feat: add terraform GCP provider (preview) (#632)

Co-authored-by: Tim Holm <[email protected]>
Co-authored-by: David Moore <[email protected]>

cloud/common/deploy/provider/pulumi.go

@@ -142,12 +142,12 @@ func createPulumiProgramForNitricProvider(req *deploymentspb.DeploymentUpRequest
 func stackAndProjectFromAttributes(attributesMap map[string]interface{}) (string, string, error) {
 	projectName, ok := attributesMap["project"].(string)
 	if !ok {
-		return "", "", fmt.Errorf("")
+		return "", "", fmt.Errorf("project not found in attributes")
 	}
 
 	stackName, ok := attributesMap["stack"].(string)
 	if !ok {
-		return "", "", fmt.Errorf("")
+		return "", "", fmt.Errorf("stack not found in attributes")
 	}
 
 	return projectName, stackName, nil

cloud/gcp/.gitignore

@@ -1,2 +1,4 @@
 deploy/runtime-gcp
-dist/
+dist/
+
+common/runtime/runtime-gcp

cloud/gcp/.golangci.yml

@@ -23,6 +23,8 @@ linters:
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0
+  exclude-dirs:
+    - deploytf/generated
 
 linters-settings:
   govet:

cloud/gcp/.goreleaser.yaml

@@ -7,10 +7,9 @@ before:
     - go work sync
     - make predeploybin
 builds:
-  - env:
-      # - GOWORK=on
+  - id: gcp
+    env:
       - CGO_ENABLED=0
-    id: gcp
     binary: gcp
     main: ./cmd/deploy
     goos:
@@ -20,12 +19,38 @@ builds:
     goarch:
       - amd64
       - arm64
+  - id: gcptf
+    env:
+      - CGO_ENABLED=0
+    binary: gcp
+    main: ./cmd/deploytf
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
 archives:
   - name_template: >-
       {{ .ProjectName }}_
       {{- tolower .Os }}_
       {{- if eq .Arch "amd64" }}x86_64
       {{- else }}{{ tolower .Arch }}{{ end }}
+    builds:
+      - gcp
+    format_overrides:
+      - goos: windows
+        format: zip
+  - name_template: >-
+      {{ .ProjectName }}tf_
+      {{- tolower .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ tolower .Arch }}{{ end }}
+    id: gcptf
+    builds:
+      - gcptf
     format_overrides:
       - goos: windows
         format: zip

cloud/gcp/Makefile

@@ -13,39 +13,45 @@ runtimebin:
 	@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/runtime-gcp -ldflags="-s -w -extldflags=-static" ./cmd/runtime
 
 predeploybin: runtimebin
-	@cp bin/runtime-gcp deploy/runtime/runtime-gcp
+	@cp bin/runtime-gcp common/runtime/runtime-gcp
 
 sec:
-	@touch deploy/runtime/runtime-gcp
+	@touch common/runtime/runtime-gcp
 	@go run github.com/securego/gosec/v2/cmd/gosec@latest -exclude-dir=tools ./...
-	@rm deploy/runtime/runtime-gcp
+	@rm common/runtime/runtime-gcp
 
 # There appears to be an old namespace conflict with the protobuf definitions
 deploybin: predeploybin
 	@echo Building GCP Deployment Server
 	@CGO_ENABLED=0 go build -o bin/deploy-gcp -ldflags="-s -w -extldflags=-static" -ldflags="-X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=ignore" ./cmd/deploy
-	@rm deploy/runtime/runtime-gcp
+
+
+deploybintf: generate-terraform predeploybin
+	@echo Building AWS Terraform Deployment Server
+	@CGO_ENABLED=0 go build -o bin/deploy-gcptf -ldflags="-s -w -extldflags=-static" -ldflags="-X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=ignore" ./cmd/deploytf
 
 .PHONY: install
-install: deploybin
+install: deploybin deploybintf
 	@echo installing gcp deployment server to ${HOME}/.nitric/providers/nitric/gcp-0.0.1
+	@echo installing gcptf deployment server to ${HOME}/.nitric/providers/nitric/gcptf-0.0.1
 	@mkdir -p ${HOME}/.nitric/providers/nitric/
 	@rm -f ${HOME}/.nitric/providers/nitric/gcp-0.0.1
 	@cp bin/deploy-gcp ${HOME}/.nitric/providers/nitric/gcp-0.0.1
+	@cp bin/deploy-gcptf ${HOME}/.nitric/providers/nitric/gcptf-0.0.1
 
 sourcefiles := $(shell find . -type f -name "*.go" -o -name "*.dockerfile")
 
