Skip to content

GitLab

Commit 3d1fd025 authored by John Jarvis's avatar John Jarvis
Browse files
Options

Jarv/the big switch

parent 81ee5769
Hide whitespace changes
Inline Side-by-side
Showing with 181 additions and 196 deletions
environments/gprd/gprd-monitoring-url-map.tf
View file @ 3d1fd025
......@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["performance.gprd.gitlab.com"]
hosts = ["performance.gprd.gitlab.net"]
path_matcher = "performance"
}
path_matcher {
......@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["prometheus.gprd.gitlab.com"]
hosts = ["prometheus.gprd.gitlab.net"]
path_matcher = "prometheus"
}
path_matcher {
......@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["prometheus-app.gprd.gitlab.com"]
hosts = ["prometheus-app.gprd.gitlab.net"]
path_matcher = "prometheus-app"
}
path_matcher {
......@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["kibana.gprd.gitlab.com"]
path_matcher = "kibana"
}
path_matcher {
name = "kibana"
default_service = "${module.kibana.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.kibana.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["alerts.gprd.gitlab.com"]
hosts = ["alerts.gprd.gitlab.net"]
path_matcher = "alerts"
}
path_matcher {
......
environments/gprd/main.tf
View file @ 3d1fd025
......@@ -8,8 +8,8 @@ provider "aws" {
region = "us-east-1"
}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
variable "gitlab_com_zone_id" {}
## Google
......@@ -607,19 +607,18 @@ module "fe-lb-altssh" {
#######################
module "web-iap" {
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/web-iap"
name = "web-iap"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
web_ip_fqdn = "gprd.gitlab.com"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/web-iap"
name = "web-iap"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
web_ip_fqdn = "gprd.gitlab.com"
}
##################################
......@@ -634,7 +633,7 @@ module "gcp-tcp-lb" {
lb_count = "${length(var.tcp_lbs["names"])}"
names = "${var.tcp_lbs["names"]}"
fqdn = "${var.lb_fqdn}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -651,7 +650,7 @@ module "gcp-tcp-lb-pages" {
lb_count = "${length(var.tcp_lbs_pages["names"])}"
names = "${var.tcp_lbs_pages["names"]}"
fqdn = "${var.lb_fqdn_pages}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -668,7 +667,7 @@ module "gcp-tcp-lb-altssh" {
lb_count = "${length(var.tcp_lbs_altssh["names"])}"
names = "${var.tcp_lbs_altssh["names"]}"
fqdn = "${var.lb_fqdn_altssh}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -684,7 +683,7 @@ module "gcp-tcp-lb-bastion" {
environment = "${var.environment}"
forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
fqdn = "${var.lb_fqdn_bastion}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
health_check_ports = "${var.tcp_lbs_bastion["health_check_ports"]}"
instances = ["${module.bastion.instances_self_link}"]
lb_count = "${length(var.tcp_lbs_bastion["names"])}"
......@@ -804,10 +803,10 @@ module "monitoring-lb" {
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
name = "monitoring-lb"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["${values(var.monitoring_hosts)}"]
url_map = "${google_compute_url_map.monitoring-lb.self_link}"
......@@ -828,13 +827,13 @@ module "performance" {
machine_type = "${var.machine_types["monitoring"]}"
name = "performance"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_performance}"
oauth2_client_secret = "${var.oauth2_client_secret_performance}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_path = "/login"
service_port = "${var.monitoring_hosts["performance"]}"
service_port = "${var.monitoring_hosts["performance.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -854,13 +853,13 @@ module "prometheus" {
machine_type = "${var.machine_types["monitoring"]}"
name = "prometheus"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt/prometheus"
project = "${var.project}"
region = "${var.region}"
service_path = "/graph"
service_port = "${var.monitoring_hosts["prometheus"]}"
service_port = "${var.monitoring_hosts["prometheus.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -880,39 +879,13 @@ module "prometheus-app" {
machine_type = "${var.machine_types["monitoring"]}"
name = "prometheus-app"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt/prometheus"
project = "${var.project}"
region = "${var.region}"
service_path = "/graph"
service_port = "${var.monitoring_hosts["prometheus-app"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "kibana" {
attach_data_disk = true
bootstrap_version = 3
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-kibana]\""
data_disk_size = 100
data_disk_type = "pd-standard"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
machine_type = "${var.machine_types["monitoring"]}"
name = "kibana"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_path = "/login"
service_port = "${var.monitoring_hosts["kibana"]}"
service_port = "${var.monitoring_hosts["prometheus-app.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -938,9 +911,9 @@ module "alerts" {
source = "../../modules/google/monitoring-with-count"
tier = "inf"
persistent_disk_path = "/opt"
service_port = "${var.monitoring_hosts["alerts"]}"
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
service_port = "${var.monitoring_hosts["alerts.${var.environment}"]}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
health_check = "tcp"
service_account_email = "${var.service_account_email}"
......
