From 705f81b830ab921f2cdc0f338c8c4d39c9995885 Mon Sep 17 00:00:00 2001
From: Amanda Karina Lopes de Oliveira <amandak@ciandt.com>
Date: Thu, 6 Apr 2023 09:49:25 -0300
Subject: [PATCH] Renames net module to serverless, receives the identity email
 as variable

---
 modules/secure-cloud-run/main.tf                         | 4 +++-
 modules/secure-cloud-run/outputs.tf                      | 2 +-
 .../README.md                                            | 2 +-
 .../firewall.tf                                          | 0
 .../iam.tf                                               | 9 +--------
 .../network.tf                                           | 0
 .../outputs.tf                                           | 5 -----
 .../variables.tf                                         | 5 +++++
 .../versions.tf                                          | 0
 9 files changed, 11 insertions(+), 16 deletions(-)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/README.md (97%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/firewall.tf (100%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/iam.tf (86%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/network.tf (100%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/outputs.tf (87%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/variables.tf (93%)
 rename modules/{secure-cloud-run-net => secure-cloud-serverless-net}/versions.tf (100%)

diff --git a/modules/secure-cloud-run/main.tf b/modules/secure-cloud-run/main.tf
index 03709ebd..ccb9c113 100644
--- a/modules/secure-cloud-run/main.tf
+++ b/modules/secure-cloud-run/main.tf
@@ -44,7 +44,7 @@ module "vpc_project_apis" {
 }
 
 module "cloud_run_network" {
-  source = "../secure-cloud-run-net"
+  source = "../secure-cloud-serverless-net"
 
   connector_name            = var.connector_name
   subnet_name               = var.subnet_name
@@ -57,6 +57,8 @@ module "cloud_run_network" {
   create_subnet             = var.create_subnet
   resource_names_suffix     = var.resource_names_suffix
 
+  serverless_service_identity_email = google_project_service_identity.serverless_sa.email
+
   depends_on = [
     module.vpc_project_apis
   ]
diff --git a/modules/secure-cloud-run/outputs.tf b/modules/secure-cloud-run/outputs.tf
index dfb5f0ae..c3cc8288 100644
--- a/modules/secure-cloud-run/outputs.tf
+++ b/modules/secure-cloud-run/outputs.tf
@@ -75,6 +75,6 @@ output "cloud_services_sa" {
 }
 
 output "run_identity_services_sa" {
-  value       = module.cloud_run_network.run_identity_services_sa
+  value       = google_project_service_identity.serverless_sa.email
   description = "Service Identity to run services."
 }
diff --git a/modules/secure-cloud-run-net/README.md b/modules/secure-cloud-serverless-net/README.md
similarity index 97%
rename from modules/secure-cloud-run-net/README.md
rename to modules/secure-cloud-serverless-net/README.md
index 1b97baf1..568bb679 100644
--- a/modules/secure-cloud-run-net/README.md
+++ b/modules/secure-cloud-serverless-net/README.md
@@ -49,6 +49,7 @@ module "cloud_run_network" {
 | location | The location where resources are going to be deployed. | `string` | n/a | yes |
 | resource\_names\_suffix | A suffix to concat in the end of the resources names. | `string` | `null` | no |
 | serverless\_project\_id | The project where cloud run is going to be deployed. | `string` | n/a | yes |
+| serverless\_service\_identity\_email | The Service Identity email for the serverless resource (Cloud Run or Cloud Function). | `string` | n/a | yes |
 | shared\_vpc\_name | Shared VPC name which is going to be used to create Serverless Connector. | `string` | n/a | yes |
 | subnet\_name | Subnet name to be re-used to create Serverless Connector. | `string` | n/a | yes |
 | vpc\_project\_id | The project where shared vpc is. | `string` | n/a | yes |
@@ -60,7 +61,6 @@ module "cloud_run_network" {
 | cloud\_services\_sa | Google APIs service agent. |
 | connector\_id | VPC serverless connector ID. |
 | gca\_vpcaccess\_sa | Google APIs Service Agent for VPC Access. |
-| run\_identity\_services\_sa | Google APIs Service Agent to Cloud Run Service. |
 | subnet\_name | The name of the sub-network used to create VPC Connector. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/secure-cloud-run-net/firewall.tf b/modules/secure-cloud-serverless-net/firewall.tf
similarity index 100%
rename from modules/secure-cloud-run-net/firewall.tf
rename to modules/secure-cloud-serverless-net/firewall.tf
diff --git a/modules/secure-cloud-run-net/iam.tf b/modules/secure-cloud-serverless-net/iam.tf
similarity index 86%
rename from modules/secure-cloud-run-net/iam.tf
rename to modules/secure-cloud-serverless-net/iam.tf
index 6a81a699..43e787a7 100644
--- a/modules/secure-cloud-run-net/iam.tf
+++ b/modules/secure-cloud-serverless-net/iam.tf
@@ -25,13 +25,6 @@ resource "google_project_service_identity" "vpcaccess_identity_sa" {
   service = "vpcaccess.googleapis.com"
 }
 
