fix: minor terraform changes (#3721)

Couple of small changes to our terraform config:
- Added a couple of required GCP APIs that were missing
- Added a `--gcs-log-dir` arg to the Cloud Build command that is run to
build the ESPv2 image (required with some internal policies)
- updated ESPv2 version to latest

Author: michaelkedar

deployment/terraform/environments/oss-vdb-test/main.tf

@@ -32,10 +32,11 @@ module "osv_test" {
   backups_bucket_retention_days                  = 5
   affected_commits_backups_bucket                = "osv-test-affected-commits"
   affected_commits_backups_bucket_retention_days = 2
+  gcs_log_dir                                    = "gs://oss-vdb-tf/apply-logs"
 
   website_domain = "test.osv.dev"
   api_url        = "api.test.osv.dev"
-  esp_version    = "2.51.0"
+  esp_version    = "2.53.0"
 }
 
 module "k8s_cron_alert" {

deployment/terraform/environments/oss-vdb/main.tf

@@ -32,10 +32,11 @@ module "osv" {
   backups_bucket_retention_days                  = 60
   affected_commits_backups_bucket                = "osv-affected-commits"
   affected_commits_backups_bucket_retention_days = 3
+  gcs_log_dir                                    = "gs://oss-vdb-tf/apply-logs"
 
   website_domain = "osv.dev"
   api_url        = "api.osv.dev"
-  esp_version    = "2.51.0"
+  esp_version    = "2.53.0"
 }
 
 module "k8s_cron_alert" {

deployment/terraform/modules/osv/gcp_apis.tf

@@ -91,3 +91,15 @@ resource "google_project_service" "cloud_build" {
   service            = "cloudbuild.googleapis.com"
   disable_on_destroy = false
 }
+
+resource "google_project_service" "cloud_firestore" {
+  project            = var.project_id
+  service            = "firestore.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "certificate_manager" {
+  project            = var.project_id
+  service            = "certificatemanager.googleapis.com"
+  disable_on_destroy = false
+}

deployment/terraform/modules/osv/osv_api.tf

@@ -59,6 +59,12 @@ variable "_api_descriptor_file" {
   default   = "api/api_descriptor.pb"
 }
 
+variable "gcs_log_dir" {
+  type        = string
+  description = "GCS directory to store cloud build logs."
+  default     = ""
+}
+
 resource "google_endpoints_service" "grpc_service" {
   project      = var.project_id
   service_name = var.api_url
@@ -97,7 +103,8 @@ resource "null_resource" "grpc_proxy_image" {
         -s ${var.api_url} \
         -c ${google_endpoints_service.grpc_service.config_id} \
         -p ${var.project_id} \
-        -v ${var.esp_version}
+        -v ${var.esp_version} \
+        ${var.gcs_log_dir != "" ? format("-l %s", var.gcs_log_dir) : ""}
     EOS
   }
 }

deployment/terraform/modules/osv/scripts/gcloud_build_image

@@ -38,7 +38,8 @@ function error_exit() {
 # IMAGE_REPOSITORY as following:
 #   'LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY'
 
-while getopts :c:s:p:v:z:g:i: arg; do
+GCS_LOG_DIR=""
+while getopts :c:s:p:v:z:g:i:l: arg; do
   case ${arg} in
     c) CONFIG_ID="${OPTARG}";;
     s) SERVICE="${OPTARG}";;
@@ -50,6 +51,7 @@ while getopts :c:s:p:v:z:g:i: arg; do
       BASE_IMAGE="${OPTARG}"
       ESP_FULL_VERSION="custom"
       ;;
+    l) GCS_LOG_DIR="${OPTARG}";;
     \?) error_exit "Unrecognized argument -${OPTARG}";;
   esac
 done
@@ -122,7 +124,11 @@ ENTRYPOINT ["/env_start_proxy.py"]
 EOF
 
 NEW_IMAGE="${IMAGE_REPOSITORY}/endpoints-runtime-serverless:${ESP_FULL_VERSION}-${SERVICE}-${CONFIG_ID}"
-gcloud builds submit --tag "${NEW_IMAGE}" . --project="${PROJECT}"
+GCLOUD_BUILD_ARGS=("--tag" "${NEW_IMAGE}" "." "--project=${PROJECT}")
+if [[ -n "${GCS_LOG_DIR}" ]]; then
+  GCLOUD_BUILD_ARGS+=("--gcs-log-dir=${GCS_LOG_DIR}")
+fi
+gcloud builds submit "${GCLOUD_BUILD_ARGS[@]}"
 )
 
 # Delete the temporary directory we created earlier.