Google Cloud Scheduled Function#

This module allows Terraform to manage Google Cloud Scheduled Functions for the Censys Cloud Connector.

Prerequisites#

Install Poetry.
Install Terraform.
Install the Cloud SDK for your operating system.

If you are running from your local machine, you also need Default Application Credentials:
```
gcloud auth application-default login
```

Setup#

Ensure you are in the root directory of the project.
Source your environment variables.
```
source .env
```
Install the dependencies.
```
poetry install
```
Ensure your providers.yml file contains your cloud provider credentials.

If you have not already done so, you can create a providers.yml file by running the following command:
```
poetry run censys-cc config
```
Change the working directory to the google-scheduled-function directory with the following command:
```
cd ./terraform/google-scheduled-function
```
Copy terraform.tfvars.example to terraform.tfvars and update the values to match your environment.
```
cp terraform.tfvars.example terraform.tfvars
```
Initialize the project with the following command:
```
terraform init
```

To see what resources will be created or updated, run the following command:

terraform plan -var-file terraform.tfvars -out=censys-tfplan -input=false

To create or update the resources, run the following command:
```
terraform apply -input=false censys-tfplan
```

Cleanup#

To clean up the resources created by this module, run the following command:

terraform destroy -var-file terraform.tfvars

Requirements#

Name	Version
terraform	>= 0.13
google	>= 3.53, < 5.0

Providers#

Name	Version
archive	2.2.0
external	2.2.2
google	4.17.0
local	2.2.2
null	3.1.1
random	3.1.2

Modules#

Name	Source	Version
pubsub_topic	terraform-google-modules/pubsub/google	~> 1.0

Resources#

Name	Type
google_cloud_scheduler_job.job	resource
google_cloudfunctions_function.main	resource
google_project_service.gcp_services	resource
google_secret_manager_secret.censys_api_key	resource
google_secret_manager_secret.providers	resource
google_secret_manager_secret_iam_member.api_key_member	resource
google_secret_manager_secret_iam_member.providers_member	resource
google_secret_manager_secret_version.censys_api_key	resource
google_secret_manager_secret_version.providers	resource
google_secret_manager_secret_version.providers_config	resource
google_storage_bucket.main	resource
google_storage_bucket_object.main	resource
local_file.requirements_txt	resource
null_resource.copy_build	resource
random_id.suffix	resource
archive_file.main	data source
external_external.poetry_build	data source
google_project.project	data source
google_secret_manager_secret_version.censys_api_key	data source

Inputs#

Name	Description	Type	Default	Required
bucket_force_destroy	When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first.	`bool`	`true`	no
bucket_labels	A set of key/value label pairs to assign to the bucket.	`map(string)`	`{}`	no
bucket_name	The name to apply to the bucket. Will default to a string of `censys-cloud-connector-bucket-XXXX` with `XXXX` being random characters.	`string`	`""`	no
censys_api_key	The Censys ASM API key	`string`	n/a	yes
create_bucket	Whether to create a new bucket or use an existing one. If false, `bucket_name` should reference the name of the alternate bucket to use.	`bool`	`true`	no
files_to_exclude_in_source_dir	Specify files to ignore when reading the source_dir	`list(string)`	[ “.gitignore” ]	no
function_available_memory_mb	The amount of memory in megabytes allotted for the function to use.	`number`	`256`	no
function_description	The description of the function.	`string`	`"Cloud Function to run the Censys Cloud Connector."`	no
function_labels	A set of key/value label pairs to assign to the function.	`map(string)`	`{}`	no
function_name	The name to apply to the function. Will default to a string of `censys-cloud-connector-function-XXXX` with `XXXX` being random characters.	`string`	`""`	no
function_source_dir	The directory containing the source code for the function.	`string`	`"function_source"`	no
function_timeout_s	The amount of time in seconds allotted for the execution of the function. (Can be up to 540 seconds)	`number`	`540`	no
gcp_service_list	The list of apis necessary for the project	`list(string)`	[ “cloudbuild.googleapis.com”, “cloudfunctions.googleapis.com”, “cloudresourcemanager.googleapis.com”, “cloudscheduler.googleapis.com”, “pubsub.googleapis.com”, “secretmanager.googleapis.com”, “cloudasset.googleapis.com” ]	no
job_description	Addition text to describe the job	`string`	`"Scheduled time to run the Censys Cloud Connector function"`	no
job_name	The name of the scheduled job to run	`string`	`"censys-cloud-connector-job"`	no
job_schedule	The cron schedule for triggering the cloud function	`string`	`"0 /4 * *"`	no
logging_level	The logging level	`string`	`"INFO"`	no
message_data	The data to send in the topic message.	`string`	`"c3RhcnQtY2Vuc3lzLWNjLXNjYW4="`	no
project_id	The project ID to host the cloud function in	`string`	n/a	yes
providers_config	The path to the providers config file	`string`	`"../../providers.yml"`	no
region	The region the project is in	`string`	`"us-central1"`	no
scheduler_job	An existing Cloud Scheduler job instance	`object({ name = string })`	`null`	no
secrets_dir	The path to the secrets directory	`string`	`"../../secrets"`	no
time_zone	The timezone to use in scheduler	`string`	`"Etc/UTC"`	no
topic_name	Name of pubsub topic connecting the scheduled job and the function	`string`	`"censys-cloud-connector-topic"`	no
vpc_connector	The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects//locations//connectors/*.	`string`	`null`	no
vpc_connector_egress_settings	The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.	`string`	`null`	no

Outputs#

Name	Description
api_secret_version	The secret version of the API key
bucket_name	The name of the bucket created
function_name	The name of the function created
function_region	The region the function is in
job_name	The name of the scheduled job to run
project_id	The project ID
providers_secrets_versions	The secret versions of the providers config
topic_name	The name of the topic created