Add GCP Pipeline for 21.08 release (closes #15)

Author: jbeemster

terraform/gcp/pipeline/default/README.md

@@ -0,0 +1,60 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.44.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.1.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_bad_1_topic"></a> [bad\_1\_topic](#module\_bad\_1\_topic) | snowplow-devops/pubsub-topic/google | 0.1.0 |
+| <a name="module_collector_lb"></a> [collector\_lb](#module\_collector\_lb) | snowplow-devops/lb/google | 0.1.0 |
+| <a name="module_collector_pubsub"></a> [collector\_pubsub](#module\_collector\_pubsub) | snowplow-devops/collector-pubsub-ce/google | 0.2.0 |
+| <a name="module_enrich_pubsub"></a> [enrich\_pubsub](#module\_enrich\_pubsub) | snowplow-devops/enrich-pubsub-ce/google | 0.1.0 |
+| <a name="module_enriched_topic"></a> [enriched\_topic](#module\_enriched\_topic) | snowplow-devops/pubsub-topic/google | 0.1.0 |
+| <a name="module_pipeline_db"></a> [pipeline\_db](#module\_pipeline\_db) | snowplow-devops/cloud-sql/google | 0.1.0 |
+| <a name="module_postgres_loader_bad"></a> [postgres\_loader\_bad](#module\_postgres\_loader\_bad) | snowplow-devops/postgres-loader-pubsub-ce/google | 0.2.0 |
+| <a name="module_postgres_loader_enriched"></a> [postgres\_loader\_enriched](#module\_postgres\_loader\_enriched) | snowplow-devops/postgres-loader-pubsub-ce/google | 0.2.0 |
+| <a name="module_raw_topic"></a> [raw\_topic](#module\_raw\_topic) | snowplow-devops/pubsub-topic/google | 0.1.0 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_iglu_server_dns_name"></a> [iglu\_server\_dns\_name](#input\_iglu\_server\_dns\_name) | The DNS name of your Iglu Server | `string` | n/a | yes |
+| <a name="input_iglu_super_api_key"></a> [iglu\_super\_api\_key](#input\_iglu\_super\_api\_key) | A UUIDv4 string to use as the master API key for Iglu Server management | `string` | n/a | yes |
+| <a name="input_network"></a> [network](#input\_network) | The name of the network to deploy within | `string` | n/a | yes |
+| <a name="input_pipeline_db_name"></a> [pipeline\_db\_name](#input\_pipeline\_db\_name) | The name of the database to connect to | `string` | n/a | yes |
+| <a name="input_pipeline_db_password"></a> [pipeline\_db\_password](#input\_pipeline\_db\_password) | The password to use to connect to the database | `string` | n/a | yes |
+| <a name="input_pipeline_db_username"></a> [pipeline\_db\_username](#input\_pipeline\_db\_username) | The username to use to connect to the database | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | Will be prefixed to all resource names. Use to easily identify the resources created | `string` | n/a | yes |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The project ID in which the stack is being deployed | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The name of the region to deploy within | `string` | n/a | yes |
+| <a name="input_ssh_ip_allowlist"></a> [ssh\_ip\_allowlist](#input\_ssh\_ip\_allowlist) | The list of CIDR ranges to allow SSH traffic from | `list(any)` | n/a | yes |
+| <a name="input_subnetwork"></a> [subnetwork](#input\_subnetwork) | The name of the sub-network to deploy within | `string` | n/a | yes |
+| <a name="input_labels"></a> [labels](#input\_labels) | The labels to append to the resources in this module | `map(string)` | `{}` | no |
+| <a name="input_pipeline_db_authorized_networks"></a> [pipeline\_db\_authorized\_networks](#input\_pipeline\_db\_authorized\_networks) | The list of CIDR ranges to allow access to the Pipeline Database over | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
+| <a name="input_pipeline_db_tier"></a> [pipeline\_db\_tier](#input\_pipeline\_db\_tier) | The instance type to assign to the deployed Cloud SQL instance | `string` | `"db-g1-small"` | no |
+| <a name="input_ssh_key_pairs"></a> [ssh\_key\_pairs](#input\_ssh\_key\_pairs) | The list of SSH key-pairs to add to the servers | <pre>list(object({<br>    user_name  = string<br>    public_key = string<br>  }))</pre> | `[]` | no |
+| <a name="input_ssl_information"></a> [ssl\_information](#input\_ssl\_information) | The ID of an Google Managed certificate to bind to the load balancer | <pre>object({<br>    enabled        = bool<br>    certificate_id = string<br>  })</pre> | <pre>{<br>  "certificate_id": "",<br>  "enabled": false<br>}</pre> | no |
+| <a name="input_telemetry_enabled"></a> [telemetry\_enabled](#input\_telemetry\_enabled) | Whether or not to send telemetry information back to Snowplow Analytics Ltd | `bool` | `true` | no |
+| <a name="input_user_provided_id"></a> [user\_provided\_id](#input\_user\_provided\_id) | An optional unique identifier to identify the telemetry events emitted by this stack | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_collector_ip_address"></a> [collector\_ip\_address](#output\_collector\_ip\_address) | The IP address for the Pipeline Collector |
+| <a name="output_db_ip_address"></a> [db\_ip\_address](#output\_db\_ip\_address) | The IP address of the database where your data is being streamed |
+| <a name="output_db_port"></a> [db\_port](#output\_db\_port) | The port of the database where your data is being streamed |

