diff --git a/modules/gcp/firestore/main.tf b/modules/gcp/firestore/main.tf index 3f1d5ec..f7eeda3 100644 --- a/modules/gcp/firestore/main.tf +++ b/modules/gcp/firestore/main.tf @@ -5,6 +5,8 @@ resource "google_project_service" "firestore" { } resource "google_firestore_database" "this" { + count = var.create_database ? 1 : 0 + project = var.project_id name = var.database_name location_id = var.region diff --git a/modules/gcp/firestore/outputs.tf b/modules/gcp/firestore/outputs.tf index 99c0df9..401f35a 100644 --- a/modules/gcp/firestore/outputs.tf +++ b/modules/gcp/firestore/outputs.tf @@ -1,9 +1,9 @@ output "firestore_db_id" { description = "The Firestore database resource name." - value = google_firestore_database.this.name + value = try(google_firestore_database.this[0].name, var.database_name) } output "firestore_db_project" { description = "The project that owns the Firestore database." - value = google_firestore_database.this.project + value = try(google_firestore_database.this[0].project, var.project_id) } diff --git a/modules/gcp/firestore/variables.tf b/modules/gcp/firestore/variables.tf index b3af309..08af61d 100644 --- a/modules/gcp/firestore/variables.tf +++ b/modules/gcp/firestore/variables.tf @@ -14,6 +14,12 @@ variable "database_name" { default = "payloadcms-poc-db" } +variable "create_database" { + description = "Whether this module should create/manage the Firestore database. Set to false if the database already exists and is managed outside Terraform." + type = bool + default = true +} + variable "api_service_name" { description = "The Google API service to enable before creating Firestore." type = string diff --git a/workspaces/prod/main.tf b/workspaces/prod/main.tf index 2a9f3a9..15394b8 100644 --- a/workspaces/prod/main.tf +++ b/workspaces/prod/main.tf @@ -68,11 +68,27 @@ module "gcp_budget" { depends_on = [module.gcp_project_apis] } -module "gcp_firestore" { +# production firestore instance (uncomment when needed) +# module "gcp_firestore" { +# source = "../../modules/gcp/firestore" +# +# project_id = var.gcp_project_id +# region = var.gcp_region +# database_name = "prod-payloadcms-db" +# create_database = var.create_database +# delete_protection_state = var.firestore_delete_protection_state +# +# depends_on = [module.gcp_project_apis] +# } + +module "dev_gcp_firestore" { source = "../../modules/gcp/firestore" - project_id = var.gcp_project_id - region = var.gcp_region + project_id = var.gcp_project_id + region = var.gcp_region + database_name = "dev-payloadcms-db" + create_database = var.create_database + delete_protection_state = "DELETE_PROTECTION_DISABLED" depends_on = [module.gcp_project_apis] } diff --git a/workspaces/prod/outputs.tf b/workspaces/prod/outputs.tf index 8206270..d489ca2 100644 --- a/workspaces/prod/outputs.tf +++ b/workspaces/prod/outputs.tf @@ -23,9 +23,15 @@ output "gcp_budget_name" { value = module.gcp_budget.budget_name } -output "gcp_firestore_db_id" { - description = "ID of the Firestore database in prod." - value = module.gcp_firestore.firestore_db_id +# Production Firestore instance outputs (uncomment when needed, use a distinct name like gcp_prod_firestore_db_id). +#output "gcp_prod_firestore_db_id" { +# description = "ID of the Firestore database in prod." +# value = module.gcp_firestore.firestore_db_id +#} + +output "dev_gcp_firestore_db_id" { + description = "ID of the Firestore database in dev." + value = module.dev_gcp_firestore.firestore_db_id } output "github_oidc_role_arn" { diff --git a/workspaces/prod/terraform.tfvars b/workspaces/prod/terraform.tfvars index c504c11..406f66f 100644 --- a/workspaces/prod/terraform.tfvars +++ b/workspaces/prod/terraform.tfvars @@ -1,10 +1,12 @@ # Non-sensitive prod workspace defaults. # Set prod_account_id and gcp_project_id as TFC workspace variables (sensitive for account ID). -aws_region = "ap-southeast-1" -gcp_project_id = "durianpy-cms" -gcp_region = "asia-southeast1" -gcp_budget_limit_usd = 1 +aws_region = "ap-southeast-1" +gcp_project_id = "durianpy-cms" +gcp_region = "asia-southeast1" +gcp_budget_limit_usd = 1 +create_database = true +firestore_delete_protection_state = "DELETE_PROTECTION_ENABLED" budget_notification_email = "durianpy.davao+devops@gmail.com" budget_limit_usd = 50 diff --git a/workspaces/prod/variables.tf b/workspaces/prod/variables.tf index 8ea678d..4646e30 100644 --- a/workspaces/prod/variables.tf +++ b/workspaces/prod/variables.tf @@ -16,6 +16,17 @@ variable "gcp_region" { default = "asia-southeast1" } +variable "create_database" { + description = "Whether the prod workspace should create/manage the Firestore database." + type = bool + default = true +} + +variable "firestore_delete_protection_state" { + description = "Delete protection state for the prod Firestore database." + type = string +} + variable "gcp_budget_limit_usd" { description = "Monthly GCP spend limit in USD for the prod project." type = number diff --git a/workspaces/root/main.tf b/workspaces/root/main.tf index cd19558..b8298c8 100644 --- a/workspaces/root/main.tf +++ b/workspaces/root/main.tf @@ -56,13 +56,6 @@ module "amplify" { source = "./amplify" } -module "gcp_firestore" { - source = "../../modules/gcp/firestore" - - project_id = var.gcp_project_id - region = var.gcp_region -} - module "vpc" { source = "../../modules/aws/vpc" diff --git a/workspaces/root/outputs.tf b/workspaces/root/outputs.tf index ec8c278..aa4bc21 100644 --- a/workspaces/root/outputs.tf +++ b/workspaces/root/outputs.tf @@ -48,10 +48,6 @@ output "amplify_app_ids" { value = module.amplify.app_ids } -output "gcp_firestore_db_id" { - description = "ID of the Firestore database in root." - value = module.gcp_firestore.firestore_db_id -} output "vpc_id" { description = "ID of the root account VPC." value = module.vpc.vpc_id