diff --git a/.github/workflows/build-metabase.yml b/.github/workflows/build-metabase.yml new file mode 100644 index 0000000000..d677bf189f --- /dev/null +++ b/.github/workflows/build-metabase.yml @@ -0,0 +1,39 @@ +name: Metabase Docker image + +on: [push] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }}-metabase + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + build: + name: Build image + + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to GitHub Repository + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push + uses: docker/build-push-action@v6 + with: + context: services/metabase + push: true + tags: ghcr.io/${{ github.repository }}/metabase:latest + cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/metabase:latest + cache-to: type=inline diff --git a/iac/cal-itp-data-infra-staging/airflow/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/airflow/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/airflow/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/airflow/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/airflow/us/provider.tf b/iac/cal-itp-data-infra-staging/airflow/us/provider.tf index f50142b439..2b1f646364 100755 --- a/iac/cal-itp-data-infra-staging/airflow/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/airflow/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/cdn/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/cdn/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/cdn/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/cdn/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/cdn/us/provider.tf b/iac/cal-itp-data-infra-staging/cdn/us/provider.tf index 79712798ec..c479a39134 100644 --- a/iac/cal-itp-data-infra-staging/cdn/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/cdn/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/composer/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/composer/us/.terraform.lock.hcl index 9585000de9..5b413e062d 100644 --- a/iac/cal-itp-data-infra-staging/composer/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/composer/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/composer/us/provider.tf b/iac/cal-itp-data-infra-staging/composer/us/provider.tf index 0baaf92ce4..4307b72844 100644 --- a/iac/cal-itp-data-infra-staging/composer/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/composer/us/provider.tf @@ -16,7 +16,7 @@ provider "kubernetes" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } kubernetes = { diff --git a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/.terraform.lock.hcl similarity index 56% rename from iac/cal-itp-data-infra-staging/sftp/us/enghouse/.terraform.lock.hcl rename to iac/cal-itp-data-infra-staging/enghouse-sftp/us/.terraform.lock.hcl index 7c88416d75..789ce9f110 100644 --- a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/.terraform.lock.hcl @@ -2,21 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } @@ -25,6 +25,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.38.0" hashes = [ "h1:7nJdsd1RMPBtOjDXidB37+KSDN5VcOWkbkow69qJVGc=", + "h1:soK8Lt0SZ6dB+HsypFRDzuX/npqlMU6M0fvyaR1yW0k=", "zh:0af928d776eb269b192dc0ea0f8a3f0f5ec117224cd644bdacdc682300f84ba0", "zh:1be998e67206f7cfc4ffe77c01a09ac91ce725de0abaec9030b22c0a832af44f", "zh:326803fe5946023687d603f6f1bab24de7af3d426b01d20e51d4e6fbe4e7ec1b", diff --git a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/enghouse-sftp-endpoint.tf b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/enghouse-sftp-endpoint.tf similarity index 100% rename from iac/cal-itp-data-infra-staging/sftp/us/enghouse/enghouse-sftp-endpoint.tf rename to iac/cal-itp-data-infra-staging/enghouse-sftp/us/enghouse-sftp-endpoint.tf diff --git a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/outputs.tf b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/outputs.tf similarity index 100% rename from iac/cal-itp-data-infra-staging/sftp/us/enghouse/outputs.tf rename to iac/cal-itp-data-infra-staging/enghouse-sftp/us/outputs.tf diff --git a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/provider.tf b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/provider.tf similarity index 95% rename from iac/cal-itp-data-infra-staging/sftp/us/enghouse/provider.tf rename to iac/cal-itp-data-infra-staging/enghouse-sftp/us/provider.tf index 4bfa6e9bde..c276c8929d 100755 --- a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/provider.tf +++ b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } @@ -13,7 +13,6 @@ terraform { bucket = "calitp-staging-gcp-components-tfstate" prefix = "cal-itp-data-infra-staging/sftp-enghouse" } - } data "google_client_config" "default" {} diff --git a/iac/cal-itp-data-infra-staging/sftp/us/enghouse/variables.tf