From e0260e91c02092a6650397e000b930ee5d50b6d7 Mon Sep 17 00:00:00 2001
From: dick <adrien.dick@etu.u-pec.fr>
Date: Thu, 4 Dec 2025 11:33:11 +0100
Subject: [PATCH] Tout marche (normalement)

---
 iam-step.md        |  90 +++++++
 terraform-show.txt | 653 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 743 insertions(+)
 create mode 100644 iam-step.md
 create mode 100644 terraform-show.txt

diff --git a/iam-step.md b/iam-step.md
new file mode 100644
index 0000000..e9d2992
--- /dev/null
+++ b/iam-step.md
@@ -0,0 +1,90 @@
+# TP : Gestion des Identités (IAM) et Accès SSH
+
+Dans cette partie, vous allez configurer les accès pour que Terraform puisse interagir avec le projet et pour que vous puissiez vous connecter aux futures machines virtuelles.
+
+## Objectifs
+1. Créer une identité machine (Service Account).
+2. Lui donner des droits sur le projet.
+3. Configurer votre propre clé SSH via le service **OS Login** de GCP.
+
+---
+
+## Étape 1 : Créer l'identité machine
+**Objectif :** Créer un compte de service (Service Account) qui sera utilisé par nos scripts d'automatisation.
+
+* **Ressource à utiliser :** `google_service_account`
+* **Consignes :**
+    * Donnez-lui l'ID `terraform`.
+    * Ajoutez un `display_name` explicite pour qu'on le reconnaisse dans la console GCP.
+
+## Étape 2 : Générer une clé d'accès
+**Objectif :** Pour utiliser ce compte de service depuis l'extérieur (ou via Terraform), nous avons besoin d'une clé.
+
+* **Ressource à utiliser :** `google_service_account_key`
+* **Consignes :**
+    * Vous devez lier cette ressource au compte de service créé à l'étape 1 via son attribut `name` (ex: `google_service_account.votre_nom.name`).
+    * Définissez le type de clé publique sur `"TYPE_X509_PEM_FILE"`.
+
+## Étape 3 : Donner des droits (IAM)
+**Objectif :** Un compte de service naît sans aucun droit. Vous devez lui donner le rôle de "Viewer" sur le projet pour qu'il puisse lire les ressources.
+
+* **Ressource à utiliser :** `google_project_iam_binding`
+* **Consignes :**
+    * **Project :** Utilisez votre variable `var.project_id`.
+    * **Role :** Le rôle cible est `"roles/viewer"`.
+    * **Members :** C'est une liste. Attention à la syntaxe spécifique GCP pour désigner un membre : `"serviceAccount:..."`. Vous devez concaténer ce préfixe avec l'email du service account créé à l'étape 1 (`.email`).
+
+## Étape 4 : Récupérer votre identité
+**Objectif :** Terraform doit savoir "qui" lance le script actuellement pour associer la clé SSH à la bonne personne.
+
+* **Data Source à utiliser :** `data "google_client_openid_userinfo"`
+* **Consignes :**
+    * Déclarez simplement ce bloc `data` avec le nom `me`. Il n'a pas besoin d'arguments à l'intérieur. Il servira juste à récupérer votre email dynamiquement.
+
+## Étape 5 : Ajouter votre clé SSH (OS Login)
+**Objectif :** Uploader votre clé publique SSH locale vers GCP pour permettre la connexion aux VMs sans gestion manuelle.
+
+* **Ressource à utiliser :** `google_os_login_ssh_public_key`
+* **Consignes :**
+    * **User :** Utilisez l'email récupéré grâce au data source de l'étape 4 (`.email`).
+    * **Key :** Vous devez lire le contenu de votre fichier de clé publique locale.
+    * **Fonction Terraform :** Utilisez la fonction `file("chemin/vers/la/clé")`.
+    * **Chemin recommandé :** `~/.ssh/id_ed25519.pub`.
+
+> **Attention :** Vérifiez impérativement que vous avez bien généré une clé SSH sur votre poste local avant de lancer le `terraform apply`. Sinon, Terraform ne trouvera pas le fichier et plantera.