terraform/gcp/pipeline/default/main.tf

@@ -0,0 +1,189 @@
+locals {
+  custom_iglu_resolvers = [
+    {
+      name            = "Iglu Server"
+      priority        = 0
+      uri             = "${var.iglu_server_dns_name}/api"
+      api_key         = var.iglu_super_api_key
+      vendor_prefixes = []
+    }
+  ]
+}
+
+# 1. Deploy PubSub Topics
+module "raw_topic" {
+  source  = "snowplow-devops/pubsub-topic/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-raw-topic"
+
+  labels = var.labels
+}
+
+module "bad_1_topic" {
+  source  = "snowplow-devops/pubsub-topic/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-bad-1-topic"
+
+  labels = var.labels
+}
+
+module "enriched_topic" {
+  source  = "snowplow-devops/pubsub-topic/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-enriched-topic"
+
+  labels = var.labels
+}
+
+# 2. Deploy Collector stack
+module "collector_pubsub" {
+  source  = "snowplow-devops/collector-pubsub-ce/google"
+  version = "0.2.0"
+
+  name = "${var.prefix}-collector-server"
+
+  network    = var.network
+  subnetwork = var.subnetwork
+  region     = var.region
+
+  ssh_ip_allowlist = var.ssh_ip_allowlist
+  ssh_key_pairs    = var.ssh_key_pairs
+
+  topic_project_id = var.project_id
+  good_topic_name  = module.raw_topic.name
+  bad_topic_name   = module.bad_1_topic.name
+
+  telemetry_enabled = var.telemetry_enabled
+  user_provided_id  = var.user_provided_id
+
+  labels = var.labels
+}
+
+module "collector_lb" {
+  source  = "snowplow-devops/lb/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-collector-lb"
+
+  instance_group_named_port_http = module.collector_pubsub.named_port_http
+  instance_group_url             = module.collector_pubsub.instance_group_url
+  health_check_self_link         = module.collector_pubsub.health_check_self_link
+
+  ssl_certificate_enabled = var.ssl_information.enabled
+  ssl_certificate_id      = var.ssl_information.certificate_id
+}
+
+# 3. Deploy Enrichment
+module "enrich_pubsub" {
+  source  = "snowplow-devops/enrich-pubsub-ce/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-enrich-server"
+
+  network    = var.network
+  subnetwork = var.subnetwork
+  region     = var.region
+
+  ssh_ip_allowlist = var.ssh_ip_allowlist
+  ssh_key_pairs    = var.ssh_key_pairs
+
+  raw_topic_name = module.raw_topic.name
+  good_topic_id  = module.enriched_topic.id
+  bad_topic_id   = module.bad_1_topic.id
+
+  # Linking in the custom Iglu Server here
+  custom_iglu_resolvers = local.custom_iglu_resolvers
+
+  telemetry_enabled = var.telemetry_enabled
+  user_provided_id  = var.user_provided_id
+
+  labels = var.labels
+}
+
+# 4. Deploy Postgres Loader
+module "pipeline_db" {
+  source  = "snowplow-devops/cloud-sql/google"
+  version = "0.1.0"
+
+  name = "${var.prefix}-pipeline-db"
+
+  region      = var.region
+  db_name     = var.pipeline_db_name
+  db_username = var.pipeline_db_username
+  db_password = var.pipeline_db_password
+
+  authorized_networks = var.pipeline_db_authorized_networks
+
+  tier = var.pipeline_db_tier
+
+  labels = var.labels
+}
+
+module "postgres_loader_enriched" {
+  source  = "snowplow-devops/postgres-loader-pubsub-ce/google"
+  version = "0.2.0"
+
+  name = "${var.prefix}-pg-loader-enriched-server"
+
+  network    = var.network
+  subnetwork = var.subnetwork
+  region     = var.region
+  project_id = var.project_id
+
+  ssh_ip_allowlist = var.ssh_ip_allowlist
+  ssh_key_pairs    = var.ssh_key_pairs
+
+  in_topic_name = module.enriched_topic.name
+  purpose       = "ENRICHED_EVENTS"
+  schema_name   = "atomic"
+
+  db_instance_name = module.pipeline_db.connection_name
+  db_port          = module.pipeline_db.port
+  db_name          = var.pipeline_db_name
+  db_username      = var.pipeline_db_username
+  db_password      = var.pipeline_db_password
+
+  # Linking in the custom Iglu Server here
+  custom_iglu_resolvers = local.custom_iglu_resolvers
+
+  telemetry_enabled = var.telemetry_enabled
+  user_provided_id  = var.user_provided_id
+
+  labels = var.labels
+}
+
+module "postgres_loader_bad" {
+  source  = "snowplow-devops/postgres-loader-pubsub-ce/google"
+  version = "0.2.0"
+
+  name = "${var.prefix}-pg-loader-bad-server"
+
+  network    = var.network
+  subnetwork = var.subnetwork
+  region     = var.region
+  project_id = var.project_id
+
+  ssh_ip_allowlist = var.ssh_ip_allowlist
+  ssh_key_pairs    = var.ssh_key_pairs
+
+  in_topic_name = module.bad_1_topic.name
+  purpose       = "JSON"
+  schema_name   = "atomic_bad"
+
+  db_instance_name = module.pipeline_db.connection_name
+  db_port          = module.pipeline_db.port
+  db_name          = var.pipeline_db_name
+  db_username      = var.pipeline_db_username
+  db_password      = var.pipeline_db_password
+
+  # Linking in the custom Iglu Server here
+  custom_iglu_resolvers = local.custom_iglu_resolvers
+
+  telemetry_enabled = var.telemetry_enabled
+  user_provided_id  = var.user_provided_id
+
+  labels = var.labels
+}

