At Cycloid, we developed Inframap: a command line interface (CLI) used to generate graphs from Terraform HCL or TFState. Behind this CLI, there is a library: why not use it to provide a service? Like an endpoint where you send your TFState and it returns a graph? Let’s try!
One of Google Cloud Platform's most famous serverless features is Google Cloud Functions but it has some cons: you depend on the supported runtimes, their versions, and you can’t serve “complex” applications with specific system dependencies.
Let’s try Google Cloud Run, an alternative allowing you to provide serverless features through a Docker container.
In terms of requirements, you only need a Google Cloud Platform account and a Docker setup somewhere - don’t forget to configure your Google Container Registry access.
$ gcloud auth configure-docker
Now, let’s write some code: we want a simple HTTP server, handling POST requests on the root. Content of the request (TFState) will be provided to InfraMap’s lib in order to generate a graph from it.
The code here is not really interesting but you can check it out on GitHub.
Same for the Dockerfile, nothing fancy: a multistage build with a cache strategy for the dependencies but now we start realizing what's so cool about Google Cloud Run: you deploy a Docker image so you're in control of the environment.
Now, let’s build and push our Docker image to our Google Container Registry.
$ docker build -t gcr.io/your-project-id/inframap-service
$ docker push gcr.io/your-project-id/inframap-service
That’s it, we now have everything for our Google Cloud Run application to run.
$ gcloud run deploy inframap-service --image gcr.io/your-project-id/inframap-service --platform managed
Yep, it’s that easy! The application should now be available, let’s try to find the endpoint and try a request:
$ curl -X POST $(gcloud run services describe inframap-service --platform managed --format json | jq -r '.status.url ') -H "Content-Type: application/text" --data @generate/testdata/flexibleengine.json
strict digraph G {
"flexibleengine_networking_secgroup_rule_v2.ZPPPO"->"flexibleengine_networking_secgroup_v2.uiWdG";
"flexibleengine_networking_secgroup_v2.mDAul"->"flexibleengine_networking_secgroup_rule_v2.ZPPPO";
"flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_blockstorage_volume_v2.hOHQu";
"flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_networking_port_v2.nLwOe";
"flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_blockstorage_volume_v2.hOHQu";
"flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_networking_port_v2.nLyuK";
"flexibleengine_networking_secgroup_v2.uiWdG"->"flexibleengine_networking_port_v2.nLwOe";
…
Cool! It works as expected: exactly the same behavior as on the CLI but now it’s hosted and available through an endpoint on the cloud!
Keep in mind that this is a proof of concept and that TFStates can contain sensitive data so we don't recommend sending it to an unknown endpoint!