diff --git a/deployment/live/example-gcp/terragrunt.hcl b/deployment/live/example-gcp/terragrunt.hcl new file mode 100644 index 000000000..e7d742922 --- /dev/null +++ b/deployment/live/example-gcp/terragrunt.hcl @@ -0,0 +1,28 @@ +terraform { + source = "${get_repo_root()}/deployment/modules/gcs" +} + +locals { + project_id = "trillian-tessera" + location = "us-central1" + base_name = "example-gcs" +} + +inputs = merge( + local, + {} +) + +remote_state { + backend = "gcs" + + config = { + project = local.project_id + location = local.location + bucket = "${local.project_id}-${local.base_name}-terraform-state" + + gcs_bucket_labels = { + name = "terraform_state_storage" + } + } +} diff --git a/deployment/modules/gcs/main.tf b/deployment/modules/gcs/main.tf new file mode 100644 index 000000000..d40d774b0 --- /dev/null +++ b/deployment/modules/gcs/main.tf @@ -0,0 +1,73 @@ +terraform { + backend "gcs" {} +} + +# Services +resource "google_project_service" "serviceusage_googleapis_com" { + service = "serviceusage.googleapis.com" +} +resource "google_project_service" "storage_api_googleapis_com" { + service = "storage-api.googleapis.com" +} +resource "google_project_service" "storage_component_googleapis_com" { + service = "storage-component.googleapis.com" +} +resource "google_project_service" "storage_googleapis_com" { + service = "storage.googleapis.com" +} + +## Resources + +# Service accounts + +resource "google_service_account" "log_writer" { + account_id = "${var.base_name}-writer" + display_name = "Log writer service account" +} + + +# Buckets + +resource "google_storage_bucket" "log_bucket" { + name = "${var.project_id}-${var.base_name}-bucket" + location = var.location + storage_class = "STANDARD" + uniform_bucket_level_access = true +} + +resource "google_storage_bucket_iam_binding" "log_bucket_writer" { + bucket = google_storage_bucket.log_bucket.name + role = "roles/storage.legacyBucketWriter" + members = [ + google_service_account.log_writer.member + ] +} + +# Spanner + +resource "google_spanner_instance" "log_spanner" { + name = var.base_name + config = "regional-${var.location}" + display_name = "${var.base_name} Spanner Instance" + processing_units = 100 +} + +resource "google_spanner_database" "log_db" { + instance = google_spanner_instance.log_spanner.name + name = "${var.base_name}-db" + ddl = [ + "CREATE TABLE SeqCoord (id INT64 NOT NULL, next INT64 NOT NULL,) PRIMARY KEY (id)", + "CREATE TABLE Seq (id INT64 NOT NULL, seq INT64 NOT NULL, v BYTES(MAX),) PRIMARY KEY (id, seq)", + "CREATE TABLE IntCoord (id INT64 NOT NULL, seq INT64 NOT NULL,) PRIMARY KEY (id)", + ] +} + +resource "google_spanner_database_iam_binding" "database" { + instance = google_spanner_instance.log_spanner.name + database = google_spanner_database.log_db.name + role = "roles/compute.networkUser" + + members = [ + google_service_account.log_writer.member + ] +} diff --git a/deployment/modules/gcs/outputs.tf b/deployment/modules/gcs/outputs.tf new file mode 100644 index 000000000..48145d74f --- /dev/null +++ b/deployment/modules/gcs/outputs.tf @@ -0,0 +1,4 @@ +output "log_bucket" { + description = "Log GCS bucket" + value = google_storage_bucket.log_bucket +} diff --git a/deployment/modules/gcs/variables.tf b/deployment/modules/gcs/variables.tf new file mode 100644 index 000000000..fa8142e7a --- /dev/null +++ b/deployment/modules/gcs/variables.tf @@ -0,0 +1,14 @@ +variable "project_id" { + description = "GCP project ID where the log is hosted" + type = string +} + +variable "base_name" { + description = "Base name to use when naming resources" + type = string +} + +variable "location" { + description = "Location in which to create resources" + type = string +}