MINOR: pull request #3 from Datatamer/glb

fix bug for glb

Author: laferrieren

CHANGELOG.md

@@ -1,2 +1,9 @@
-# Tamr Terraform Template Repo - v0.1.0 - Feb 25th 2020
+# Tamr GCP Wrapper - v0.2.1 - August 3rd 2020
+* Remove direct invocation of GLB module
+* update docs with more examples
+
+# Tamr GCP Wrapper - v0.2.0 - July 31st 2020
+* Adding integrations for GLB
+
+# Tamr GCP Wrapper - v0.1.0 - July 28th 2020
 * Initing project

README.md

@@ -42,9 +42,7 @@ This modules creates:
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| google | >= 3.29.0 |
+No provider.
 
 ## Inputs
 
@@ -58,12 +56,9 @@ This modules creates:
 | tamr\_bigtable\_min\_nodes | Min number of nodes to scale down to | `string` | n/a | yes |
 | tamr\_instance\_image | Image to use for Tamr VM boot disk | `string` | n/a | yes |
 | tamr\_zip\_uri | gcs location to download tamr zip from | `string` | n/a | yes |
-| tls\_certificate | CRT for tls certifacate to attach to load balancer | `string` | n/a | yes |
-| tls\_private\_key | Private key for tls certifacate to attach to load balancer | `string` | n/a | yes |
 | zone | GCP zone to deploy resources into | `string` | n/a | yes |
 | additional\_admin\_users | list of additional entities to give admin permissions to provisioned resources | `list(string)` | `[]` | no |
 | additional\_read\_users | list of additional entities to give read only permissions to provisioned resources | `list(string)` | `[]` | no |
-| allow\_source\_ip\_ranges | IP whitelist for inbound traffic to the LB | `list(string)` | `[]` | no |
 | bucket\_locations | Location for the gcs buckets, default is `US` | `string` | `"US"` | no |
 | force\_destroy | force destroy potentially persistent resources, like bigtable/gcs | `bool` | `false` | no |
 | labels | Labels to attach to created resources | `map(string)` | `{}` | no |
@@ -77,7 +72,6 @@ This modules creates:
 | Name | Description |
 |------|-------------|
 | instance\_ip | An arbitrary value that changes each time the resource is replaced. |
-| load\_balancer\_ip | The IP assigned to the LB. |
 | tamr\_config\_file | full tamr config file |
 | tamr\_instance\_self\_link | full self link of created tamr vm |
 | tamr\_service\_account | service account tamr is using |

VERSION

@@ -0,0 +1,25 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >0.12.0 |
+| google | ~> 3.29.0 |
+| google-beta | ~> 3.29.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | ~> 3.29.0 |
+| google-beta | ~> 3.29.0 |
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/load_balancer/README.md

@@ -0,0 +1,75 @@
+locals {
+    deployment_name = "tamr-dev"
+    project         = "your-project"
+    region = "us-east1"
+    zone = "us-east1-b"
+}
+
+module "tamr_stack" {
+  source = "git::[email protected]:Datatamer/terraform-gcp-tamr-vm.git?ref=v0.1.0"
+  deployment_name = local.deployment_name
+  # tamr VM
+  tamr_zip_uri = "gs://tamr-releases/v2020.015.0/unify.zip"
+  tamr_instance_image = "your-project/ubuntu"
+  # bigtable config
+  tamr_bigtable_min_nodes   = 1
+  tamr_bigtable_max_nodes   = 10
+  # network
+  subnet_self_link = data.google_compute_subnetwork.project_subnet.self_link
+  region = local.region
+  zone = local.zone
+  # misc
+  # NOTE: this module will deploy all resources into this project
+  project_id = local.project
+}
+#
+# GLB
+#
+
+# assume ssl cert is uploaded to a google secret
+data "google_secret_manager_secret_version" "ssl_key" {
+  provider = google-beta
+  project  = local.project
+  secret   = "ssl_key"
+}
+
+data "google_secret_manager_secret_version" "ssl_cert" {
+  provider = google-beta
+  project  = local.project
+  secret   = "ssl_cert"
+}
+
+# ssl
+resource "google_compute_ssl_certificate" "tamr" {
+  project     = local.project
+  name        = "${local.deployment_name}-cert"
+  private_key = data.google_secret_manager_secret_version.ssl_key.secret_data
+  certificate = data.google_secret_manager_secret_version.ssl_cert.secret_data
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# NOTE: this section is commented out, as it can't be planned and run until the above snippets have be run.
+
+# module "load_balancer" {
+#   source = "git::[email protected]:Datatamer/terraform-gcp-tamr-load-balancer.git?ref=v1.1.0"
+
+#   name                   = local.deployment_name
+#   project_id             = local.project
+#   ssl_certificates       = [google_compute_ssl_certificate.tamr.id]
+#   tamr_vm_self_link      = module.tamr_stack.tamr_instance_self_link
+#   region                 = local.region
+#   allow_source_ip_ranges = ["1.1.1.1/32"] # NOTE: replace this with your IP
+# }
+
+# resource "google_dns_record_set" "tamr-example-com" {
+#   name = "${local.name}-ssl.example.com."
+#   type = "A"
+#   ttl  = 30
+#   project = local.project
+
+#   managed_zone = "example-zone"
+#   rrdatas      = [module.load_balancer.ip_address]
+# }

