Create Terraform module for Google Cloud Run

* Init with license and readme

* Init Cloud Run Terraform module with examples

.gitignore

@@ -27,3 +27,4 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+.terraform.lock.hcl

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+---
+
+repos:
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.77.0
+  hooks:
+  - id: terraform_fmt

CODEOWNERS

@@ -0,0 +1 @@
+* @superblocksteam/engineering

CONTRIBUTING.txt

@@ -0,0 +1,83 @@
+Superblocks Contribution License Agreement
+
+This Contribution License Agreement (the “CLA”) is between the individual set forth in the signature
+block (“You” and “Your”) and DayZero Software, Inc. d/b/a Superblocks, (“Superblocks”), effective as of
+the date of you accept this CLA (as set forth herein) and sets forth the terms pursuant to which You provides
+Contributions to Superblocks. BY MAKING OR SUBMITTING ANY CONTRIBUTION TO
+SUPERBLOCKS, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE BOUND BY THE TERMS OF
+THIS CLA AND THAT SUPERBLOCKS MAY CHOOSE TO USE YOUR CONTRIBUTION UNDER
+THE TERMS SET FORTH HEREIN.
+
+You accept and agree to the following terms and conditions for Your present and future Contributions
+submitted to Superblocks. In return, Superblocks will not use Your Contributions in a way that is contrary to
+Superblocks’s business objectives. Except for the license granted herein to Superblocks and recipients of
+software distributed by Superblocks, You reserve all right, title, and interest in and to Your Contributions.
+
+1. Definitions. “Contribution” means any original work of authorship, including any modifications or
+additions to an existing work, that You intentionally submit to Superblocks for inclusion in, or documentation
+of, any of the products owned or managed by Superblocks (the “Work”). “Submit” means any form of
+electronic, verbal, or written communication sent to Superblocks or its representatives, including but not
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
+that are managed by, or on behalf of, Superblocks for the purpose of discussing and improving the Work, but
+excluding communication that is conspicuously marked or otherwise designated in writing by You as “Not a
+Contribution.”
+
+2. Copyright License. Subject to the terms and conditions of this CLA, You hereby grant to Superblocks
+and to recipients of software distributed by Superblocks a perpetual, worldwide, non-exclusive, no-charge,
+royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display,
+publicly perform, sublicense, and distribute Your Contributions and such derivative works.
+
+3. Patent License. Subject to the terms and conditions of this CLA, You hereby grant to Superblocks and
+to recipients of software distributed by Superblocks a perpetual, worldwide, non-exclusive, no-charge,
+royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell,
+sell, import, and otherwise transfer the Work, where such license applies only to those patent claims
+licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your
+Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent
+litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that
+Your Contribution, or the Work to which You have contributed, constitutes direct or contributory patent
+infringement, then any patent licenses granted to that entity under this CLA for that Contribution or Work will
+terminate as of the date such litigation is filed.
+
+4. Representations and Warranties. You represent and warrant to Superblocks that:
+
+  a. You are legally entitled to grant the above license, and if Your employer(s) has rights to
+  intellectual property that You create that includes Your Contributions, then You represent and warrant that
+  You have received permission to make Contributions on behalf of that employer, that Your employer has
+  waived such rights for Your Contributions to Superblocks, or that Your employer has executed a separate
+  CLA with Superblocks;
+
+  b. Each of Your Contributions is Your original creation (see section 6 for submissions on behalf
+
+  of others); and
+
+  c. Your Contribution submissions include complete details of any third-party license or other
+  restriction (including, but not limited to, related patents and trademarks) of which You are personally aware
+  and which are associated with any part of Your Contributions.
+
+5. Support; Disclaimer. You are not expected to provide support for Your Contributions, except to the
+extent You desire to do so. You may provide support for free, for a fee, or not at all. Unless required by
+applicable law or agreed to in writing, You provide Your Contributions on an “AS IS” BASIS, WITHOUT
+WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation,
+any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR
+A PARTICULAR PURPOSE.
+
+6. Third Party Works. If You wish to submit work that is not Your original creation, then You may
+submit it to Superblocks separately from any Contribution, identifying the complete details of its source and
+of any license or other restriction (including, but not limited to, related patents, trademarks, and license
+agreements) of which You are personally aware, and conspicuously marking the work as “Submitted on
+behalf of a third-party: [named here]”.
+
+7. Inaccuracies. You agree to notify Superblocks of any facts or circumstances of which You become
+aware that would make Your representations in this CLA inaccurate in any respect.
+
+8. General. This CLA is the entire understanding and agreement with respect to the subject matter
+hereof, and supersedes any and all prior or contemporaneous representations, understandings, and agreements,
+between the parties regarding same. If any part of this CLA is found to be unenforceable, the remaining
+portions of this CLA will remain in full force and effect. No modification of or amendment to this CLA, nor
+any waiver of any rights under this CLA, will be effective unless in writing signed by the party to be charged,
+and the waiver of any breach or default will not constitute a waiver of any other right under this CLA or any
+subsequent breach or default. Nothing in this CLA creates and the parties do not intend to create, any
+partnership or joint venture between themselves. Either party may freely assign this CLA. This CLA is
+binding upon and will inure to the benefit of a party’s successors and permitted assigns. This CLA will be
+governed by the laws of the State of California. Exclusive jurisdiction of any and all disputes hereunder will
+be in the state and federal courts in San Mateo County, California.

LICENSE.txt

@@ -0,0 +1,87 @@
+Superblocks Community Software License
+
+This Superblocks Community License Agreement (the “Agreement”) sets forth the terms on which DayZero
+Software, Inc. d/b/a Superblocks (“Superblocks”) makes available certain software made available by Superblocks
+under this Agreement (the “Software”). BY INSTALLING, DOWNLOADING, ACCESSING, USING OR
+DISTRIBUTING ANY OF THE SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS
+AGREEMENT.IF YOU DO NOT AGREE TO SUCH TERMS AND CONDITIONS, YOU MUST NOT USE THE
+SOFTWARE. IF YOU ARE RECEIVING THE SOFTWARE ON BEHALF OF A LEGAL ENTITY, YOU
+REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL AUTHORITY TO AGREE TO THE
+TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF SUCH ENTITY. “Licensee” means you,
+an individual, or the entity on whose behalf you are receiving the Software.
+
+1. LICENSE GRANT AND CONDITIONS.
+
+1.1 License. Subject to the terms and conditions of this Agreement, Superblocks hereby grants to Licensee a
+non-exclusive, royalty-free, worldwide, non-transferable, non-sublicenseable license during the term of this
+Agreement to: (a) use the Software; (b) prepare modifications and derivative works of the Software; (c)
+distribute the Software (including without limitation in source code or object code form); and (d) reproduce
+copies of the Software (the “License”). Licensee is not granted the right to, and Licensee shall not, exercise the
+License for an Excluded Purpose. For purposes of this Agreement, “Excluded Purpose” means making
+available any software-as-a-service, platform-as-a-service, infrastructure-as-a-service or other similar online
+service that competes with Superblocks’ products or services.
+
+1.2 Conditions. In consideration of the License, Licensee’s distribution of the Software is subject to the
+following conditions:
+
+  a. Licensee must cause any Software modified by Licensee to carry prominent notices stating that Licensee
+  modified the Software.
+  b. On each Software copy, Licensee shall reproduce and not remove or alter all Superblocks or third party
+  copyright or other proprietary notices contained in the Software, and Licensee must provide the notice
+  below with each copy.
+
+  “This software is made available by DayZero Software, Inc. d/b/a Superblocks, under the terms of the
+  Superblocks Community License Agreement. © 2022 DayZero Software, Inc.”
+
+1.3 Licensee Modifications. Licensee may add its own copyright notices to modifications made by Licensee
+and may provide additional or different license terms and conditions for use, reproduction, or distribution of
+Licensee’s modifications. While redistributing the Software or modifications thereof, Licensee may choose to
+offer, for a fee or free of charge, support, warranty, indemnity, or other obligations. Licensee, and not
+Superblocks, will be responsible for any such obligations.
+
+1.4 No Sublicensing. The License does not include the right to sublicense the Software, however, each recipient
+to which Licensee provides the Software may exercise the Licenses so long as such recipient agrees to the terms
+and conditions of this Agreement.
+
+2. TERM AND TERMINATION. This Agreement will continue unless and until earlier terminated as set forth
+herein. If Licensee breaches any of its conditions or obligations under this Agreement, this Agreement will
+terminate automatically and the License will terminate automatically and permanently.
+
+3. INTELLECTUAL PROPERTY. As between the parties, Superblocks will retain all right, title, and interest in
+the Software, and all intellectual property rights therein. Superblocks hereby reserves all rights not expressly
+granted to Licensee in this Agreement. Superblocks hereby reserves all rights in its trademarks and service
+marks, and no licenses therein are granted in this Agreement.
+
+4. DISCLAIMER. SUPERBLOCKS HEREBY DISCLAIMS ANY AND ALL WARRANTIES AND
+CONDITIONS, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY
+DISCLAIMS ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE, WITH RESPECT TO THE SOFTWARE.
+
+5. LIMITATION OF LIABILITY. SUPERBLOCKS WILL NOT BE LIABLE FOR ANY DAMAGES OF
+ANY KIND, INCLUDING BUT NOT LIMITED TO, LOST PROFITS OR ANY CONSEQUENTIAL,
+SPECIAL, INCIDENTAL, INDIRECT, OR DIRECT DAMAGES, HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, ARISING OUT OF THIS AGREEMENT. THE FOREGOING SHALL APPLY TO
+THE EXTENT PERMITTED BY APPLICABLE LAW.
+
+6. GENERAL.
+
+6.1  Governing Law. This Agreement will be governed by and interpreted in accordance with the laws of the
+state of California, without reference to its conflict of laws principles. If Licensee is located within the United
+States, all disputes arising out of this Agreement are subject to the exclusive jurisdiction of courts located in San
+Mateo County, California. USA. If Licensee is located outside of the United States, any dispute, controversy or
+claim arising out of or relating to this Agreement will be referred to and finally determined by arbitration in
+accordance with the JAMS International Arbitration Rules. The tribunal will consist of one neutral arbitrator.
+The place of arbitration will be Palo Alto, California. The language to be used in the arbitral proceedings will be
+English. Judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction
+thereof.
+
+6.2.  Assignment. Licensee may not assign its rights under this Agreement to any third party. Superblocks may
+freely assign its rights under this Agreement to any third party.
+
+6.3.  Other.  This Agreement is the entire agreement between the parties regarding the subject matter hereof.
+No amendment or modification of this Agreement will be valid or binding upon the parties unless made in
+writing and signed by the duly authorized representatives of both parties. In the event that any provision,
+including without limitation any condition, of this Agreement is held to be unenforceable, this Agreement and
+all licenses and rights granted hereunder will immediately terminate. Waiver by Superblocks of a breach of any
+provision of this Agreement or the failure by Superblocks to exercise any right hereunder will not be construed
+as a waiver of any subsequent breach of that right or as a waiver of any other right.