+
+---
+
+### Résumé des liens entre ressources
+Assurez-vous que vos ressources se référencent correctement :
+* La **Clé** référencie le **Service Account**.
+* L'**IAM Binding** référencie le **Service Account**.
+* L'**OS Login** référencie le **Data User Info**.
+
+Voici la suite du document Markdown (MD) à ajouter à la suite de l'étape 5.
+
+---
+
+## Étape 6 : Exposer les résultats (Outputs)
+
+**Objectif :** Une fois le déploiement terminé, Terraform masque par défaut certaines informations. Nous devons définir explicitement quelles valeurs nous voulons voir ou récupérer (notamment pour les utiliser dans d'autres scripts).
+
+  * **Fichier à utiliser :** `outputs.tf` (c'est une bonne pratique de séparer les outputs du `main.tf`).
+
+### Consigne A : L'email du Service Account
+
+Nous aurons besoin de connaître l'adresse email complète générée par Google pour ce compte.
+
+  * Créez un output nommé `service_account_email`.
+  * Dans la valeur (`value`), référencez l'attribut `.email` de la ressource créée à l'**Étape 1**.
+
+### Consigne B : La Clé Privée (Attention Sécurité)
+
+Nous devons récupérer la clé privée générée pour pouvoir authentifier des applications externes.
+
+  * Créez un output nommé `service_account_key`.
+  * Dans la valeur, référencez l'attribut `.private_key` de la ressource créée à l'**Étape 2**.
+  * **Important :** Terraform refusera d'afficher cette valeur ou l'affichera en clair dans vos logs si vous ne faites pas attention. Vous **devez** ajouter l'argument suivant dans ce bloc output pour masquer la valeur dans le terminal :
+    ```hcl
+    sensitive = true
+    ```
diff --git a/terraform-show.txt b/terraform-show.txt
new file mode 100644
index 0000000..5e511e3
--- /dev/null
+++ b/terraform-show.txt
@@ -0,0 +1,653 @@
+# data.google_client_openid_userinfo.me:
+data "google_client_openid_userinfo" "me" {
+    email = "adriendick18@gmail.com"
+    id    = "adriendick18@gmail.com"
+}
+
+# local_file.ansible_cfg:
+resource "local_file" "ansible_cfg" {
+    content              = <<-EOT
+        [defaults]
+        host_key_checking = False
+        inventory = gcp_compute.yml
+        interpreter_python = auto_silent
+        remote_user = adriendick18_gmail_com
+        
+        [inventory]
+        enable_plugins = gcp_compute, auto, host_list, yaml, ini, toml, script
+    EOT
+    content_base64sha256 = "+WvkjNmDh1fTflwRc7mWC5m2gc0XN3GHfW+JI644hco="
+    content_base64sha512 = "t1ev2hqjmnlLzNixomZBbjr5amG52470yNyxC7gmaRkKhxE8pXjls3guWI0ANPbyAVOA1qebI7b40f8Pn0BtFg=="
+    content_md5          = "a873aa5c10b4bc6a72c258bf16d924ed"
+    content_sha1         = "5a940c7eda232553f2717a535cb3e04fb3023c16"
+    content_sha256       = "f96be48cd9838757d37e5c1173b9960b99b681cd173771877d6f8923ae3885ca"
+    content_sha512       = "b757afda1aa39a794bccd8b1a266416e3af96a61b9db8ef4c8dcb10bb82669190a87113ca578e5b3782e588d0034f6f2015380d6a79b23b6f8d1ff0f9f406d16"
+    directory_permission = "0777"
+    file_permission      = "0777"
+    filename             = "./ansible.cfg"
+    id                   = "5a940c7eda232553f2717a535cb3e04fb3023c16"
+}
+
+
+# module.compute.google_compute_instance.backend:
+resource "google_compute_instance" "backend" {
+    can_ip_forward             = false
+    cpu_platform               = "Intel Broadwell"
+    creation_timestamp         = "2025-12-04T00:54:30.082-08:00"
+    current_status             = "RUNNING"
+    deletion_protection        = false
+    description                = null
+    effective_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    enable_display             = false
+    hostname                   = null
+    id                         = "projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-backend-vm"
+    instance_id                = "1478839564731478698"
+    key_revocation_action_type = null
+    label_fingerprint          = "vezUS-42LLM="
+    labels                     = {}
+    machine_type               = "e2-small"
+    metadata                   = {
+        "enable-oslogin" = "TRUE"
+    }
+    metadata_fingerprint       = "-Q84tG5h0lE="
+    min_cpu_platform           = null
+    name                       = "projet-virtualisation-backend-vm"
+    project                    = "projet-virtualisation-478713"
+    resource_policies          = []
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-backend-vm"
+    tags                       = [
+        "backend",
+        "ssh",
