From 342ca092a335eb5d9ccb084ed55cd5c93bd817c6 Mon Sep 17 00:00:00 2001
From: amanpruthi <aman.pruthi@velotio.com>
Date: Fri, 21 Jun 2024 11:19:06 +0530
Subject: [PATCH] resolved comments

---
 main.tf                           | 53 +++++++++++++++----------------
 modules/private_link/main.tf      |  2 +-
 modules/private_link/variables.tf |  2 +-
 variables.tf                      |  4 +--
 4 files changed, 29 insertions(+), 32 deletions(-)

diff --git a/main.tf b/main.tf
index 554c07f..9a963fb 100644
--- a/main.tf
+++ b/main.tf
@@ -140,7 +140,6 @@ locals {
   secret_store_source     = "gcp-secretmanager://${local.project_id}?namespace=${var.namespace}"
 }
 
-
 resource "google_compute_address" "default" {
   count        = var.create_private_link ? 1 : 0
   name         = "${var.namespace}-ip-address"
@@ -149,9 +148,6 @@ resource "google_compute_address" "default" {
   purpose      = "GCE_ENDPOINT"
 }
 
-
-
-
 module "gke_app" {
   source  = "wandb/wandb/kubernetes"
   version = "1.14.1"
@@ -164,11 +160,11 @@ module "gke_app" {
   database_connection_string = module.database.connection_string
   redis_connection_string    = local.redis_connection_string
   redis_ca_cert              = local.redis_certificate
-  oidc_client_id   = var.oidc_client_id
-  oidc_issuer      = var.oidc_issuer
-  oidc_auth_method = var.oidc_auth_method
-  oidc_secret      = var.oidc_secret
-  local_restore    = var.local_restore
+  oidc_client_id             = var.oidc_client_id
+  oidc_issuer                = var.oidc_issuer
+  oidc_auth_method           = var.oidc_auth_method
+  oidc_secret                = var.oidc_secret
+  local_restore              = var.local_restore
 
   other_wandb_env = merge({
     "GORILLA_DISABLE_CODE_SAVING"          = var.disable_code_saving,
@@ -200,6 +196,7 @@ locals {
     "OIDC_AUTH_METHOD" = var.oidc_auth_method
     "OIDC_SECRET"      = var.oidc_secret
   } : {}
+  internal_lb_name = "${var.namespace}-internal"
 }
 
 data "google_client_config" "current" {}
@@ -279,7 +276,7 @@ module "wandb" {
         ## In order to support secondary ingress required min version 0.13.0 of operator-wandb chart
         secondary = {
           create       = var.create_private_link # internal ingress for private link connections
-          nameOverride = "${var.namespace}-internal"
+          nameOverride = local.internal_lb_name
           annotations = {
             "kubernetes.io/ingress.class"                   = "gce-internal"
             "kubernetes.io/ingress.regional-static-ip-name" = var.create_private_link ? google_compute_address.default[0].name : null
@@ -362,7 +359,7 @@ module "wandb" {
   ]
 }
 
-# proxy-only subnet
+# proxy-only subnet used by internal load balancer
 resource "google_compute_subnetwork" "proxy" {
   name          = "${var.namespace}-proxy-subnet"
   ip_cidr_range = var.ilb_proxynetwork_cidr
@@ -371,10 +368,9 @@ resource "google_compute_subnetwork" "proxy" {
   network       = local.network.id
 }
 
-## In order to support private link required min version 0.13.0 of operator-wandb chart
-
+## This ensures that the private link resource does not fail during the provisioning process.
 module "sleep" {
-  source = "matti/resource/shell"
+  source  = "matti/resource/shell"
   version = "1.5.0"
 
   environment = {
@@ -390,25 +386,26 @@ module "sleep" {
   ]
 }
 
-data "google_compute_forwarding_rules" "my_forwarding_rules" {
+data "google_compute_forwarding_rules" "all" {
   depends_on = [module.sleep.stdout]
 }
 
 locals {
-  regex_pattern       = "${var.namespace}-internal"
-  filtered_rule_names = [for rule in data.google_compute_forwarding_rules.my_forwarding_rules.rules : rule.name if can(regex(local.regex_pattern, rule.name))]
+  regex_pattern       = local.internal_lb_name
+  filtered_rule_names = [for rule in data.google_compute_forwarding_rules.all.rules : rule.name if can(regex(local.regex_pattern, rule.name))]
   forwarding_rule     = join(", ", local.filtered_rule_names)
 }
 
+## In order to support private link required min version 0.13.0 of operator-wandb chart
 module "private_link" {
-  count             = var.create_private_link ? 1 : 0
-  source            = "./modules/private_link"
-  namespace         = var.namespace
-  forwarding_rule   = local.forwarding_rule
-  network           = local.network
-  subnetwork        = local.subnetwork
-  allowed_projects  = var.allowed_projects
-  psc_subnetwork    = var.psc_subnetwork_cidr
-  proxynetwork_cidr = var.ilb_proxynetwork_cidr
-  depends_on        = [google_compute_subnetwork.proxy, data.google_compute_forwarding_rules.my_forwarding_rules]
-}
+  count                 = var.create_private_link ? 1 : 0
+  source                = "./modules/private_link"
+  namespace             = var.namespace
+  forwarding_rule       = local.forwarding_rule
+  network               = local.network
+  subnetwork            = local.subnetwork
+  allowed_project_names = var.allowed_project_names
+  psc_subnetwork        = var.psc_subnetwork_cidr
+  proxynetwork_cidr     = var.ilb_proxynetwork_cidr
+  depends_on            = [google_compute_subnetwork.proxy, data.google_compute_forwarding_rules.all]
+}
\ No newline at end of file
diff --git a/modules/private_link/main.tf b/modules/private_link/main.tf
index d49ba04..f18e29d 100644
--- a/modules/private_link/main.tf
+++ b/modules/private_link/main.tf
@@ -8,7 +8,7 @@ resource "google_compute_service_attachment" "default" {
   target_service        = "https://www.googleapis.com/compute/v1/projects/${data.google_client_config.current.project}/regions/${data.google_client_config.current.region}/forwardingRules/${var.forwarding_rule}"
 
   dynamic "consumer_accept_lists" {
-    for_each = var.allowed_projects != {} ? var.allowed_projects : {}
+    for_each = var.allowed_project_names != {} ? var.allowed_project_names : {}
     content {
       project_id_or_num = consumer_accept_lists.key
       connection_limit  = consumer_accept_lists.value
diff --git a/modules/private_link/variables.tf b/modules/private_link/variables.tf
index 33ee845..c2d54d6 100644
--- a/modules/private_link/variables.tf
+++ b/modules/private_link/variables.tf
@@ -22,7 +22,7 @@ variable "subnetwork" {
   description = "The subnetwork object containing the self-link of the subnetwork."
 }
 
-variable "allowed_projects" {
+variable "allowed_project_names" {
   type = map(number)
   default = {}
   description = "A map of allowed projects where each key is a project number and the value is the connection limit."
diff --git a/variables.tf b/variables.tf
index d436153..da4a536 100644
--- a/variables.tf
+++ b/variables.tf
@@ -272,10 +272,10 @@ variable "public_access" {
   default = true
 }
 
-variable "allowed_projects" {
+variable "allowed_project_names" {
   type = map(number)
   default = {
-    # "482878270665" = 4
+    # "project_ID" = 4 
   }
   description = "A map of allowed projects where each key is a project number and the value is the connection limit."
 }