changed connector id for dev

near · Nov 1, 2023 · 11354c2 · 11354c2
1 parent 137159f
commit 11354c2
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 11 deletions.
diff --git a/infra/modules/leader/main.tf b/infra/modules/leader/main.tf
@@ -10,7 +10,7 @@ resource "google_cloud_run_v2_service" "leader" {
 
     vpc_access {
       connector = var.connector_id
-      egress    = "ALL_TRAFFIC"
+      egress    = "PRIVATE_RANGES_ONLY"
     }
 
     scaling {

diff --git a/infra/modules/signer/main.tf b/infra/modules/signer/main.tf
@@ -9,8 +9,8 @@ resource "google_cloud_run_v2_service" "signer" {
     annotations = var.metadata_annotations == null ? null : var.metadata_annotations
 
     vpc_access {
-      connector = var.connector_id
-      egress    = "ALL_TRAFFIC"
+      connector = var.connector_id == null ? null : var.connector_id
+      egress    = "PRIVATE_RANGES_ONLY"
     }
 
     scaling {

diff --git a/infra/mpc-recovery-dev/main.tf b/infra/mpc-recovery-dev/main.tf
@@ -13,9 +13,9 @@ terraform {
 }
 
 locals {
-  # credentials  = var.credentials != null ? var.credentials : file(var.credentials_file)
-  # client_email = jsondecode(local.credentials).client_email
-  # client_id    = jsondecode(local.credentials).client_id
+  credentials  = var.credentials != null ? var.credentials : file(var.credentials_file)
+  client_email = jsondecode(local.credentials).client_email
+  client_id    = jsondecode(local.credentials).client_id
 
   env = {
     defaults = {
@@ -38,8 +38,8 @@ data "external" "git_checkout" {
 }
 
 provider "google" {
-  # credentials = local.credentials
-  credentials = file("~/.config/gcloud/application_default_credentials.json")
+  credentials = local.credentials
+  # credentials = file("~/.config/gcloud/application_default_credentials.json")
 
   project = var.project
   region  = var.region
@@ -59,8 +59,8 @@ resource "google_service_account_iam_binding" "serivce-account-iam" {
   role               = "roles/iam.serviceAccountUser"
 
   members = [
-    # "serviceAccount:${local.client_email}",
-    "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
+    "serviceAccount:${local.client_email}",
+    # "serviceAccount:mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com"
   ]
 }
 
@@ -142,7 +142,7 @@ module "signer" {
   zone                  = var.zone
   service_account_email = google_service_account.service_account.email
   docker_image          = var.docker_image
-  connector_id          = var.prod-connector
+  connector_id          = var.dev-connector
 
   node_id = count.index
 

diff --git a/infra/partner/main.tf b/infra/partner/main.tf
@@ -75,6 +75,7 @@ module "signer" {
   source = "../modules/signer"
 
   env                   = var.env
+  service_name          = "partner-service-name"
   project               = var.project
   region                = var.region
   zone                  = var.zone
@@ -87,6 +88,9 @@ module "signer" {
   sk_share_secret_id       = var.sk_share_secret_id
   oidc_providers_secret_id = var.oidc_providers_secret_id
 
+  # optional
+  connector_id = "partner-vpc-connector-id"
+
   jwt_signature_pk_url = var.jwt_signature_pk_url
 
   depends_on = [