b/iac/cal-itp-data-infra-staging/enghouse-sftp/us/variables.tf similarity index 100% rename from iac/cal-itp-data-infra-staging/sftp/us/enghouse/variables.tf rename to iac/cal-itp-data-infra-staging/enghouse-sftp/us/variables.tf diff --git a/iac/cal-itp-data-infra-staging/firewall/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/firewall/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/firewall/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/firewall/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/firewall/us/provider.tf b/iac/cal-itp-data-infra-staging/firewall/us/provider.tf index d52f1e2445..ff2fb889e5 100755 --- a/iac/cal-itp-data-infra-staging/firewall/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/firewall/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/gcs/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/gcs/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/gcs/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/gcs/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/gcs/us/provider.tf b/iac/cal-itp-data-infra-staging/gcs/us/provider.tf index 528ca7a3cc..36a1d53e3c 100755 --- a/iac/cal-itp-data-infra-staging/gcs/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/gcs/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/gke/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/gke/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/gke/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/gke/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/gke/us/provider.tf b/iac/cal-itp-data-infra-staging/gke/us/provider.tf index 7b133af51b..a1339def8a 100755 --- a/iac/cal-itp-data-infra-staging/gke/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/gke/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/iam/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/iam/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/iam/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/iam/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/iam/us/outputs.tf b/iac/cal-itp-data-infra-staging/iam/us/outputs.tf index 2444c6b051..c22ca34198 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/outputs.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/outputs.tf @@ -178,6 +178,18 @@ output "google_service_account_cal-bc-service-account_name" { value = google_service_account.cal-bc-service-account.name } +output "google_service_account_metabase-service-account_id" { + value = google_service_account.metabase-service-account.id +} + +output "google_service_account_metabase-service-account_email" { + value = google_service_account.metabase-service-account.email +} + +output "google_service_account_metabase-service-account_name" { + value = google_service_account.metabase-service-account.name +} + output "google_service_account_composer-service-account_id" { value = google_service_account.composer-service-account.id } diff --git a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf index 3f0e849950..78d291b52c 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf @@ -279,6 +279,16 @@ resource "google_project_iam_member" "cal-bc-service-account" { project = "cal-itp-data-infra-staging" } +resource "google_project_iam_member" "metabase-service-account" { + for_each = toset([ + "roles/cloudsql.client", + "roles/secretmanager.secretAccessor", + ]) + role = each.key + member = "serviceAccount:${google_service_account.metabase-service-account.email}" + project = "cal-itp-data-infra-staging" +} + resource "google_project_iam_member" "composer-service-account" { for_each = toset([ "roles/bigquery.dataOwner", diff --git a/iac/cal-itp-data-infra-staging/iam/us/provider.tf b/iac/cal-itp-data-infra-staging/iam/us/provider.tf index 9cb50010d4..aecf485b58 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/iam/us/service_account.tf b/iac/cal-itp-data-infra-staging/iam/us/service_account.tf index 768e8024b2..88ec436d31 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/service_account.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/service_account.tf @@ -50,6 +50,14 @@ resource "google_service_account" "cal-bc-service-account" { project = "cal-itp-data-infra-staging" } +resource "google_service_account" "metabase-service-account" { + account_id = "metabase-service-account" + description = "Service account for Metabase" + disabled = "false" + display_name = "metabase" + project = "cal-itp-data-infra-staging" +} + resource "google_service_account" "composer-service-account" { account_id = "composer-service-account" description = "Service account for Composer" diff --git