graphql-engine/server/test-manual/alloydb/bastion.tf

# The bastion instance, which runs the AlloyDB auth proxy.

# This grabs the name of the latest Debian image.
data "google_compute_image" "bastion_image" {
  family  = "debian-11"
  project = "debian-cloud"
}

resource "google_compute_instance" "bastion" {
  name         = "${var.name}-testing-alloydb-bastion"
  machine_type = "e2-small"
  zone         = "us-central1-a"
  tags = [
    # "ssh", # uncomment and re-apply to SSH in
    "postgres",
  ]

  network_interface {
    network = google_compute_network.default.id

    # Runs on an ephemeral public IP address.
    access_config {}
  }

  boot_disk {
    initialize_params {
      image = data.google_compute_image.bastion_image.self_link
    }
  }

  # This service account has client access to AlloyDB.
  service_account {
    email  = google_service_account.service_account.email
    scopes = ["cloud-platform"]
  }

  # On startup, download the AlloyDB auth proxy and run it.
  # Logs are written to /alloydb-auth-proxy.log. You can SSH in and view them if necessary.
  metadata_startup_script = <<-EOT
    #!/usr/bin/env bash

    set -e
    set -u
    set -o pipefail

    curl -fsSL https://storage.googleapis.com/alloydb-auth-proxy/v0.6.1/alloydb-auth-proxy.linux.amd64 -o alloydb-auth-proxy
    chmod +x alloydb-auth-proxy

    nohup ./alloydb-auth-proxy \
      '${google_alloydb_instance.primary.id}' \
      --address "0.0.0.0" \
      >& alloydb-auth-proxy.log &
  EOT
}
Document and automate spinning up AlloyDB for testing. We sometimes need to test against cloud databases. Here, we add a Terraform module to start a new AlloyDB cluster and instance, which we can then use for testing purposes. PR-URL: https://github.com/hasura/graphql-engine-mono/pull/7002 GitOrigin-RevId: 2d661b5cc6d60e47485ea68b781e13426ed4f097 2022-11-24 17:14:30 +03:00			`# The bastion instance, which runs the AlloyDB auth proxy.`

			`# This grabs the name of the latest Debian image.`
			`data "google_compute_image" "bastion_image" {`
			`family = "debian-11"`
			`project = "debian-cloud"`
			`}`

			`resource "google_compute_instance" "bastion" {`
			`name = "${var.name}-testing-alloydb-bastion"`
			`machine_type = "e2-small"`
			`zone = "us-central1-a"`
			`tags = [`
			`# "ssh", # uncomment and re-apply to SSH in`
			`"postgres",`
			`]`

			`network_interface {`
			`network = google_compute_network.default.id`

			`# Runs on an ephemeral public IP address.`
			`access_config {}`
			`}`

			`boot_disk {`
			`initialize_params {`
			`image = data.google_compute_image.bastion_image.self_link`
			`}`
			`}`

			`# This service account has client access to AlloyDB.`
			`service_account {`
			`email = google_service_account.service_account.email`
			`scopes = ["cloud-platform"]`
			`}`

			`# On startup, download the AlloyDB auth proxy and run it.`
			`# Logs are written to /alloydb-auth-proxy.log. You can SSH in and view them if necessary.`
			`metadata_startup_script = <<-EOT`
			`#!/usr/bin/env bash`

			`set -e`
			`set -u`
			`set -o pipefail`

			`curl -fsSL https://storage.googleapis.com/alloydb-auth-proxy/v0.6.1/alloydb-auth-proxy.linux.amd64 -o alloydb-auth-proxy`
			`chmod +x alloydb-auth-proxy`

			`nohup ./alloydb-auth-proxy \`
			`'${google_alloydb_instance.primary.id}' \`
			`--address "0.0.0.0" \`
			`>& alloydb-auth-proxy.log &`
			`EOT`
			`}`