feat: Add support to use existing notification channels for alerts (#593)

Co-authored-by: Imran Nayer <[email protected]>

Author: ps-occrp

examples/postgresql-backup-provided-service-account/main.tf

@@ -45,20 +45,31 @@ resource "google_storage_bucket" "backup" {
   project       = var.project_id
 }
 
+resource "google_monitoring_notification_channel" "email" {
+  display_name = "Test email notification channel"
+  type         = "email"
+  project      = var.project_id
+  labels = {
+    email_address = "[email protected]"
+  }
+}
+
 module "backup" {
   source  = "terraform-google-modules/sql-db/google//modules/backup"
   version = "~> 20.0"
 
-  region                = "us-central1"
-  project_id            = var.project_id
-  sql_instance          = module.postgresql.instance_name
-  export_databases      = []
-  export_uri            = google_storage_bucket.backup.url
-  backup_retention_time = 1
-  backup_schedule       = "5 * * * *"
-  export_schedule       = "10 * * * *"
-  use_serverless_export = true
-  service_account       = "${data.google_project.test_project.number}[email protected]"
+  region                      = "us-central1"
+  project_id                  = var.project_id
+  sql_instance                = module.postgresql.instance_name
+  export_databases            = []
+  export_uri                  = google_storage_bucket.backup.url
+  backup_retention_time       = 1
+  backup_schedule             = "5 * * * *"
+  export_schedule             = "10 * * * *"
+  use_serverless_export       = true
+  service_account             = "${data.google_project.test_project.number}[email protected]"
+  create_notification_channel = false
+  notification_channels       = [google_monitoring_notification_channel.email.id]
 }
 
 data "google_project" "test_project" {

modules/backup/README.md

@@ -59,8 +59,7 @@ fetch workflows.googleapis.com/Workflow
 | backup\_schedule | The cron schedule to execute the internal backup | `string` | `"45 2 * * *"` | no |
 | compress\_export | Whether or not to compress the export when storing in the bucket; Only valid for MySQL and PostgreSQL | `bool` | `true` | no |
 | connector\_params\_timeout | The end-to-end duration the connector call is allowed to run for before throwing a timeout exception. The default value is 1800 and this should be the maximum for connector methods that are not long-running operations. Otherwise, for long-running operations, the maximum timeout for a connector call is 31536000 seconds (one year). | `number` | `1800` | no |
-| create\_email\_notification\_channel | Create email notification channel to send alerts | `bool` | `false` | no |
-| email\_notification\_channel\_name | Name of email notification channel | `string` | `"Email Notification"` | no |
+| create\_notification\_channel | If set to true it will create email notification channel | `bool` | `false` | no |
 | enable\_backup\_monitoring | Whether to monitor backup workflows or not | `bool` | `false` | no |
 | enable\_connector\_params | Whether to enable connector-specific parameters for Google Workflow SQL Export. | `bool` | `false` | no |
 | enable\_export\_backup | Weather to create exports to GCS Buckets with this module | `bool` | `true` | no |
@@ -72,6 +71,8 @@ fetch workflows.googleapis.com/Workflow
 | export\_uri | The bucket and path uri for exporting to GCS | `string` | n/a | yes |
 | log\_db\_name\_to\_export | Whether or not to log database name in the export workflow | `bool` | `false` | no |
 | monitoring\_email | Email address to send alerts | `string` | `null` | no |
+| notification\_channel\_name | Name of the email notification channel to be created. Only needed when create\_notification\_channel is set to true. | `string` | `"Email Notification"` | no |
+| notification\_channels | List of existing notification channels to send alerts to | `list(string)` | `[]` | no |
 | project\_id | The project ID | `string` | n/a | yes |
 | region | The region where to run the workflow | `string` | `"us-central1"` | no |
 | scheduler\_timezone | The Timezone in which the Scheduler Jobs are triggered | `string` | `"Etc/GMT"` | no |

modules/backup/main.tf

@@ -21,6 +21,7 @@ locals {
   backup_name            = "sql-backup-${var.sql_instance}${var.unique_suffix}"
   role_name              = var.enable_export_backup ? "roles/cloudsql.editor" : "roles/cloudsql.viewer"
   export_name            = var.use_sql_instance_replica_in_exporter ? "sql-export-${var.sql_instance_replica}${var.unique_suffix}" : "sql-export-${var.sql_instance}${var.unique_suffix}"
+  notification_channels  = var.create_notification_channel ? concat(var.notification_channels, [google_monitoring_notification_channel.email[0].id]) : var.notification_channels
 }
 
