/terraform-google-gcloud

A module for executing gcloud commands within Terraform.

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-google-gcloud

This module allows you to use gcloud, gsutil, any gcloud component, and jq in Terraform. Sometimes, there isn't Terraform GCP support for a particular feature, or you'd like to do something each time Terraform runs (ie: upload a file to a Kubernetes pod) that lacks Terraform support.

This module does not create any resources on GCP itself, rather exposes the GCP SDK to you for usage in null resources & external data resources.

Usage

Basic usage of this module is as follows:

module "gcloud" {
  source  = "terraform-google-modules/gcloud/google"
  version = "~> 2.0"

  platform = "linux"
  additional_components = ["kubectl", "beta"]

  create_cmd_entrypoint  = "gcloud"
  create_cmd_body        = "version"
  destroy_cmd_entrypoint = "gcloud"
  destroy_cmd_body       = "version"
}

Functional examples are included in the examples directory.

The jq binary is also included in this module so you can use it as well for either of your create_cmd_entrypoint or destroy_cmd_entrypoint values.

Downloading

By default, this module assumes you already have gcloud installed in your $PATH.

If you need to run Terraform in environments without a gcloud binary available, you can override this behavior by setting the skip_download variable to false.

You can also override the behavior by setting the GCLOUD_TF_DOWNLOAD environment variable. This environment variable will override all other settings. Setting it to never will never gcloud download and setting it to always will always download gcloud.

Inputs

Name Description Type Default Required
additional_components Additional gcloud CLI components to install. Defaults to none. Valid value are components listed in gcloud components list list [] no
create_cmd_body On create, the command body you'd like to run with your entrypoint. string "info" no
create_cmd_entrypoint On create, the command entrypoint you'd like to use. Can also be set to a custom script. Module's bin directory will be prepended to path. string "gcloud" no
create_cmd_triggers List of any additional triggers to re-run the create command execution when either of values in the maps change. Some keys are reserved and will be overwritten if specified in this option. (eg. md5, arguments, download_gcloud_command, download_jq_command, etc. See details in the source.) map(any) {} no
destroy_cmd_body On destroy, the command body you'd like to run with your entrypoint. string "info" no
destroy_cmd_entrypoint On destroy, the command entrypoint you'd like to use. Can also be set to a custom script. Module's bin directory will be prepended to path. string "gcloud" no
enabled Flag to optionally disable usage of this module. bool true no
gcloud_download_url Custom gcloud download url. Optional. string "" no
gcloud_sdk_version The gcloud sdk version to download. string "281.0.0" no
jq_download_url Custom jq download url. Optional. string "" no
jq_version The jq version to download. string "1.6" no
module_depends_on List of modules or resources this module depends on. list(any) [] no
platform Platform CLI will run on. Defaults to linux. Valid values: linux, darwin string "linux" no
service_account_key_file Path to service account key file to run gcloud auth activate-service-account with. Optional. string "" no
skip_download Whether to skip downloading gcloud (assumes gcloud is already available outside the module) bool true no
upgrade Whether to upgrade gcloud at runtime bool true no
use_tf_google_credentials_env_var Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. Optional. bool false no

Outputs

Name Description
bin_dir The full bin path of the modules executables
create_cmd_bin The full bin path & command used on create
destroy_cmd_bin The full bin path & command used on destroy
downloaded Whether gcloud was downloaded or not
wait An output to use when you want to depend on cmd finishing

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Service Account

A service account must be created, along with a key, to use this module. The service account must have the proper IAM roles for whatever commands you're running with this module.

APIs

A project is not required to host resources of this module, since this module does not create any resources.

However you will likely need a project for your service account and any resources you'd like to interact with while using this module.

Contributing

Refer to the contribution guidelines for information on contributing to this module.