terraform: moved to x/vulndb

For golang/go#50247

Change-Id: I07c75096d7223915d32201779e5984d81edcabdc
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/373503
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/terraform/environment/worker.tf b/terraform/environment/worker.tf
deleted file mode 100644
index 26b97c0..0000000
--- a/terraform/environment/worker.tf
+++ /dev/null
@@ -1,218 +0,0 @@
-# Copyright 2021 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# Config for vuln worker.
-
-################################################################
-# Inputs.
-
-variable "env" {
-  description = "environment name"
-  type        = string
-}
-
-variable "project" {
-  description = "GCP project"
-  type        = string
-}
-
-variable "region" {
-  description = "GCP region"
-  type        = string
-}
-
-variable "use_profiler" {
-  description = "use Stackdriver Profiler"
-  type        = bool
-}
-
-variable "min_frontend_instances" {
-  description = "minimum number of frontend instances"
-  type        = number
-}
-
-variable "oauth_client_id" {
-  description = "OAuth 2 client ID (visit APIs & Services > Credentials)"
-  type = string
-}
-
-variable "oauth_client_secret" {
-  description = "OAuth 2 client ID (visit APIs & Services > Credentials, click on client)"
-  type = string
-}
-
-
-################################################################
-# Cloud Run service.
-
-resource "google_cloud_run_service" "worker" {
-
-  lifecycle {
-    ignore_changes = [
-      # When we deploy, we may use different clients at different versions.
-      # Ignore those changes.
-      template[0].metadata[0].annotations["run.googleapis.com/client-name"],
-      template[0].metadata[0].annotations["run.googleapis.com/client-version"]
-    ]
-  }
-
-  name     = "${var.env}-vuln-worker"
-  project  = var.project
-  location = var.region
-
-  template {
-    spec {
-      containers {
-	# Don't hardcode the image here; get it from GCP. See the "data" block
-	# below for more.
-	image = data.google_cloud_run_service.worker.template[0].spec[0].containers[0].image
-        env {
-          name  = "GOOGLE_CLOUD_PROJECT"
-          value = var.project
-	}
-	env {
-	  name = "VULN_WORKER_NAMESPACE"
-	  value = var.env
-	}
-	env {
-	  name = "VULN_WORKER_REPORT_ERRORS"
-	  value = true
-	}
-	env {
-	  name = "VULN_WORKER_ISSUE_REPO"
-	  value = var.env == "dev"? "": "golang/vulndb"
-	}
-	env{
-          name  = "VULN_WORKER_USE_PROFILER"
-          value = var.use_profiler
-        }
-        resources {
-          limits = {
-            "cpu"    = "1000m"
-            "memory" = "2Gi"
-          }
-        }
-      }
-
-      service_account_name = "frontend@${var.project}.iam.gserviceaccount.com"
-      # 60 minutes is the maximum Cloud Run request time.
-      timeout_seconds = 60 * 60
-    }
-
-    metadata {
-      annotations = {
-        "autoscaling.knative.dev/minScale"  = var.min_frontend_instances
-        "autoscaling.knative.dev/maxScale"  = "1"
-	"client.knative.dev/user-image"     = data.google_cloud_run_service.worker.template[0].spec[0].containers[0].image
-      }
-    }
-  }
-  autogenerate_revision_name = true
-
-  traffic {
-    latest_revision = true
-    percent         = 100
-  }
-}
-
-# We deploy new images with gcloud, not terraform, so we need to
-# make sure that "terraform apply" doesn't change the deployed image
-# to whatever is in this file. (The image attribute is required in
-# a Cloud Run config; it can't be empty.)
-#
-# We use this data source is used to determine the deployed image.
-data "google_cloud_run_service" "worker" {
-  name     = "${var.env}-vuln-worker"
-  project  = var.project
-  location = var.region
-}
-
-################################################################
-# Load balancer for Cloud Run service.