 fmt:
-	@go run github.com/google/addlicense -c "Nitric Technologies Pty Ltd." -y "2021" $(sourcefiles)
-	@touch deploy/runtime/runtime-gcp
+	@go run github.com/google/addlicense -ignore "./deploytf/generated/**" -c "Nitric Technologies Pty Ltd." -y "2021" $(sourcefiles)
+	@touch common/runtime/runtime-gcp
 	$(GOLANGCI_LINT) run --fix
-	@rm deploy/runtime/runtime-gcp
+	@rm common/runtime/runtime-gcp
 
 lint:
-	@go run github.com/google/addlicense -check -c "Nitric Technologies Pty Ltd." -y "2021" $(sourcefiles)
-	@touch deploy/runtime/runtime-gcp
+	@go run github.com/google/addlicense -ignore "./deploytf/generated/**" -check -c "Nitric Technologies Pty Ltd." -y "2021" $(sourcefiles)
+	@touch common/runtime/runtime-gcp
 	$(GOLANGCI_LINT) run
-	@rm deploy/runtime/runtime-gcp
+	@rm common/runtime/runtime-gcp
 
 license-check: runtimebin
 	@echo Checking GCP Membrane OSS Licenses
@@ -73,4 +79,7 @@ generate-mocks:
 	@go run github.com/golang/mock/mockgen github.com/nitrictech/nitric/cloud/gcp/ifaces/cloudtasks CloudtasksClient > mocks/cloudtasks/mock.go
 	@go run github.com/golang/mock/mockgen github.com/nitrictech/nitric/cloud/gcp/ifaces/gcloud_secret SecretManagerClient,SecretIterator > mocks/gcp_secret/mock.go
 
-generate-sources: generate-mocks
+generate-sources: generate-mocks
+
+generate-terraform:
+	@cd deploytf && cdktf get

cloud/gcp/cmd/deploy/main.go

@@ -18,8 +18,8 @@ package main
 
 import (
 	"github.com/nitrictech/nitric/cloud/common/deploy/provider"
+	"github.com/nitrictech/nitric/cloud/gcp/common/runtime"
 	"github.com/nitrictech/nitric/cloud/gcp/deploy"
-	"github.com/nitrictech/nitric/cloud/gcp/deploy/runtime"
 )
 
 // Start the deployment server

cloud/gcp/cmd/deploytf/main.go

@@ -0,0 +1,32 @@
+// Copyright Nitric Pty Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at:
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"github.com/nitrictech/nitric/cloud/common/deploy/provider"
+	"github.com/nitrictech/nitric/cloud/gcp/common/runtime"
+	"github.com/nitrictech/nitric/cloud/gcp/deploytf"
+)
+
+// Start the deployment server
+func main() {
+	gcpStack := deploytf.NewNitricGcpProvider()
+
+	providerServer := provider.NewTerraformProviderServer(gcpStack, runtime.NitricGcpRuntime)
+
+	providerServer.Start()
+}

cloud/gcp/deploy/config.go → cloud/gcp/common/config.go

@@ -14,7 +14,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package deploy
+package common
 
 import (
 	"github.com/imdario/mergo"

cloud/gcp/deploy/api.go

@@ -250,9 +250,6 @@ func (p *NitricGcpPulumiProvider) Api(ctx *pulumi.Context, parent pulumi.Resourc
 		return errors.WithMessage(err, "api gateway")
 	}
 
-	// url := res.Gateway.DefaultHostname.ApplyT(func(hn string) string { return "https://" + hn })
-	// ctx.Export("api:"+name, url)
-
 	return nil
 }
 

cloud/gcp/deploy/deploy.go

@@ -30,6 +30,7 @@ import (
 	"github.com/nitrictech/nitric/cloud/common/deploy"
 	"github.com/nitrictech/nitric/cloud/common/deploy/provider"
 	"github.com/nitrictech/nitric/cloud/common/deploy/pulumix"
+	"github.com/nitrictech/nitric/cloud/gcp/common"
 	deploymentspb "github.com/nitrictech/nitric/core/pkg/proto/deployments/v1"
 	"github.com/pkg/errors"
 	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/apigateway"
@@ -55,7 +56,7 @@ type NitricGcpPulumiProvider struct {
 	*deploy.CommonStackDetails
 
 	StackId   string
-	GcpConfig *GcpConfig
+	GcpConfig *common.GcpConfig
 
 	DelayQueue      *cloudtasks.Queue
 	AuthToken       *oauth2.Token
@@ -105,7 +106,7 @@ func (a *NitricGcpPulumiProvider) Init(attributes map[string]interface{}) error
 		return status.Errorf(codes.InvalidArgument, err.Error())
 	}
 
