Skip to content

Instantly share code, notes, and snippets.

@atomkirk

atomkirk/webhooks-receiver.tf

Last active August 5, 2024 19:35
Show Gist options
  • Save atomkirk/5158378f9431d2af23927e267b266b7f to your computer and use it in GitHub Desktop.
Save atomkirk/5158378f9431d2af23927e267b266b7f to your computer and use it in GitHub Desktop.
Download ZIP
Terraform GCP Cloud Function Source
Raw
webhooks-receiver.tf
locals {
function_name = "${var.space}-webhook-receiver"
}
resource "google_pubsub_topic" "webhook_events" {
name = "${var.space}-webhook-events"
message_retention_duration = "432000s"
}
resource "google_pubsub_topic" "webhook_events_deadletter" {
name = "${var.space}-webhook-events_deadletter"
message_retention_duration = "432000s"
}
resource "google_pubsub_topic_iam_binding" "webhook_events_deadletter" {
project = var.gcp_project_id
topic = google_pubsub_topic.webhook_events_deadletter.name
role = "roles/pubsub.publisher"
members = [
"serviceAccount:service-${data.google_project.main.number}@gcp-sa-pubsub.iam.gserviceaccount.com",
]
}
output "webhooks_receiver_topic" {
value = google_pubsub_topic.webhook_events.id
}
data "archive_file" "webhook_receiver_source" {
type = "zip"
output_path = "services/webhook-receiver.zip"
source_dir = "services/webhook-receiver"
}
# @SHARED
resource "google_storage_bucket" "webhook_receiver_source" {
name = "${local.function_name}-source"
location = "US"
uniform_bucket_level_access = true
force_destroy = true
versioning {
enabled = true
}
}
resource "google_storage_bucket_object" "webhook_receiver_source" {
# this will force a redeploy if the function using the new source when it changes
name = format("%s-%s.zip", local.function_name, data.archive_file.webhook_receiver_source.output_md5)
bucket = google_storage_bucket.webhook_receiver_source.name
source = data.archive_file.webhook_receiver_source.output_path
}
# @SHARED
resource "google_service_account" "webhook_receiver" {
account_id = "${var.space}-webhook-receiver"
display_name = "Service Account for Webhook Receiver"
}
# @SHARED
resource "google_project_iam_member" "webhook_receiver_storage" {
project = var.gcp_project_id
role = "roles/storage.objectViewer"
member = "serviceAccount:${google_service_account.webhook_receiver.email}"
}
resource "google_project_iam_member" "webhook_receiver_pubsub" {
project = var.gcp_project_id
role = "roles/pubsub.publisher"
member = "serviceAccount:${google_service_account.webhook_receiver.email}"
}
resource "random_password" "webhooks_receiver_secret" {
length = 32
special = false
}
output "webhooks_receiver_secret" {
value = random_password.webhooks_receiver_secret.result
sensitive = true
}
resource "google_cloudfunctions2_function" "webhook_receiver" {
name = "webhook-receiver"
location = var.location
description = format("%s-%s.zip", local.function_name, data.archive_file.webhook_receiver_source.output_md5)
build_config {
runtime = "nodejs20"
entry_point = "webhookReceiver" # Set the entry point
source {
storage_source {
bucket = google_storage_bucket.webhook_receiver_source.name
object = google_storage_bucket_object.webhook_receiver_source.name
}
}
}
service_config {
max_instance_count = 1
available_memory = "256M"
timeout_seconds = 60
environment_variables = {
TOPIC = google_pubsub_topic.webhook_events.id
SECRET = random_password.webhooks_receiver_secret.result
}
service_account_email = google_service_account.webhook_receiver.email
}
depends_on = [
google_project_service.cloud_functions,
google_project_service.run,
google_project_iam_member.webhook_receiver_storage
]
}
# make the function public
resource "google_cloud_run_service_iam_binding" "default" {
location = google_cloudfunctions2_function.webhook_receiver.location
service = google_cloudfunctions2_function.webhook_receiver.name
role = "roles/run.invoker"
members = [
"allUsers"
]
}
output "webhooks_receiver_url" {
value = google_cloudfunctions2_function.webhook_receiver.service_config[0].uri
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment