From 92da404b95741e3fcadbb9af228da0045f071567 Mon Sep 17 00:00:00 2001
From: Felix-Vimalaratnam <pfelixvimalaratnam@gmail.com>
Date: Thu, 4 Dec 2025 09:32:12 +0100
Subject: [PATCH] module iam

---
 terraform/environments/dev/main.tf |  5 +++++
 terraform/modules/iam/main.tf      | 29 ++++++++++++++++++++++++++++-
 terraform/modules/iam/outputs.tf   | 13 ++++++++++++-
 terraform/modules/iam/variables.tf |  7 ++++++-
 4 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf
index 000c973..a45ecf4 100644
--- a/terraform/environments/dev/main.tf
+++ b/terraform/environments/dev/main.tf
@@ -34,4 +34,9 @@ module "compute" {
   frontend_subnet_id = module.network.subnets.frontend
   backend_subnet_id = module.network.subnets.backend
   database_subnet_id = module.network.subnets.database
+}
+
+module "iam" {
+  source          = "../../modules/iam"
+  project_id      = var.project_id
 }
\ No newline at end of file
diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf
index a4b77c1..b2880d8 100644
--- a/terraform/modules/iam/main.tf
+++ b/terraform/modules/iam/main.tf
@@ -2,4 +2,31 @@
 # 1. Un compte de service pour Terraform
 # 2. Une clé pour ce compte de service
 # 3. Les rôles IAM nécessaires
-# 4. La configuration OS Login avec votre clé SSH
\ No newline at end of file
+# 4. La configuration OS Login avec votre clé SSH
+
+resource "google_service_account" "service_account" {
+  account_id   = "terraform"
+  display_name = "terraform"
+}
+
+resource "google_service_account_key" "mykey" {
+  service_account_id = google_service_account.myaccount.name
+  public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
+resource "google_project_iam_binding" "custom_service_account" {
+  project = var.project_id
+  role    = "roles/view"
+
+  members = [
+    "serviceAccount:${google_service_account.custom_service_account.email}",
+  ]
+}
+
+data "google_client_openid_userinfo" "me" {
+}
+
+resource "google_os_login_ssh_public_key" "cache" {
+  user =  data.google_client_openid_userinfo.me.email
+  key = file("~/.ssh/id_ed25519")
+}
\ No newline at end of file
diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf
index c73acc0..69edc49 100644
--- a/terraform/modules/iam/outputs.tf
+++ b/terraform/modules/iam/outputs.tf
@@ -1,3 +1,14 @@
 # À vous d'exposer :
 # 1. L'email du compte de service
-# 2. La clé du compte de service (sensitive = true)
\ No newline at end of file
+# 2. La clé du compte de service (sensitive = true)
+
+output "email" {
+  description = "Service account email."
+  value = google_service_account.service_account.email
+}
+
+output "key" {
+  description = "Service account key."
+  sensitive   = true
+  value       = google_service_account.service_account.key
+}
\ No newline at end of file
diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf
index 5ac1614..a0b734d 100644
--- a/terraform/modules/iam/variables.tf
+++ b/terraform/modules/iam/variables.tf
@@ -1,2 +1,7 @@
 # À vous de définir :
-# - project_id (string)
\ No newline at end of file
+# - project_id (string)
+
+variable "project_id" {
+  description = "ID du projet"
+  type        = string
+}
\ No newline at end of file