+    ]
+    tags_fingerprint           = "N2bbCLFli_k="
+    terraform_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    zone                       = "europe-west9-b"
+
+    boot_disk {
+        auto_delete                = true
+        device_name                = "persistent-disk-0"
+        disk_encryption_key_raw    = (sensitive value)
+        disk_encryption_key_sha256 = null
+        interface                  = null
+        kms_key_self_link          = null
+        mode                       = "READ_WRITE"
+        source                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/disks/projet-virtualisation-backend-vm"
+
+        initialize_params {
+            enable_confidential_compute = false
+            image                       = "https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-11-bullseye-v20251111"
+            labels                      = {}
+            provisioned_iops            = 0
+            provisioned_throughput      = 0
+            resource_manager_tags       = {}
+            resource_policies           = []
+            size                        = 10
+            storage_pool                = null
+            type                        = "pd-standard"
+        }
+    }
+
+    network_interface {
+        internal_ipv6_prefix_length = 0
+        ipv6_access_type            = null
+        ipv6_address                = null
+        name                        = "nic0"
+        network                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+        network_ip                  = "10.0.2.3"
+        nic_type                    = null
+        queue_count                 = 0
+        stack_type                  = "IPV4_ONLY"
+        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-backend-subnet"
+        subnetwork_project          = "projet-virtualisation-478713"
+    }
+
+    scheduling {
+        automatic_restart           = true
+        instance_termination_action = null
+        min_node_cpus               = 0
+        on_host_maintenance         = "MIGRATE"
+        preemptible                 = false
+        provisioning_model          = "STANDARD"
+    }
+
+    shielded_instance_config {
+        enable_integrity_monitoring = true
+        enable_secure_boot          = false
+        enable_vtpm                 = true
+    }
+}
+
+# module.compute.google_compute_instance.database:
+resource "google_compute_instance" "database" {
+    can_ip_forward             = false
+    cpu_platform               = "Intel Broadwell"
+    creation_timestamp         = "2025-12-04T01:52:36.278-08:00"
+    current_status             = "RUNNING"
+    deletion_protection        = false
+    description                = null
+    effective_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    enable_display             = false
+    hostname                   = null
+    id                         = "projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-database-vm"
+    instance_id                = "7171597975735297803"
+    key_revocation_action_type = null
+    label_fingerprint          = "vezUS-42LLM="
+    labels                     = {}
+    machine_type               = "e2-small"
+    metadata                   = {
+        "enable-oslogin" = "TRUE"
+    }
+    metadata_fingerprint       = "-Q84tG5h0lE="
+    min_cpu_platform           = null
+    name                       = "projet-virtualisation-database-vm"
+    project                    = "projet-virtualisation-478713"
+    resource_policies          = []
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-database-vm"
+    tags                       = [
+        "database",
+        "ssh",
+    ]
+    tags_fingerprint           = "22sTRfPQYj4="
+    terraform_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    zone                       = "europe-west9-b"
+
+    boot_disk {
+        auto_delete                = true
+        device_name                = "persistent-disk-0"
+        disk_encryption_key_raw    = (sensitive value)
+        disk_encryption_key_sha256 = null
+        interface                  = null
+        kms_key_self_link          = null
+        mode                       = "READ_WRITE"
+        source                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/disks/projet-virtualisation-database-vm"
+
+        initialize_params {
+            enable_confidential_compute = false
