atnartur · September 2, 2022 15:53
diff --git a/yandex_cloud_deploy.tf b/yandex_cloud_deploy.tf
 variable "yc_token" {
  type     = string
  nullable = false
 }

 variable "service_account_id" {
  type     = string
  nullable = false
 }

 variable "yandex_registry" {
  type     = string
  nullable = false
 }

 variable "cloud_id" {
  type     = string
  nullable = false
 }

 variable "folder_id" {
  type     = string
  nullable = false
 }

 variable "access_key" {
  type     = string
  nullable = false
 }

 variable "secret_key" {
  type     = string
  nullable = false
 }

 variable "region" {
  type = string
  default = "ru-central1"
 }

 variable "zone" {
  type     = string
  default = "ru-central1-a"
 }

 variable "project_name" {
  type = string
  default = "code-analysis"
 }

 variable "sentry_dsn" {
  type = string
 }

 variable "image_tag" {
  type = string
  default = "latest"
 }

 variable "container_path_for_trigger" {
  type = string
  default = "/api/serverless_celery_worker/"
 }

 terraform {
  required_providers {
    yandex = {
      source = "yandex-cloud/yandex"
    }
  }
  required_version = ">= 0.13"
 }

 provider "yandex" {
  token = var.yc_token
  cloud_id  = var.cloud_id
  folder_id = var.folder_id
  zone      = var.zone
 }

 resource "yandex_message_queue" "queue" {
  name                        = var.project_name
  visibility_timeout_seconds  = 600
  receive_wait_time_seconds   = 20
  message_retention_seconds   = 1209600
  region_id = var.region
  access_key = var.access_key
  secret_key = var.secret_key
 }

 resource "yandex_ydb_database_serverless" "db" {
  name      = var.project_name
  folder_id = var.folder_id
 }


 resource "yandex_serverless_container" "container" {
  name               = var.project_name
  description        = "code analysis"
  memory             = 128
  execution_timeout  = "15s"
  cores              = 1
  core_fraction      = 5
  service_account_id = var.service_account_id
  concurrency = 1
  image {
    url = "${var.yandex_registry}/${var.project_name}"
    digest = var.image_tag
    environment = {
      CELERY_BROKER_URL = "sqs://${var.access_key}:${var.secret_key}@message-queue.api.cloud.yandex.net"
      SQS_QUEUE = yandex_message_queue.queue.id
      SQS_ACCESS_KEY_ID = yandex_message_queue.queue.access_key
      SQS_SECRET_ACCESS_KEY = yandex_message_queue.queue.secret_key
      SQS_REGION = yandex_message_queue.queue.region_id
      CELERY_DYNAMODB_ENDPOINT_URL = yandex_ydb_database_serverless.db.document_api_endpoint
      SENTRY_DSN = var.sentry_dsn
    }
  }
 }

 resource "null_resource" "setup_trigger" {
  # yandex provider does not support creating triggers with serverless container target
  # CANNOT UPDATE AUTOMATICALLY! NEED REMOVE BLOCK FROM .TFSTATE FILE
  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]
    command = <<EOF
      yc serverless trigger delete --name=code-analysis || echo && \
      yc serverless trigger create message-queue \
      --name=code-analysis \
      --queue ${yandex_message_queue.queue.arn} \
      --queue-service-account-id ${var.service_account_id} \
      --invoke-container-service-account-id ${var.service_account_id} \
      --invoke-container-id ${yandex_serverless_container.container.id} \
      --invoke-container-path ${var.container_path_for_trigger}
    EOF
  }

  depends_on = [
    yandex_message_queue.queue,
    yandex_serverless_container.container
  ]
 }

 resource "yandex_api_gateway" "api-gateway" {
  name = var.project_name
  description = "code analysis"
  spec = <<-EOT
 openapi: "3.0.0"
 info:
  version: 1.0.0
  title: Code analysis
 paths:
  /{url+}:
    x-yc-apigateway-any-method:
      summary: Execute container
      operationId: container
      parameters:
      - explode: false
        in: path
        name: url
        required: false
        style: simple
      x-yc-apigateway-integration:
        type: serverless_containers
        container_id: ${yandex_serverless_container.container.id}
        service_account_id: ${var.service_account_id}
 EOT
 }