 
@@ -63,8 +64,9 @@ data "google_sql_database_instance" "backup_instance" {
 }
 
 resource "google_monitoring_notification_channel" "email" {
-  count        = var.create_email_notification_channel ? 1 : 0
-  display_name = var.email_notification_channel_name
+  count        = var.create_notification_channel ? 1 : 0
+  display_name = var.notification_channel_name
+  project      = var.project_id
   type         = "email"
   labels = {
     email_address = var.monitoring_email
@@ -133,7 +135,7 @@ resource "google_monitoring_alert_policy" "sql_backup_workflow_success_alert" {
       evaluation_missing_data = "EVALUATION_MISSING_DATA_ACTIVE"
     }
   }
-  notification_channels = [google_monitoring_notification_channel.email[0].id]
+  notification_channels = local.notification_channels
 }
 
 ################################
@@ -212,5 +214,5 @@ resource "google_monitoring_alert_policy" "sql_export_workflow_success_alert" {
       evaluation_missing_data = "EVALUATION_MISSING_DATA_ACTIVE"
     }
   }
-  notification_channels = [google_monitoring_notification_channel.email[0].id]
+  notification_channels = local.notification_channels
 }

modules/backup/variables.tf

@@ -175,14 +175,20 @@ variable "export_monitoring_frequency" {
   default     = "1d"
 }
 
-variable "create_email_notification_channel" {
-  description = "Create email notification channel to send alerts"
+variable "create_notification_channel" {
+  description = "If set to true it will create email notification channel"
   type        = bool
   default     = false
 }
 
-variable "email_notification_channel_name" {
-  description = "Name of email notification channel"
+variable "notification_channel_name" {
+  description = "Name of the email notification channel to be created. Only needed when create_notification_channel is set to true."
   type        = string
   default     = "Email Notification"
 }
+
+variable "notification_channels" {
+  description = "List of existing notification channels to send alerts to"
+  type        = list(string)
+  default     = []
+}

test/setup/iam.tf

@@ -16,17 +16,18 @@
 
 locals {
   int_required_roles = [
+    "roles/cloudkms.admin",
+    "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+    "roles/cloudscheduler.admin",
     "roles/cloudsql.admin",
     "roles/compute.admin",
     "roles/compute.networkAdmin",
     "roles/iam.serviceAccountAdmin",
+    "roles/iam.serviceAccountUser",
+    "roles/monitoring.editor",
     "roles/resourcemanager.projectIamAdmin",
     "roles/storage.admin",
     "roles/workflows.admin",
-    "roles/cloudscheduler.admin",
-    "roles/iam.serviceAccountUser",
-    "roles/cloudkms.admin",
-    "roles/cloudkms.cryptoKeyEncrypterDecrypter",
   ]
 }
 

test/setup/main.tf

@@ -25,15 +25,16 @@ module "project" {
   billing_account   = var.billing_account
 
   activate_apis = [
+    "cloudkms.googleapis.com",
     "cloudresourcemanager.googleapis.com",
+    "cloudscheduler.googleapis.com",
     "compute.googleapis.com",
+    "iam.googleapis.com",
+    "monitoring.googleapis.com",
     "servicenetworking.googleapis.com",
+    "serviceusage.googleapis.com",
     "sqladmin.googleapis.com",
-    "iam.googleapis.com",
     "workflows.googleapis.com",
-    "cloudscheduler.googleapis.com",
-    "cloudkms.googleapis.com",
-    "serviceusage.googleapis.com",
   ]
 }