+            image                       = "https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-11-bullseye-v20251111"
+            labels                      = {}
+            provisioned_iops            = 0
+            provisioned_throughput      = 0
+            resource_manager_tags       = {}
+            resource_policies           = []
+            size                        = 20
+            storage_pool                = null
+            type                        = "pd-standard"
+        }
+    }
+
+    network_interface {
+        internal_ipv6_prefix_length = 0
+        ipv6_access_type            = null
+        ipv6_address                = null
+        name                        = "nic0"
+        network                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+        network_ip                  = "10.0.3.4"
+        nic_type                    = null
+        queue_count                 = 0
+        stack_type                  = "IPV4_ONLY"
+        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-database-subnet"
+        subnetwork_project          = "projet-virtualisation-478713"
+    }
+
+    scheduling {
+        automatic_restart           = true
+        instance_termination_action = null
+        min_node_cpus               = 0
+        on_host_maintenance         = "MIGRATE"
+        preemptible                 = false
+        provisioning_model          = "STANDARD"
+    }
+
+    shielded_instance_config {
+        enable_integrity_monitoring = true
+        enable_secure_boot          = false
+        enable_vtpm                 = true
+    }
+}
+
+# module.compute.google_compute_instance.frontend:
+resource "google_compute_instance" "frontend" {
+    can_ip_forward             = false
+    cpu_platform               = "Intel Broadwell"
+    creation_timestamp         = "2025-12-04T00:54:30.219-08:00"
+    current_status             = "RUNNING"
+    deletion_protection        = false
+    description                = null
+    effective_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    enable_display             = false
+    hostname                   = null
+    id                         = "projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-frontend-vm"
+    instance_id                = "5640443904237826729"
+    key_revocation_action_type = null
+    label_fingerprint          = "vezUS-42LLM="
+    labels                     = {}
+    machine_type               = "e2-small"
+    metadata                   = {
+        "enable-oslogin" = "TRUE"
+    }
+    metadata_fingerprint       = "-Q84tG5h0lE="
+    min_cpu_platform           = null
+    name                       = "projet-virtualisation-frontend-vm"
+    project                    = "projet-virtualisation-478713"
+    resource_policies          = []
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/instances/projet-virtualisation-frontend-vm"
+    tags                       = [
+        "frontend",
+        "ssh",
+    ]
+    tags_fingerprint           = "sermMtqzdso="
+    terraform_labels           = {
+        "goog-terraform-provisioned" = "true"
+    }
+    zone                       = "europe-west9-b"
+
+    boot_disk {
+        auto_delete                = true
+        device_name                = "persistent-disk-0"
+        disk_encryption_key_raw    = (sensitive value)
+        disk_encryption_key_sha256 = null
+        interface                  = null
+        kms_key_self_link          = null
+        mode                       = "READ_WRITE"
+        source                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/zones/europe-west9-b/disks/projet-virtualisation-frontend-vm"
+
+        initialize_params {
+            enable_confidential_compute = false
+            image                       = "https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-11-bullseye-v20251111"
+            labels                      = {}
+            provisioned_iops            = 0
+            provisioned_throughput      = 0
+            resource_manager_tags       = {}
+            resource_policies           = []
+            size                        = 10
+            storage_pool                = null
+            type                        = "pd-standard"
+        }
+    }
+
+    network_interface {
+        internal_ipv6_prefix_length = 0
+        ipv6_access_type            = null
+        ipv6_address                = null
