ksuenaga/sales_tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
kosukesuenaga 2025-11-17 14:21:29 +09:00
commit 922fa0e77a
62 changed files with 2586 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

78
terraform/dev/initial/main.tf Executable file
View file

@ -0,0 +1,78 @@
variable "project_id" {
type = string
default = "datacom-poc"
}
variable "project_number" {
type = string
default = "32472615575"
}
variable "region" {
type = string
default = "asia-northeast1"
}
# Cloud Functionsサービスアカウント
resource "google_service_account" "cf_sa" {
project = var.project_id
account_id = "mrt-cloudfunctions-sa-devtest"
display_name = "Cloud Functions SA"
}
# SAに付与
resource "google_project_iam_member" "cf_sa_role" {
for_each = toset(["roles/storage.objectAdmin","roles/workflows.invoker", "roles/secretmanager.secretAccessor", "roles/aiplatform.user"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cf_sa.email}"
}
# Cloud Workflows用サービスアカウント
resource "google_service_account" "workflows_sa" {
project = var.project_id
account_id = "mrt-cloudworkflows-sa-devtest"
display_name = "Cloud Workflows SA"
}
# SA
resource "google_project_iam_member" "wf_cf_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.workflows_sa.email}"
}
# API Gateway用サービスアカウント
resource "google_service_account" "gateway_sa" {
project = var.project_id
account_id = "mrt-apigateway-sa-devtest"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "gateway_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.gateway_sa.email}"
}
# cloud build用サービスアカウント
resource "google_service_account" "cloudbuild_sa" {
project = var.project_id
account_id = "mrt-cloudbuild-sa-devtest"
display_name = "Cloud Build 用サービスアカウント"
}
# SA
resource "google_project_iam_member" "cloudbuild_role" {
for_each = toset(["roles/cloudbuild.builds.builder","roles/storage.objectAdmin", "roles/artifactregistry.writer", "roles/developerconnect.readTokenAccessor", "roles/cloudfunctions.developer","roles/workflows.admin", "roles/iam.serviceAccountUser"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cloudbuild_sa.email}"
}

51
terraform/dev/scheduler/main.tf Executable file
View file

@ -0,0 +1,51 @@
variable "project_id" {
type = string
default = "datacom-poc"
}
variable "region" {
type = string
default = "asia-northeast1"
}
variable "function_name" {
type = string
default = "mrt-create-log-sheet"
}
# Scheduler実行用サービスアカウント
resource "google_service_account" "cf_scheduler_sa" {
project = var.project_id
account_id = "mrt-scheduler-sa-devtest"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "scheduler_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cf_scheduler_sa.email}"
}
# 10 Function Scheduler
resource "google_cloud_scheduler_job" "monthly_cf_trigger" {
project = var.project_id
name = "monthly-cf-trigger"
description = "Invoke Cloud Function on the 1st of each month at 00:00"
region = var.region
schedule = "0 0 1 * *"
time_zone = "Asia/Tokyo"
http_target {
uri = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}"
http_method = "POST"
oidc_token {
service_account_email = google_service_account.cf_scheduler_sa.email
audience = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}"
}
}
}

78
terraform/prod/initial/main.tf Executable file
View file

@ -0,0 +1,78 @@
variable "project_id" {
type = string
default = "rational-timing-443808-u0"
}
variable "project_number" {
type = string
default = "32472615575"
}
variable "region" {
type = string
default = "asia-northeast1"
}
# Cloud Functionsサービスアカウント
resource "google_service_account" "cf_sa" {
project = var.project_id
account_id = "mrt-cloudfunctions-sa"
display_name = "Cloud Functions SA"
}
# SAに付与
resource "google_project_iam_member" "cf_sa_role" {
for_each = toset(["roles/storage.objectAdmin","roles/workflows.invoker", "roles/secretmanager.secretAccessor", "roles/aiplatform.user"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cf_sa.email}"
}
# Cloud Workflows用サービスアカウント
resource "google_service_account" "workflows_sa" {
project = var.project_id
account_id = "mrt-cloudworkflows-sa"
display_name = "Cloud Workflows SA"
}
# SA
resource "google_project_iam_member" "wf_cf_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.workflows_sa.email}"
}
# API Gateway用サービスアカウント
resource "google_service_account" "gateway_sa" {
project = var.project_id
account_id = "mrt-apigateway-sa"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "gateway_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.gateway_sa.email}"
}
# cloud build用サービスアカウント
resource "google_service_account" "cloudbuild_sa" {
project = var.project_id
account_id = "mrt-cloudbuild-sa"
display_name = "Cloud Build 用サービスアカウント"
}
# SA
resource "google_project_iam_member" "cloudbuild_role" {
for_each = toset(["roles/cloudbuild.builds.builder","roles/storage.objectAdmin", "roles/artifactregistry.writer", "roles/developerconnect.readTokenAccessor", "roles/cloudfunctions.developer","roles/workflows.admin", "roles/iam.serviceAccountUser"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cloudbuild_sa.email}"
}

51
terraform/prod/scheduler/main.tf Executable file
View file

@ -0,0 +1,51 @@
variable "project_id" {
type = string
default = "rational-timing-443808-u0"
}
variable "region" {
type = string
default = "asia-northeast1"
}
variable "function_name" {
type = string
default = "mrt-create-log-sheet"
}
# Scheduler実行用サービスアカウント
resource "google_service_account" "cf_scheduler_sa" {
project = var.project_id
account_id = "mrt-scheduler-sa"
display_name = "Cloud Functions 起動用サービスアカウント"
}
# SA
resource "google_project_iam_member" "scheduler_role" {
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
project = var.project_id
role = each.value
member = "serviceAccount:${google_service_account.cf_scheduler_sa.email}"
}
# 10 Function Scheduler
resource "google_cloud_scheduler_job" "monthly_cf_trigger" {
project = var.project_id
name = "monthly-cf-trigger"
description = "Invoke Cloud Function on the 1st of each month at 00:00"
region = var.region
schedule = "0 0 1 * *"
time_zone = "Asia/Tokyo"
http_target {
uri = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}"
http_method = "POST"
oidc_token {
service_account_email = google_service_account.cf_scheduler_sa.email
audience = "https://${var.region}-${var.project_id}.cloudfunctions.net/${var.function_name}"
}
}
}