From 58eee8b122920bc702ad8deb1622188d007f93c5 Mon Sep 17 00:00:00 2001
From: Jossua91 <jossua.creuzet@gmail.com>
Date: Thu, 4 Dec 2025 09:51:23 +0100
Subject: [PATCH] feat: iam module

---
 terraform/environments/dev/main.tf |  5 +++++
 terraform/modules/iam/main.tf      | 22 ++++++++++++++++++++++
 terraform/modules/iam/outputs.tf   | 10 ++++++++++
 terraform/modules/iam/variables.tf |  4 ++++
 4 files changed, 41 insertions(+)
 create mode 100644 terraform/modules/iam/main.tf
 create mode 100644 terraform/modules/iam/outputs.tf
 create mode 100644 terraform/modules/iam/variables.tf

diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf
index 07cb82e..f0c5541 100644
--- a/terraform/environments/dev/main.tf
+++ b/terraform/environments/dev/main.tf
@@ -29,4 +29,9 @@ module "compute" {
     frontend_subnet_id = module.network.subnet_ids["frontend"]
     backend_subnet_id = module.network.subnet_ids["backend"]
     database_subnet_id = module.network.subnet_ids["database"]
+}
+
+module "iam" {
+    source = "../../modules/iam"
+    project_id = var.project_id
 }
\ No newline at end of file
diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf
new file mode 100644
index 0000000..17e1ec1
--- /dev/null
+++ b/terraform/modules/iam/main.tf
@@ -0,0 +1,22 @@
+resource "google_service_account" "terraform" {
+    account_id   = "terraform"
+    display_name = "Service Account for Terraform"
+}
+
+resource "google_service_account_key" "terraform_key" {
+    service_account_id = google_service_account.terraform.name
+    public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
+resource "google_project_iam_binding" "terraform_viewer" {
+    project = var.project_id
+    role    = "roles/viewer"
+    members = ["serviceAccount:${google_service_account.terraform.email}"]
+}
+
+data "google_client_openid_userinfo" "me" {}
+
+resource "google_os_login_ssh_public_key" "default" {
+    user = data.google_client_openid_userinfo.me.email
+    key  = file("~/.ssh/id_ed25519.pub")
+}
\ No newline at end of file
diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf
new file mode 100644
index 0000000..67dfb02
--- /dev/null
+++ b/terraform/modules/iam/outputs.tf
@@ -0,0 +1,10 @@
+output "service_account_email" {
+    description = "Email du Service Account"
+    value       = google_service_account.terraform.email
+}
+
+output "service_account_key" {
+    description = "Clé privée du Service Account"
+    value       = google_service_account_key.terraform_key.private_key
+    sensitive   = true
+}
\ No newline at end of file
diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf
new file mode 100644
index 0000000..5696978
--- /dev/null
+++ b/terraform/modules/iam/variables.tf
@@ -0,0 +1,4 @@
+variable "project_id" {
+    description = "ID du projet GCP"
+    type        = string
+}
\ No newline at end of file