+        name                        = "nic0"
+        network                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+        network_ip                  = "10.0.1.4"
+        nic_type                    = null
+        queue_count                 = 0
+        stack_type                  = "IPV4_ONLY"
+        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-frontend-subnet"
+        subnetwork_project          = "projet-virtualisation-478713"
+
+        access_config {
+            nat_ip                 = "34.163.4.248"
+            network_tier           = "PREMIUM"
+            public_ptr_domain_name = null
+        }
+    }
+
+    scheduling {
+        automatic_restart           = true
+        instance_termination_action = null
+        min_node_cpus               = 0
+        on_host_maintenance         = "MIGRATE"
+        preemptible                 = false
+        provisioning_model          = "STANDARD"
+    }
+
+    shielded_instance_config {
+        enable_integrity_monitoring = true
+        enable_secure_boot          = false
+        enable_vtpm                 = true
+    }
+}
+
+
+# module.iam.data.google_client_openid_userinfo.me:
+data "google_client_openid_userinfo" "me" {
+    email = "adriendick18@gmail.com"
+    id    = "adriendick18@gmail.com"
+}
+
+# module.iam.google_os_login_ssh_public_key.me_ssh_key:
+resource "google_os_login_ssh_public_key" "me_ssh_key" {
+    expiration_time_usec = null
+    fingerprint          = "ba554946028fc758610e527ffd839fc2deef6e6e2f914e9eede80aec11294fc0"
+    id                   = "users/adriendick18@gmail.com/sshPublicKeys/ba554946028fc758610e527ffd839fc2deef6e6e2f914e9eede80aec11294fc0"
+    key                  = <<-EOT
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzFLISKTYG/ZjNOe8eZL4k5clWhFFpnCAGOtcYAo6ZiItmeJqIeX2wP/XQqAQpOTwNMgP4arMqc/Y9slK7PL73D9Hp9kmfGpZmeMJkZICIKI3oAyhs88vSc3fv+m+Nl6k6q0DsuQ9OgzyxQ6W0wnb7QBEOojA+WHPTp2QAfhf8Zyh0CnnxS5mQLoiofuivzKIi0cXRC6qC2Cn5NQsG2O+o6WdFd1DNmdJBgyC9DVRkA3SYqjjOy3yZkzpYktL/66I0bcYOK9+ldpMpP5wTU6LwJMeF3B9HH6DnQDDXPiV9uT7MkDbX1w7SxlH3xjcDYpTh9nelXMG4bteqbGr8N7vhr7+XrqfqUaDxARzf9nIv+3LLBKaAowMJ3uCB+OPgcn+WRrir5e/VhItZQxj4P+0WR0Uv4PMkLGbJQ7rQtBahrxObmNptNApB8knh5X2e0z10qds8ux122Ob6K7Nz32ticECAgDGxI7XV1Ib/f9AecStpYyvHtaoATpOmPXarryc= adriendick18_gmail_com
+    EOT
+    project              = "projet-virtualisation-478713"
+    user                 = "adriendick18@gmail.com"
+}
+
+# module.iam.google_project_iam_binding.terraform_sa_viewer:
+resource "google_project_iam_binding" "terraform_sa_viewer" {
+    etag    = "BwZFHMhV6gg="
+    id      = "projet-virtualisation-478713/roles/viewer"
+    members = [
+        "serviceAccount:terraform@projet-virtualisation-478713.iam.gserviceaccount.com",
+    ]
+    project = "projet-virtualisation-478713"
+    role    = "roles/viewer"
+}
+
+# module.iam.google_service_account.terraform_sa:
+resource "google_service_account" "terraform_sa" {
+    account_id   = "terraform"
+    description  = null
+    disabled     = false
+    display_name = "Service Account Terraform"
+    email        = "terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+    id           = "projects/projet-virtualisation-478713/serviceAccounts/terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+    member       = "serviceAccount:terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+    name         = "projects/projet-virtualisation-478713/serviceAccounts/terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+    project      = "projet-virtualisation-478713"
+    unique_id    = "111539431631740140657"
+}
+
+# module.iam.google_service_account_key.terraform_sa_key:
+resource "google_service_account_key" "terraform_sa_key" {
+    id                 = "projects/projet-virtualisation-478713/serviceAccounts/terraform@projet-virtualisation-478713.iam.gserviceaccount.com/keys/700701264cf9ca203265206e7d1e906a52879cdc"
+    key_algorithm      = "KEY_ALG_RSA_2048"
+    name               = "projects/projet-virtualisation-478713/serviceAccounts/terraform@projet-virtualisation-478713.iam.gserviceaccount.com/keys/700701264cf9ca203265206e7d1e906a52879cdc"
+    private_key        = (sensitive value)
+    private_key_type   = "TYPE_GOOGLE_CREDENTIALS_FILE"
