diff --git a/IaC/modules/mlflow/server/main.tf b/IaC/modules/mlflow/server/main.tf index 07801a5..0b55a17 100644 --- a/IaC/modules/mlflow/server/main.tf +++ b/IaC/modules/mlflow/server/main.tf @@ -43,14 +43,14 @@ resource "google_project_iam_member" "cloudsql" { depends_on = [google_app_engine_application.app] project = data.google_project.project.project_id role = "roles/cloudsql.client" - member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name) + member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.project_id) } resource "google_project_iam_member" "secret" { depends_on = [google_app_engine_application.app] project = data.google_project.project.project_id role = "roles/secretmanager.secretAccessor" - member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name) + member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.project_id) } resource "google_project_iam_member" "gcs" { @@ -64,14 +64,14 @@ resource "google_project_iam_member" "gae_gcs" { depends_on = [google_app_engine_application.app] project = data.google_project.project.project_id role = "roles/storage.objectViewer" - member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name) + member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.project_id) } resource "google_project_iam_member" "gae_api" { depends_on = [google_app_engine_application.app] project = data.google_project.project.project_id role = "roles/compute.networkUser" - member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name) + member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.project_id) } resource "google_app_engine_flexible_app_version" "myapp_v1" { @@ -130,8 +130,8 @@ resource "google_iap_client" "project_client" { brand = google_iap_brand.project_brand.name } resource "google_iap_app_engine_service_iam_binding" "member" { - project = data.google_project.project.name - app_id = data.google_project.project.name + project = data.google_project.project.project_id + app_id = data.google_project.project.project_id service = google_app_engine_flexible_app_version.myapp_v1.service role = "roles/iap.httpsResourceAccessor" members = var.web_app_users diff --git a/README.md b/README.md index 106722e..01a8175 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ A tool to deploy a mostly serverless MLflow on a GCP project with one command ### Pre-requesites - A GCP project on which you are owner +- Terraform >= 0.13.2 installed - Initialized gcloud SDK with your owner account - Docker engine running - No app engine application running and no consent screen already setup @@ -17,11 +18,12 @@ Fill out the `vars` file. |`TF_VAR_project_id`|Name of the GCP project| |`TF_VAR_backend_bucket`|Name of the terraform backend bucket. Should be globally unique. No `gs://` prefix| |`TF_VAR_consent_screen_support_email`|Contact email address displayed by the SSO screen when the user trying to log in is not authorized. The address should be that of the user deploying mlflow (you) or a Cloud Identity group managed by this user| -|`TF_VAR_web_app_users`|List of authorized users/groups/domains. Should be a single quoted list of string such as '["user:jane@example.com", "group:people@example.com", "domain:example.com"]'| +|`TF_VAR_web_app_users`|List of authorized users/groups/domains. Should be a single quoted list of string such as '["user:jane@example.com", "group:people@example.com", "domain:example.com"]'. Email addresses and domains must be associated with an active Google Account, G Suite account, or Cloud Identity account.| |`TF_VAR_network_name`|The network the application and backend should attach to. If left blank, a new network will be created.| **Run `make one-click-mlflow` and follow the prompts.** + ### What it does - Enables the necessary services - Builds and pushes the MLFlow docker image diff --git a/vars b/vars index 43044fd..4cab2cb 100644 --- a/vars +++ b/vars @@ -1,5 +1,5 @@ -export TF_VAR_project_id=two-click-mlflow -export TF_VAR_backend_bucket=tfstate-mlflow-atf-two -export TF_VAR_consent_screen_support_email=alexis.vialaret@artefact.com -export TF_VAR_web_app_users='["user:alexis.vialaret@artefact.com", "user:thomas.griseau@artefact.com"]' -export TF_VAR_network_name=default \ No newline at end of file +export TF_VAR_project_id= +export TF_VAR_backend_bucket= +export TF_VAR_consent_screen_support_email= +export TF_VAR_web_app_users= +export TF_VAR_network_name= \ No newline at end of file