README.md

@@ -1 +1,114 @@
-# terraform-google-superblocks
+<p align="center">
+  <img src="./assets/logo.png" height="60"/>
+</p>
+
+<h1 align="center">Superblocks Terraform Module - Google</h1>
+
+<br/>
+
+This document contains configuration and deployment details for deploying the Superblocks agent to Google Cloud.
+
+## Deploy with Terraform
+
+### Install Terraform
+
+To install Terraform on MacOS
+```
+brew tap hashicorp/tap
+brew install hashicorp/tap/terraform
+```
+
+Terraform officially supports `MacOS|Windows|Linux|FreeBSD|OpenBSD|Solaris`
+Check out this https://developer.hashicorp.com/terraform/downloads for more details
+
+### Deploy Superblocks On-Premise-Agent
+
+#### Create your Terraform file
+To get started, you'll need a `superblocks_agent_key`. To generate an agent key, go to the [Superblocks On-Premise Agent Setup Wizard](https://app.superblocks.com/opas)
+```
+module "terraform_google_superblocks" {
+  source  = "superblocksteam/terraform-google-superblocks"
+  version = ">=1.0"
+
+  project_id = "<GOOGLE_CLOUD_PROJECT_ID>"
+  region     = "<GOOGLE_CLOUD_REGION>"
+
+  superblocks_agent_key = "<YOUR_AGENT_KEY>"
+​
+  # Subdomain & domain in you Superblocks agent host url, for example superblocks.example.com
+  sudomain = "<YOUR_SUBDOMAIN>"
+  domain   = "<YOUR_DOMAIN>"
+​
+  # Google Cloud DNS Zone Name
+  zone_name = "<YOUR_DOMAINS_CLOUD_DNS_ZONE_NAME>"
+}
+```
+If you use Google Cloud DNS, find the `zone_name` for your `domain` by running `gcloud dns managed-zones list --filter "dns_name ~ ${domain}`. If you don't use Google Cloud DNS, see the [Custom Domain Mapping](https://cloud.google.com/run/docs/mapping-custom-domains) section for how you can manually configure the DNS for your agent.
+
+#### Deploy
+```
+terraform init
+terraform apply
+```
+
+### Advanced Configuration
+#### Private Networking
+The Terraform module configures your Cloud Run service's ingress to "Allow all traffic." You can update the ingress rules to "Only allow internal traffic" by adding the following to the Terraform module
+​
+```
+internal = true
+```
+
+#### Custom Domain Mapping
+By default, this module will try to configure a **custom domain** for your Cloud Run service, for example `subdomain.example.com`. This configures both the [Cloud Run Domain Mapping](https://cloud.google.com/run/docs/mapping-custom-domains#map) and a CNAME DNS record for your `domain`.
+​
+For this to work successfully, you must verify ownership of your `domain` with Google, and have a Cloud DNS Zone configured for the domain. To verify domain ownership, use the Google CLI command `gcloud domains verify ${domain}`. Find the Cloud DNS Zone Name for your domain by running `gcloud dns managed-zones list --filter "dns_name ~ ${domain}`.
+​
+If you don't use Google Cloud DNS, or want to manually configure the Domain Mapping, just disable DNS creation by adding the following to the Terraform module
+​
+```
+create_dns = false
+```
+
+If you decide to manually set up a custom domain for your Cloud Run service, follow Google's instructions for [Mapping customer domains](https://cloud.google.com/run/docs/mapping-custom-domains#run)
+
+#### Instance Sized
+Configure the CPU & memory limits for your Cloud Run instances by adding the following variables to your Terraform module
+```
+container_requests_cpu    = "512m"
+container_requests_memory = "1024Mi"
+container_limits_cpu      = "1.0"
+container_limits_memory   = "2048Mi"
+
+```
+
+#### Scaling
+Google will automatically scale your Cloud Run instances based on traffic. To configure the minimum and maximum number of instances the agent can scale to, add these variables to your Terraform module
+```
+container_min_capacity    = "1"
+container_max_capacity    = "5"
+```
+
+#### Other Configurable Options
+```
+variable "superblocks_agent_environment" {
+  type        = string
+  default     = "*"
+  description = <<EOF
+    Use this varible to differentiate Superblocks Agent running environment.
+    Valid values are "*", "staging" and "production"
+  EOF
+}
+
+variable "superblocks_agent_image" {
+  type        = string
+  default     = "us-east1-docker.pkg.dev/superblocks-registry/superblocks/agent"
+  description = "The docker image used by Superblocks Agent container instance"
+}
+
+variable "name_prefix" {
+  type        = string
+  default     = "superblocks"
+  description = "This will be prepended to the name of each resource created by this module"
+}
+```