+    public_key         = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvVENDQWVXZ0F3SUJBZ0lKQUk2MkNCSktHNzRyTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0F4SGpBY0JnTlYKQkFNTUZURXhNVFV6T1RRek1UWXpNVGMwTURFME1EWTFOekFnRncweU5URXlNRFF3T1RFMk1UaGFHQTg1T1RrNQpNVEl6TVRJek5UazFPVm93SURFZU1Cd0dBMVVFQXd3Vk1URXhOVE01TkRNeE5qTXhOelF3TVRRd05qVTNNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2ZmxQKy81OUpyVTB2NGZXU2d3SzRpQk4KeDh6Tmh6eEw3VDhRNDZST2doRG5WRTZBM1ZkME0rYXliZktIR0UxeDFvS1B3TlFzVWhTei9WVGlKc1ZyTmV0eQppd01TLyt0WFUxZzRKMm9WOWJXUEZSMDhjdS9nVkloSWN5L00zV01LWnFSWmFHR3NrbklZVWJFOTh3WDBkYlJ1CmRXeGlrV0RVY2lYRmtGZGxuMlIzaWxzdXJndXAwdmVZOHU1anpFUkhVZTduZVRuTE94TjVDNEJrbnBIZ3lUSG8KdFVqK3V1c2tTWGw5WFQ3SnpTeGhBdkwyQy9GRFBFSDdqZmVaY09FdUtHV1MxSnUrUTFrcTRiVWZ0L1Q0TWJVVQpKaHcwWEpJV2RZWFBuRnhhVzRFRHRTUnAvUSsxdUFIeklFQ3dLQU1salBtdVBjU3Y2RlJ2OHVkeFhPVjVMUUlECkFRQUJvemd3TmpBTUJnTlZIUk1CQWY4RUFqQUFNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVdCZ05WSFNVQkFmOEUKRERBS0JnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FRRUFLOE9sN2FlZ3Bha2kzVzVmOGF0LwpZQVh5T3BCMlRoMXRzK2svTTJvVklUWHBCQVU1blA1bk1VeVpoTzN2RzdtMnlLZFUrY0JGVHVHVDVFaWl1M1ZqCi9vbVJJdWYrSmNaSWFsOEVyalBnMWJmZ1cveFNtdEVDQStxclNCOWwxWFFLNXl5Q2dVSDFSMVQ0bXpsYkkyOU4KbXJZektzOVBWT0lXdXZGdFpyZkIxZ1NMQUFQZFd5V3BkczhISE03SEZJWHQvMFlSV0c2KzY1RENFb2RKczdhTAo5L3VHRC9xZnY0VnRBS1loWmFtWFphc0Z0T2VFSnRtTkFraDFxdjcvUG5LMzRCbkpBeEVnWGxMSkNnV2FNblpaCkNVbFByc2VyOWF2NUR3VHFodnRBcncwQzlJellBcllLWWZ3b3VzWkZTdUtlQjRBMlZNM3B2VGU2UzRKQUVGd1oKYmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+    public_key_type    = "TYPE_X509_PEM_FILE"
+    service_account_id = "projects/projet-virtualisation-478713/serviceAccounts/terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+    valid_after        = "2025-12-04T09:16:18Z"
+    valid_before       = "9999-12-31T23:59:59Z"
+}
+
+
+# module.network.google_compute_firewall.backend_firewall:
+resource "google_compute_firewall" "backend_firewall" {
+    creation_timestamp      = "2025-12-03T08:00:41.616-08:00"
+    description             = null
+    destination_ranges      = []
+    direction               = "INGRESS"
+    disabled                = false
+    id                      = "projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-frontend-to-backend-8000"
+    name                    = "projet-virtualisation-frontend-to-backend-8000"
+    network                 = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    priority                = 1000
+    project                 = "projet-virtualisation-478713"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-frontend-to-backend-8000"
+    source_ranges           = []
+    source_service_accounts = []
+    source_tags             = [
+        "frontend",
+    ]
+    target_service_accounts = []
+    target_tags             = [
+        "backend",
+    ]
+
+    allow {
+        ports    = [
+            "8000",
+        ]
+        protocol = "tcp"
+    }
+}
+
+# module.network.google_compute_firewall.database_firewall:
+resource "google_compute_firewall" "database_firewall" {
+    creation_timestamp      = "2025-12-03T08:00:41.107-08:00"
+    description             = null
+    destination_ranges      = []
+    direction               = "INGRESS"
+    disabled                = false
+    id                      = "projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-backend-to-database-3306"
+    name                    = "projet-virtualisation-backend-to-database-3306"
+    network                 = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    priority                = 1000
+    project                 = "projet-virtualisation-478713"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-backend-to-database-3306"
+    source_ranges           = []
+    source_service_accounts = []
+    source_tags             = [
+        "backend",
+    ]
+    target_service_accounts = []
+    target_tags             = [
+        "database",
+    ]
+
+    allow {
+        ports    = [
+            "3306",
+        ]
+        protocol = "tcp"
+    }
+}
+
+# module.network.google_compute_firewall.frontend_firewall:
+resource "google_compute_firewall" "frontend_firewall" {
+    creation_timestamp      = "2025-12-03T08:00:41.601-08:00"
+    description             = null
+    destination_ranges      = []
+    direction               = "INGRESS"
+    disabled                = false
+    id                      = "projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-frontend-http-https"
+    name                    = "projet-virtualisation-frontend-http-https"
+    network                 = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    priority                = 1000
