resolve merge conflict

.github/workflows/ci.yaml

@@ -0,0 +1,35 @@
+name: Terraform CI
+on: 
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  Terraform-Lint-Check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.5.7"
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check -recursive
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform -chdir=applications/rag init 
+          terraform -chdir=applications/ray init 
+          terraform -chdir=applications/jupyter init 
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          terraform -chdir=applications/rag validate -no-color
+          terraform -chdir=applications/ray validate -no-color
+          terraform -chdir=applications/jupyter validate -no-color
+

applications/jupyter/main.tf

@@ -70,6 +70,23 @@ module "gcs" {
   bucket_name = var.gcs_bucket
 }
 
+# create namespace
+module "namespace" {
+  source           = "../../modules/kubernetes-namespace"
+  namespace        = var.namespace
+  create_namespace = true
+}
+
+# IAP Section: Enabled the IAP service
+resource "google_project_service" "project_service" {
+  count   = var.add_auth ? 1 : 0
+  project = var.project_id
+  service = "iap.googleapis.com"
+
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
 # Creates jupyterhub
 module "jupyterhub" {
   source                            = "../../modules/jupyter"
@@ -80,19 +97,19 @@ module "jupyterhub" {
   autopilot_cluster                 = data.google_container_cluster.default.enable_autopilot
 
   # IAP Auth parameters
-  add_auth                  = var.add_auth
-  brand                     = var.brand
-  support_email             = var.support_email
-  client_id                 = var.client_id
-  client_secret             = var.client_secret
-  k8s_ingress_name          = var.k8s_ingress_name
-  k8s_managed_cert_name     = var.k8s_managed_cert_name
-  k8s_iap_secret_name       = var.k8s_iap_secret_name
-  k8s_backend_config_name   = var.k8s_backend_config_name
-  k8s_backend_service_name  = var.k8s_backend_service_name
-  k8s_backend_service_port  = var.k8s_backend_service_port
-  url_domain_addr           = var.url_domain_addr
-  url_domain_name           = var.url_domain_name
-  members_allowlist         = var.members_allowlist
-  depends_on                = [module.gcs]
+  add_auth                 = var.add_auth
+  brand                    = var.brand
+  support_email            = var.support_email
+  client_id                = var.client_id
+  client_secret            = var.client_secret
+  k8s_ingress_name         = var.k8s_ingress_name
+  k8s_managed_cert_name    = var.k8s_managed_cert_name
+  k8s_iap_secret_name      = var.k8s_iap_secret_name
+  k8s_backend_config_name  = var.k8s_backend_config_name
+  k8s_backend_service_name = var.k8s_backend_service_name
+  k8s_backend_service_port = var.k8s_backend_service_port
+  url_domain_addr          = var.url_domain_addr
+  url_domain_name          = var.url_domain_name
+  members_allowlist        = var.members_allowlist
+  depends_on               = [module.gcs, module.namespace]
 }

applications/jupyter/variables.tf

@@ -63,9 +63,9 @@ variable "k8s_ingress_name" {
 }
 
 variable "k8s_managed_cert_name" {
-  type          = string
-  description   = "Name for frontend managed certificate"
-  default       = "jupyter-managed-cert"
+  type        = string
+  description = "Name for frontend managed certificate"
+  default     = "jupyter-managed-cert"
 }
 
 variable "k8s_iap_secret_name" {
@@ -86,9 +86,9 @@ variable "k8s_backend_service_name" {
 }
 
 variable "k8s_backend_service_port" {
-  type            = number
-  description     = "Name of the Backend Service on GCP"
-  default         = 80
+  type        = number
+  description = "Name of the Backend Service on GCP"
+  default     = 80
 }
 
 variable "brand" {
@@ -112,6 +112,7 @@ variable "url_domain_name" {
 variable "support_email" {
   type        = string
   description = "Email for users to contact with questions about their consent"
+  default     = ""
 }
 
 variable "client_id" {
@@ -128,7 +129,7 @@ variable "client_secret" {
 }
 
 variable "create_gcs_bucket" {
-  type          = bool
-  default       = false
-  description   = "Enable flag to create gcs_bucket"
+  type        = bool
+  default     = false
+  description = "Enable flag to create gcs_bucket"
 }

applications/jupyter/workloads-auto-create-brand.example.tfvars

@@ -26,23 +26,23 @@ cluster_membership_id = "" # required only for private cluster, default: cluster
 #######################################################
 
