fix: local.monitor_hosts issue

A map cannot have a key which depends on a resource which is unknown. To resolve this issue I've refactored the map to have known key names. Closes #38

fix: local.monitor_hosts issue
A map cannot have a key which depends on a resource which is unknown. To resolve this issue I've refactored the map to have known key names. Closes #38
f61598d1 · Ryan Kowalewski · 0ab46d9a · f61598d1 · f61598d1
Commit f61598d1 authored 2 years ago by Ryan Kowalewski
--- a/locals.tf
+++ b/locals.tf
@@ -50,16 +50,18 @@ locals {
  # should be configured.
  monitor_hosts = var.disable_monitoring ? {} : merge(
    {
-      trimsuffix(trimprefix(google_cloud_run_service.webapp.status[0].url, "https://"), "/") = {
-        "enable_auth_proxy"       = !var.allow_unauthenticated_invocations || local.webapp_allowed_ingress != "all",
-        "enable_egress_connector" = local.webapp_allowed_ingress != "all"
+      webapp = {
+        host                    = trimsuffix(trimprefix(google_cloud_run_service.webapp.status[0].url, "https://"), "/"),
+        enable_auth_proxy       = !var.allow_unauthenticated_invocations || local.webapp_allowed_ingress != "all",
+        enable_egress_connector = local.webapp_allowed_ingress != "all"
      },
    },
    local.can_monitor_custom_dns ? {
      for dns_name in local.dns_names :
      (dns_name) => {
-        "enable_auth_proxy"       = local.webapp_allowed_ingress == "internal",
-        "enable_egress_connector" = local.webapp_allowed_ingress == "internal"
+        host                    = dns_name
+        enable_auth_proxy       = local.webapp_allowed_ingress == "internal",
+        enable_egress_connector = local.webapp_allowed_ingress == "internal"
      }
    } : {}
  )

--- a/main.tf
+++ b/main.tf
@@ -20,13 +20,9 @@ resource "google_project_iam_member" "webapp_sql_client" {
 # A Cloud Run service which hosts the webapp

 resource "google_cloud_run_service" "webapp" {
-  name     = var.name
-  location = var.cloud_run_region
-  project  = var.project
-
-  # Google Beta provider is required for mounting secrets AToW
-  provider = google-beta
-
+  name                       = var.name
+  location                   = var.cloud_run_region
+  project                    = var.project
  autogenerate_revision_name = true

  metadata {
@@ -198,11 +194,14 @@ resource "google_cloud_run_service" "webapp" {
  depends_on = [
    google_secret_manager_secret_iam_member.secrets_access,
  ]
+  # Google Beta provider is required for mounting secrets AToW
+  provider = google-beta
 }

 # Allow unauthenticated invocations for the webapp.
 resource "google_cloud_run_service_iam_member" "webapp_all_users_invoker" {
-  count    = var.allow_unauthenticated_invocations ? 1 : 0
+  count = var.allow_unauthenticated_invocations ? 1 : 0
+
  location = google_cloud_run_service.webapp.location
  project  = google_cloud_run_service.webapp.project
  service  = google_cloud_run_service.webapp.name
@@ -219,8 +218,7 @@ resource "google_cloud_run_domain_mapping" "webapp" {
  for_each = toset(var.ingress_style == "domain-mapping" ? local.dns_names : [])

  location = var.cloud_run_region
-
-  name = each.key
+  name     = each.key

  metadata {
    # For managed Cloud Run, the namespace *must* be the project name.
@@ -235,11 +233,9 @@ resource "google_cloud_run_domain_mapping" "webapp" {
 module "uptime_monitoring" {
  for_each = local.monitor_hosts

-  source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v2"
-
-  host    = each.key
-  project = var.project
-
+  source                = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v2"
+  host                  = each.value.host
+  project               = var.project
  alert_email_addresses = var.alerting_email_address != "" ? [var.alerting_email_address] : []

  uptime_check = {