VPC network from which the Cloud SQL instance is accessible for private IP. | `string` | n/a | yes | | project | n/a | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | diff --git a/examples/postgres/main.tf b/examples/postgres/main.tf index f3da55a..c2a87da 100644 --- a/examples/postgres/main.tf +++ b/examples/postgres/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -20,7 +52,7 @@ resource "google_compute_global_address" "private_ip_address" { network = data.google_compute_network.network.id } -# There is a bug +# There is a bug # walkaround `gcloud services vpc-peerings update --network=htc-ref-arch-vpc --ranges=hum-rp-mysql-ex-private-ip-address --service=servicenetworking.googleapis.com --force` resource "google_service_networking_connection" "private_vpc_connection" { network = data.google_compute_network.network.id @@ -36,9 +68,10 @@ module "postgres" { prefix = var.prefix resource_packs_gcp_rev = var.resource_packs_gcp_rev resource_packs_gcp_url = var.resource_packs_gcp_url + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id project = var.project region = var.region - credentials = var.credentials database_version = "POSTGRES_15" tier = "db-f1-micro" diff --git a/examples/postgres/providers.tf b/examples/postgres/providers.tf index 220c196..32c31f2 100644 --- a/examples/postgres/providers.tf +++ b/examples/postgres/providers.tf @@ -16,9 +16,8 @@ terraform { provider "humanitec" {} provider "google" { - project = var.project - region = var.region - credentials = var.credentials + project = var.project + region = var.region default_labels = { "managed_by" = "terraform" diff --git a/examples/postgres/terraform.tfvars.example b/examples/postgres/terraform.tfvars.example index 31d5bce..26fc1c3 100644 --- a/examples/postgres/terraform.tfvars.example +++ b/examples/postgres/terraform.tfvars.example @@ -1,7 +1,4 @@ -# GCP credentials -credentials = "" - # Name of the example application name = "hum-rp-postgres-example" diff --git a/examples/postgres/variables.tf b/examples/postgres/variables.tf index 3c2d50d..8664513 100644 --- a/examples/postgres/variables.tf +++ b/examples/postgres/variables.tf @@ -29,11 +29,6 @@ variable "region" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "private_network" { type = string description = "The VPC network from which the Cloud SQL instance is accessible for private IP." diff --git a/examples/redis/basic/README.md b/examples/redis/basic/README.md index 7494ab0..603e81a 100644 --- a/examples/redis/basic/README.md +++ b/examples/redis/basic/README.md @@ -49,12 +49,14 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Providers | Name | Version | |------|---------| +| google | ~> 5.17 | | humanitec | ~> 1.0 | ## Modules @@ -67,7 +69,11 @@ graph LR; | Name | Type | |------|------| +| [google_project_iam_member.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_service_account.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.redis](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | ## Inputs @@ -77,7 +83,6 @@ graph LR; | alternative\_location\_id | n/a | `string` | n/a | yes | | auth\_enabled | n/a | `bool` | n/a | yes | | authorized\_network | n/a | `string` | n/a | yes | -| credentials | GCP credentials | `string` | n/a | yes | | humanitec\_org\_id | Humanitec organization where resource definitions will be applied | `string` | n/a | yes | | humanitec\_token | Humanitec API token | `string` | n/a | yes | | location\_id | n/a | `string` | n/a | yes | diff --git a/examples/redis/basic/main.tf b/examples/redis/basic/main.tf index dab65c1..a88b98e 100644 --- a/examples/redis/basic/main.tf +++ b/examples/redis/basic/main.tf @@ -1,3 +1,35 @@ +# GCP service account used by Humanitec to provision resources + +resource "google_service_account" "humanitec_provisioner" { + account_id = var.name + description = "Account used by Humanitec to provision resources" +} + +resource "google_project_iam_member" "humanitec_provisioner" { + project = var.project + role = "roles/owner" + member = "serviceAccount:${google_service_account.humanitec_provisioner.email}" +} + +resource "google_service_account_key" "humanitec_provisioner" { + service_account_id = google_service_account.humanitec_provisioner.name +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "gcp" + + credentials = base64decode(google_service_account_key.humanitec_provisioner.private_key) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + google_project_iam_member.