-resource "google_project_service_identity" "run_identity_sa" {
-  provider = google-beta
-
-  project = var.serverless_project_id
-  service = "run.googleapis.com"
-}
-
 resource "google_project_iam_member" "gca_sa_vpcaccess" {
   count = var.connector_on_host_project ? 0 : 1
 
@@ -53,5 +46,5 @@ resource "google_project_iam_member" "run_identity_services" {
 
   project = var.vpc_project_id
   role    = "roles/vpcaccess.user"
-  member  = "serviceAccount:${google_project_service_identity.run_identity_sa.email}"
+  member  = "serviceAccount:${var.serverless_service_identity_email}"
 }
diff --git a/modules/secure-cloud-run-net/network.tf b/modules/secure-cloud-serverless-net/network.tf
similarity index 100%
rename from modules/secure-cloud-run-net/network.tf
rename to modules/secure-cloud-serverless-net/network.tf
diff --git a/modules/secure-cloud-run-net/outputs.tf b/modules/secure-cloud-serverless-net/outputs.tf
similarity index 87%
rename from modules/secure-cloud-run-net/outputs.tf
rename to modules/secure-cloud-serverless-net/outputs.tf
index 4e2cdb69..3f39a358 100644
--- a/modules/secure-cloud-run-net/outputs.tf
+++ b/modules/secure-cloud-serverless-net/outputs.tf
@@ -29,11 +29,6 @@ output "cloud_services_sa" {
   description = "Google APIs service agent."
 }
 
-output "run_identity_services_sa" {
-  value       = google_project_service_identity.run_identity_sa.email
-  description = "Google APIs Service Agent to Cloud Run Service."
-}
-
 output "subnet_name" {
   value       = local.subnet_name
   description = "The name of the sub-network used to create VPC Connector."
diff --git a/modules/secure-cloud-run-net/variables.tf b/modules/secure-cloud-serverless-net/variables.tf
similarity index 93%
rename from modules/secure-cloud-run-net/variables.tf
rename to modules/secure-cloud-serverless-net/variables.tf
index e456bdd0..f7c9dd35 100644
--- a/modules/secure-cloud-run-net/variables.tf
+++ b/modules/secure-cloud-serverless-net/variables.tf
@@ -29,6 +29,11 @@ variable "serverless_project_id" {
   type        = string
 }
 
+variable "serverless_service_identity_email" {
+  description = "The Service Identity email for the serverless resource (Cloud Run or Cloud Function)."
+  type        = string
+}
+
 variable "connector_name" {
   description = "The name of the serverless connector which is going to be created."
   type        = string
diff --git a/modules/secure-cloud-run-net/versions.tf b/modules/secure-cloud-serverless-net/versions.tf
similarity index 100%
rename from modules/secure-cloud-run-net/versions.tf
rename to modules/secure-cloud-serverless-net/versions.tf