Skip to content

Latest commit

 

History

History
132 lines (112 loc) · 13.8 KB

README.md

File metadata and controls

132 lines (112 loc) · 13.8 KB

Specific Cloud Prerequisites

Before deploying your extension app on GCP, complete the following setup steps:

  1. Sign up for a Google Cloud account (if you don’t already have one).

    • You must enable billing to use most Google Cloud services, even if staying within the free tier.

  2. Configure Google Cloud SDK: Install and configure the Google Cloud SDK to interact with your Google account. You can follow the instructions here.

  3. Authenticate with Google Cloud: Log in to your Google account using the Application Default Credentials (ADC):

    gcloud auth login
gcloud auth application-default login
    • The first command logs you into Google Cloud.
    • The second command allows Terraform and other tools to use ADC for authentication.

  4. Configure your Google Cloud project:

    gcloud config set project YOUR_PROJECT_ID

    If you don’t have a project yet, create one:

    gcloud projects create YOUR_PROJECT_ID --name="Your Project Name"

    After setting the project, export it as an environment variable so Terraform can reference it:

    export GOOGLE_CLOUD_PROJECT="your-project-id"

  5. Enable necessary APIs: The following services must be enabled in a project before their service API can be used by the provider:

    • Cloud Resource Manager API
    • Artifact Registry API
    • Cloud Build API
    • Cloud Run Admin API
    gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable artifactregistry.googleapis.com
gcloud services enable cloudbuild.googleapis.com
gcloud services enable run.googleapis.com

In that case google Terraform provider is authenticated to Google using User Application Default Credentials ("ADCs"), but you may use other methods for authenticating to Google.

Now that you’ve set up your Google Cloud environment, continue with the Terraform deployment guide to provision your infrastructure.

Requirements

Name Version
terraform >= 1.0.0, < 2.0.0
docker ~> 3.0
google ~> 6.16
local ~> 2.5
random ~> 3.6
time ~> 0.12

Providers

Name Version
google ~> 6.16
terraform n/a
time ~> 0.12

Modules

Name Source Version
generate_authorization_code ../common/modules/generate n/a
generate_jwt_secret_key ../common/modules/generate n/a
generate_oauth_client_id ../common/modules/generate n/a
generate_oauth_client_secret ../common/modules/generate n/a
image ../common/modules/docker n/a
manifest ../common/modules/template n/a

Resources

Name Type
google_artifact_registry_repository.this resource
google_artifact_registry_repository_iam_binding.readers resource
google_artifact_registry_repository_iam_binding.writers resource
google_cloud_run_service.this resource
google_cloud_run_service_iam_binding.invokers resource
google_service_account.application resource
google_service_account_key.application resource
terraform_data.login_container_registry resource
terraform_data.push_docker_image resource
time_rotating.application_service_account_key resource
google_client_config.this data source

Inputs

Name Description Type Default Required
application_authorization_code The authorization code for the application. If empty, a random code will be generated. string "" no
application_build_base_image_name The name of the base image to use for the application build string "node:lts-alpine" no
application_build_context The relative path to the build context for the application. The build context is the directory from which the Dockerfile is read. If it is empty the current working directory will be used. string "../.." no
application_build_image_tag The tag to apply to the application build image. If empty the timestamp tag will be used. string "" no
application_build_labels The labels to apply to the application build image map(string) 
{
  "org.opencontainers.image.authors": "DocuSign Inc.",
  "org.opencontainers.image.description": "This reference implementation models the use case of taking an agreement PDF sent by the Docusign platform using a file archive extension app and storing it locally.",
  "org.opencontainers.image.licenses": "MIT",
  "org.opencontainers.image.source": "https://github.com/docusign/extension-app-file-archive-reference-implementation-private",
  "org.opencontainers.image.title": "File Archive Extension App Reference Implementation",
  "org.opencontainers.image.vendor": "DocuSign Inc."
}
 no
application_build_paths Paths of files relative to the build context, changes to which lead to a rebuild of the image. Supported pattern matches are the same as for the fileset Terraform function (https://developer.hashicorp.com/terraform/language/functions/fileset). list(string) 
[
  "public/",
  "src/",
  "views/**",
  "package.json",
  "tsconfig.json",
  "Dockerfile",
  ".dockerignore"
]
 no
application_cloud_run_service_name The name of the Cloud Run service. If it is not defined, the prefixed application name will be used string null no
application_environment_mode The environment mode for the application string "production" no
application_jwt_secret_key The secret key to use for signing JWT tokens. If empty, a random key will be generated. string "" no
application_name The name of the application string "extension-app-file-archive" no
application_oauth_client_id The OAuth client ID for the application. If empty, a random client ID will be generated. string "" no
application_oauth_client_secret The OAuth client secret for the application. If empty, a random client secret will be generated. string "" no
application_port The port the application listens on number 3000 no
application_repository_name The name of the Google Artifact Registry repository. If it is not defined, the prefixed application name will be used string null no
application_service_account_key_rotation_days The number of days after which the application service account key should be rotated number 30 no
application_service_account_name The name of the application service account. If it is not defined, the prefixed application name will be used string null no
are_image_tags_mutable The image tag mutability setting for the Google Artifact Registry repository bool false no
container_tool The container tool to use for building and pushing images string "docker" no
credentials The credentials to use to authenticate against Google Cloud Platform. This can be a path to a file which contains service account key file in JSON format, or the credentials themselves. You can alternatively use the GOOGLE_CREDENTIALS environment variable any null no
do_scan_images Whether images are scanned after being pushed to the Google Artifact Registry repository bool true no
docker_host The Docker host (e.g. 'tcp://127.0.0.1:2376' or 'unix:///var/run/docker.sock') to connect to. If empty, the default Docker host will be used string null no
labels A set of key/value label pairs to assign to the resources map(string) {} no
manifest_files_paths The list of manifest files relative paths to generate list(string) 
[
  "../../manifest.json"
]
 no
output_manifest_files_directory The directory to output the generated manifest files string ".terraform" no
project The default project project to manage resources in. If another project is specified on a resource, it will take precedence. This can also be specified using the GOOGLE_PROJECT environment variable string null no
region The default region to manage resources in. If another region is specified on a regional resource, it will take precedence. Alternatively, this can be specified using the GOOGLE_REGION environment variable string "us-central1" no
zone The default zone to manage resources in. Generally, this zone should be within the default region you specified. If another zone is specified on a zonal resource, it will take precedence. Alternatively, this can be specified using the GOOGLE_ZONE environment variable string "us-central1-a" no

Outputs

Name Description
application_service_url The base URL of the application service
output_manifest_files_paths The absolute paths to the output manifest files