Removed service account usage in simple-workflow module

Author: anshukaira

Makefile

@@ -80,7 +80,7 @@ docker_generate_docs:
 		-e ENABLE_BPMETADATA=1 \
 		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
-		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display --per-module-requirements'
 
 # Alias for backwards compatibility
 .PHONY: generate_docs

examples/simple_workflow/README.md

@@ -9,8 +9,8 @@
 
 | Name | Description |
 |------|-------------|
+| project\_id | Google Cloud project in which the workflow is deployed |
+| revision\_id | The revision\_id  of the workflow. |
 | workflow\_id | The id  of the workflow. |
-| workflow\_region | The id  of the workflow. |
-| workflow\_revision\_id | The revision\_id  of the workflow. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/simple_workflow/main.tf

@@ -28,9 +28,8 @@ module "standalone_workflow" {
 
   project_id            = var.project_id
   workflow_name         = "standalone-workflow"
-  region                = "us-central1"
+  location              = "us-central1"
   service_account_email = module.service_account.email
-  service_account_create = true
   workflow_source = <<-EOF
   # This is a sample workflow that simply reads wikipedia
   # Note that $$ is needed for Terraform

examples/simple_workflow/outputs.tf

@@ -19,12 +19,12 @@ output "workflow_id" {
   value       = module.standalone_workflow.workflow_id
 }
 
-output "workflow_region" {
-  description = "The id  of the workflow."
-  value       = module.standalone_workflow.workflow_region
+output "revision_id" {
+  description = "The revision_id  of the workflow."
+  value       = module.standalone_workflow.revision_id
 }
 
-output "workflow_revision_id" {
-  description = "The revision_id  of the workflow."
-  value       = module.standalone_workflow.workflow_revision_id
+output "project_id" {
+  description = "Google Cloud project in which the workflow is deployed"
+  value       = var.project_id
 }

modules/simple_workflow/README.md

@@ -46,11 +46,10 @@ Functional examples are included in the
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| location | The name of the location where workflow will be created | `string` | n/a | yes |
 | project\_id | The project ID to deploy to | `string` | n/a | yes |
-| region | The name of the region where workflow will be created | `string` | n/a | yes |
-| service\_account\_create | Auto-create service account. | `bool` | `false` | no |
-| service\_account\_email | Service account email. Unused if service account is auto-created. | `string` | `null` | no |
-| workflow\_description | Description for the cloud workflow | `string` | `"Sample workflow Description"` | no |
+| service\_account\_email | Service account email. | `string` | `null` | no |
+| workflow\_description | Description for the cloud workflow | `string` | `""` | no |
 | workflow\_labels | A set of key/value label pairs to assign to the workflow | `map(string)` | `{}` | no |
 | workflow\_name | The name of the cloud workflow to create | `string` | n/a | yes |
 | workflow\_source | Workflow YAML code to be executed. The size limit is 32KB. | `string` | n/a | yes |
@@ -59,9 +58,8 @@ Functional examples are included in the
 
 | Name | Description |
 |------|-------------|
+| revision\_id | The revision of the workflow. A new one is generated if the service account or source contents is changed. |
 | workflow\_id | Workflow identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}} |
-| workflow\_region | The region of the workflow. |
-| workflow\_revision\_id | The revision of the workflow. A new one is generated if the service account or source contents is changed. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

modules/simple_workflow/main.tf

@@ -14,42 +14,11 @@
  * limitations under the License.
  */
 
-locals {
-  service_account_email = (
-    var.service_account_create
-    ? (
-      length(module.service_account) > 0
-      ? module.service_account[0].email
-      : null
-    )
-    : var.service_account_email
-  )
-}
-
-resource "random_string" "string" {
-  count   = var.service_account_create ? 1 : 0
-  length  = 6
-  lower   = true
-  upper   = false
-  special = false
-  numeric = false
-}
-
-module "service_account" {
-  count         = var.service_account_create ? 1 : 0
-  source        = "terraform-google-modules/service-accounts/google"
-  version       = "~> 4.1.1"
-  project_id    = var.project_id
-  prefix        = "wf-${random_string.string[0].result}"
-  names         = ["simple"]
-  project_roles = ["${var.project_id}=>roles/workflows.invoker"]
-}
-
 resource "google_workflows_workflow" "simple_workflow" {
   name            = var.workflow_name
-  region          = var.region
+  region          = var.location
   description     = var.workflow_description
-  service_account = local.service_account_email
+  service_account = var.service_account_email
   project         = var.project_id
   labels          = var.workflow_labels
   source_contents = var.workflow_source