 output "domain" {
  value = "${yandex_api_gateway.api-gateway.domain}"
 }
	variable "yc_token" {
	type = string
	nullable = false
	}

	variable "service_account_id" {
	type = string
	nullable = false
	}

	variable "yandex_registry" {
	type = string
	nullable = false
	}

	variable "cloud_id" {
	type = string
	nullable = false
	}

	variable "folder_id" {
	type = string
	nullable = false
	}

	variable "access_key" {
	type = string
	nullable = false
	}

	variable "secret_key" {
	type = string
	nullable = false
	}

	variable "region" {
	type = string
	default = "ru-central1"
	}

	variable "zone" {
	type = string
	default = "ru-central1-a"
	}

	variable "project_name" {
	type = string
	default = "code-analysis"
	}

	variable "sentry_dsn" {
	type = string
	}

	variable "image_tag" {
	type = string
	default = "latest"
	}

	variable "container_path_for_trigger" {
	type = string
	default = "/api/serverless_celery_worker/"
	}

	terraform {
	required_providers {
	yandex = {
	source = "yandex-cloud/yandex"
	}
	}
	required_version = ">= 0.13"
	}

	provider "yandex" {
	token = var.yc_token
	cloud_id = var.cloud_id
	folder_id = var.folder_id
	zone = var.zone
	}

	resource "yandex_message_queue" "queue" {
	name = var.project_name
	visibility_timeout_seconds = 600
	receive_wait_time_seconds = 20
	message_retention_seconds = 1209600
	region_id = var.region
	access_key = var.access_key
	secret_key = var.secret_key
	}

	resource "yandex_ydb_database_serverless" "db" {
	name = var.project_name
	folder_id = var.folder_id
	}


	resource "yandex_serverless_container" "container" {
	name = var.project_name
	description = "code analysis"
	memory = 128
	execution_timeout = "15s"
	cores = 1
	core_fraction = 5
	service_account_id = var.service_account_id
	concurrency = 1
	image {
	url = "${var.yandex_registry}/${var.project_name}"
	digest = var.image_tag
	environment = {
	CELERY_BROKER_URL = "sqs://${var.access_key}:${var.secret_key}@message-queue.api.cloud.yandex.net"
	SQS_QUEUE = yandex_message_queue.queue.id
	SQS_ACCESS_KEY_ID = yandex_message_queue.queue.access_key
	SQS_SECRET_ACCESS_KEY = yandex_message_queue.queue.secret_key
	SQS_REGION = yandex_message_queue.queue.region_id
	CELERY_DYNAMODB_ENDPOINT_URL = yandex_ydb_database_serverless.db.document_api_endpoint
	SENTRY_DSN = var.sentry_dsn
	}
	}
	}

	resource "null_resource" "setup_trigger" {
	# yandex provider does not support creating triggers with serverless container target
	# CANNOT UPDATE AUTOMATICALLY! NEED REMOVE BLOCK FROM .TFSTATE FILE
	provisioner "local-exec" {
	interpreter = ["/bin/bash", "-c"]
	command = <<EOF
	yc serverless trigger delete --name=code-analysis \|\| echo && \
	yc serverless trigger create message-queue \
	--name=code-analysis \
	--queue ${yandex_message_queue.queue.arn} \
	--queue-service-account-id ${var.service_account_id} \
	--invoke-container-service-account-id ${var.service_account_id} \
	--invoke-container-id ${yandex_serverless_container.container.id} \
	--invoke-container-path ${var.container_path_for_trigger}
	EOF
	}

	depends_on = [
	yandex_message_queue.queue,
	yandex_serverless_container.container
	]
	}

	resource "yandex_api_gateway" "api-gateway" {
	name = var.project_name
	description = "code analysis"
	spec = <<-EOT
	openapi: "3.0.0"
	info:
	version: 1.0.0
	title: Code analysis
	paths:
	/{url+}:
	x-yc-apigateway-any-method:
	summary: Execute container
	operationId: container
	parameters:
	- explode: false
	in: path
	name: url
	required: false
	style: simple
	x-yc-apigateway-integration:
	type: serverless_containers
	container_id: ${yandex_serverless_container.container.id}
	service_account_id: ${var.service_account_id}
	EOT
	}

	output "domain" {
	value = "${yandex_api_gateway.api-gateway.domain}"
	}