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -9,9 +41,10 @@ module "redis" { prefix = var.prefix resource_packs_gcp_rev = var.resource_packs_gcp_rev resource_packs_gcp_url = var.resource_packs_gcp_url + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id project = var.project region = var.region - credentials = var.credentials memory_size_gb = var.memory_size_gb location_id = var.location_id alternative_location_id = var.alternative_location_id @@ -22,4 +55,5 @@ module "redis" { resource "humanitec_resource_definition_criteria" "redis" { resource_definition_id = module.redis.id app_id = humanitec_application.example.id + force_delete = true } diff --git a/examples/redis/basic/providers.tf b/examples/redis/basic/providers.tf index 5168a60..f569f5a 100644 --- a/examples/redis/basic/providers.tf +++ b/examples/redis/basic/providers.tf @@ -1,5 +1,9 @@ terraform { required_providers { + google = { + source = "hashicorp/google" + version = "~> 5.17" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" @@ -14,3 +18,13 @@ provider "humanitec" { org_id = var.humanitec_org_id token = var.humanitec_token } + +provider "google" { + project = var.project + region = var.region + + default_labels = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-gcp" + } +} diff --git a/examples/redis/basic/terraform.tfvars.example b/examples/redis/basic/terraform.tfvars.example index 6e7acc9..883a06f 100644 --- a/examples/redis/basic/terraform.tfvars.example +++ b/examples/redis/basic/terraform.tfvars.example @@ -2,9 +2,6 @@ alternative_location_id = "" auth_enabled = "" authorized_network = "" -# GCP credentials -credentials = "" - # Humanitec API host url humanitec_host = "https://api.humanitec.io" diff --git a/examples/redis/basic/variables.tf b/examples/redis/basic/variables.tf index ba31f86..e51069e 100644 --- a/examples/redis/basic/variables.tf +++ b/examples/redis/basic/variables.tf @@ -45,11 +45,6 @@ variable "region" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "memory_size_gb" { type = number } diff --git a/humanitec-resource-defs/dns/basic/README.md b/humanitec-resource-defs/dns/basic/README.md index 9ce420a..29e376d 100644 --- a/humanitec-resource-defs/dns/basic/README.md +++ b/humanitec-resource-defs/dns/basic/README.md @@ -22,12 +22,13 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | managed\_zone | The name of the zone in which this record set will reside. | `string` | n/a | yes | | managed\_zone\_dns\_name | The DNS name of the managed zone. | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | project | n/a | `string` | n/a | yes | | region | GCP region | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | resource\_packs\_gcp\_rev | n/a | `string` | `"ref/heads/main"` | no | | resource\_packs\_gcp\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | diff --git a/humanitec-resource-defs/dns/basic/main.tf b/humanitec-resource-defs/dns/basic/main.tf index 6f02f3c..ea90428 100644 --- a/humanitec-resource-defs/dns/basic/main.tf +++ b/humanitec-resource-defs/dns/basic/main.tf @@ -4,13 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}clouddns-basic" type = "dns" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - credentials = var.credentials - } - }) - values_string = jsonencode({ source = { path = "modules/dns/basic" @@ -18,6 +13,14 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_gcp_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + variables = { project = var.project region = var.region diff --git a/humanitec-resource-defs/dns/basic/terraform.tfvars.example b/humanitec-resource-defs/dns/basic/terraform.tfvars.example index be4d288..e7dd540 100644 --- a/humanitec-resource-defs/dns/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/dns/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# GCP credentials -credentials = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # The name of the zone in which this record set will reside. managed_zone = "" diff --git a/humanitec-resource-defs/dns/basic/variables.tf b/humanitec-resource-defs/dns/basic/variables.tf index 73575ae..a363625 100644 --- a/humanitec-resource-defs/dns/basic/variables.tf +++ b/humanitec-resource-defs/dns/basic/variables.tf @@ -12,6 +12,17 @@ variable "resource_packs_gcp_url" { default = "https://github.com/humanitec-architecture/resource-packs-gcp.git" } +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string +} + variable "project" { type = string } @@ -21,11 +32,6 @@ variable "region" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "managed_zone" { description = "The name of the zone in which this record set will reside." type = string diff --git a/humanitec-resource-defs/gcp-pubsub-subscription/basic/README.md b/humanitec-resource-defs/gcp-pubsub-subscription/basic/README.md index 45ce4f8..301b1cb 100644 --- a/humanitec-resource-defs/gcp-pubsub-subscription/basic/README.md +++ b/humanitec-resource-defs/gcp-pubsub-subscription/basic/README.md @@ -22,9 +22,10 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Name prefix | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | GCP Resource Pack git ref | `string` | `"refs/heads/main"` | no | | resource\_packs\_gcp\_url | GCP Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | diff --git a/humanitec-resource-defs/gcp-pubsub-subscription/basic/main.tf b/humanitec-resource-defs/gcp-pubsub-subscription/basic/main.tf index 4f187dd..3048f8e 100644 --- a/humanitec-resource-defs/gcp-pubsub-subscription/basic/main.tf +++ b/humanitec-resource-defs/gcp-pubsub-subscription/basic/main.tf @@ -4,13 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}gcp-pubsub-subscription-basic" type = "gcp-pubsub-subscription" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - credentials = var.credentials - } - }) - values_string = jsonencode({ source = { path = "modules/gcp-pubsub-subscription/basic" @@ -18,6 +13,14 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_gcp_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + variables = { prefix = var.prefix name = var.name diff --git a/humanitec-resource-defs/gcp-pubsub-subscription/basic/terraform.tfvars.example b/humanitec-resource-defs/gcp-pubsub-subscription/basic/terraform.tfvars.example index 51781df..7aed1b8 100644 --- a/humanitec-resource-defs/gcp-pubsub-subscription/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/gcp-pubsub-subscription/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# GCP credentials -credentials = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" diff --git a/humanitec-resource-defs/gcp-pubsub-subscription/basic/variables.tf b/humanitec-resource-defs/gcp-pubsub-subscription/basic/variables.tf index b574c85..e561ad8 100644 --- a/humanitec-resource-defs/gcp-pubsub-subscription/basic/variables.tf +++ b/humanitec-resource-defs/gcp-pubsub-subscription/basic/variables.tf @@ -10,13 +10,19 @@ variable "resource_packs_gcp_rev" { default = "refs/heads/main" } -variable "project" { - description = "GCP project ID" +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." type = string } -variable "credentials" { - description = "GCP credentials" +variable "project" { + description = "GCP project ID" type = string } diff --git a/humanitec-resource-defs/gcp-pubsub-topic/basic/README.md b/humanitec-resource-defs/gcp-pubsub-topic/basic/README.md index 45ce4f8..301b1cb 100644 --- a/humanitec-resource-defs/gcp-pubsub-topic/basic/README.md +++ b/humanitec-resource-defs/gcp-pubsub-topic/basic/README.md @@ -22,9 +22,10 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Name prefix | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | GCP Resource Pack git ref | `string` | `"refs/heads/main"` | no | | resource\_packs\_gcp\_url | GCP Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | diff --git a/humanitec-resource-defs/gcp-pubsub-topic/basic/main.tf b/humanitec-resource-defs/gcp-pubsub-topic/basic/main.tf index 76358b1..188adcd 100644 --- a/humanitec-resource-defs/gcp-pubsub-topic/basic/main.tf +++ b/humanitec-resource-defs/gcp-pubsub-topic/basic/main.tf @@ -4,13 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}gcp-pubsub-topic-basic" type = "gcp-pubsub-topic" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - credentials = var.credentials - } - }) - values_string = jsonencode({ source = { path = "modules/gcp-pubsub-topic/basic" @@ -18,6 +13,14 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_gcp_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + variables = { prefix = var.prefix name = var.name diff --git a/humanitec-resource-defs/gcp-pubsub-topic/basic/terraform.tfvars.example b/humanitec-resource-defs/gcp-pubsub-topic/basic/terraform.tfvars.example index 51781df..7aed1b8 100644 --- a/humanitec-resource-defs/gcp-pubsub-topic/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/gcp-pubsub-topic/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# GCP credentials -credentials = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" diff --git a/humanitec-resource-defs/gcp-pubsub-topic/basic/variables.tf b/humanitec-resource-defs/gcp-pubsub-topic/basic/variables.tf index b574c85..e561ad8 100644 --- a/humanitec-resource-defs/gcp-pubsub-topic/basic/variables.tf +++ b/humanitec-resource-defs/gcp-pubsub-topic/basic/variables.tf @@ -10,13 +10,19 @@ variable "resource_packs_gcp_rev" { default = "refs/heads/main" } -variable "project" { - description = "GCP project ID" +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." type = string } -variable "credentials" { - description = "GCP credentials" +variable "project" { + description = "GCP project ID" type = string } diff --git a/humanitec-resource-defs/gcp-service-account/workload/README.md b/humanitec-resource-defs/gcp-service-account/workload/README.md index bea8ec8..4cefcc4 100644 --- a/humanitec-resource-defs/gcp-service-account/workload/README.md +++ b/humanitec-resource-defs/gcp-service-account/workload/README.md @@ -22,9 +22,10 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | GCP Resource Pack git ref | `string` | `"refs/heads/main"` | no | | resource\_packs\_gcp\_url | GCP Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-gcp.git"` | no | diff --git a/humanitec-resource-defs/gcp-service-account/workload/main.tf b/humanitec-resource-defs/gcp-service-account/workload/main.tf index dde0f44..008a639 100644 --- a/humanitec-resource-defs/gcp-service-account/workload/main.tf +++ b/humanitec-resource-defs/gcp-service-account/workload/main.tf @@ -4,13 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}gcp-service-account-workload" type = "gcp-service-account" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - credentials = var.credentials - } - }) - values_string = jsonencode({ source = { path = "modules/gcp-service-account/workload" @@ -18,6 +13,14 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_gcp_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + variables = { project = var.project roles = var.roles diff --git a/humanitec-resource-defs/gcp-service-account/workload/terraform.tfvars.example b/humanitec-resource-defs/gcp-service-account/workload/terraform.tfvars.example index 80f8555..ec998da 100644 --- a/humanitec-resource-defs/gcp-service-account/workload/terraform.tfvars.example +++ b/humanitec-resource-defs/gcp-service-account/workload/terraform.tfvars.example @@ -1,6 +1,9 @@ -# GCP credentials -credentials = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" diff --git a/humanitec-resource-defs/gcp-service-account/workload/variables.tf b/humanitec-resource-defs/gcp-service-account/workload/variables.tf index 8b97950..e2e3b6b 100644 --- a/humanitec-resource-defs/gcp-service-account/workload/variables.tf +++ b/humanitec-resource-defs/gcp-service-account/workload/variables.tf @@ -13,11 +13,6 @@ variable "project" { type = string } -variable "credentials" { - description = "GCP credentials" - type = string -} - variable "roles" { description = "List of roles to assign to the service account" type = set(string) @@ -35,3 +30,14 @@ variable "resource_packs_gcp_rev" { type = string default = "refs/heads/main" } + +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string +} diff --git a/humanitec-resource-defs/gcs/basic/README.md b/humanitec-resource-defs/gcs/basic/README.md index db9d804..e914f8d 100644 --- a/humanitec-resource-defs/gcs/basic/README.md +++ b/humanitec-resource-defs/gcs/basic/README.md @@ -22,10 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| credentials | GCP credentials | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | location | The location of the bucket | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | project | GCP project ID | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | force\_destroy | Whether to force destroy the bucket when deleting | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_gcp\_rev | GCP Resource Pack git ref | `string` | `"refs/heads/main"` | no | diff --git a/humanitec-resource-defs/gcs/basic/main.tf b/humanitec-resource-defs/gcs/basic/main.tf index c88d453..f53c922 100644 --- a/humanitec-resource-defs/gcs/basic/main.tf +++ b/humanitec-resource-defs/gcs/basic/main.tf @@ -4,13 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}gcs-basic" type = "gcs" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - credentials = var.credentials - } - }) - values_string = jsonencode({ source = { path = "modules/gcs/basic" @@ -18,6 +13,14 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_gcp_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + GOOGLE_CREDENTIALS = "*" + } + } + variables = { prefix = var.prefix name = var.name diff --git a/humanitec-resource-defs/gcs/basic/terraform.tfvars.example b/humanitec-resource-defs/gcs/basic/terraform.tfvars.example index dfc8f3c..6141063 100644 --- a/humanitec-resource-defs/gcs/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/gcs/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# GCP credentials -credentials = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Whether to force destroy the bucket when deleting force_destroy = false diff --git a/humanitec-resource-defs/gcs/basic/variables.tf b/humanitec-resource-defs/gcs/basic/variables.tf index 8f9fd01..e37dadf 100644 --- a/humanitec-resource-defs/gcs/basic/variables.tf +++ b/humanitec-resource-defs/gcs/basic/variables.tf @@ -10,13 +10,19 @@ variable "resource_packs_gcp_rev" { default = "refs/heads/main" } -variable "project" { - description = "GCP project ID" +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false +} + +variable "driver_account" { + description = "The ID of the Resource Account which should be used." type = string } -variable "credentials" { - description = "GCP credentials" +variable "project" { + description = "GCP project ID" type = string } diff --git a/humanitec-resource-defs/k8s/service-account/main.tf b/humanitec-resource-defs/k8s/service-account/main.tf index 0c4e169..1efe8f8 100644 --- a/humanitec-resource-defs/k8s/service-account/main.tf +++ b/humanitec-resource-defs/k8s/service-account/main.tf @@ -5,15 +5,8 @@ resource "humanitec_resource_definition" "main" { driver_type = "humanitec/template" driver_inputs = { - secrets_string = jsonencode({ - templates = { - # outputs = "" - } - }) - values_string = jsonencode({ templates = { - # cookie = "" init = "" manifests = <