-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci(auth): bootstrap terraform resources (#813)
- Loading branch information
Showing
4 changed files
with
167 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| # Terraform for Auth Integration Tests | ||
|
|
||
| This document assumes you are familiar with the | ||
| [Terraform set up for `rust-sdk-testing`](/.gcb/bootstrap/README.md). | ||
|
|
||
| The terraform configuration for auth is separate because: | ||
|
|
||
| - the resources belong to a different project (`rust-auth-testing` vs. `rust-sdk-testing`) | ||
| - accessing the different projects requires different permissions | ||
|
|
||
| ## Usage | ||
|
|
||
| Change your working directory, for example: | ||
|
|
||
| ```shell | ||
| cd $HOME/google-cloud-rust/src/auth/.gcb/bootstrap | ||
| ``` | ||
|
|
||
| Initialize terraform: | ||
|
|
||
| ```shell | ||
| terraform init | ||
| ``` | ||
|
|
||
| Restore the current state. This may result in no action if you happen to have | ||
| an up-to-date state in your local files. | ||
|
|
||
| ```shell | ||
| terraform plan -out /tmp/bootstrap.tplan | ||
| ``` | ||
|
|
||
| Execute the plan: | ||
|
|
||
| ```shell | ||
| terraform apply /tmp/bootstrap.tplan | ||
| ``` | ||
|
|
||
| Make any changes to the configuration and commit them to git: | ||
|
|
||
| ```shell | ||
| git commit -m"Cool changes" . | ||
| ``` | ||
|
|
||
| Prepare and execute a plan to update the bucket: | ||
|
|
||
| ```shell | ||
| terraform plan -out /tmp/update.tplan | ||
| terraform apply /tmp/update.tplan | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| # Copyright 2025 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| terraform { | ||
| required_providers { | ||
| google = { | ||
| source = "hashicorp/google" | ||
| version = "~> 5.44.0" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| provider "google" { | ||
| project = var.project | ||
| region = var.region | ||
| zone = var.zone | ||
| } | ||
|
|
||
| # Re-import the state of the bucket from GCP. Normally one would store | ||
| # terraform's state in a global backend, such as Google Cloud Storage. But this | ||
| # is the terraform configuration to bootstrap such a backend. While re-importing | ||
| # the state of each resource would not scale as the number of resources grows, | ||
| # re-importing a single bootstrap resource seems manageable. | ||
| import { | ||
| to = google_storage_bucket.terraform | ||
| id = "${var.project}-terraform" | ||
| } | ||
|
|
||
| # Create a bucket to store the Terraform data. | ||
| resource "google_storage_bucket" "terraform" { | ||
| name = "${var.project}-terraform" | ||
| force_destroy = false | ||
| # This prevents Terraform from deleting the bucket. Any plan to do so is | ||
| # rejected. If we really need to delete the bucket we must take additional | ||
| # steps. | ||
| lifecycle { | ||
| prevent_destroy = true | ||
| } | ||
|
|
||
| # The bucket configuration. | ||
| location = "US" | ||
| storage_class = "STANDARD" | ||
| uniform_bucket_level_access = true | ||
| # Keep multiple versions of each object so we can recover if needed. | ||
| versioning { | ||
| enabled = true | ||
| } | ||
| # Tidy up archived objects after a year. They are small, so there is no need | ||
| # to rush. | ||
| lifecycle_rule { | ||
| condition { | ||
| days_since_noncurrent_time = 365 | ||
| with_state = "ARCHIVED" | ||
| } | ||
| action { | ||
| type = "Delete" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Copyright 2025 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| variable "project" { | ||
| default = "rust-auth-testing" | ||
| } | ||
|
|
||
| variable "region" { | ||
| default = "us-central1" | ||
| } | ||
|
|
||
| variable "zone" { | ||
| default = "us-central1-f" | ||
| } |