Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Commit

Permalink
Explicitly depend on database migrations and IAM during deployment (#722
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@sethvargo
sethvargo authored Sep 30, 2020
1 parent 0562426 commit 65cfbf5
Show file tree
Hide file tree
Showing 8 changed files with 83 additions and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/database/database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ func (db *Database) OpenWithCacher(ctx context.Context, cacher cache.Cacher) err
rawDB.Callback().Create().Before("gorm:create").Register("verification_codes:hmac_long_code", callbackHMAC(ctx, db.GenerateVerificationCodeHMAC, "verification_codes", "long_code"))

// Metrics
rawDB.Callback().Create().After("gorm:create").Register("audit_entires:metrics", callbackIncrementMetric(ctx, db.metrics.AuditEntryCreated, "audit_entries"))
rawDB.Callback().Create().After("gorm:create").Register("audit_entries:metrics", callbackIncrementMetric(ctx, db.metrics.AuditEntryCreated, "audit_entries"))

// Cache clearing
if cacher != nil {
Expand Down
10 changes: 10 additions & 0 deletions terraform/service_admin_apiserver.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,18 @@ resource "google_cloud_run_service" "adminapi" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_secret_manager_secret_iam_member.adminapi-db,
google_project_iam_member.adminapi-observability,
google_kms_crypto_key_iam_member.adminapi-database-encrypter,
google_secret_manager_secret_iam_member.adminapi-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.adminapi-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.adminapi-db-verification-code-hmac,
google_secret_manager_secret_iam_member.adminapi-cache-hmac-key,
google_secret_manager_secret_iam_member.adminapi-ratelimit-hmac-key,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
11 changes: 11 additions & 0 deletions terraform/service_apiserver.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,19 @@ resource "google_cloud_run_service" "apiserver" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_secret_manager_secret_iam_member.apiserver-db,
google_kms_key_ring_iam_member.kms-signerverifier,
google_project_iam_member.apiserver-observability,
google_kms_crypto_key_iam_member.apiserver-database-encrypter,
google_secret_manager_secret_iam_member.apiserver-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.apiserver-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.apiserver-db-verification-code-hmac,
google_secret_manager_secret_iam_member.apiserver-cache-hmac-key,
google_secret_manager_secret_iam_member.apiserver-ratelimit-hmac-key,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
10 changes: 10 additions & 0 deletions terraform/service_cleanup.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,18 @@ resource "google_cloud_run_service" "cleanup" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_secret_manager_secret_iam_member.cleanup-db,
google_project_iam_member.cleanup-observability,
google_kms_crypto_key_iam_member.cleanup-database-encrypter,
google_secret_manager_secret_iam_member.cleanup-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.cleanup-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.cleanup-db-verification-code-hmac,
google_secret_manager_secret_iam_member.cleanup-cache-hmac-key,
google_secret_manager_secret_iam_member.cleanup-ratelimit-hmac-key,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
10 changes: 10 additions & 0 deletions terraform/service_e2e_runner.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,18 @@ resource "google_cloud_run_service" "e2e-runner" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_secret_manager_secret_iam_member.e2e-runner-db,
google_project_iam_member.e2e-runner-observability,
google_kms_crypto_key_iam_member.e2e-runner-database-encrypter,
google_secret_manager_secret_iam_member.e2e-runner-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.e2e-runner-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.e2e-runner-db-verification-code-hmac,
google_secret_manager_secret_iam_member.e2e-runner-cache-hmac-key,
google_secret_manager_secret_iam_member.e2e-runner-ratelimit-hmac-key,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
11 changes: 11 additions & 0 deletions terraform/service_modeler.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,8 +140,19 @@ resource "google_cloud_run_service" "modeler" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_service_account_iam_member.cloudbuild-deploy-modeler,
google_secret_manager_secret_iam_member.modeler-db,
google_project_iam_member.modeler-observability,
google_kms_crypto_key_iam_member.modeler-database-encrypter,
google_secret_manager_secret_iam_member.modeler-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.modeler-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.modeler-db-verification-code-hmac,
google_secret_manager_secret_iam_member.modeler-cache-hmac-key,
google_secret_manager_secret_iam_member.modeler-ratelimit-hmac-key,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
14 changes: 14 additions & 0 deletions terraform/service_redirect.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,21 @@ resource "google_cloud_run_service" "enx-redirect" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_secret_manager_secret_iam_member.enx-redirect-db,
google_secret_manager_secret_iam_member.enx-redirect-csrf,
google_secret_manager_secret_iam_member.enx-redirect-cookie-hmac-key,
google_kms_key_ring_iam_member.enx-redirect-verification-key-admin,
google_kms_key_ring_iam_member.enx-redirect-verification-key-signer-verifier,
google_kms_crypto_key_iam_member.enx-redirect-database-encrypter,
google_secret_manager_secret_iam_member.enx-redirect-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.enx-redirect-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.enx-redirect-db-verification-code-hmac,
google_secret_manager_secret_iam_member.enx-redirect-cache-hmac-key,
google_project_iam_member.enx-redirect-observability,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down
16 changes: 16 additions & 0 deletions terraform/service_server.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,8 +183,24 @@ resource "google_cloud_run_service" "server" {

depends_on = [
google_project_service.services["run.googleapis.com"],

google_kms_crypto_key_iam_member.server-database-encrypter,
google_kms_key_ring_iam_member.server-verification-key-admin,
google_kms_key_ring_iam_member.server-verification-key-signer-verifier,
google_project_iam_member.firebase-admin,
google_project_iam_member.server-observability,
google_secret_manager_secret_iam_member.server-cache-hmac-key,
google_secret_manager_secret_iam_member.server-db-apikey-db-hmac,
google_secret_manager_secret_iam_member.server-db-apikey-sig-hmac,
google_secret_manager_secret_iam_member.server-db-verification-code-hmac,
google_secret_manager_secret_iam_member.server-ratelimit-hmac-key,
google_secret_manager_secret_iam_member.server-cookie-encryption-key,
google_secret_manager_secret_iam_member.server-cookie-hmac-key,
google_secret_manager_secret_iam_member.server-csrf,
google_secret_manager_secret_iam_member.server-db,

null_resource.build,
null_resource.migrate,
]

lifecycle {
Expand Down

0 comments on commit 65cfbf5

Please sign in to comment.