environments/gprd/variables.tf
View file @ 3d1fd025
variable "oauth2_client_id_prometheus" {}
variable "oauth2_client_secret_prometheus" {}
variable "oauth2_client_id_performance" {}
variable "oauth2_client_secret_performance" {}
variable "oauth2_client_id_monitoring" {}
variable "oauth2_client_secret_monitoring" {}
variable "monitoring_hosts" {
type = "map"
default = {
"performance" = "80"
"prometheus" = "9090"
"prometheus-app" = "9090"
"kibana" = "80"
"alerts" = "9093"
"performance.gprd" = "80"
"prometheus.gprd" = "9090"
"prometheus-app.gprd" = "9090"
"alerts.gprd" = "9093"
}
}
......@@ -187,7 +183,7 @@ variable "chef_version" {
}
variable "monitoring_cert_link" {
default = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
default = "projects/gitlab-production/global/sslCertificates/wildcard-gprd-gitlab-net"
}
variable "machine_types" {
......
environments/gstg/gstg-monitoring-url-map.tf
View file @ 3d1fd025
......@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["performance.gstg.gitlab.com"]
hosts = ["performance.gstg.gitlab.net"]
path_matcher = "performance"
}
path_matcher {
......@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["prometheus.gstg.gitlab.com"]
hosts = ["prometheus.gstg.gitlab.net"]
path_matcher = "prometheus"
}
path_matcher {
......@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["prometheus-app.gstg.gitlab.com"]
hosts = ["prometheus-app.gstg.gitlab.net"]
path_matcher = "prometheus-app"
}
path_matcher {
......@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule {
hosts = ["kibana.gstg.gitlab.com"]
path_matcher = "kibana"
}
path_matcher {
name = "kibana"
default_service = "${module.kibana.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.kibana.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["alerts.gstg.gitlab.com"]
hosts = ["alerts.gstg.gitlab.net"]
path_matcher = "alerts"
}
path_matcher {
......
environments/gstg/main.tf
View file @ 3d1fd025
......@@ -8,9 +8,6 @@ provider "aws" {
region = "us-east-1"
}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
## Google
provider "google" {
......@@ -590,19 +587,18 @@ module "fe-lb-altssh" {
#######################
module "web-iap" {
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/web-iap"
name = "web-iap"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
web_ip_fqdn = "${var.web_iap_fqdn}"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/web-iap"
name = "web-iap"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
web_ip_fqdn = "${var.web_iap_fqdn}"
}
##################################
......@@ -617,7 +613,7 @@ module "gcp-tcp-lb" {
lb_count = "${length(var.tcp_lbs["names"])}"
names = "${var.tcp_lbs["names"]}"
fqdn = "${var.lb_fqdn}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -634,7 +630,7 @@ module "gcp-tcp-lb-pages" {
lb_count = "${length(var.tcp_lbs_pages["names"])}"
names = "${var.tcp_lbs_pages["names"]}"
fqdn = "${var.lb_fqdn_pages}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -651,7 +647,7 @@ module "gcp-tcp-lb-altssh" {
lb_count = "${length(var.tcp_lbs_altssh["names"])}"
names = "${var.tcp_lbs_altssh["names"]}"
fqdn = "${var.lb_fqdn_altssh}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
......@@ -667,7 +663,7 @@ module "gcp-tcp-lb-bastion" {
environment = "${var.environment}"
forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
fqdn = "${var.lb_fqdn_bastion}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
health_check_ports = "${var.tcp_lbs_bastion["health_check_ports"]}"
instances = ["${module.bastion.instances_self_link}"]
lb_count = "${length(var.tcp_lbs_bastion["names"])}"
......@@ -785,10 +781,10 @@ module "monitoring-lb" {
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
name = "monitoring-lb"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["${values(var.monitoring_hosts)}"]
url_map = "${google_compute_url_map.monitoring-lb.self_link}"
......@@ -807,14 +803,14 @@ module "performance" {
machine_type = "${var.machine_types["monitoring"]}"
name = "performance"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_performance}"
oauth2_client_secret = "${var.oauth2_client_secret_performance}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_path = "/login"
service_port = "${var.monitoring_hosts["performance"]}"
service_port = "${var.monitoring_hosts["performance.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -832,14 +828,14 @@ module "prometheus" {
machine_type = "${var.machine_types["monitoring"]}"
