FAQ | This is a LIVE service | Changelog

Skip to content
Commits on Source (6)
Hide whitespace changes
Inline Side-by-side
CHANGELOG deleted 100644 → 0
View file @ 1329d6d7
# Changelog
## [3.0.1] - 2023-11-02
### Added
* Added support to publish to GitLab Terraform registry when tagged using semver
## [3.0.0] - 2022-04-26
### Changed
- Allow content matching as part of the uptime check config.
- Include an optional uptime check id in display names. This is useful when deploying multiple uptime checks
for the same Cloud Run service and need to avoid name clashes.
- Allow specifying existing Notification Channels.
## [2.0.0] - 2022-05-17
### Changed
- Updated to allow Terraform 1.x and Google provider 4.x
## [1.0.6] - 2021-11-02
### Changed
- Trigger SSL alert when the certificate has 27 or less days remaining before expiry date.
The old value (30 days) triggered some alarms when Google's *.run.app certificate ended up
not being renewed until there was only 29 days left. Google documentation says:
"About one month before expiry, the process to renew your certificate automatically begins"
See https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#renewal
## [1.0.5] - 2021-07-16
### Changed
- Added support to authentication proxy Cloud Function egress settings configuration.
## [1.0.4] - 2021-06-15
### Fixed
- Fixed the alerting trigger percentage to correctly calculate the success
percentage over the given uptime check period.
## [1.0.3] - 2021-06-03
### Changed
- Changed alerting triggers to a percentage to reduce noise from occasional
failed checks from multiple global testing sites.
## [1.0.2] - 2021-05-17
### Fixed
- Fixed authenticated monitoring failing to apply with longer (>6 character)
cloud run service names.
## [1.0.1] - 2021-03-09
### Changed
- Normalise whitespace in filter strings to avoid terraform trying to make
unnecessary changes.
## [1.0.0] - 2021-01-27
### Added
- Initial version
CHANGELOG.md
View file @ a34dca2d
# Changelog
## [4.0.0](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/compare/3.2.0...4.0.0) (2024-07-17)
### ⚠ BREAKING CHANGES
* only use uptime_check_auth_proxy when needed
### Features
* add support for local_files_dir ([0a5a3bc](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/0a5a3bc49de9c7b07af193b0d268e6750c0af65d))
* only use uptime_check_auth_proxy when needed ([1e9305c](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/1e9305cfd55f0e204a223a7789d1cadf0e447b9f))
## [3.2.0](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/compare/3.1.1...3.2.0) (2024-02-14)
......@@ -31,3 +43,57 @@
* define project variables explicitly ([e68c18e](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/e68c18e7baaa2d078435f5dd9ae04542b46c402c))
* replace google_project with google_client_config ([b54ec29](https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring/commit/b54ec29af32d1cf9acd59490aa72bb985aee3f6d))
## [3.0.1] - 2023-11-02
### Added
* Added support to publish to GitLab Terraform registry when tagged using semver
## [3.0.0] - 2022-04-26
### Changed
- Allow content matching as part of the uptime check config.
- Include an optional uptime check id in display names. This is useful when deploying multiple uptime checks
for the same Cloud Run service and need to avoid name clashes.
- Allow specifying existing Notification Channels.
## [2.0.0] - 2022-05-17
### Changed
- Updated to allow Terraform 1.x and Google provider 4.x
## [1.0.6] - 2021-11-02
### Changed
- Trigger SSL alert when the certificate has 27 or less days remaining before expiry date.
The old value (30 days) triggered some alarms when Google's *.run.app certificate ended up
not being renewed until there was only 29 days left. Google documentation says:
"About one month before expiry, the process to renew your certificate automatically begins"
See https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#renewal
## [1.0.5] - 2021-07-16
### Changed
- Added support to authentication proxy Cloud Function egress settings configuration.
## [1.0.4] - 2021-06-15
### Fixed
- Fixed the alerting trigger percentage to correctly calculate the success
percentage over the given uptime check period.
## [1.0.3] - 2021-06-03
### Changed
- Changed alerting triggers to a percentage to reduce noise from occasional
failed checks from multiple global testing sites.
## [1.0.2] - 2021-05-17
### Fixed
- Fixed authenticated monitoring failing to apply with longer (>6 character)
cloud run service names.
## [1.0.1] - 2021-03-09
### Changed
- Normalise whitespace in filter strings to avoid terraform trying to make
unnecessary changes.
## [1.0.0] - 2021-01-27
### Added
- Initial version
README.md
View file @ a34dca2d
......@@ -28,7 +28,8 @@ note below about Cloud Monitoring workspaces.)