examples/complete/main.tf

@@ -0,0 +1,58 @@
+provider "google" {
+  #credentials = file("<NAME>.json")
+  project = var.project_id
+  region  = var.region
+}
+
+variable "project_id" {
+  type    = string
+  default = "<GOOGLE_CLOUD_PROJECT_ID>"
+}
+
+variable "region" {
+  type    = string
+  default = "us-central1"
+}
+
+variable "superblocks_agent_key" {
+  type      = string
+  default   = "<SUPERBLOCKS_AGENT_KEY>"
+  sensitive = true
+}
+
+module "cloud_run" {
+  source = "../../modules/cloud-run"
+
+  project_id  = var.project_id
+  region      = var.region
+  name_prefix = "superblocks"
+  internal    = false
+
+  container_image = "us-east1-docker.pkg.dev/superblocks-registry/superblocks/agent"
+  container_port  = "8020"
+
+  container_env = {
+    "__SUPERBLOCKS_AGENT_SERVER_URL"           = "https://app.superblocks.com",
+    "__SUPERBLOCKS_WORKER_LOCAL_ENABLED"       = "true",
+    "SUPERBLOCKS_WORKER_TLS_INSECURE"          = "true",
+    "SUPERBLOCKS_AGENT_KEY"                    = var.superblocks_agent_key,
+    "SUPERBLOCKS_CONTROLLER_DISCOVERY_ENABLED" = "false",
+    "SUPERBLOCKS_AGENT_HOST_URL"               = "https://example-complete.koalitytools.com",
+    "SUPERBLOCKS_AGENT_ENVIRONMENT"            = "*",
+    "SUPERBLOCKS_AGENT_PORT"                   = "8020"
+  }
+
+  container_requests_cpu    = "512m"
+  container_requests_memory = "1024Mi"
+  container_limits_cpu      = "1.0"
+  container_limits_memory   = "2048Mi"
+  container_min_capacity    = "1"
+  container_max_capacity    = "5"
+}
+
+# Once Superblocks Agent is deployed to Cloud Run, create the DNS record manually.
+# Go to "Cloud Run -> Manage Custom Domains -> Add Mappings"
+#   follow the instructions to
+#   1. verify your domain
+#   2. create the mapping
+#   3. update DNS record