From 4df94a76121c02eb45241be628fc35a76baf8cbe Mon Sep 17 00:00:00 2001 From: Gezi-lzq Date: Mon, 11 Nov 2024 11:10:45 +0800 Subject: [PATCH] feat: clean up Terraform code by removing unused IAM permissions and formatting adjustments --- google.tf | 8 ++------ main.tf | 28 ++++++++++++++-------------- outputs.tf | 16 ++++++++-------- variables.tf | 8 ++++---- versions.tf | 2 +- 5 files changed, 29 insertions(+), 33 deletions(-) diff --git a/google.tf b/google.tf index ba9e734..bbbdd75 100644 --- a/google.tf +++ b/google.tf @@ -157,8 +157,6 @@ resource "google_project_iam_custom_role" "automq_byoc_compute_role" { "compute.instances.list", "compute.networks.get", "compute.networks.list", - - "compute.instances.create" ] } @@ -174,8 +172,6 @@ resource "google_project_iam_custom_role" "automq_byoc_dns_role" { "dns.resourceRecordSets.get", "dns.resourceRecordSets.list", "dns.resourceRecordSets.update", - - "orgpolicy.policy.get" ] } @@ -298,8 +294,8 @@ resource "google_project_iam_binding" "automq_byoc_gke_sa_binding" { "serviceAccount:${google_service_account.automq_byoc_sa.email}" ] condition { - title = "AutoMQ BYOC ${var.automq_byoc_env_id} GKE Role Condition" - expression = "resource.matchTag(\"${var.cloud_project_id}/automqAssigned\", \"automq\")" + title = "AutoMQ BYOC ${var.automq_byoc_env_id} GKE Role Condition" + expression = "resource.matchTag(\"${var.cloud_project_id}/automqAssigned\", \"automq\")" } } diff --git a/main.tf b/main.tf index 017a762..012fcb7 100644 --- a/main.tf +++ b/main.tf @@ -25,12 +25,12 @@ resource "google_compute_instance" "automq_byoc_console" { } metadata_startup_script = templatefile("${path.module}/tpls/userdata.tpl", { - automq_data_bucket = local.automq_data_bucket, - automq_ops_bucket = local.automq_ops_bucket, - instance_service_account = google_service_account.automq_byoc_sa.account_id, - environment_id = var.automq_byoc_env_id - instance_dns = google_dns_managed_zone.private_dns_zone.name - deploy_type = var.automq_byoc_default_deploy_type + automq_data_bucket = local.automq_data_bucket, + automq_ops_bucket = local.automq_ops_bucket, + instance_service_account = google_service_account.automq_byoc_sa.account_id, + environment_id = var.automq_byoc_env_id + instance_dns = google_dns_managed_zone.private_dns_zone.name + deploy_type = var.automq_byoc_default_deploy_type }) labels = { @@ -40,16 +40,16 @@ resource "google_compute_instance" "automq_byoc_console" { } resource "google_tags_location_tag_binding" "compute_instance_vendor_tag_binding" { - depends_on = [ google_compute_instance.automq_byoc_console ] - parent = "//compute.googleapis.com/projects/${data.google_project.project.number}/zones/${var.cloud_provider_zone}/instances/${google_compute_instance.automq_byoc_console.instance_id}" - tag_value = "tagValues/${google_tags_tag_value.automqVendorValue.name}" - location = var.cloud_provider_zone + depends_on = [google_compute_instance.automq_byoc_console] + parent = "//compute.googleapis.com/projects/${data.google_project.project.number}/zones/${var.cloud_provider_zone}/instances/${google_compute_instance.automq_byoc_console.instance_id}" + tag_value = "tagValues/${google_tags_tag_value.automqVendorValue.name}" + location = var.cloud_provider_zone } resource "google_tags_location_tag_binding" "compute_instance_env_tag_binding" { - depends_on = [ google_compute_instance.automq_byoc_console ] - parent = "//compute.googleapis.com/projects/${data.google_project.project.number}/zones/${var.cloud_provider_zone}/instances/${google_compute_instance.automq_byoc_console.instance_id}" - tag_value = "tagValues/${google_tags_tag_value.automqEnvValue.name}" - location = var.cloud_provider_zone + depends_on = [google_compute_instance.automq_byoc_console] + parent = "//compute.googleapis.com/projects/${data.google_project.project.number}/zones/${var.cloud_provider_zone}/instances/${google_compute_instance.automq_byoc_console.instance_id}" + tag_value = "tagValues/${google_tags_tag_value.automqEnvValue.name}" + location = var.cloud_provider_zone } resource "google_compute_disk" "data_volume" { diff --git a/outputs.tf b/outputs.tf index 36de617..c367dbf 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,34 +1,34 @@ output "automq_byoc_env_id" { description = "This parameter is used to create resources within the environment. Additionally, all cloud resource names will incorporate this parameter as part of their names. This parameter supports only numbers, uppercase and lowercase English letters, and hyphens. It must start with a letter and is limited to a length of 32 characters." - value = var.automq_byoc_env_id + value = var.automq_byoc_env_id } output "automq_byoc_endpoint" { description = "The endpoint for the AutoMQ environment console. Users can set this endpoint to the AutoMQ Terraform Provider to manage resources through Terraform. Additionally, users can access this endpoint via web browser, log in, and manage resources within the environment using the WebUI." - value = "http://${google_compute_address.web_ip.address}:8080" + value = "http://${google_compute_address.web_ip.address}:8080" } output "automq_byoc_initial_username" { description = "The initial username for the AutoMQ environment console. It has the `EnvironmentAdmin` role permissions. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)." - value = "admin" + value = "admin" } output "automq_byoc_initial_password" { description = "The initial password for the AutoMQ environment console. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)." - value = google_compute_instance.automq_byoc_console.instance_id + value = google_compute_instance.automq_byoc_console.instance_id } output "automq_byoc_vpc_id" { description = "The VPC ID for the AutoMQ environment deployment." - value = local.automq_byoc_vpc_name + value = local.automq_byoc_vpc_name } output "automq_byoc_instance_id" { description = "The EC2 instance id for AutoMQ Console." - value = google_compute_instance.automq_byoc_console.instance_id + value = google_compute_instance.automq_byoc_console.instance_id } output "automq_byoc_google_service_account" { description = "The Google Service Account for the AutoMQ environment deployment." - value = google_service_account.automq_byoc_sa.email -} \ No newline at end of file + value = google_service_account.automq_byoc_sa.email +} diff --git a/variables.tf b/variables.tf index 163bfe4..0ce958c 100644 --- a/variables.tf +++ b/variables.tf @@ -61,7 +61,7 @@ variable "automq_byoc_ops_bucket_name" { variable "automq_byoc_machine_type" { description = "Set the Compute Engine machine type; this parameter is used only for deploying the AutoMQ environment console. You need to provide a machine type with at least 2 cores and 8 GB of memory." type = string - default = "e2-standard-2" # GCP equivalent of t3.large + default = "e2-standard-2" # GCP equivalent of t3.large } variable "automq_byoc_env_version" { @@ -88,6 +88,6 @@ variable "automq_byoc_default_deploy_type" { condition = var.automq_byoc_default_deploy_type == "k8s" error_message = "Currently, only 'k8s' is supported for automq_byoc_default_deploy_type." } - type = string - default = "k8s" -} \ No newline at end of file + type = string + default = "k8s" +} diff --git a/versions.tf b/versions.tf index 18df843..ea9a8c2 100644 --- a/versions.tf +++ b/versions.tf @@ -7,4 +7,4 @@ terraform { version = ">= 4.64, < 7" } } -} \ No newline at end of file +}