modules/simple_workflow/metadata.display.yaml

@@ -24,27 +24,29 @@ spec:
     source:
       repo: https://github.com/GoogleCloudPlatform/terraform-google-cloud-workflows.git
       sourceType: git
-      dir: /modules/simple-workflow
+      dir: /modules/simple_workflow
   ui:
     input:
       variables:
+        location:
+          name: location
+          title: Location
         project_id:
           name: project_id
           title: Project Id
         region:
           name: region
           title: Region
-        service_account_create:
-          name: service_account_create
-          title: Service Account Create
         service_account_email:
           name: service_account_email
           title: Service Account Email
-          regexValidation: "^[a-z][a-z0-9-]{4,28}[a-z0-9]@[a-z][a-z0-9-]{4,28}[a-z0-9]\\.iam\\.gserviceaccount\\.com$"
+          regexValidation: ^[a-z][a-z0-9-]{4,28}[a-z0-9]@[a-z][a-z0-9-]{4,28}[a-z0-9]\.iam\.gserviceaccount\.com$
           validation: "Service account must be a valid email address in the format: SA_NAME@PROJECT_ID.iam.gserviceaccount.com."
+          level: 1
         workflow_description:
           name: workflow_description
           title: Workflow Description
+          level: 1
         workflow_labels:
           name: workflow_labels
           title: Workflow Labels

modules/simple_workflow/metadata.yaml

@@ -24,7 +24,7 @@ spec:
     source:
       repo: https://github.com/GoogleCloudPlatform/terraform-google-cloud-workflows.git
       sourceType: git
-      dir: /modules/simple-workflow
+      dir: /modules/simple_workflow
     version: 0.1.0
     actuationTool:
       flavor: Terraform
@@ -57,9 +57,9 @@ spec:
       - name: workflow_description
         description: Description for the cloud workflow
         varType: string
-        defaultValue: Sample workflow Description
-      - name: region
-        description: The name of the region where workflow will be created
+        defaultValue: ""
+      - name: location
+        description: The name of the location where workflow will be created
         varType: string
         required: true
       - name: workflow_source
@@ -71,33 +71,25 @@ spec:
         varType: map(string)
         defaultValue: {}
       - name: service_account_email
-        description: Service account email. Unused if service account is auto-created.
+        description: Service account email.
         varType: string
         connections:
           - source:
               source: github.com/terraform-google-modules/terraform-google-service-accounts//modules/simple-sa
               version: ">= 4.4"
             spec:
               outputExpr: email
-      - name: service_account_create
-        description: Auto-create service account.
-        varType: bool
-        defaultValue: false
     outputs:
+      - name: revision_id
+        description: The revision of the workflow. A new one is generated if the service account or source contents is changed.
       - name: workflow_id
         description: Workflow identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}}
         type: string
-      - name: workflow_region
-        description: The region of the workflow.
-        type: string
-      - name: workflow_revision_id
-        description: The revision of the workflow. A new one is generated if the service account or source contents is changed.
-        type: string
   requirements:
     roles:
       - level: Project
         roles:
-          - roles/owner
+          - roles/workflows.invoker
     services:
       - iam.googleapis.com
       - cloudresourcemanager.googleapis.com
@@ -109,5 +101,3 @@ spec:
     providerVersions:
       - source: hashicorp/google
         version: ">= 3.53, < 5.0"
-      - source: hashicorp/random
-        version: ~> 3.4.3

modules/simple_workflow/outputs.tf

@@ -19,12 +19,7 @@ output "workflow_id" {
   description = "Workflow identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}}"
 }
 
-output "workflow_revision_id" {
+output "revision_id" {
   value       = google_workflows_workflow.simple_workflow.revision_id
   description = "The revision of the workflow. A new one is generated if the service account or source contents is changed."
 }
-
-output "workflow_region" {
-  value       = google_workflows_workflow.simple_workflow.region
-  description = "The region of the workflow."
-}

modules/simple_workflow/variables.tf

@@ -27,11 +27,11 @@ variable "workflow_name" {
 variable "workflow_description" {
   description = "Description for the cloud workflow"
   type        = string
-  default     = "Sample workflow Description"
+  default     = ""
 }
 
-variable "region" {
-  description = "The name of the region where workflow will be created"
+variable "location" {
+  description = "The name of the location where workflow will be created"
   type        = string
 }
 
@@ -47,13 +47,7 @@ variable "workflow_labels" {
 }
 
 variable "service_account_email" {
-  description = "Service account email. Unused if service account is auto-created."
+  description = "Service account email."
   type        = string
   default     = null
 }
-
-variable "service_account_create" {
-  description = "Auto-create service account."
-  type        = bool
-  default     = false
-}