Initielt terraform-oppsett for bigquery

Co-authored-by: richardmartinsen <Richard.Martinsen@nav.no>
navikt · Jun 17, 2024 · ae285a0 · ae285a0
1 parent c43311f
commit ae285a0
Show file tree

Hide file tree

Showing 8 changed files with 192 additions and 0 deletions.
diff --git a/.github/workflows/deploy-bigquery.yaml b/.github/workflows/deploy-bigquery.yaml
@@ -0,0 +1,67 @@
+name: "Terraform - Big Query"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - bigquery/**
+      - .github/workflows/deploy-bigquery.yaml
+
+env:
+  DEV_DIR: './bigquery/dev'
+#  PROD_DIR: './bigquery/prod'
+
+jobs:
+  terraform-plan-dev:
+    name: "terraform plan gcp-dev"
+    runs-on: ubuntu-latest
+    concurrency: terraform-plan-dev
+    defaults:
+      run:
+        working-directory: ${{ env.DEV_DIR }}
+
+    env:
+      GOOGLE_CREDENTIALS: ${{ secrets.GCP_SECRET_DEV }}
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: Run 'terraform setup'
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Run 'terraform init'
+        run: terraform init
+
+      - name: Run 'terraform fmt'
+        run: terraform fmt -check
+
+      - name: Run 'terraform validate'
+        run: terraform validate
+
+      - name: Run 'terraform plan'
+        run: terraform plan
+
+  terraform-apply-dev:
+    needs: terraform-plan-dev
+    name: "terraform apply gcp-dev"
+    runs-on: ubuntu-latest
+    concurrency: terraform-plan-dev, terraform-apply-dev
+    defaults:
+      run:
+        working-directory: ${{ env.DEV_DIR }}
+
+    env:
+      GOOGLE_CREDENTIALS: ${{ secrets.GCP_SECRET_DEV }}
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      - name: Run 'terraform setup'
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Run 'terraform init'
+        run: terraform init
+
+      - name: Run 'terraform apply'
+        run: terraform apply -auto-approve
diff --git a/bigquery/.gitignore b/bigquery/.gitignore
@@ -0,0 +1,18 @@
+**/.env
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+
+*.key
+
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+**/.idea
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
diff --git a/bigquery/README.md b/bigquery/README.md
@@ -0,0 +1,14 @@
+# Terraform-oppsett for BigQuery
+
+## Servicebruker
+
+Oppsettet forutsetter at det finnes en servicebruker med tilgang til BigQuery. Dette kan opprettes i Google Cloud Console.
+
+Brukeren som er opprettet heter "tpts-terraform" og har rollene "BigQuery Data Owner", "Editor", "Secret Manager Sercret Accessor"
+
+Brukeren må finnes i både tpts-dev og tpts-prod.
+
+## Secrets
+
+Workflow for å kjøre opp terraform krever at det finnes en secret ved navn "GCP_SECRET_DEV" (og _PROD). Denne kan opprettes på servicebrukeren og legges inn i github som en repo secret.
+
diff --git a/bigquery/dev/.terraform.lock.hcl b/bigquery/dev/.terraform.lock.hcl
diff --git a/bigquery/dev/main.tf b/bigquery/dev/main.tf
@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "5.33.0"
+    }
+  }
+
+  backend "gcs" {
+    bucket = "tpts-bigquery-terraform-state-dev"
+  }
+}
+
+provider "google" {
+  project = var.gcp_project["project"]
+  region  = var.gcp_project["region"]
+}
+
+data "google_project" "project" {}
+
+module "google_storage_bucket" {
+  source = "../modules/google-cloud-storage"
+
+  name     = "tpts-bigquery-terraform-state-dev"
+  location = var.gcp_project["region"]
+}
diff --git a/bigquery/dev/variables.tf b/bigquery/dev/variables.tf
@@ -0,0 +1,9 @@
+variable "gcp_project" {
+  description = "GCP project and region defaults."
+  type        = map(string)
+  default = {
+    region  = "europe-north1",
+    zone    = "europe-north1-a",
+    project = "tpts-dev-6211"
+  }
+}
diff --git a/bigquery/modules/google-cloud-storage/main.tf b/bigquery/modules/google-cloud-storage/main.tf
@@ -0,0 +1,10 @@
+resource "google_storage_bucket" "bucket" {
+  name          = var.name
+  location      = var.location
+  storage_class = var.storage_class
+  force_destroy = var.force_destroy
+
+  versioning {
+    enabled = var.versioning
+  }
+}
diff --git a/bigquery/modules/google-cloud-storage/variables.tf b/bigquery/modules/google-cloud-storage/variables.tf
@@ -0,0 +1,26 @@
+variable "name" {
+  description = "The name of the bucket."
+  type        = string
+}
+
+variable "location" {
+  description = "The bucket location."
+  type        = string
+}
+
+variable "storage_class" {
+  description = "The bucket storage class."
+  type        = string
+  default     = "STANDARD"
+}
+
+variable "versioning" {
+  description = "If the bucket content should be versioned or not."
+  type        = bool
+  default     = true
+}
+variable "force_destroy" {
+  description = "If the bucket can be deleted if it contains content."
+  type        = bool
+  default     = false
+}