+    project                 = "projet-virtualisation-478713"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-frontend-http-https"
+    source_ranges           = [
+        "0.0.0.0/0",
+    ]
+    source_service_accounts = []
+    source_tags             = []
+    target_service_accounts = []
+    target_tags             = [
+        "frontend",
+    ]
+
+    allow {
+        ports    = [
+            "80",
+            "443",
+        ]
+        protocol = "tcp"
+    }
+}
+
+# module.network.google_compute_firewall.ssh_firewall:
+resource "google_compute_firewall" "ssh_firewall" {
+    creation_timestamp      = "2025-12-03T08:00:41.547-08:00"
+    description             = null
+    destination_ranges      = []
+    direction               = "INGRESS"
+    disabled                = false
+    id                      = "projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-ssh"
+    name                    = "projet-virtualisation-ssh"
+    network                 = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    priority                = 1000
+    project                 = "projet-virtualisation-478713"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/firewalls/projet-virtualisation-ssh"
+    source_ranges           = [
+        "0.0.0.0/0",
+    ]
+    source_service_accounts = []
+    source_tags             = []
+    target_service_accounts = []
+    target_tags             = [
+        "ssh",
+    ]
+
+    allow {
+        ports    = [
+            "22",
+        ]
+        protocol = "tcp"
+    }
+}
+
+# module.network.google_compute_network.vpc:
+resource "google_compute_network" "vpc" {
+    auto_create_subnetworks                   = false
+    delete_default_routes_on_create           = false
+    description                               = null
+    enable_ula_internal_ipv6                  = false
+    gateway_ipv4                              = null
+    id                                        = "projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    internal_ipv6_range                       = null
+    mtu                                       = 0
+    name                                      = "projet-virtualisation-vpc"
+    network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+    numeric_id                                = "3081478152780636274"
+    project                                   = "projet-virtualisation-478713"
+    routing_mode                              = "REGIONAL"
+    self_link                                 = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+}
+
+# module.network.google_compute_router.nat_router:
+resource "google_compute_router" "nat_router" {
+    creation_timestamp            = "2025-12-04T02:03:57.545-08:00"
+    description                   = null
+    encrypted_interconnect_router = false
+    id                            = "projects/projet-virtualisation-478713/regions/europe-west9/routers/projet-virtualisation-nat-router"
+    name                          = "projet-virtualisation-nat-router"
+    network                       = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    project                       = "projet-virtualisation-478713"
+    region                        = "europe-west9"
+    self_link                     = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/routers/projet-virtualisation-nat-router"
+}
+
+# module.network.google_compute_router_nat.nat_config:
+resource "google_compute_router_nat" "nat_config" {
+    auto_network_tier                   = "PREMIUM"
+    drain_nat_ips                       = []
+    enable_dynamic_port_allocation      = false
+    enable_endpoint_independent_mapping = false
+    endpoint_types                      = [
+        "ENDPOINT_TYPE_VM",
+    ]
+    icmp_idle_timeout_sec               = 30
+    id                                  = "projet-virtualisation-478713/europe-west9/projet-virtualisation-nat-router/projet-virtualisation-cloud-nat"
+    max_ports_per_vm                    = 0
+    min_ports_per_vm                    = 0
+    name                                = "projet-virtualisation-cloud-nat"
+    nat_ip_allocate_option              = "AUTO_ONLY"
+    nat_ips                             = []
+    project                             = "projet-virtualisation-478713"
+    region                              = "europe-west9"
