Merge pull request #5 from broadinstitute/gm-framework-refactor

split framework module
broadinstitute · Apr 1, 2020 · d1d94a0 · d1d94a0
2 parents 2bb900a + d043b7b
commit d1d94a0
Show file tree

Hide file tree

Showing 30 changed files with 523 additions and 283 deletions.
diff --git a/framework/cloudsql.tf b/framework/cloudsql.tf
diff --git a/framework/k8s.tf b/framework/k8s.tf
@@ -1,38 +1 @@
 
-module "k8s-master" {
-  # terraform-shared repo
-  source     = "github.com/broadinstitute/terraform-shared.git//terraform-modules/k8s-master?ref=k8s-master-0.2.2-tf-0.12"
-  dependencies = [
-    module.enable-services,
-    google_compute_network.k8s-cluster-network
-  ]
-
-  name = local.cluster_name
-  location = var.cluster_location
-  version_prefix = var.k8s_version_prefix
-
-  network = local.cluster_network
-  subnetwork = local.cluster_network
-  private_ipv4_cidr_block = var.private_master_ipv4_cidr_block
-
-  istio_enable = true
-}
-
-module "k8s-node-pool" {
-  # terraform-shared repo
-  source     = "github.com/broadinstitute/terraform-shared.git//terraform-modules/k8s-node-pool?ref=k8s-node-pool-0.1.1-tf-0.12"
-  dependencies = [
-    module.k8s-master
-  ]
-
-  name = var.node_pools[0].name
-  master_name = module.k8s-master.name
-  location = var.cluster_location
-
-  node_count = var.node_pools[0].node_count
-  machine_type = var.node_pools[0].machine_type
-  disk_size_gb = var.node_pools[0].disk_size_gb
-
-  labels = var.node_pools[0].labels
-  tags = [ "k8s-${module.k8s-master.name}-node-${var.node_pools[0].name}" ]
-}
diff --git a/framework/network.tf b/framework/network.tf
diff --git a/framework/outputs.tf b/framework/outputs.tf
diff --git a/framework/sa.tf b/framework/sa.tf
diff --git a/framework/variables.tf b/framework/variables.tf
diff --git a/identity-concentrator/cloudsql.tf b/identity-concentrator/cloudsql.tf
@@ -0,0 +1,21 @@
+module "cloudsql" {
+  source = "github.com/broadinstitute/terraform-shared.git//terraform-modules/cloudsql-postgres?ref=cloudsql-postgres-1.0.0-tf-0.12"
+
+  providers = {
+    google.target = google.target
+  }
+  project       = var.google_project
+  cloudsql_name = "${local.service}-db-${local.owner}"
+  cloudsql_instance_labels = {
+    "env" = local.owner
+    "app" = local.service
+  }
+  cloudsql_tier = var.db_tier
+
+  app_dbs = {
+    "${local.service}" = {
+      db       = local.db_name
+      username = local.db_user
+    }
+  }
+}
diff --git a/identity-concentrator/outputs.tf b/identity-concentrator/outputs.tf
@@ -0,0 +1,31 @@
+#
+# Service Account Outputs
+#
+
+output "app_sa_id" {
+  value = google_service_account.app.account_id
+}
+
+
+#
+# CloudSQL PostgreSQL Outputs
+#
+
+output "cloudsql_public_ip" {
+  value = module.cloudsql.public_ip
+}
+
+output "cloudsql_instance_name" {
+  value = module.cloudsql.instance_name
+}
+
+output "cloudsql_root_user_password" {
+  value     = module.cloudsql.root_user_password
+  sensitive = true
+}
+
+output "cloudsql_app_db_creds" {
+  # Avoiding error on destroy with below condition
+  value     = length(module.cloudsql.app_db_creds) == 0 ? {} : module.cloudsql.app_db_creds[local.service]
+  sensitive = true
+}
diff --git a/framework/provider.tf → identity-concentrator/provider.tf b/framework/provider.tf → identity-concentrator/provider.tf
diff --git a/identity-concentrator/sa.tf b/identity-concentrator/sa.tf
@@ -0,0 +1,12 @@
+resource "google_service_account" "app" {
+  project      = var.google_project
+  account_id   = "${local.service}-${local.owner}"
+  display_name = "${local.service}-${local.owner}"
+}
+resource "google_project_iam_member" "app_roles" {
+  count = length(local.sa_roles)
+
+  project = var.google_project
+  role    = local.sa_roles[count.index]
+  member  = "serviceAccount:${google_service_account.app.email}"
+}