Skip to content

Commit a766064

Browse files
William ChrispJoshArmi
William Chrisp
authored and
JoshArmi
committed
Fix several GCP Infra issues
1 parent 9140677 commit a766064

18 files changed

+595
-679
lines changed

.github/workflows/aws_cicd.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
with:
4040
node-version: 18
4141
- name: Install cdktf
42-
run: npm install --global cdktf-cli@0.15.5
42+
run: npm install --global cdktf-cli@latest
4343

4444
- name: Install pip packages
4545
run: make install-dependencies

.github/workflows/gcp_cicd.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ jobs:
4040
with:
4141
node-version: 18
4242
- name: Install cdktf
43-
run: npm install --global cdktf-cli@0.15.5
43+
run: npm install --global cdktf-cli@latest
4444

4545
- name: Install pip packages
4646
run: make install-dependencies
@@ -53,6 +53,7 @@ jobs:
5353
with:
5454
directory: infrastructure/gcp/cdktf.out/stacks/
5555
framework: terraform_plan
56+
# skip_check: CKV_GCP_102
5657

5758
- name: Deploy base infrastructure
5859
run: make gcp-deploy-base INFRA_ARGS=--auto-approve

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ gcp-build-image:
116116
@echo "\n\n---GCP-BUILD-IMAGE---\n"
117117
gcloud auth configure-docker australia-southeast1-docker.pkg.dev
118118
pipenv requirements | tee requirements.txt
119-
docker buildx build --platform=linux/amd64 --push . -t australia-southeast1-docker.pkg.dev/contino-squad0-fc/flight-contoller-event-receiver/event_receiver:latest
119+
docker buildx build --platform=linux/amd64 --push . -t australia-southeast1-docker.pkg.dev/contino-squad0-fc/flight-controller-event-receiver/event_receiver:latest
120120

121121
gcp-synth: gcp-build-dependencies
122122
@echo "\n\n---GCP-SYNTH---\n"

Pipfile

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,7 @@ behave = "*"
2424
constructs = "*"
2525
cdktf = "*"
2626
cdktf-cdktf-provider-aws = "*"
27-
cdktf-cdktf-provider-archive = "*"
2827
cdktf-cdktf-provider-google = "*"
29-
cdktf-cdktf-provider-external = "*"
3028
pytest-watch = "*"
3129
dirhash = "*"
3230

Pipfile.lock

Lines changed: 255 additions & 263 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

images/.DS_Store

0 Bytes
Binary file not shown.

images/gcp_flight_controller.png

86.8 KB
Loading

infrastructure/gcp/artifact_registry_component.py

Lines changed: 27 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,76 +1,70 @@
1-
from constructs import Construct
21
from cdktf_cdktf_provider_google import (
3-
artifact_registry_repository,
4-
artifact_registry_repository_iam_binding,
5-
service_account,
6-
kms_key_ring,
7-
kms_crypto_key,
8-
kms_crypto_key_iam_binding
9-
)
2+
artifact_registry_repository, artifact_registry_repository_iam_binding,
3+
kms_crypto_key, kms_crypto_key_iam_binding, kms_key_ring, service_account)
4+
from constructs import Construct
105

116

127
class ArtifactRegistryComponent(Construct):
138
def __init__(
14-
self,
15-
scope: Construct,
16-
id: str,
17-
project_id: str,
18-
project_number: str,
19-
location: str,
20-
name: str,
21-
cloudrun_account: service_account.ServiceAccount,
22-
flight_controller_key_ring: kms_key_ring.KmsKeyRing):
9+
self,
10+
scope: Construct,
11+
id: str,
12+
project_id: str,
13+
project_number: str,
14+
name_prefix: str,
15+
location: str,
16+
cloudrun_account: service_account.ServiceAccount,
17+
flight_controller_key_ring: kms_key_ring.KmsKeyRing,
18+
):
2319
super().__init__(scope, id)
2420

2521
registry_key = kms_crypto_key.KmsCryptoKey(
2622
self,
2723
"registry_key",
28-
name="flight_controller_registry_key",
24+
name="registry_key",
2925
key_ring=flight_controller_key_ring.id,
3026
rotation_period="7776000s",
27+
lifecycle= {
28+
"prevent_destroy": True
29+
}
3130
)
3231

3332
registry_key_iam = kms_crypto_key_iam_binding.KmsCryptoKeyIamBinding(
3433
self,
3534
"registry_key_iam_binding",
3635
crypto_key_id=registry_key.id,
3736
role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
38-
39-
members= [
37+
members=[
4038
f"serviceAccount:service-{project_number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
41-
]
39+
],
4240
)
4341

4442
self.registry = artifact_registry_repository.ArtifactRegistryRepository(
4543
self,
4644
"registry",
47-
repository_id=name,
45+
repository_id=f"{name_prefix}-event-receiver",
4846
description="Registry to store event_receiver docker images",
4947
format="DOCKER",
5048
project=project_id,
5149
location=location,
5250
kms_key_name=registry_key.id,
53-
depends_on = [
54-
registry_key
55-
]
51+
depends_on=[registry_key, registry_key_iam],
5652
)
5753

58-
self.adminbinding = artifact_registry_repository_iam_binding.ArtifactRegistryRepositoryIamBinding(
54+
self.admin_binding = artifact_registry_repository_iam_binding.ArtifactRegistryRepositoryIamBinding(
5955
self,
6056
"admin",
6157
repository=self.registry.id,
6258
role="roles/artifactregistry.repoAdmin",
6359
members=[
64-
"domain:contino.io",
65-
]
60+
"domain:contino.io",
61+
],
6662
)
6763

68-
self.readerbinding = artifact_registry_repository_iam_binding.ArtifactRegistryRepositoryIamBinding(
64+
self.reader_binding = artifact_registry_repository_iam_binding.ArtifactRegistryRepositoryIamBinding(
6965
self,
7066
"reader",
7167
repository=self.registry.id,
7268
role="roles/artifactregistry.reader",
73-
members=[
74-
f"serviceAccount:{cloudrun_account.email}"
75-
]
76-
)
69+
members=[f"serviceAccount:{cloudrun_account.email}"],
70+
)

0 commit comments

Comments
 (0)