 ## JupyterHub variables
-namespace                                   = "jupyter"
-create_gcs_bucket                           = true
-gcs_bucket                                  = "<gcs-bucket>"
-workload_identity_service_account           = "jupyter-service-account"
+namespace                         = "jupyter"
+create_gcs_bucket                 = true
+gcs_bucket                        = "<gcs-bucket>"
+workload_identity_service_account = "jupyter-service-account"
 
 # Jupyterhub with IAP
-add_auth                  = true
-brand                     = "" # Leave it empty to auto create
-support_email             = "<email>"
-k8s_ingress_name          = "jupyter-ingress"
-k8s_iap_secret_name       = "jupyter-iap-secret"
-k8s_backend_config_name   = "jupyter-iap-config"
-k8s_backend_service_name  = "proxy-public"
-k8s_backend_service_port  = 80
+add_auth                 = true
+brand                    = "" # Leave it empty to auto create
+support_email            = "<email>"
+k8s_ingress_name         = "jupyter-ingress"
+k8s_iap_secret_name      = "jupyter-iap-secret"
+k8s_backend_config_name  = "jupyter-iap-config"
+k8s_backend_service_name = "proxy-public"
+k8s_backend_service_port = 80
 
-url_domain_addr           = ""
-url_domain_name           = ""
-client_id                 = ""
-client_secret             = ""
-members_allowlist         = ["allAuthenticatedUsers", "user:<email>"]
+url_domain_addr   = ""
+url_domain_name   = ""
+client_id         = ""
+client_secret     = ""
+members_allowlist = ["allAuthenticatedUsers", "user:<email>"]

applications/jupyter/workloads-existing-brand-auto-create-client.example.tfvars

@@ -26,22 +26,22 @@ cluster_membership_id = "" # required only for private cluster, default: cluster
 #######################################################
 
 ## JupyterHub variables
-namespace                                   = "jupyter"
-gcs_bucket                                  = "<gcs-bucket>"
-workload_identity_service_account           = "jupyter-service-account"
+namespace                         = "jupyter"
+gcs_bucket                        = "<gcs-bucket>"
+workload_identity_service_account = "jupyter-service-account"
 
 # Jupyterhub with IAP
-add_auth                  = true
-brand                     = "projects/<prj-number>/brands/<prj-number>" # ensure brand is Internal
-support_email             = "<email>"
-k8s_ingress_name          = "jupyter-ingress"
-k8s_iap_secret_name       = "jupyter-iap-secret"
-k8s_backend_config_name   = "jupyter-iap-config"
-k8s_backend_service_name  = "proxy-public"
-k8s_backend_service_port  = 80
+add_auth                 = true
+brand                    = "projects/<prj-number>/brands/<prj-number>" # ensure brand is Internal
+support_email            = "<email>"
+k8s_ingress_name         = "jupyter-ingress"
+k8s_iap_secret_name      = "jupyter-iap-secret"
+k8s_backend_config_name  = "jupyter-iap-config"
+k8s_backend_service_name = "proxy-public"
+k8s_backend_service_port = 80
 
-url_domain_addr           = ""
-url_domain_name           = ""
-client_id                 = ""
-client_secret             = ""
-members_allowlist         = ["allAuthenticatedUsers", "user:<email>"]
+url_domain_addr   = ""
+url_domain_name   = ""
+client_id         = ""
+client_secret     = ""
+members_allowlist = ["allAuthenticatedUsers", "user:<email>"]

applications/jupyter/workloads-existing-brand-existing-client.example.tfvars

@@ -26,20 +26,20 @@ cluster_membership_id = "" # required only for private cluster, default: cluster
 #######################################################
 
