Merge pull request #38 from remerge/CORE-260-create-deployment-workfl…

…ow-for-static-web-applications CORE-260 add terraform module for creating static website
remerge · May 16, 2024 · 090bb68 · 090bb68
2 parents 6575028 + e733cfa
commit 090bb68
Show file tree

Hide file tree

Showing 3 changed files with 147 additions and 0 deletions.
diff --git a/google/static-website/certificate.tf b/google/static-website/certificate.tf
@@ -0,0 +1,31 @@
+resource "google_certificate_manager_dns_authorization" "default" {
+  name   = local.website_domain_name_dashed
+  domain = var.website_domain_name
+}
+
+resource "google_dns_record_set" "acme" {
+  project      = var.domains_project
+  managed_zone = var.dns_managed_zone_name
+  name         = google_certificate_manager_dns_authorization.default.dns_resource_record[0].name
+  type         = google_certificate_manager_dns_authorization.default.dns_resource_record[0].type
+  ttl          = 300
+  rrdatas      = [google_certificate_manager_dns_authorization.default.dns_resource_record[0].data]
+}
+
+resource "google_certificate_manager_certificate" "default" {
+  name = local.website_domain_name_dashed
+
+  managed {
+    dns_authorizations = [google_certificate_manager_dns_authorization.default.id]
+    domains = [
+      var.website_domain_name
+    ]
+  }
+}
+
+resource "google_certificate_manager_certificate_map_entry" "default" {
+  name         = local.website_domain_name_dashed
+  hostname     = google_certificate_manager_certificate.default.managed[0].domains[0]
+  certificates = [google_certificate_manager_certificate.default.id]
+  map          = var.certificate_map
+}
diff --git a/google/static-website/main.tf b/google/static-website/main.tf
@@ -0,0 +1,50 @@
+locals {
+  website_domain_name_dashed = replace(var.website_domain_name, ".", "-")
+  bucket_name                = var.bucket_name == "" ? "${local.website_domain_name_dashed}-bucket" : "${var.bucket_name}"
+}
+
+resource "google_compute_backend_bucket" "static" {
+  project = var.project
+
+  name        = local.bucket_name
+  bucket_name = module.website.name
+  enable_cdn  = var.enable_cdn
+}
+
+module "website" {
+  source          = "terraform-google-modules/cloud-storage/google"
+  version         = "5.0.0"
+  project_id      = var.project
+  names           = [local.bucket_name]
+  set_admin_roles = true
+  admins          = var.storage_admins
+  website = {
+    main_page_suffix = var.index_page
+    not_found_page   = var.not_found_page
+  }
+}
+
+# Make bucket public by granting allUsers READER access
+resource "google_storage_bucket_iam_member" "default" {
+  bucket = module.website.name
+  role   = "roles/storage.legacyObjectReader"
+  member = "allUsers"
+  # checkov:skip=CKV_GCP_28:Public website
+}
+
+resource "google_dns_record_set" "cname" {
+  depends_on = [module.website]
+
+  project = var.domains_project
+
+  name         = "${var.website_domain_name}."
+  managed_zone = var.dns_managed_zone_name
+  type         = "A"
+  ttl          = var.dns_record_ttl
+  rrdatas      = [var.lb_address]
+}
+
+
+output "google_compute_backend_bucket_id" {
+  value = google_compute_backend_bucket.static.self_link
+}
diff --git a/google/static-website/variables.tf b/google/static-website/variables.tf
@@ -0,0 +1,66 @@
+variable "project" {
+  description = "The project ID to host the site in."
+  type        = string
+}
+
+variable "storage_admins" {
+  description = "List of bucket storage admins"
+  type        = list(string)
+  default     = []
+}
+
+variable "lb_address" {
+  description = "loadbalancer IP address"
+  type        = string
+}
+
+variable "certificate_map" {
+  description = "Certificate map resource"
+  type        = string
+}
+
+variable "domains_project" {
+  description = "Domains GCP project"
+  type        = string
+  default     = "domains-84b3"
+}
+
+variable "website_domain_name" {
+  description = "The name of the website and the Cloud Storage bucket to create (e.g. static.foo.com)."
+  type        = string
+}
+
+variable "dns_managed_zone_name" {
+  description = "The name of the Cloud DNS Managed Zone in which to create the DNS CNAME Record specified in var.website_domain_name. Only used if var.create_dns_entry is true."
+  type        = any
+}
+
+variable "enable_cdn" {
+  description = "Set to `true` to enable cdn on website backend bucket."
+  type        = bool
+  default     = true
+}
+
+variable "index_page" {
+  description = "Bucket's directory index"
+  type        = string
+  default     = "index.html"
+}
+
+variable "not_found_page" {
+  description = "The custom object to return when a requested resource is not found"
+  type        = string
+  default     = "index.html"
+}
+
+variable "dns_record_ttl" {
+  description = "The time-to-live for the site CNAME record set (seconds)"
+  type        = number
+  default     = 300
+}
+
+variable "bucket_name" {
+  description = "Website bucket name"
+  type        = string
+  default     = ""
+}