name = "prometheus"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt/prometheus"
project = "${var.project}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_path = "/graph"
service_port = "${var.monitoring_hosts["prometheus"]}"
service_port = "${var.monitoring_hosts["prometheus.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -857,39 +853,14 @@ module "prometheus-app" {
machine_type = "${var.machine_types["monitoring"]}"
name = "prometheus-app"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt/prometheus"
project = "${var.project}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_path = "/graph"
service_port = "${var.monitoring_hosts["prometheus-app"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
}
module "kibana" {
attach_data_disk = true
bootstrap_version = 4
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-kibana]\""
data_disk_size = 100
data_disk_type = "pd-standard"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
machine_type = "${var.machine_types["monitoring"]}"
name = "kibana"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_path = "/login"
service_port = "${var.monitoring_hosts["kibana"]}"
service_port = "${var.monitoring_hosts["prometheus-app.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......@@ -908,13 +879,13 @@ module "alerts" {
machine_type = "${var.machine_types["monitoring"]}"
name = "alerts"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_port = "${var.monitoring_hosts["alerts"]}"
service_port = "${var.monitoring_hosts["alerts.${var.environment}"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
......
environments/gstg/variables.tf
View file @ 3d1fd025
variable "oauth2_client_id_prometheus" {}
variable "oauth2_client_secret_prometheus" {}
variable "oauth2_client_id_monitoring" {}
variable "oauth2_client_secret_monitoring" {}
variable "oauth2_client_id_performance" {}
variable "oauth2_client_secret_performance" {}
variable "gitlab_net_zone_id" {}
variable "gitlab_com_zone_id" {}
#######################
# pubsubbeat config
......@@ -35,11 +35,10 @@ variable "monitoring_hosts" {
type = "map"
default = {
"performance" = "80"
"prometheus" = "9090"
"prometheus-app" = "9090"
"kibana" = "80"
"alerts" = "9093"
"performance.gstg" = "80"
"prometheus.gstg" = "9090"
"prometheus-app.gstg" = "9090"
"alerts.gstg" = "9093"
}
}
......@@ -184,7 +183,7 @@ variable "chef_version" {
}
variable "monitoring_cert_link" {
default = "projects/gitlab-staging-1/global/sslCertificates/gstg-wildcard"
default = "projects/gitlab-staging-1/global/sslCertificates/wildcard-gstg-gitlab-net"
}
variable "machine_types" {
......
environments/ops/main.tf
View file @ 3d1fd025
......@@ -69,25 +69,61 @@ resource "google_compute_firewall" "allow-lb-traffic" {
#
#################################
module "log-lb" {
subnetwork_name = "${module.log-proxy.google_compute_subnetwork_name}"
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
name = "monitoring-lb"
gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
project = "${var.project}"
region = "${var.region}"
cert_link = "${var.log_gitlab_net_cert_link}"
service_ports = ["9090"]
url_map = "${google_compute_url_map.log.self_link}"
hosts = ["log"]
}
# ###########################################################
resource "google_compute_url_map" "log" {
name = "${format("log-%v", var.environment)}"
default_service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
host_rule {
hosts = ["log.gitlab.net"]
path_matcher = "log"
}
path_matcher {
name = "log"
default_service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
path_rule {
paths = ["/*"]
service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
}
}
}
module "log-proxy" {
bootstrap_version = 4
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-log-proxy]\""
enable_iap = true
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
oauth2_client_id = "${var.oauth2_client_id_log_proxy}"
oauth2_client_secret = "${var.oauth2_client_secret_log_proxy}"
machine_type = "${var.machine_types["log-proxy"]}"
public_ports = "${var.public_ports["log-proxy"]}"
ip_cidr_range = "${var.subnetworks["logging"]}"
name = "log-proxy"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_log_proxy}"
oauth2_client_secret = "${var.oauth2_client_secret_log_proxy}"
project = "${var.project}"
region = "${var.region}"
health_check = "tcp"
service_port = "8080"
health_check = "http"
service_port = "9090"
source = "../../modules/google/generic-sv-with-group"
enable_iap = true
tier = "inf"
service_account_email = "${var.service_account_email}"