fixes

transparency-dev · Aug 16, 2024 · b9458d7 · b9458d7
1 parent 54ac72e
commit b9458d7
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 15 deletions.
diff --git a/deployment/live/example-gcp/ci/terragrunt.hcl b/deployment/live/example-gcp/ci/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "${get_repo_root()}/deployment/modules/example-gcp"
+  source = "${get_repo_root()}/deployment/modules//example-gcp"
 }
 
 include "root" {

diff --git a/deployment/live/example-gcp/terragrunt.hcl b/deployment/live/example-gcp/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "${get_repo_root()}/deployment/modules/example-gcp"
+  source = "${get_repo_root()}/deployment/modules//example-gcp"
 }
 
 locals {

diff --git a/deployment/modules/example-gcp/main.tf b/deployment/modules/example-gcp/main.tf
@@ -3,7 +3,17 @@ terraform {
 }
 
 module "gcp" {
-  source = "../"
+  source = "..//gcp"
+
+  base_name  = vars.base_name
+  env        = vars.env
+  location   = vars.location
+  project_id = vars.project_id
+}
+
+locals {
+  log_bucket  = module.gcp.log_bucket
+  log_spanner = module.gcp.log_spanner
 }
 
 ###
@@ -24,21 +34,16 @@ resource "google_project_iam_member" "iam_metrics_writer" {
   role    = "roles/monitoring.metricWriter"
   member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
 }
-resource "google_project_iam_member" "iam_sql_client" {
+resource "google_project_iam_member" "iam_spanner_client" {
   project = var.project_id
-  role    = "roles/cloudsql.client"
+  role    = "roles/spanner.client"
   member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
 }
 resource "google_project_iam_member" "iam_service_agent" {
   project = var.project_id
   role    = "roles/run.serviceAgent"
   member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
 }
-resource "google_project_iam_member" "iam_secret_accessor" {
-  project = var.project_id
-  role    = "roles/secretmanager.secretAccessor"
-  member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
-}
 
 resource "google_cloud_run_v2_service" "default" {
   name         = "example-service-${var.env}"
@@ -53,8 +58,8 @@ resource "google_cloud_run_v2_service" "default" {
       args = [
         "--logtostderr",
         "--v=1",
-        "--bucket=${modules.infra.outputs.log_bucket}",
-        "--spanner=${modules.infra.outputs.log_spanner}",
+        "--bucket=${local.log_bucket}",
+        "--spanner=${local.log_spanner}",
         "--project=${var.project_id}",
         "--signer=./testgcp.sec",
       ]
@@ -80,13 +85,10 @@ resource "google_cloud_run_v2_service" "default" {
   }
   client = "terraform"
   depends_on = [
-    google_project_service.secretmanager_api,
-    google_project_service.spanner_api,
     google_project_iam_member.iam_act_as,
     google_project_iam_member.iam_metrics_writer,
     google_project_iam_member.iam_spanner_client,
     google_project_iam_member.iam_service_agent,
-    google_project_iam_member.iam_secret_accessor,
   ]
 }