FAQ | This is a LIVE service | Changelog

Commit 1e9305cf authored by Dr Abraham Martin's avatar Dr Abraham Martin Committed by Dr Abraham Martin
Browse files

feat!: only use uptime_check_auth_proxy when needed 

This is really a bugfix but creates a breaking change, thus
the need for a new major version release.

When trying to enable this module with authentication_proxy = { enabled = false }
the module module.uptime_check_auth_proxy is executed
despite not being needed.

Add a conditional to this module so that it is only executed
when needed. This will cause deletion of elements in projects
using the 3.x version of this module, thus the introduction of
a new major version.

Also tidy up the various locals, outputs and resources which depend on
module.uptime_check_auth_proxy to understand that the proxy may not be
present depending on configuration.

More details in #13
parent 1c1d6a06

README.md

+4 −2
Original line number Diff line number Diff line
@@ -28,7 +28,8 @@ note below about Cloud Monitoring workspaces.) 


```tf

module "monitoring" {

  source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v3"

  source  = "gitlab.developers.cam.ac.uk/uis/gcp-site-monitoring/devops"

  version = "~> 4.0"



  host                        = "www.example.com"

  alert_notification_channels = ["projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]"]
@@ -39,7 +40,8 @@ One may further customise the module using various optional variables: 


```tf

module "monitoring" {

  source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v3"

  source  = "gitlab.developers.cam.ac.uk/uis/gcp-site-monitoring/devops"

  version = "~> 4.0"



  # Required. Hostname of site to be monitored. Note the lack of "https://".

  host = "www.example.com"

locals.tf

+18 −12
Original line number Diff line number Diff line
@@ -26,7 +26,8 @@ locals { 
  # Merge uptime_check variable with default values.

  # If auth proxy is enabled, substitute the host and path

  # for the host and path of the authentication proxy

  uptime_check = merge({

  uptime_check = merge(

    {

      id                        = ""

      alert_enabled             = true

      host                      = var.host
@@ -34,10 +35,15 @@ locals { 
      timeout                   = 30

      period                    = 300

      success_threshold_percent = 75

    }, var.uptime_check, local.authentication_proxy.enabled ? {

    host = split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[0]

    path = "/${split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[1]}"

  } : {})

    },

    var.uptime_check,

    merge([

      for auth_proxy in module.uptime_check_auth_proxy : {

        host = split("/", trimprefix(auth_proxy.function.https_trigger_url, "https://"))[0]

        path = "/${split("/", trimprefix(auth_proxy.function.https_trigger_url, "https://"))[1]}"

      }

    ]...),

  )



  content_matchers = merge({

    content      = null

main.tf

+8 −4
Original line number Diff line number Diff line
@@ -150,6 +150,8 @@ resource "google_monitoring_alert_policy" "ssl_cert_expiry" { 
}



module "uptime_check_auth_proxy" {

  count = local.authentication_proxy.enabled ? 1 : 0



  source  = "gitlab.developers.cam.ac.uk/uis/gcp-function/devops"

  version = "~> 2.1"
@@ -168,11 +170,11 @@ module "uptime_check_auth_proxy" { 
  allow_unauthenticated_invocations = true

  source_bucket_force_destroy       = local.authentication_proxy.source_bucket_force_destroy



  runtime = "python38"

  runtime = "python312"

  source_files = {

    "requirements.txt" = <<-EOT

        google-auth==2.17.3

        requests==2.28.2

        google-auth==2.32.0

        requests==2.32.3

    EOT

    "main.py"          = file("${path.module}/auth-proxy/authenticated_heath_check.py")

  }
@@ -185,9 +187,11 @@ module "uptime_check_auth_proxy" { 
}



resource "google_cloud_run_service_iam_member" "uptime_check_invoker" {

  count = local.authentication_proxy.enabled ? 1 : 0



  project  = local.authentication_proxy.cloud_run_project

  location = local.authentication_proxy.cloud_run_region

  service  = local.authentication_proxy.cloud_run_service_name

  role     = "roles/run.invoker"

  member   = "serviceAccount:${module.uptime_check_auth_proxy.service_account.email}"

  member   = "serviceAccount:${module.uptime_check_auth_proxy[count.index].service_account.email}"

}

outputs.tf

+2 −2
Original line number Diff line number Diff line
@@ -20,10 +20,10 @@ output "auth_proxy_function" { 


output "auth_proxy_host" {

  description = "The authentication proxy host."

  value       = split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[0]

  value       = try(split("/", trimprefix(module.uptime_check_auth_proxy[0].function.https_trigger_url, "https://"))[0], "")

}



output "auth_proxy_path" {

  description = "The authentication proxy path."

  value       = "/${split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[1]}"

  value       = try("/${split("/", trimprefix(module.uptime_check_auth_proxy[0].function.https_trigger_url, "https://"))[1]}", "")

}