Add terraform templates for GCP infrastructure

infrastructure/gcp/Makefile

@@ -0,0 +1,61 @@
+environment := dev
+project := $(shell gcloud config get-value project)
+auto-approve := false
+
+ENVIRONMENTS := $(shell find ./vars -type f -name '*.tfvars' | cut -c 8- | rev | cut -c 8- | rev | paste -sd " " - | xargs)
+
+TF_ENV_VARS :=
+TF_OPTIONS :=
+TF_INIT_CONF :=
+TF_RUN_CONF :=
+
+.PHONY: help
+help:
+	@echo "Usage: make <plan|apply|destroy> provider=gcp environment=<string> project=<string> auto-approve=<true|false>"
+	@echo " "
+	@echo "Options:"
+	@echo "  environment      The terraform input variables file name (Default: '$(environment)'. Supported values: [$(ENVIRONMENTS)])."
+	@echo "  project          Use a specific project to manage resource in (Default: '$(project)')."
+	@echo "  auto-approve     Skip interactive approval of plan before applying (Default: '$(auto-approve)')."
+	@echo " "
+
+configure:
+    ifeq ($(filter $(environment),$(ENVIRONMENTS)),)
+		$(error Environment '$(environment)' is not supported)
+    endif
+    TF_ENV_VARS := TF_DATA_DIR="$(CURDIR)/.terraform/$(environment)"
+    TF_OPTIONS := $(TF_OPTIONS) -var="environment=$(environment)"
+    TF_OPTIONS := $(TF_OPTIONS) -var="project=$(project)"
+    TF_INIT_CONF := $(TF_INIT_CONF) -backend-config="$(CURDIR)/states/$(environment).tfstate"
+    TF_INIT_CONF := $(TF_INIT_CONF) -var-file="$(CURDIR)/vars/$(environment).tfvars"
+    TF_RUN_CONF := $(TF_RUN_CONF) -state="$(CURDIR)/states/$(environment).tfstate"
+    TF_RUN_CONF := $(TF_RUN_CONF) -var-file="$(CURDIR)/vars/$(environment).tfvars"
+    ifeq ($(auto-approve),true)
+        TF_RUN_CONF := $(TF_RUN_CONF) -auto-approve
+    endif
+
+.PHONY: init
+init:
+	$(TF_ENV_VARS) terraform init $(TF_OPTIONS) $(TF_INIT_CONF)
+
+.PHONY: package
+package:
+	rm -rf $(CURDIR)/function_source.zip $(CURDIR)/requirements.txt $(CURDIR)/credentials.json
+	for module in 'core' 'gcp' ; do \
+		cd $(CURDIR)/../../git-lfs-$$module/src/main/ ; \
+		zip -r $(CURDIR)/function_source.zip ./ ; \
+		cat ../../requirements.txt >> $(CURDIR)/requirements.txt ; \
+	done
+	zip -r $(CURDIR)/function_source.zip requirements.txt
+
+.PHONY: plan
+plan: configure init package
+	$(TF_ENV_VARS) terraform plan $(TF_OPTIONS) $(TF_RUN_CONF)
+
+.PHONY: apply
+apply: configure init package
+	$(TF_ENV_VARS) terraform apply $(TF_OPTIONS) $(TF_RUN_CONF)
+
+.PHONY: destroy
+destroy: configure init
+	$(TF_ENV_VARS) terraform destroy $(TF_OPTIONS) $(TF_RUN_CONF)

infrastructure/gcp/outputs.tf

@@ -0,0 +1,14 @@
+output "function_name" {
+  description = "The name of the function"
+  value       = google_cloudfunctions_function.function.name
+}
+
+output "function_endpoint" {
+  description = "The API endpoint URL address"
+  value       = google_cloudfunctions_function.function.https_trigger_url
+}
+
+output "service_account_email" {
+  description = "The email of the service account"
+  value       = google_service_account.service_account.email
+}

infrastructure/gcp/resources.tf

@@ -0,0 +1,74 @@
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+locals {
+  resource_name_prefix = "${var.name}-${var.environment}"
+}
+
+resource "google_service_account" "service_account" {
+  account_id   = "${local.resource_name_prefix}-api"
+  display_name = "Git LFS function service account"
+}
+
+resource "google_project_iam_binding" "role_binding" {
+  role = "roles/storage.objectAdmin"
+
+  members = [
+    "serviceAccount:${google_service_account.service_account.email}"
+  ]
+}
+
+resource "google_service_account_key" "key" {
+  service_account_id = google_service_account.service_account.name
+  public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
+resource "local_file" "credentials" {
+  content  = base64decode(google_service_account_key.key.private_key)
+  filename = "${path.module}/credentials.json"
+
+  provisioner "local-exec" {
+    command = "zip -r ${path.module}/function_source.zip credentials.json && rm -rf credentials.json"
+  }
+}
+
+resource "google_storage_bucket_object" "source_archive" {
+  name   = "src/${uuid()}.zip"
+  bucket = var.bucket_name
+  source = "${path.module}/function_source.zip"
+
+  depends_on = [
+    local_file.credentials
+  ]
+}
+
+resource "google_cloudfunctions_function" "function" {
+  name                  = "${local.resource_name_prefix}-api"
+  description           = "This function coordinate fetching and storing Git LFS objects"
+  runtime               = "python37"
+  timeout               = 30
+  available_memory_mb   = 128
+  source_archive_bucket = google_storage_bucket_object.source_archive.bucket
+  source_archive_object = google_storage_bucket_object.source_archive.name
+  trigger_http          = true
+  entry_point           = "function_handler"
+  ingress_settings      = "ALLOW_ALL"
+  labels                = var.labels
+  service_account_email = google_service_account.service_account.email
+  environment_variables = {
+    LOG_LEVEL                      = "INFO"
+    BUCKET_NAME                    = var.bucket_name
+    GOOGLE_APPLICATION_CREDENTIALS = "credentials.json"
+  }
+}
+
+resource "google_cloudfunctions_function_iam_member" "invoker" {
+  project        = google_cloudfunctions_function.function.project
+  region         = google_cloudfunctions_function.function.region
+  cloud_function = google_cloudfunctions_function.function.name
+
+  role   = "roles/cloudfunctions.invoker"
+  member = "allUsers"
+}

infrastructure/gcp/variables.tf

@@ -0,0 +1,29 @@
+variable "project" {
+  type        = string
+  description = "The default project to manage resources in"
+}
+
+variable "region" {
+  type        = string
+  description = "The Google Cloud region to use"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment name"
+}
+
+variable "name" {
+  type        = string
+  description = "Service name that will be prefixed to resource names"
+}
+
+variable "bucket_name" {
+  type        = string
+  description = "Google Storage bucket name where will be stored Git LFS objects"
+}
+
+variable "labels" {
+  type        = map(string)
+  description = "A list of labels to apply to resources"
+}

infrastructure/gcp/vars/dev.tfvars

@@ -0,0 +1,5 @@
+region      = "us-central1"
+environment = "dev"
+name        = "git-lfs"
+bucket_name = "git-lfs-storagebucket-mo410x249ybo"
+labels      = { "environment" : "develop", "product" : "git_lfs", "owner" : "vitaliy_boyarsky" }

infrastructure/gcp/vars/prod.tfvars

@@ -0,0 +1,5 @@
+region      = "us-central1"
+environment = "prod"
+name        = "git-lfs"
+bucket_name = "git-lfs-storagebucket-mo410x249ybo"
+labels      = { "environment" : "develop", "product" : "git_lfs", "owner" : "vitaliy_boyarsky" }