+    router                              = "projet-virtualisation-nat-router"
+    source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+    tcp_established_idle_timeout_sec    = 1200
+    tcp_time_wait_timeout_sec           = 120
+    tcp_transitory_idle_timeout_sec     = 30
+    udp_idle_timeout_sec                = 30
+
+    log_config {
+        enable = true
+        filter = "ALL"
+    }
+}
+
+# module.network.google_compute_subnetwork.backend_network:
+resource "google_compute_subnetwork" "backend_network" {
+    creation_timestamp         = "2025-12-03T08:02:52.288-08:00"
+    description                = null
+    external_ipv6_prefix       = null
+    gateway_address            = "10.0.2.1"
+    id                         = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-backend-subnet"
+    internal_ipv6_prefix       = null
+    ip_cidr_range              = "10.0.2.0/24"
+    ipv6_access_type           = null
+    ipv6_cidr_range            = null
+    name                       = "projet-virtualisation-backend-subnet"
+    network                    = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "projet-virtualisation-478713"
+    purpose                    = "PRIVATE"
+    region                     = "europe-west9"
+    reserved_internal_range    = null
+    role                       = null
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-backend-subnet"
+    stack_type                 = "IPV4_ONLY"
+}
+
+# module.network.google_compute_subnetwork.database_network:
+resource "google_compute_subnetwork" "database_network" {
+    creation_timestamp         = "2025-12-03T08:02:52.299-08:00"
+    description                = null
+    external_ipv6_prefix       = null
+    gateway_address            = "10.0.3.1"
+    id                         = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-database-subnet"
+    internal_ipv6_prefix       = null
+    ip_cidr_range              = "10.0.3.0/24"
+    ipv6_access_type           = null
+    ipv6_cidr_range            = null
+    name                       = "projet-virtualisation-database-subnet"
+    network                    = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "projet-virtualisation-478713"
+    purpose                    = "PRIVATE"
+    region                     = "europe-west9"
+    reserved_internal_range    = null
+    role                       = null
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-database-subnet"
+    stack_type                 = "IPV4_ONLY"
+}
+
+# module.network.google_compute_subnetwork.frontend_network:
+resource "google_compute_subnetwork" "frontend_network" {
+    creation_timestamp         = "2025-12-03T08:02:52.177-08:00"
+    description                = null
+    external_ipv6_prefix       = null
+    gateway_address            = "10.0.1.1"
+    id                         = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-frontend-subnet"
+    internal_ipv6_prefix       = null
+    ip_cidr_range              = "10.0.1.0/24"
+    ipv6_access_type           = null
+    ipv6_cidr_range            = null
+    name                       = "projet-virtualisation-frontend-subnet"
+    network                    = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "projet-virtualisation-478713"
+    purpose                    = "PRIVATE"
+    region                     = "europe-west9"
+    reserved_internal_range    = null
+    role                       = null
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-frontend-subnet"
+    stack_type                 = "IPV4_ONLY"
+}
+
+
+Outputs:
+
+ip_internes = {
+    backend  = "10.0.2.3"
+    database = "10.0.3.4"
+    frontend = "10.0.1.4"
+}
+ip_public_frontend = "34.163.4.248"
+nom_instances = {
+    backend  = "projet-virtualisation-backend-vm"
+    database = "projet-virtualisation-database-vm"
+    frontend = "projet-virtualisation-frontend-vm"
+}
+service_account_email = "terraform@projet-virtualisation-478713.iam.gserviceaccount.com"
+service_account_key = (sensitive value)
+subnet_ids = {
+    backend  = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-backend-subnet"
+    database = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-database-subnet"
+    frontend = "projects/projet-virtualisation-478713/regions/europe-west9/subnetworks/projet-virtualisation-frontend-subnet"
+}
+vpc_terraform = "projects/projet-virtualisation-478713/global/networks/projet-virtualisation-vpc"
\ No newline at end of file