-
-resource "google_compute_region_network_endpoint_group" "worker" {
-  count = var.oauth_client_secret == ""? 0: 1
-  name         = "${var.env}-vuln-worker-neg"
-  network_endpoint_type = "SERVERLESS"
-  project = var.project
-  region = var.region
-  cloud_run {
-    service = google_cloud_run_service.worker.name
-  }
-}
-
-module "worker_lb" {
-  count = var.oauth_client_secret == ""? 0: 1
-  source  = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
-  version = "~> 6.1.1"
-
-  name = "${var.env}-vuln-worker-lb"
-  project = var.project
-
-  ssl                             = true
-  managed_ssl_certificate_domains = ["${var.env}-vuln-worker.go.dev"]
-  https_redirect                  = true
-
-  backends = {
-    default = {
-      description = null
-      groups = [
-        {
-	  group = google_compute_region_network_endpoint_group.worker[0].id
-        }
-      ]
-      enable_cdn              = false
-      security_policy         = null
-      custom_request_headers  = null
-      custom_response_headers = null
-
-      iap_config = {
-        enable               = true
-        oauth2_client_id     = var.oauth_client_id
-        oauth2_client_secret = var.oauth_client_secret
-      }
-      log_config = {
-        enable      = false
-        sample_rate = null
-      }
-    }
-  }
-}
-
-output "worker_url" {
-  value = data.google_cloud_run_service.worker.status[0].url
-}
-
-output "load_balancer_ip" {
-  value = var.oauth_client_secret == ""? "": module.worker_lb[0].external_ip
-}
-
-################################################################
-# Other components.
-
-locals {
-  tz = "America/New_York"
-}
-
-data "google_compute_default_service_account" "default" {
-  project = var.project
-}
-
-resource "google_cloud_scheduler_job" "issue_triage" {
-  name             = "${var.env}-issue-triage"
-  description      = "Updates the DB and files issues."
-  schedule         = "0 * * * *" # every hour
-  time_zone        = local.tz
-  project          = var.project
-  attempt_deadline = format("%ds", 60 * 60)
-
-  http_target {
-    http_method = "POST"
-    uri         = "${google_cloud_run_service.worker.status[0].url}/update-and-issues"
-    oidc_token {
-      service_account_email = data.google_compute_default_service_account.default.email
-      audience              = var.oauth_client_id
-    }
-  }
-}
diff --git a/terraform/main.tf b/terraform/main.tf
deleted file mode 100644
index 6739480..0000000
--- a/terraform/main.tf
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 2021 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# Terraform configuration for GCP components from this repo.
-
-terraform {
-  required_version = ">= 1.0.9, < 2.0.0"
-  # Store terraform state in a GCS bucket, so all team members share it.
-  backend "gcs" {
-    bucket = "go-discovery-exp"
-    prefix = "vuln"
-  }
-  required_providers {
-    google = {
-      version = "~> 3.90.1"
-      source  = "hashicorp/google"
-    }
-  }
-}
-
-locals {
-  region = "us-central1"
-}
-
-provider "google" {
-  region = local.region
-}
-
-# Inputs for values that should not appear in the repo.
-# Terraform will prompt for these when you run it, or
-# you can put them in a local file that is only readable
-# by you, and pass them to terraform.
-# See https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files.
-
-variable "prod_client_secret" {
-  description = "OAuth 2 client secret for prod"
-  type        = string
-  sensitive   = true
-}
-
-
-
-# Deployment environments
-
-module "dev" {
-  source                 = "./environment"
-  env                    = "dev"
-  project                = "go-discovery-exp"
-  region                 = local.region
-  use_profiler           = false
-  min_frontend_instances = 0
-  oauth_client_id              = "55665122702-tk2rogkaalgru7pqibvbltqs7geev8j5.apps.googleusercontent.com"
-  oauth_client_secret          = ""  # go-discovery-exp does not allow external load balancers
-}
-
-# module "prod" {
-#   source                 = "./environment"
-#   env                    = "prod"
-#   project                = "golang-org"
-#   region                 = local.region
-#   use_profiler           = true
-#   min_frontend_instances = 1
-#   client_id              = "unknown"
-#   client_secret          = var.prod_client_secret
-# }
-