From ca1f1b51542ea34521da8d5bcaf331dec6402b1f Mon Sep 17 00:00:00 2001 From: Anakin Skywalker Pactores Date: Fri, 17 Apr 2026 23:13:00 +0800 Subject: [PATCH 1/4] chore: remove GCP Firestore module and related output from root configuration --- workspaces/root/main.tf | 7 ------- workspaces/root/outputs.tf | 4 ---- 2 files changed, 11 deletions(-) diff --git a/workspaces/root/main.tf b/workspaces/root/main.tf index cd19558..b8298c8 100644 --- a/workspaces/root/main.tf +++ b/workspaces/root/main.tf @@ -56,13 +56,6 @@ module "amplify" { source = "./amplify" } -module "gcp_firestore" { - source = "../../modules/gcp/firestore" - - project_id = var.gcp_project_id - region = var.gcp_region -} - module "vpc" { source = "../../modules/aws/vpc" diff --git a/workspaces/root/outputs.tf b/workspaces/root/outputs.tf index ec8c278..aa4bc21 100644 --- a/workspaces/root/outputs.tf +++ b/workspaces/root/outputs.tf @@ -48,10 +48,6 @@ output "amplify_app_ids" { value = module.amplify.app_ids } -output "gcp_firestore_db_id" { - description = "ID of the Firestore database in root." - value = module.gcp_firestore.firestore_db_id -} output "vpc_id" { description = "ID of the root account VPC." value = module.vpc.vpc_id From d2261b1d001f5af8986eb0ea2798e09e7f8cf70a Mon Sep 17 00:00:00 2001 From: Anakin Skywalker Pactores Date: Fri, 17 Apr 2026 23:13:13 +0800 Subject: [PATCH 2/4] feat: add create_database variable and update Firestore resource configurations --- modules/gcp/firestore/main.tf | 2 ++ modules/gcp/firestore/outputs.tf | 4 ++-- modules/gcp/firestore/variables.tf | 6 ++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/gcp/firestore/main.tf b/modules/gcp/firestore/main.tf index 3f1d5ec..f7eeda3 100644 --- a/modules/gcp/firestore/main.tf +++ b/modules/gcp/firestore/main.tf @@ -5,6 +5,8 @@ resource "google_project_service" "firestore" { } resource "google_firestore_database" "this" { + count = var.create_database ? 1 : 0 + project = var.project_id name = var.database_name location_id = var.region diff --git a/modules/gcp/firestore/outputs.tf b/modules/gcp/firestore/outputs.tf index 99c0df9..401f35a 100644 --- a/modules/gcp/firestore/outputs.tf +++ b/modules/gcp/firestore/outputs.tf @@ -1,9 +1,9 @@ output "firestore_db_id" { description = "The Firestore database resource name." - value = google_firestore_database.this.name + value = try(google_firestore_database.this[0].name, var.database_name) } output "firestore_db_project" { description = "The project that owns the Firestore database." - value = google_firestore_database.this.project + value = try(google_firestore_database.this[0].project, var.project_id) } diff --git a/modules/gcp/firestore/variables.tf b/modules/gcp/firestore/variables.tf index b3af309..08af61d 100644 --- a/modules/gcp/firestore/variables.tf +++ b/modules/gcp/firestore/variables.tf @@ -14,6 +14,12 @@ variable "database_name" { default = "payloadcms-poc-db" } +variable "create_database" { + description = "Whether this module should create/manage the Firestore database. Set to false if the database already exists and is managed outside Terraform." + type = bool + default = true +} + variable "api_service_name" { description = "The Google API service to enable before creating Firestore." type = string From 1be330cd62de9e3b9d44cabe1ee0e8a7fa56b8da Mon Sep 17 00:00:00 2001 From: Anakin Skywalker Pactores Date: Fri, 17 Apr 2026 23:13:40 +0800 Subject: [PATCH 3/4] feat: add dev Firestore module and temporarily remove related configurations for production firebase instance --- workspaces/prod/main.tf | 22 +++++++++++++++++++--- workspaces/prod/outputs.tf | 8 +++++++- workspaces/prod/terraform.tfvars | 10 ++++++---- workspaces/prod/variables.tf | 11 +++++++++++ 4 files changed, 43 insertions(+), 8 deletions(-) diff --git a/workspaces/prod/main.tf b/workspaces/prod/main.tf index 2a9f3a9..15394b8 100644 --- a/workspaces/prod/main.tf +++ b/workspaces/prod/main.tf @@ -68,11 +68,27 @@ module "gcp_budget" { depends_on = [module.gcp_project_apis] } -module "gcp_firestore" { +# production firestore instance (uncomment when needed) +# module "gcp_firestore" { +# source = "../../modules/gcp/firestore" +# +# project_id = var.gcp_project_id +# region = var.gcp_region +# database_name = "prod-payloadcms-db" +# create_database = var.create_database +# delete_protection_state = var.firestore_delete_protection_state +# +# depends_on = [module.gcp_project_apis] +# } + +module "dev_gcp_firestore" { source = "../../modules/gcp/firestore" - project_id = var.gcp_project_id - region = var.gcp_region + project_id = var.gcp_project_id + region = var.gcp_region + database_name = "dev-payloadcms-db" + create_database = var.create_database + delete_protection_state = "DELETE_PROTECTION_DISABLED" depends_on = [module.gcp_project_apis] } diff --git a/workspaces/prod/outputs.tf b/workspaces/prod/outputs.tf index 8206270..fb0b45c 100644 --- a/workspaces/prod/outputs.tf +++ b/workspaces/prod/outputs.tf @@ -23,9 +23,15 @@ output "gcp_budget_name" { value = module.gcp_budget.budget_name } +# Production Firestore instance outputs (uncomment when needed). +#output "gcp_firestore_db_id" { +# description = "ID of the Firestore database in prod." +# value = module.gcp_firestore.firestore_db_id +#} + output "gcp_firestore_db_id" { description = "ID of the Firestore database in prod." - value = module.gcp_firestore.firestore_db_id + value = module.dev_gcp_firestore.firestore_db_id } output "github_oidc_role_arn" { diff --git a/workspaces/prod/terraform.tfvars b/workspaces/prod/terraform.tfvars index c504c11..406f66f 100644 --- a/workspaces/prod/terraform.tfvars +++ b/workspaces/prod/terraform.tfvars @@ -1,10 +1,12 @@ # Non-sensitive prod workspace defaults. # Set prod_account_id and gcp_project_id as TFC workspace variables (sensitive for account ID). -aws_region = "ap-southeast-1" -gcp_project_id = "durianpy-cms" -gcp_region = "asia-southeast1" -gcp_budget_limit_usd = 1 +aws_region = "ap-southeast-1" +gcp_project_id = "durianpy-cms" +gcp_region = "asia-southeast1" +gcp_budget_limit_usd = 1 +create_database = true +firestore_delete_protection_state = "DELETE_PROTECTION_ENABLED" budget_notification_email = "durianpy.davao+devops@gmail.com" budget_limit_usd = 50 diff --git a/workspaces/prod/variables.tf b/workspaces/prod/variables.tf index 8ea678d..4646e30 100644 --- a/workspaces/prod/variables.tf +++ b/workspaces/prod/variables.tf @@ -16,6 +16,17 @@ variable "gcp_region" { default = "asia-southeast1" } +variable "create_database" { + description = "Whether the prod workspace should create/manage the Firestore database." + type = bool + default = true +} + +variable "firestore_delete_protection_state" { + description = "Delete protection state for the prod Firestore database." + type = string +} + variable "gcp_budget_limit_usd" { description = "Monthly GCP spend limit in USD for the prod project." type = number From a48ce3c65670f6c92c54f54c038814b4a6d6a25b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 15:24:14 +0000 Subject: [PATCH 4/4] fix: rename gcp_firestore_db_id output to dev_gcp_firestore_db_id and fix commented prod output name Agent-Logs-Url: https://github.com/DurianPy-Davao-Python-User-Group/durianpy-root-infra/sessions/ef7be7b8-f54e-48bd-bb05-a846bc9910f3 Co-authored-by: ASPactores <91829714+ASPactores@users.noreply.github.com> --- workspaces/prod/outputs.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workspaces/prod/outputs.tf b/workspaces/prod/outputs.tf index fb0b45c..d489ca2 100644 --- a/workspaces/prod/outputs.tf +++ b/workspaces/prod/outputs.tf @@ -23,14 +23,14 @@ output "gcp_budget_name" { value = module.gcp_budget.budget_name } -# Production Firestore instance outputs (uncomment when needed). -#output "gcp_firestore_db_id" { +# Production Firestore instance outputs (uncomment when needed, use a distinct name like gcp_prod_firestore_db_id). +#output "gcp_prod_firestore_db_id" { # description = "ID of the Firestore database in prod." # value = module.gcp_firestore.firestore_db_id #} -output "gcp_firestore_db_id" { - description = "ID of the Firestore database in prod." +output "dev_gcp_firestore_db_id" { + description = "ID of the Firestore database in dev." value = module.dev_gcp_firestore.firestore_db_id }