diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 87a1431..f4a89d5 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -14,8 +14,7 @@ jobs: submodules: true - name: Generate fake ./terraform/live/secrets.auto.tfvars - run: | - echo "project_id_map = { stage = \"mapswipe-stage\", prod = \"mapswipe-prod\" }" > ./terraform/live/secrets.auto.tfvars + run: cp terraform/live/secrets-sample.auto.tfvars terraform/live/secrets.auto.tfvars # TODO: Cache plugins? - uses: terraform-linters/setup-tflint@v5 diff --git a/terraform/.gitignore b/terraform/.gitignore index 3fae00f..b26b304 100644 --- a/terraform/.gitignore +++ b/terraform/.gitignore @@ -1,3 +1,4 @@ .terragrunt-cache .terraform *.tfvars +!secrets-sample.auto.tfvars diff --git a/terraform/README.md b/terraform/README.md index f6299d4..e9b1835 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1,18 +1,26 @@ ## Project ID **live/secrets.auto.tfvars** -```hcl -project_id_map = { - stage = "project-id-not-number" - prod = "project-id-not-number" -} -``` +> NOTE: Sample is available here (./live/secrets-sample.auto.tfvars)[./live/secrets-sample.auto.tfvars] ## Apply changes ### Stage ```bash +# Google auth +gcloud auth application-default login + +# Enable some api if not already +gcloud services enable storage.googleapis.com --project=YOUR_PROJECT_ID +gcloud services enable cloudresourcemanager.googleapis.com --project=YOUR_PROJECT_ID +gcloud services enable billingbudgets.googleapis.com --project=YOUR_PROJECT_ID +gcloud services enable iam.googleapis.com --project=YOUR_PROJECT_ID + +# List all enabled apis +gcloud services list --enabled --project=YOUR_PROJECT_ID + +# Terragrunt cd live/stage terragrunt plan diff --git a/terraform/live/prod/terragrunt.hcl b/terraform/live/prod/terragrunt.hcl index 9132cb7..5bcc9fa 100644 --- a/terraform/live/prod/terragrunt.hcl +++ b/terraform/live/prod/terragrunt.hcl @@ -7,4 +7,5 @@ terraform { } inputs = { + budget_amount = 50 } diff --git a/terraform/live/secrets-sample.auto.tfvars b/terraform/live/secrets-sample.auto.tfvars new file mode 100644 index 0000000..5c45e4c --- /dev/null +++ b/terraform/live/secrets-sample.auto.tfvars @@ -0,0 +1,8 @@ +project_id_map = { + stage = "project-id-not-number" + prod = "project-id-not-number" +} + +gcs_billing_account_id = "XXXXXX-YYYYYY-ZZZZZZ" + +togglecorp_dev_email_address = "xxxxxxxxxxxx@yyyyyyyyyy.zzz" diff --git a/terraform/live/stage/terragrunt.hcl b/terraform/live/stage/terragrunt.hcl index 9132cb7..f3debd0 100644 --- a/terraform/live/stage/terragrunt.hcl +++ b/terraform/live/stage/terragrunt.hcl @@ -7,4 +7,5 @@ terraform { } inputs = { + budget_amount = 3 } diff --git a/terraform/live/terragrunt.root.hcl b/terraform/live/terragrunt.root.hcl index 9b2db85..8d4e0a1 100644 --- a/terraform/live/terragrunt.root.hcl +++ b/terraform/live/terragrunt.root.hcl @@ -19,7 +19,9 @@ remote_state { } inputs = { - env_name = local.env_name - gcs_project_id = local.secrets_config.project_id_map[local.env_name] - gcs_region = "EU" + env_name = local.env_name + gcs_billing_account_id = local.secrets_config.gcs_billing_account_id + gcs_project_id = local.secrets_config.project_id_map[local.env_name] + gcs_region = "EU" + togglecorp_dev_email_address = local.secrets_config.togglecorp_dev_email_address } diff --git a/terraform/resources/budget.tf b/terraform/resources/budget.tf new file mode 100644 index 0000000..4693bad --- /dev/null +++ b/terraform/resources/budget.tf @@ -0,0 +1,53 @@ +resource "google_monitoring_notification_channel" "toggle_dev" { + display_name = "Toggle dev" + type = "email" + + labels = { + email_address = var.togglecorp_dev_email_address + } +} + + +resource "google_billing_budget" "gcp_budget" { + billing_account = var.gcs_billing_account_id + + display_name = "Monthly Budget [${var.env_name}]" + + budget_filter { + projects = ["projects/${data.google_project.mapswipe.number}"] + } + + amount { + specified_amount { + currency_code = "GBP" # £ + units = var.budget_amount + } + } + + threshold_rules { + spend_basis = "CURRENT_SPEND" + threshold_percent = 0.9 + } + + threshold_rules { + spend_basis = "CURRENT_SPEND" + threshold_percent = 1.2 + } + + threshold_rules { + spend_basis = "CURRENT_SPEND" + threshold_percent = 1.4 + } + + threshold_rules { + spend_basis = "CURRENT_SPEND" + threshold_percent = 1.6 + } + + all_updates_rule { + monitoring_notification_channels = [ + google_monitoring_notification_channel.toggle_dev.id, + ] + disable_default_iam_recipients = true + } +} diff --git a/terraform/resources/main.tf b/terraform/resources/main.tf new file mode 100644 index 0000000..10446d6 --- /dev/null +++ b/terraform/resources/main.tf @@ -0,0 +1,3 @@ +data "google_project" "mapswipe" { + project_id = var.gcs_project_id +} diff --git a/terraform/resources/providers.tf b/terraform/resources/providers.tf index 7ee7ec9..6e63227 100644 --- a/terraform/resources/providers.tf +++ b/terraform/resources/providers.tf @@ -1,4 +1,6 @@ provider "google" { - project = var.gcs_project_id - region = var.gcs_region + project = var.gcs_project_id + region = var.gcs_region + billing_project = var.gcs_project_id + user_project_override = true } diff --git a/terraform/resources/variables.tf b/terraform/resources/variables.tf index effe679..10c680d 100644 --- a/terraform/resources/variables.tf +++ b/terraform/resources/variables.tf @@ -14,3 +14,19 @@ variable "gcs_region" { description = "GCS region" type = string } + +variable "gcs_billing_account_id" { + description = "GCS billing account id" + type = string + sensitive = true +} + +variable "budget_amount" { + description = "Budget amount in GBP (£)" + type = number +} + +variable "togglecorp_dev_email_address" { + description = "Togglecorp dev email address" + type = string +}