feat: ability to pass in google auth info

main.tf

@@ -85,6 +85,8 @@ resource "google_compute_managed_ssl_certificate" "this" {
 module "helm_release" {
   source = "./modules/helm_release"
 
+  google_auth = var.google_auth
+
   redis_host     = module.redis.redis_host
   redis_port     = module.redis.redis_port
   redis_password = module.redis.redis_auth_string

modules/helm_release/main.tf

@@ -1,104 +1,66 @@
-resource "helm_release" "this" {
-  name       = "ctrlplane"
-  chart      = "ctrlplane"
-  repository = "https://charts.ctrlplane.dev/"
-  version    = "0.1.13"
-
-  set {
-    name  = "migrations.image.tag"
-    value = "bf077e5"
-  }
-
-
-  set {
-    name  = "webservice.image.tag"
-    value = "72ce135"
-  }
-
-
-  set {
-    name  = "event-worker.image.tag"
-    value = "72ce135"
-  }
-
-
-  set {
-    name  = "job-policy-checker.image.tag"
-    value = "72ce135"
-  }
-
-  set {
-    name  = "global.postgresql.user"
-    value = var.postgres_user
-  }
-
-  set {
-    name  = "global.postgresql.password"
-    value = var.postgres_password
+locals {
+  image_tags = {
+    "migrations.image.tag"         = "26397ff",
+    "webservice.image.tag"         = "0d18a53",
+    "event-worker.image.tag"       = "0d18a53",
+    "job-policy-checker.image.tag" = "0d18a53",
   }
 
-  set {
-    name  = "global.postgresql.host"
-    value = var.postgres_host
+  postgres_settings = {
+    "global.postgresql.user"     = var.postgres_user,
+    "global.postgresql.password" = var.postgres_password,
+    "global.postgresql.host"     = var.postgres_host,
+    "global.postgresql.port"     = var.postgres_port,
+    "global.postgresql.database" = var.postgres_database,
   }
 
-  set {
-    name  = "global.postgresql.port"
-    value = var.postgres_port
+  auth_providers_settings = {
+    "global.authProviders.google.clientId"     = var.google_auth.client_id,
+    "global.authProviders.google.clientSecret" = var.google_auth.client_secret,
   }
 
-  set {
-    name  = "global.postgresql.database"
-    value = var.postgres_database
+  redis_settings = {
+    "global.redis.host"     = var.redis_host,
+    "global.redis.password" = var.redis_password,
+    "global.redis.port"     = var.redis_port,
   }
 
-  set {
-    name  = "global.redis.host"
-    value = var.redis_host
+  ingress_annotations = {
+    "ingress.annotations.kubernetes\\.io/ingress\\.class"                 = "gce",
+    "ingress.annotations.kubernetes\\.io/ingress\\.global-static-ip-name" = var.global_static_ip_name,
+    "ingress.annotations.ingress\\.gcp\\.kubernetes\\.io/pre-shared-cert" = var.pre_shared_cert,
   }
 
-  set {
-    name  = "global.redis.password"
-    value = var.redis_password
-  }
-
-  set {
-    name  = "global.redis.port"
-    value = var.redis_port
-  }
-
-  set {
-    name  = "ingress.annotations.kubernetes\\.io/ingress\\.class"
-    value = "gce"
-  }
-
-  set {
-    name  = "ingress.annotations.kubernetes\\.io/ingress\\.global-static-ip-name"
-    value = var.global_static_ip_name
-  }
-
-  set {
-    name = "ingress.annotations.ingress\\.gcp\\.kubernetes\\.io/pre-shared-cert"
-    value = var.pre_shared_cert
-  }
-
-  # set {
-  #   name  = "ingress.annotations.kubernetes\\.io/ingress\\.allow-http"
-  #   value = "true " # idk how to make this a string not a booleaning
-  # }
-
-  set {
-    name  = "webservice.annotations.iam\\.gke\\.io/gcp-service-account"
-    value = var.service_account_email
-  }
-
-  set {
-    name  = "job-policy-checker.annotations.iam\\.gke\\.io/gcp-service-account"
-    value = var.service_account_email
+  service_account_annotations = {
+    "webservice.serviceAccount.create"                                  = true,
+    "webservice.annotations.iam\\.gke\\.io/gcp-service-account"         = var.service_account_email,
+    "job-policy-checker.serviceAccount.create"                          = true,
+    "job-policy-checker.annotations.iam\\.gke\\.io/gcp-service-account" = var.service_account_email,
+    "migrations.serviceAccount.create"                                  = true,
+    "migrations.annotations.iam\\.gke\\.io/gcp-service-account"         = var.service_account_email,
+    "event-worker.serviceAccount.create"                                = true,
+    "event-worker.annotations.iam\\.gke\\.io/gcp-service-account"       = var.service_account_email,
   }
+}
 
-  set {
-    name  = "migrations.annotations.iam\\.gke\\.io/gcp-service-account"
-    value = var.service_account_email
+resource "helm_release" "this" {
+  name       = "ctrlplane"
+  chart      = "ctrlplane"
+  repository = "https://charts.ctrlplane.dev/"
+  version    = "0.1.15"
+
+  dynamic "set" {
+    for_each = merge(
+      local.image_tags,
+      local.auth_providers_settings,
+      local.postgres_settings,
+      local.redis_settings,
+      local.ingress_annotations,
+      local.service_account_annotations
+    )
+    content {
+      name  = set.key
+      value = set.value
+    }
   }
 }

modules/helm_release/variables.tf

@@ -49,4 +49,12 @@ variable "global_static_ip_name" {
 
 variable "pre_shared_cert" {
   type = string
+}
+
+variable "google_auth" {
+  type        = object({
+    client_id     = string
+    client_secret = string
+  })
+  description = "The Google OAuth client ID and secret."
 }

modules/service_accounts/main.tf

@@ -33,6 +33,7 @@ resource "google_service_account_iam_binding" "gke" {
   members = [
     "serviceAccount:${local.project_id}.svc.id.goog[${local.gke_namespace}/ctrlplane-webservice]",
     "serviceAccount:${local.project_id}.svc.id.goog[${local.gke_namespace}/ctrlplane-job-policy-checker]",
-    "serviceAccount:${local.project_id}.svc.id.goog[${local.gke_namespace}/ctrlplane-migrations]"
+    "serviceAccount:${local.project_id}.svc.id.goog[${local.gke_namespace}/ctrlplane-migrations]",
+    "serviceAccount:${local.project_id}.svc.id.goog[${local.gke_namespace}/ctrlplane-event-worker]",
   ]
 }

variables.tf

@@ -43,3 +43,11 @@ variable "domains" {
   description = "The domains to use for the SSL certificate."
   type        = list(string)
 }
+
+variable "google_auth" {
+  type        = object({
+    client_id     = string
+    client_secret = string
+  })
+  description = "The Google OAuth client ID and secret."
+}