ksuenaga/sales_tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

20251224

Browse source
This commit is contained in:
kosukesuenaga 2025-12-24 11:36:34 +09:00
parent 1259ba76c9
commit 6454e1b46b
19 changed files with 667 additions and 611 deletions
Download patch file Download diff file Expand all files Collapse all files

32
terraform/prod/initial/main.tf → terraform/prod/IAM/main.tf
View file

@ -30,22 +30,6 @@ resource "google_project_iam_member" "cf_sa_role" {
}
# Cloud Workflows用サービスアカウント
resource "google_service_account" "workflows_sa" {
project = var.project_id
account_id = "mrt-cloudworkflows-sa"
display_name = "Cloud Workflows SA"
}
# SA
resource "google_project_iam_member" "wf_cf_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.workflows_sa.email}"
}
# API Gateway用サービスアカウント
resource "google_service_account" "gateway_sa" {
project = var.project_id
@ -62,17 +46,17 @@ resource "google_project_iam_member" "gateway_role" {
}
# cloud build用サービスアカウント
resource "google_service_account" "cloudbuild_sa" {
# Scheduler実行用サービスアカウント
resource "google_service_account" "cf_scheduler_sa" {
project = var.project_id
account_id = "mrt-cloudbuild-sa"
display_name = "Cloud Build 用サービスアカウント"
account_id = "mrt-scheduler-sa"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "cloudbuild_role" {
for_each = toset(["roles/cloudbuild.builds.builder","roles/storage.objectAdmin", "roles/artifactregistry.writer", "roles/developerconnect.readTokenAccessor", "roles/cloudfunctions.developer","roles/workflows.admin", "roles/iam.serviceAccountUser"])
resource "google_project_iam_member" "scheduler_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cloudbuild_sa.email}"
}
member = "serviceAccount:${google_service_account.cf_scheduler_sa.email}"
}

29
terraform/prod/scheduler/main.tf
View file

@ -10,37 +10,22 @@ variable "region" {
variable "function_name" {
type = string
default = "mrt-create-log-sheet"
default = "generate-minutes"
}
# Scheduler実行用サービスアカウント
resource "google_service_account" "cf_scheduler_sa" {
project = var.project_id
account_id = "mrt-scheduler-sa"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "scheduler_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cf_scheduler_sa.email}"
}
# 10 Function Scheduler
resource "google_cloud_scheduler_job" "monthly_cf_trigger" {
# 3 Function Scheduler
resource "google_cloud_scheduler_job" "daily_cf_trigger" {
project = var.project_id
name = "monthly-cf-trigger"
description = "Invoke Cloud Function on the 1st of each month at 00:00"
name = "daily-cf-trigger"
description = "Invoke Cloud Function everyday at 03:00"
region = var.region
schedule = "0 0 1 * *"
schedule = "0 3 * * *"
time_zone = "Asia/Tokyo"
http_target {
uri = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}"
uri = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}/api/dailyBatch"
http_method = "POST"
oidc_token {
service_account_email = google_service_account.cf_scheduler_sa.email