refactor: remove API Gateway resources and service account variables from Terraform configuration

Author: max-ostapenko

terraform/dev/main.tf

@@ -11,149 +11,6 @@ provider "google" {
   request_timeout = "60m"
 }
 
-resource "google_api_gateway_api" "api" {
-  provider     = google-beta
-  api_id       = "reports-api-dev"
-  display_name = "Reports API Gateway DEV"
-  project      = var.project
-}
-
-resource "google_api_gateway_api_config" "api_config" {
-  provider             = google-beta
-  api                  = google_api_gateway_api.api.api_id
-  api_config_id_prefix = "reports-api-config-dev"
-  project              = var.project
-  display_name         = "Reports API Config DEV"
-  openapi_documents {
-    document {
-      path = "spec.yaml"
-      contents = base64encode(<<-EOF
-swagger: "2.0"
-info:
-  title: reports_api_config_dev
-  version: 1.0.0
-schemes:
-  - https
-produces:
-  - application/json
-x-google-backend:
-  address: https://us-central1-httparchive.cloudfunctions.net/tech-report-api-dev
-  deadline: 60
-  path_translation: APPEND_PATH_TO_ADDRESS
-  protocol: h2
-paths:
-  /v1/categories:
-    get:
-      summary: categories
-      operationId: getCategories
-      responses:
-        200:
-          description: String
-  /v1/adoption:
-    get:
-      summary: adoption
-      operationId: getAdoptionReports
-      responses:
-        200:
-          description: String
-  /v1/page-weight:
-    get:
-      summary: pageWeight
-      operationId: getPageWeightReports
-      responses:
-        200:
-          description: String
-  /v1/lighthouse:
-    get:
-      summary: lighthouse
-      operationId: getLighthouseReports
-      responses:
-        200:
-          description: String
-  /v1/cwv:
-    get:
-      summary: cwv
-      operationId: getCWVReports
-      responses:
-        200:
-          description: String
-  /v1/ranks:
-    get:
-      summary: ranks
-      operationId: getRanks
-      responses:
-        200:
-          description: String
-  /v1/geos:
-    get:
-      summary: geos
-      operationId: getGeos
-      responses:
-        200:
-          description: String
-  /v1/technologies:
-    get:
-      summary: technologies
-      operationId: getTechnologies
-      responses:
-        200:
-          description: String
-  /v1/audits:
-    get:
-      summary: audits
-      operationId: getAuditReports
-      responses:
-        200:
-          description: String
-  /v1/versions:
-    get:
-      summary: versions
-      operationId: getVersions
-      responses:
-        200:
-          description: String
-  /v1/static/{filePath=**}:
-    get:
-      summary: static
-      operationId: getStaticFile
-      parameters:
-        - name: filePath
-          in: path
-          required: true
-          type: string
-      responses:
-        200:
-          description: File content
-EOF
-      )
-    }
-  }
-  gateway_config {
-    backend_config {
-      google_service_account = var.google_service_account_api_gateway
-    }
-  }
-}
-
-resource "google_api_gateway_gateway" "gateway" {
-  provider     = google-beta
-  project      = var.project
-  region       = var.region
-  api_config   = google_api_gateway_api_config.api_config.id
-  gateway_id   = "reports-dev"
-  display_name = "Reports API Gateway DEV"
-  labels = {
-    owner       = "tech_report_api"
-    environment = var.environment
-  }
-  depends_on = [google_api_gateway_api_config.api_config]
-  lifecycle {
-    replace_triggered_by = [
-      google_api_gateway_api_config.api_config
-    ]
-  }
-}
-
 module "endpoints" {
   source                      = "./../modules/run-service"
   entry_point                 = "app"
@@ -162,8 +19,6 @@ module "endpoints" {
   source_directory            = "../../src"
   function_name               = "tech-report-api"
   region                      = var.region
-  service_account_email       = var.google_service_account_cloud_functions
-  service_account_api_gateway = var.google_service_account_api_gateway
   min_instances               = var.min_instances
   environment_variables = {
     "PROJECT"  = var.project

terraform/dev/variables.tf

@@ -17,16 +17,6 @@ variable "project_database" {
   description = "The database name"
   default     = "tech-report-api-prod" // TODO: Update this to the DEV database name
 }
-variable "google_service_account_cloud_functions" {
-  type        = string
-  description = "Service account for Cloud Functions"
-  default     = "cloud-function@httparchive.iam.gserviceaccount.com"
-}
-variable "google_service_account_api_gateway" {
-  type        = string
-  description = "Service account for API Gateway"
-  default     = "api-gateway@httparchive.iam.gserviceaccount.com"
-}
 variable "min_instances" {
   description = "(Optional) The limit on the minimum number of function instances that may coexist at a given time."
   type        = number

terraform/modules/api-gateway/main.tf

@@ -53,46 +53,12 @@ resource "google_cloudfunctions2_function" "function" {
   ]
 }
 
-resource "google_cloudfunctions2_function_iam_member" "variable_service_account_function_invoker" {
-  project        = google_cloudfunctions2_function.function.project
-  location       = google_cloudfunctions2_function.function.location
-  cloud_function = google_cloudfunctions2_function.function.name
-  role           = "roles/cloudfunctions.invoker"
-  member         = "serviceAccount:${var.service_account_email}"
-  depends_on     = [google_cloudfunctions2_function.function]
-}
-
 data "google_cloud_run_service" "run-service" {
   name       = google_cloudfunctions2_function.function.name
   location   = var.region
   depends_on = [google_cloudfunctions2_function.function]
 }
 
-resource "google_cloud_run_v2_service_iam_member" "variable_service_account_run_invoker" {
-  project  = var.project
-  location = var.region
-  name     = data.google_cloud_run_service.run-service.name
-  role     = "roles/run.invoker"
-  member   = "serviceAccount:${var.service_account_email}"
-}
-
-resource "google_cloudfunctions2_function_iam_member" "api_gw_variable_service_account_function_invoker" {
-  project        = google_cloudfunctions2_function.function.project
-  location       = google_cloudfunctions2_function.function.location
-  cloud_function = google_cloudfunctions2_function.function.name
-  role           = "roles/cloudfunctions.invoker"
-  member         = "serviceAccount:${var.service_account_api_gateway}"
-  depends_on     = [google_cloudfunctions2_function.function]
-}
-
-resource "google_cloud_run_v2_service_iam_member" "api_gw_variable_service_account_run_invoker" {
-  project  = var.project
-  location = var.region
-  name     = data.google_cloud_run_service.run-service.name
-  role     = "roles/run.invoker"
-  member   = "serviceAccount:${var.service_account_api_gateway}"
-}
-
 resource "google_cloud_run_v2_service_iam_member" "allow_unauthenticated" {
   project  = var.project
   location = var.region

terraform/modules/api-gateway/networking.tf

@@ -53,10 +53,7 @@ variable "timeout" {
 variable "service_account_email" {
   type        = string
   description = "Service account who can invoke this function. This is required!"
-}
-variable "service_account_api_gateway" {
-  type        = string
-  description = "API Gateway service account who can invoke this function. This is required!"
+  default = "cloud-function@httparchive.iam.gserviceaccount.com"
 }
 variable "max_instances" {
   default     = 2