examples/load_balancer/main.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">0.12.0"
+}
+
+provider "google" {
+  project = var.project-id
+  region  = "us-east1"
+  version = "~> 3.29.0"
+}
+
+provider "google-beta" {
+  project = var.project-id
+  region  = "us-east1"
+  version = "~> 3.29.0"
+}

examples/load_balancer/versions.tf

@@ -0,0 +1,22 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >0.12.0 |
+| google | ~> 3.29.0 |
+| google-beta | ~> 3.29.0 |
+
+## Providers
+
+No provider.
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/minimal/README.md

@@ -0,0 +1,17 @@
+module "tamr_stack" {
+  source = "git::[email protected]:Datatamer/terraform-gcp-tamr-vm.git?ref=v0.1.0"
+  deployment_name = "tamr-dev"
+  # tamr VM
+  tamr_zip_uri = "gs://tamr-releases/v2020.015.0/unify.zip"
+  tamr_instance_image = "your-project/ubuntu"
+  # bigtable config
+  tamr_bigtable_min_nodes   = 1
+  tamr_bigtable_max_nodes   = 10
+  # network
+  subnet_self_link = data.google_compute_subnetwork.project_subnet.self_link
+  region = "us-east1"
+  zone = "us-east1-b"
+  # misc
+  # NOTE: this module will deploy all resources into this project
+  project_id = "your-project"
+}

examples/minimal/main.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">0.12.0"
+}
+
+provider "google" {
+  project = var.project-id
+  region  = "us-east1"
+  version = "~> 3.29.0"
+}
+
+provider "google-beta" {
+  project = var.project-id
+  region  = "us-east1"
+  version = "~> 3.29.0"
+}

examples/minimal/versions.tf

@@ -97,26 +97,3 @@ module "tamr_vm" {
   # misc
   labels = var.labels
 }
-
-# load balancer config
-resource "google_compute_ssl_certificate" "tamr" {
-  project     = var.project_id
-  name        = "${var.deployment_name}-cert"
-  private_key = var.tls_private_key
-  certificate = var.tls_certificate
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-module "load_balancer" {
-  source = "git::[email protected]:Datatamer/terraform-gcp-tamr-load-balancer.git?ref=v1.1.0"
-
-  name                   = var.deployment_name
-  project_id             = var.project_id
-  ssl_certificates       = [google_compute_ssl_certificate.tamr.id]
-  tamr_vm_self_link      = module.tamr_vm.tamr_instance_self_link
-  region                 = var.region
-  allow_source_ip_ranges = var.allow_source_ip_ranges
-}

main.tf

@@ -13,11 +13,6 @@ output "tamr_service_account" {
   description = "service account tamr is using"
 }
 
-output "load_balancer_ip" {
-  value       = module.load_balancer.ip_address
-  description = "The IP assigned to the LB."
-}
-
 # config files
 # NOTE: these are very useful for debugging
 output "tamr_config_file" {

outputs.tf

@@ -80,25 +80,6 @@ variable "bucket_locations" {
   description = "Location for the gcs buckets, default is `US`"
   default     = "US"
 }
-#
-# Google Load Balancer
-#
-#
-variable "tls_private_key" {
-  type        = string
-  description = "Private key for tls certifacate to attach to load balancer"
-}
-
-variable "tls_certificate" {
-  type        = string
-  description = "CRT for tls certifacate to attach to load balancer"
-}
-
-variable "allow_source_ip_ranges" {
-  default     = []
-  type        = list(string)
-  description = "IP whitelist for inbound traffic to the LB"
-}
 
 # Misc
 #