```tf
module "monitoring" {
source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v3"
source = "gitlab.developers.cam.ac.uk/uis/gcp-site-monitoring/devops"
version = "~> 4.0"
host = "www.example.com"
alert_notification_channels = ["projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]"]
......@@ -39,7 +40,8 @@ One may further customise the module using various optional variables:
```tf
module "monitoring" {
source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-site-monitoring.git?ref=v3"
source = "gitlab.developers.cam.ac.uk/uis/gcp-site-monitoring/devops"
version = "~> 4.0"
# Required. Hostname of site to be monitored. Note the lack of "https://".
host = "www.example.com"
......
locals.tf
View file @ a34dca2d
......@@ -26,18 +26,24 @@ locals {
# Merge uptime_check variable with default values.
# If auth proxy is enabled, substitute the host and path
# for the host and path of the authentication proxy
uptime_check = merge({
id = ""
alert_enabled = true
host = var.host
path = "/"
timeout = 30
period = 300
success_threshold_percent = 75
}, var.uptime_check, local.authentication_proxy.enabled ? {
host = split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[0]
path = "/${split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[1]}"
} : {})
uptime_check = merge(
{
id = ""
alert_enabled = true
host = var.host
path = "/"
timeout = 30
period = 300
success_threshold_percent = 75
},
var.uptime_check,
merge([
for auth_proxy in module.uptime_check_auth_proxy : {
host = split("/", trimprefix(auth_proxy.function.https_trigger_url, "https://"))[0]
path = "/${split("/", trimprefix(auth_proxy.function.https_trigger_url, "https://"))[1]}"
}
]...),
)
content_matchers = merge({
content = null
......
main.tf
View file @ a34dca2d
......@@ -150,6 +150,8 @@ resource "google_monitoring_alert_policy" "ssl_cert_expiry" {
}
module "uptime_check_auth_proxy" {
count = local.authentication_proxy.enabled ? 1 : 0
source = "gitlab.developers.cam.ac.uk/uis/gcp-function/devops"
version = "~> 2.1"
......@@ -168,11 +170,11 @@ module "uptime_check_auth_proxy" {
allow_unauthenticated_invocations = true
source_bucket_force_destroy = local.authentication_proxy.source_bucket_force_destroy
runtime = "python38"
runtime = "python312"
source_files = {
"requirements.txt" = <<-EOT
google-auth==2.17.3
requests==2.28.2
google-auth==2.32.0
requests==2.32.3
EOT
"main.py" = file("${path.module}/auth-proxy/authenticated_heath_check.py")
}
......@@ -182,12 +184,16 @@ module "uptime_check_auth_proxy" {
environment_variables = {
TARGET_URL = "https://${trimsuffix(var.host, "/")}/${trimprefix(coalesce(var.uptime_check.path, "/"), "/")}"
}
local_files_dir = var.local_files_dir
}
resource "google_cloud_run_service_iam_member" "uptime_check_invoker" {
count = local.authentication_proxy.enabled ? 1 : 0
project = local.authentication_proxy.cloud_run_project
location = local.authentication_proxy.cloud_run_region
service = local.authentication_proxy.cloud_run_service_name
role = "roles/run.invoker"
member = "serviceAccount:${module.uptime_check_auth_proxy.service_account.email}"
member = "serviceAccount:${module.uptime_check_auth_proxy[count.index].service_account.email}"
}
outputs.tf
View file @ a34dca2d
......@@ -20,10 +20,10 @@ output "auth_proxy_function" {
output "auth_proxy_host" {
description = "The authentication proxy host."
value = split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[0]
value = try(split("/", trimprefix(module.uptime_check_auth_proxy[0].function.https_trigger_url, "https://"))[0], "")
}
output "auth_proxy_path" {
description = "The authentication proxy path."
value = "/${split("/", trimprefix(module.uptime_check_auth_proxy.function.https_trigger_url, "https://"))[1]}"
value = try("/${split("/", trimprefix(module.uptime_check_auth_proxy[0].function.https_trigger_url, "https://"))[1]}", "")
}
variables.tf
View file @ a34dca2d
......@@ -51,9 +51,15 @@ variable "alert_notification_channels" {
EOL
}
# Terraform 0.14 has support for object types with optional attributes, although the feature is
# experimental. Once we transition to a version of Terraform where the feature is no longer
# experimental, we should make use of the feature.
variable "local_files_dir" {
description = <<-EOT
A local directory where files may be created which persist between runs but
which are not checked into source control.
This variable is only used to be passed to the gcp-function module call.
EOT
type = string
default = null
}
variable "uptime_check" {
type = map(any)
......