a/iac/cal-itp-data-infra-staging/logging/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/logging/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/logging/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/logging/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/logging/us/provider.tf b/iac/cal-itp-data-infra-staging/logging/us/provider.tf index b4a9d00bfe..3eac55190d 100755 --- a/iac/cal-itp-data-infra-staging/logging/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/logging/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/metabase/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/metabase/us/.terraform.lock.hcl new file mode 100644 index 0000000000..9b053049f6 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/.terraform.lock.hcl @@ -0,0 +1,62 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.10.0" + constraints = ">= 6.0.0, ~> 7.10.0, < 8.0.0" + hashes = [ + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "7.11.0" + constraints = ">= 6.0.0, < 8.0.0" + hashes = [ + "h1:h1vQPPCqsOeMJ4fX3lRTX/8pvNfSHxIKYCcsey0kxAA=", + "zh:0823dca7bb07b488374d5e183995bc5f23ce0afcdddeea809d692bdcc308d720", + "zh:0a0a44fb664551268a2e5137481d0898e6c887a2b707076f508ed11fa626bb7a", + "zh:38805a07af4ea6dbb05539b5f5b70c87ea47d0c6707aa14ca1c2622f2358edb0", + "zh:40dcf27903a729c5e356a2a740e05ceea63c46ddb7c61cf1fdadd8acc78d4d38", + "zh:4620342a4d88c924426104aa955ea81136ad8604d2aad846b0d012145fba7089", + "zh:7cad657189c6e9e93db96e1594dc4cccbe79c80a627eb2e38fd108032e78bb8d", + "zh:8164e4d4df26b69ec270a0a5cb2e4ca1446d5bd9c8e52d498f796931071feee8", + "zh:96a02283abb3fc3c8526a0549409903bd4eaa96894c79dbbf1e90abc6b678054", + "zh:9765c9d6ba050419bbe75714754f05c2124bc78a9a2cbee771962bda8358e427", + "zh:c645d856206b9d591264d0f20bd40ca4906484778fd5e2ab988c125d70f6a9a8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f993ba9ffb1967060901caebff81ac3989fc85848ffc19e5062a2042992a52a1", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.7.2" + constraints = ">= 2.1.0" + hashes = [ + "h1:KG4NuIBl1mRWU0KD/BGfCi1YN/j3F7H4YgeeM7iSdNs=", + "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", + "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", + "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", + "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", + "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", + "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", + "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", + "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", + "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", + "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", + ] +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/network.tf b/iac/cal-itp-data-infra-staging/metabase/us/network.tf new file mode 100644 index 0000000000..eafb6520b4 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/network.tf @@ -0,0 +1,3 @@ +resource "google_compute_global_address" "metabase-staging" { + name = "metabase-staging-address" +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/provider.tf b/iac/cal-itp-data-infra-staging/metabase/us/provider.tf new file mode 100644 index 0000000000..567210dc18 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/provider.tf @@ -0,0 +1,16 @@ +provider "google" { + project = "cal-itp-data-infra-staging" +} + +terraform { + required_providers { + google = { + version = "~> 7.10.0" + } + } + + backend "gcs" { + bucket = "calitp-staging-gcp-components-tfstate" + prefix = "cal-itp-data-infra-staging/metabase" + } +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/repository.tf b/iac/cal-itp-data-infra-staging/metabase/us/repository.tf new file mode 100644 index 0000000000..268cf0e5a7 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/repository.tf @@ -0,0 +1,16 @@ +resource "google_artifact_registry_repository" "ghcr" { + location = "us-west2" + repository_id = "ghcr" + format = "DOCKER" + mode = "REMOTE_REPOSITORY" + cleanup_policy_dry_run = true + + remote_repository_config { + description = "GitHub Container Repository" + docker_repository { + custom_repository { + uri = "https://ghcr.io" + } + } + } +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/secrets.tf b/iac/cal-itp-data-infra-staging/metabase/us/secrets.tf new file mode 100644 index 0000000000..60484e75a6 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/secrets.tf @@ -0,0 +1,15 @@ +resource "google_secret_manager_secret" "metabase-staging-password" { + secret_id = "metabase-staging-password" + replication { + user_managed { + replicas { + location = "us-west2" + } + } + } +} + +resource "google_secret_manager_secret_version" "metabase-staging-password" { + secret = google_secret_manager_secret.metabase-staging-password.name + secret_data_wo = random_password.metabase-staging-database.result +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/service.tf b/iac/cal-itp-data-infra-staging/metabase/us/service.tf new file mode 100644 index 0000000000..807d3bab74 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/service.tf @@ -0,0 +1,163 @@ +resource "google_cloud_run_v2_service" "metabase-staging" { + name = "metabase-staging" + location = "us-west2" + deletion_protection = false + ingress = "INGRESS_TRAFFIC_ALL" + invoker_iam_disabled = true + + traffic { + type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" + percent = 100 + } + + scaling { + min_instance_count = 1 + } + + template { + service_account = data.terraform_remote_state.iam.outputs.google_service_account_metabase-service-account_email + + volumes { + name = "cloudsql" + cloud_sql_instance { + instances = [google_sql_database_instance.metabase-staging.connection_name] + } + } + + containers { + image = "us-west2-docker.pkg.dev/cal-itp-data-infra-staging/ghcr/cal-itp/data-infra/metabase:latest" + + resources { + limits = { + cpu = "1" + memory = "2048Mi" + } + } + + ports { + container_port = 3000 + } + + startup_probe { + timeout_seconds = 2 + period_seconds = 5 + failure_threshold = 10 + initial_delay_seconds = 60 + + http_get { + path = "/" + port = 3000 + } + } + + liveness_probe { + http_get { + path = "/" + port = 3000 + } + } + + volume_mounts { + name = "cloudsql" + mount_path = "/cloudsql" + } + + env { + name = "MB_DB_TYPE" + value = "postgres" + } + + env { + name = "MB_DB_DBNAME" + value = google_sql_database.metabase-staging.name + } + + env { + name = "MB_DB_HOST" + value = "127.0.0.1" + } + + env { + name = "MB_DB_USER" + value = google_sql_user.metabase-staging.name + } + + env { + name = "MB_DB_PASS" + value_source { + secret_key_ref { + secret = google_secret_manager_secret.metabase-staging-password.secret_id + version = "latest" + } + } + } + + env { + name = "JAVA_OPTS" + value = "-Xmx2048m" + } + } + } +} + +resource "google_cloud_run_service_iam_binding" "metabase-staging" { + location = google_cloud_run_v2_service.metabase-staging.location + service = google_cloud_run_v2_service.metabase-staging.name + role = "roles/run.invoker" + members = ["allUsers"] +} + +resource "google_compute_region_network_endpoint_group" "metabase-staging" { + name = "metabase-staging" + network_endpoint_type = "SERVERLESS" + region = google_cloud_run_v2_service.metabase-staging.location + cloud_run { + service = google_cloud_run_v2_service.metabase-staging.name + } +} + +module "lb-http" { + source = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs" + version = "~> 14.0" + + name = "metabase-staging" + project = "cal-itp-data-infra-staging" + + ssl = true + managed_ssl_certificate_domains = [local.domain] + https_redirect = true + + address = google_compute_global_address.metabase-staging.address + create_address = false + + backends = { + metabase = { + groups = [] + serverless_neg_backends = [ + { + "region" : "us-west2", + "type" : "cloud-run", + "service" : { + "name" : google_cloud_run_v2_service.metabase-staging.name + } + } + ] + + health_check = { + request_path = "/" + protocol = "HTTP" + port = 80 + } + + enable_cdn = false + + iap_config = { + enable = false + } + + log_config = { + enable = false + } + } + } +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/sql.tf b/iac/cal-itp-data-infra-staging/metabase/us/sql.tf new file mode 100644 index 0000000000..679911d752 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/sql.tf @@ -0,0 +1,21 @@ +resource "google_sql_database_instance" "metabase-staging" { + name = "metabase-staging" + database_version = "POSTGRES_14" + region = "us-west2" + settings { + tier = "db-f1-micro" + } + deletion_protection = true +} + +resource "google_sql_database" "metabase-staging" { + name = "metabase-staging" + instance = google_sql_database_instance.metabase-staging.name +} + +resource "google_sql_user" "metabase-staging" { + name = "metabase-staging" + instance = google_sql_database_instance.metabase-staging.name + password_wo = random_password.metabase-staging-database.result + password_wo_version = element(split("/", google_secret_manager_secret_version.metabase-staging-password.name), -1) +} diff --git a/iac/cal-itp-data-infra-staging/metabase/us/variables.tf b/iac/cal-itp-data-infra-staging/metabase/us/variables.tf new file mode 100644 index 0000000000..8380848b64 --- /dev/null +++ b/iac/cal-itp-data-infra-staging/metabase/us/variables.tf @@ -0,0 +1,22 @@ +data "terraform_remote_state" "iam" { + backend = "gcs" + + config = { + bucket = "calitp-staging-gcp-components-tfstate" + prefix = "cal-itp-data-infra-staging/iam" + } +} + +resource "random_password" "metabase-staging-secret-key" { + special = false + length = 50 +} + +resource "random_password" "metabase-staging-database" { + special = false + length = 32 +} + +locals { + domain = "metabase-staging.dds.dot.ca.gov" +} diff --git a/iac/cal-itp-data-infra-staging/networks/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/networks/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/networks/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/networks/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/networks/us/provider.tf b/iac/cal-itp-data-infra-staging/networks/us/provider.tf index f86ea03201..8209355d9c 100755 --- a/iac/cal-itp-data-infra-staging/networks/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/networks/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/project/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/project/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/project/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/project/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/project/us/provider.tf b/iac/cal-itp-data-infra-staging/project/us/provider.tf index 85c8040bdd..e66f063b30 100755 --- a/iac/cal-itp-data-infra-staging/project/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/project/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/iac/cal-itp-data-infra-staging/routes/us/.terraform.lock.hcl b/iac/cal-itp-data-infra-staging/routes/us/.terraform.lock.hcl index 528a936c80..72ac3c1275 100644 --- a/iac/cal-itp-data-infra-staging/routes/us/.terraform.lock.hcl +++ b/iac/cal-itp-data-infra-staging/routes/us/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.41.0" - constraints = "~> 6.41.0" + version = "7.10.0" + constraints = "~> 7.10.0" hashes = [ - "h1:J2umU/CnA4ap8XNqSGUduqlomj/RoCIr1ojUgXe2ju8=", - "h1:f5F5LlkVvFqfmM/oWmqUDZEa8NieeHoAoEW7iNMwFVo=", - "zh:0a375c4f37599de566b6dd19d1953f70f6f88f089bb7cf97d1fa1287b2ebf41c", - "zh:2309a75bf6bd6f97ccae0c8348bb560eb893518786150cb634bc7795898d38f9", - "zh:66ed27c1b9a2b8ab7910954447f77efb319f49bc546d3611fd00d56776a928d8", - "zh:7a8624d5b8d8aee0604cb9a5bc0fb450d235983cf540dd19f68535063fa8cf17", - "zh:883879b1d5d3058d87db13b824c15193e3e2e4995a3b8165ce5835872b955349", - "zh:89971c2ca25a546febbab693f98480a1c032945e7b10e4ccfc0273c5201978bd", - "zh:923281ee1f1f5bb827786a198973abfdfb2a86e87d751e37809a19e55e84c160", - "zh:c0a28bee3e4e8722463e53ca5a090d4df5b6db5fdfb9f622461bc9bc3f27f418", - "zh:c3ac6015b50c93f12cced716ad92f072a8a1245924b034b4a9bc9261eb31fbde", - "zh:d70f83f015182021a4593cd4a9a2687f83c0aa6fd54a982bd374ef0fd25113f2", - "zh:ed9eb0992e901c7b832ae50dc267d12febf53f89ee6b1a02320b7a145830c6ce", + "h1:itPAvjmGmV6R8KpBsDGnONKfi9AXPt0LCFThnDF/3+g=", + "zh:40b90c1e6cc95cccfc935d4af4478590410bf2ce24d2cd7f6b583e7791b9b5b3", + "zh:56f25840e253ea527ab196ffb5cc3f896ef129c6d0dbe795eb9dd305d84354cd", + "zh:5bb291ae271b3363052ea4b01073c91ce9a5fcf58bf8c1d01a919099e1b4e946", + "zh:671daceb89669b51586a1a32861ea77d30233d6c2adb1ec2d3ada48d3f485634", + "zh:965834aeda62b59b8140b8db9d378658d5e3bb56a828a5158d2625237ae925b5", + "zh:9a83c890f65bcd3777eb42a9a7de622c6f9ceb3fe3ceedfe532c1cb4de24ddb2", + "zh:a2a995d03f8a669a753e99e12e6826c0b7081ac573a66c9c90db2d70f00b8ed4", + "zh:a4473ea1f59b6a5837f5e27ac4383a566dc8bdf60e0e63b5fddc5a2523fdaeb5", + "zh:a568e0b3c475629de3d00f60693270d7ae2d8cda7a9b8b28613baec9fb09b37c", + "zh:c53002313ea07dba92503eec6c0876b13b5217a703313c3ac74b31fefa52afbb", + "zh:dbd8c9e2099ca321ebab124b9c9a3421469714ac2d329d0047d0981c8c64ab21", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/iac/cal-itp-data-infra-staging/routes/us/provider.tf b/iac/cal-itp-data-infra-staging/routes/us/provider.tf index 2728cc70af..36ab48b5a2 100755 --- a/iac/cal-itp-data-infra-staging/routes/us/provider.tf +++ b/iac/cal-itp-data-infra-staging/routes/us/provider.tf @@ -5,7 +5,7 @@ provider "google" { terraform { required_providers { google = { - version = "~> 6.41.0" + version = "~> 7.10.0" } } diff --git a/services/metabase/Dockerfile b/services/metabase/Dockerfile new file mode 100644 index 0000000000..de3818853e --- /dev/null +++ b/services/metabase/Dockerfile @@ -0,0 +1,9 @@ +FROM metabase/metabase + +RUN apk update && apk add --no-cache socat + +RUN ln -s /cloudsql/cal-itp-data-infra-staging:us-west2:metabase-staging/.s.PGSQL.5432 pg.sock + +COPY entrypoint.sh /app/entrypoint.sh +RUN chmod +x /app/entrypoint.sh +ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/services/metabase/entrypoint.sh b/services/metabase/entrypoint.sh new file mode 100755 index 0000000000..5a35017f34 --- /dev/null +++ b/services/metabase/entrypoint.sh @@ -0,0 +1,7 @@ +#! /bin/bash + +# Forward TCP:5432 to Cloud SQL Unix socket +nohup socat -d -d TCP4-LISTEN:5432,fork UNIX-CONNECT:pg.sock & + +# Runs Metabase +/app/run_metabase.sh