terraform/gcp/pipeline/default/outputs.tf

@@ -0,0 +1,14 @@
+output "collector_ip_address" {
+  description = "The IP address for the Pipeline Collector"
+  value       = module.collector_lb.ip_address
+}
+
+output "db_ip_address" {
+  description = "The IP address of the database where your data is being streamed"
+  value       = module.pipeline_db.first_ip_address
+}
+
+output "db_port" {
+  description = "The port of the database where your data is being streamed"
+  value       = module.pipeline_db.port
+}

terraform/gcp/pipeline/default/terraform.tfvars

@@ -0,0 +1,81 @@
+# Will be prefixed to all resource names
+# Use this to easily identify the resources created and provide entropy for subsequent environments
+prefix = "sp"
+
+# The project to deploy the infrastructure into
+project_id = "PROJECT_ID_TO_DEPLOY_INTO"
+
+# Where to deploy the infrastructure
+region = "REGION_TO_DEPLOY_INTO"
+
+# --- Default Network
+# Update to the network you would like to deploy into
+#
+# Note: If you opt to use your own network then you will need to define a subnetwork to deploy into as well
+network    = "default"
+subnetwork = ""
+
+# --- SSH
+# Update this to your IP Address
+ssh_ip_allowlist = ["999.999.999.999/32"]
+# Generate a new SSH key locally with `ssh-keygen`
+# ssh-keygen -t rsa -b 4096 
+ssh_key_pairs = [
+  {
+    user_name  = "snowplow"
+    public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQA0jSi9//bRsHW4M6czodTs6smCXsxZ0gijzth0aBmycE= [email protected]"
+  }
+]
+
+# --- Iglu Server Configuration
+# Iglu Server DNS output from the Iglu Server stack
+iglu_server_dns_name = "http://CHANGE-TO-MY-IGLU-IP"
+# Used for API actions on the Iglu Server
+# Change this to the same UUID from when you created the Iglu Server
+iglu_super_api_key = "00000000-0000-0000-0000-000000000000"
+
+# NOTE: Needed for Postgres Loader to work
+# igluctl: https://docs.snowplowanalytics.com/docs/pipeline-components-and-applications/iglu/igluctl
+# Ensure you have seeded Iglu Server: 
+# git clone https://github.com/snowplow/iglu-central
+# cd iglu-central
+# igluctl static push --public schemas/ http://CHANGE-TO-MY-IGLU-URL.elb.amazonaws.com 00000000-0000-0000-0000-000000000000
+
+# --- Snowplow Postgres Loader
+pipeline_db_name     = "snowplow"
+pipeline_db_username = "snowplow"
+# Change and keep this secret!
+pipeline_db_password = "Hell0W0rld!2"
+# IP ranges that you want to query the Pipeline Postgres Cloud SQL instance from directly over the internet.  An alternative access method is to leverage
+# the Cloud SQL Proxy service which creates an IAM authenticated tunnel to the instance
+#
+# Details: https://cloud.google.com/sql/docs/postgres/sql-proxy
+#
+# Note: this exposes your data to the internet - take care to ensure your allowlist is strict enough
+pipeline_db_authorized_networks = [
+  {
+    name  = "foo"
+    value = "999.999.999.999/32"
+  },
+  {
+    name  = "bar"
+    value = "888.888.888.888/32"
+  }
+]
+# Note: the size of the database instance determines the number of concurrent connections - each Postgres Loader instance creates 10 open connections so having
+# a sufficiently powerful database tier is important to not running out of connection slots
+pipeline_db_tier = "db-g1-small"
+
+# See for more information: https://registry.terraform.io/modules/snowplow-devops/collector-pubsub-ce/google/latest#telemetry
+# Telemetry principles: https://docs.snowplowanalytics.com/docs/open-source-quick-start/what-is-the-quick-start-for-open-source/telemetry-principles/
+user_provided_id  = ""
+telemetry_enabled = true
+
+# --- SSL Configuration (optional)
+ssl_information = {
+  certificate_id = ""
+  enabled        = false
+}
+
+# --- Extra Labels to append to created resources (optional)
+labels = {}