-	a.GcpConfig, err = ConfigFromAttributes(attributes)
+	a.GcpConfig, err = common.ConfigFromAttributes(attributes)
 	if err != nil {
 		return status.Errorf(codes.InvalidArgument, "Bad stack configuration: %s", err)
 	}

cloud/gcp/deploy/queue.go

@@ -27,20 +27,6 @@ import (
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 )
 
-// type PubSubTopic struct {
-// 	pulumi.ResourceState
-
-// 	Name         string
-// 	PubSub       *pubsub.Topic
-// 	Subscription *pubsub.Subscription
-// }
-
-// type PubSubTopicArgs struct {
-// 	Location string
-// 	StackID  string
-// 	Queue    *v1.Queue
-// }
-
 func (p *NitricGcpPulumiProvider) Queue(ctx *pulumi.Context, parent pulumi.Resource, name string, config *deploymentspb.Queue) error {
 	var err error
 	opts := append([]pulumi.ResourceOption{}, pulumi.Parent(parent))

cloud/gcp/deploy/schedule.go

@@ -28,11 +28,6 @@ import (
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 )
 
-type ScheduleEvent struct {
-	PayloadType string                 `yaml:"payloadType"`
-	Payload     map[string]interface{} `yaml:"payload,omitempty"`
-}
-
 func (p *NitricGcpPulumiProvider) Schedule(ctx *pulumi.Context, parent pulumi.Resource, name string, config *deploymentspb.Schedule) error {
 	opts := append([]pulumi.ResourceOption{}, pulumi.Parent(parent))
 

cloud/gcp/deploytf/.nitric/modules/api/main.tf

@@ -0,0 +1,73 @@
+resource "google_api_gateway_api" "api" {
+  provider = google-beta
+  api_id   = var.name
+  labels = {
+    "x-nitric-${var.stack_id}-name" = var.name
+    "x-nitric-${var.stack_id}-type" = "api"
+  }
+}
+
+# Create a random id that changes when the openapi_spec changes
+# required to prevent name collisions on update
+resource "random_string" "api_config_id" {
+  length = 4
+  special = false
+  upper   = false
+
+  keepers = {
+    spec: var.openapi_spec
+  }
+}
+
+resource "google_api_gateway_api_config" "api_config" {
+  provider      = google-beta
+  api           = google_api_gateway_api.api.api_id
+  # A random ID, along with 'create_before_destroy' lifecycle, is used to prevent errors when updating (replacing) the API config
+  api_config_id = "${var.name}-conf-${random_string.api_config_id.result}"
+
+  openapi_documents {
+    document {
+      path     = "openapi.json"
+      contents = base64encode(var.openapi_spec)
+    }
+  }
+
+  gateway_config {
+    backend_config {
+      google_service_account = google_service_account.service_account.email
+    }
+  }
+
+  labels = {
+    "x-nitric-${var.stack_id}-name" = var.name
+    "x-nitric-${var.stack_id}-type" = "api"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "google_api_gateway_gateway" "gateway" {
+  provider   = google-beta
+  gateway_id = "${var.name}-gateway"
+  api_config = google_api_gateway_api_config.api_config.id
+
+  labels = {
+    "x-nitric-${var.stack_id}-name" = var.name
+    "x-nitric-${var.stack_id}-type" = "api"
+  }
+}
+
+resource "google_service_account" "service_account" {
+  provider   = google-beta
+  account_id = "${var.name}-api"
+}
+
+resource "google_cloud_run_service_iam_member" "member" {
+  for_each = var.target_services
+
+  service = each.value
+  role    = "roles/run.invoker"
+  member  = "serviceAccount:${google_service_account.service_account.email}"
+}

cloud/gcp/deploytf/.nitric/modules/api/outputs.tf

@@ -0,0 +1,3 @@
+output "endpoint" {
+  value = "https://${google_api_gateway_gateway.gateway.default_hostname}"
+}

cloud/gcp/deploytf/.nitric/modules/api/variables.tf

@@ -0,0 +1,19 @@
+variable "name" {
+  description = "The name of the API Gateway"
+  type = string
+}
+
+variable "stack_id" {
+  description = "The ID of the stack"
+  type = string
+}
+
+variable "openapi_spec" {
+  description = "The OpenAPI spec as a JSON string"
+  type = string
+}
+
+variable "target_services" {
+  description = "The map of target service names"
+  type = map(string)
+}