 ## JupyterHub variables
-namespace                                   = "jupyter"
-create_gcs_bucket                           = true
-gcs_bucket                                  = "<gcs-bucket>"
-workload_identity_service_account           = "jupyter-service-account"
+namespace                         = "jupyter"
+create_gcs_bucket                 = true
+gcs_bucket                        = "<gcs-bucket>"
+workload_identity_service_account = "jupyter-service-account"
 
 # Jupyterhub with IAP
-add_auth = true
-brand = "projects/<prj-number>/brands/<prj-number>"
-support_email = "<email>"
-k8s_ingress_name          = "jupyter-ingress"
-k8s_iap_secret_name       = "jupyter-iap-secret"
-k8s_backend_config_name   = "jupyter-iap-config"
-k8s_backend_service_name  = "proxy-public"
-k8s_backend_service_port  = 80
+add_auth                 = true
+brand                    = "projects/<prj-number>/brands/<prj-number>"
+support_email            = "<email>"
+k8s_ingress_name         = "jupyter-ingress"
+k8s_iap_secret_name      = "jupyter-iap-secret"
+k8s_backend_config_name  = "jupyter-iap-config"
+k8s_backend_service_name = "proxy-public"
+k8s_backend_service_port = 80
 
 url_domain_addr   = ""
 url_domain_name   = ""

applications/jupyter/workloads-without-iap.example.tfvars

@@ -26,10 +26,10 @@ cluster_membership_id = "" # required only for private clusters, default: cluste
 #######################################################
 
 ## JupyterHub variables
-namespace                   = "jupyter"
-gcs_bucket                  = "<gcs-bucket>"
-create_service_account      = true
-gcp_and_k8s_service_account = "jupyter-service-account"
+namespace                         = "jupyter"
+gcs_bucket                        = "<gcs-bucket>"
+create_gcs_bucket                 = true
+workload_identity_service_account = "jupyter-service-account"
 
 # Jupyterhub without IAP
-add_auth                  = false
+add_auth = false

applications/jupyter/workloads.tfvars

@@ -26,25 +26,25 @@ cluster_membership_id = "" # required for private cluster, defaults to `cluster_
 #######################################################
 
 ## JupyterHub variables
-namespace                                   = "ml"
-gcs_bucket                                  = "gcs-bucket-dsfhfh"
-create_gcs_bucket                           = true
-workload_identity_service_account           = "jupyter-service-account"
+namespace                         = "ml"
+gcs_bucket                        = "gcs-bucket-dsfhfh"
+create_gcs_bucket                 = true
+workload_identity_service_account = "jupyter-service-account"
 
 # Jupyterhub with IAP
-add_auth                  = false
+add_auth = false
 # TODO make this a bool flag and fetch the project number in tf
-brand                     = "projects/<prj-number>/brands/<prj-number>" # ensure brand is Internal
-support_email             = "<email>"
-k8s_ingress_name          = "jupyter-ingress"
-k8s_managed_cert_name     = "jupyter-managed-cert"
-k8s_iap_secret_name       = "jupyter-iap-secret"
-k8s_backend_config_name   = "jupyter-iap-config"
-k8s_backend_service_name  = "proxy-public"
-k8s_backend_service_port  = 80
+brand                    = "projects/<prj-number>/brands/<prj-number>" # ensure brand is Internal
+support_email            = "<email>"
+k8s_ingress_name         = "jupyter-ingress"
+k8s_managed_cert_name    = "jupyter-managed-cert"
+k8s_iap_secret_name      = "jupyter-iap-secret"
+k8s_backend_config_name  = "jupyter-iap-config"
+k8s_backend_service_name = "proxy-public"
+k8s_backend_service_port = 80
 
-url_domain_addr           = ""
-url_domain_name           = ""
-client_id                 = ""
-client_secret             = ""
-members_allowlist         = ["allAuthenticatedUsers", "user:<email>"]
+url_domain_addr   = ""
+url_domain_name   = ""
+client_id         = ""
+client_secret     = ""
+members_allowlist = ["allAuthenticatedUsers", "user:<email>"]