diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf index ad71599..d85ea2a 100644 --- a/terraform/environments/dev/main.tf +++ b/terraform/environments/dev/main.tf @@ -15,23 +15,23 @@ provider "google" { module "network" { source = "../../modules/network" project_name = var.project_name - region = var.region - frontend_cidr = var.frontend_cidr - backend_cidr = var.backend_cidr - database_cidr = var.database_cidr + region = var.region + frontend_cidr = var.frontend_cidr + backend_cidr = var.backend_cidr + database_cidr = var.database_cidr ssh_source_ranges = var.ssh_source_ranges } module "compute" { - source = "../modules/compute" - instance_type = "e2-medium" - zone = var.zone - frontend_subnet_id = module.network.subnet_ids["frontend"] - backend_subnet_id = module.network.subnet_ids["backend"] - database_subnet_id = module.network.subnet_ids["database"] + source = "../../modules/compute" + instance_type = var.instance_type + zone = var.zone + frontend_subnet_id = module.network.subnets.frontend + backend_subnet_id = module.network.subnets.backend + database_subnet_id = module.network.subnets.database } module "iam" { - source = "../modules/iam" - project_id = var.project_id -} + source = "../../modules/iam" + project_id = var.project_id +} \ No newline at end of file diff --git a/terraform/environments/dev/outputs.tf b/terraform/environments/dev/outputs.tf index 61587b9..28112d1 100644 --- a/terraform/environments/dev/outputs.tf +++ b/terraform/environments/dev/outputs.tf @@ -1,25 +1,13 @@ -output "frontend_ip" { - value = module.compute.frontend_ip +output "ip_internes" { + value = module.compute.ip_internes } -output "backend_ip" { - value = module.compute.backend_ip +output "ip_public_frontend" { + value = module.compute.ip_public_frontend } -output "database_ip" { - value = module.compute.database_ip -} - -output "instance_names" { - value = module.compute.instance_names -} - -output "vpc_id" { - value = module.network.vpc_id -} - -output "subnet_ids" { - value = module.network.subnet_ids +output "nom_instances" { + value = module.compute.nom_instances } output "service_account_email" { @@ -27,6 +15,14 @@ output "service_account_email" { } output "service_account_key" { - value = module.iam.service_account_key sensitive = true + value = module.iam.service_account_key } + +output "vpc" { + value = module.network.vpc +} + +output "subnets" { + value = module.network.subnets +} \ No newline at end of file diff --git a/terraform/environments/dev/variables.tf b/terraform/environments/dev/variables.tf index 55264d7..26952d6 100644 --- a/terraform/environments/dev/variables.tf +++ b/terraform/environments/dev/variables.tf @@ -1,70 +1,54 @@ -variable "project_id" { - type = string - description = "ID du projet GCP." - default = "ok" -} -variable "instance_type" { - type = string - description = "Type de machine pour les instances." - default = "e2-small" -} - -variable "zone" { - type = string - description = "Zone GCP où déployer les instances." - default = "europe-west9-b" -} - -variable "frontend_subnet_id" { - type = string - description = "ID du sous réseau frontend." - default = "" -} - -variable "backend_subnet_id" { - type = string - description = "ID du sous-réseau backend." - default = "" -} - -variable "database_subnet_id" { - type = string - description = "ID du sous-réseau database." - default = "" -} variable "project_name" { + description = "Nom du projet" type = string - description = "Nom du projet." - default = "ok" + default = "My First Project" } variable "region" { + description = "Region du projet" type = string - description = "Région où seront déployées les ressources réseau." - default = "europe-west9-b" + default = "europe-west9" } variable "frontend_cidr" { + description = "CIDR for frontend subnet" type = string - description = "CIDR du sous-réseau frontend." default = "10.0.1.0/24" } variable "backend_cidr" { + description = "CIDR for backend subnet" type = string - description = "CIDR du sous-réseau backend." default = "10.0.2.0/24" } variable "database_cidr" { + description = "CIDR for database subnet" type = string - description = "CIDR du sous-réseau base de données." default = "10.0.3.0/24" } variable "ssh_source_ranges" { + description = "" type = string - description = "Plages d’adresses autorisées pour l’accès SSH." default = "0.0.0.0/0" } + +variable "project_id" { + description = "ID du projet" + type = string + default = "learned-iris-359617" +} + +variable "instance_type" { + description = "type de l'instance" + type = string + default = "e2-small" +} + +variable "zone" { + description = "Nom de la zone" + type = string + default = "europe-west9-b" +} \ No newline at end of file diff --git a/terraform/modules/compute/main.tf b/terraform/modules/compute/main.tf index e687512..0f120db 100644 --- a/terraform/modules/compute/main.tf +++ b/terraform/modules/compute/main.tf @@ -1,23 +1,8 @@ -############################################ -# FONCTION COMMUNE POUR OS LOGIN -############################################ -resource "google_compute_project_metadata_item" "enable_oslogin" { - project = var.project_id - key = "enable-oslogin" - value = "TRUE" -} - -############################################ -# 1. INSTANCE FRONTEND -############################################ - -resource "google_compute_instance" "frontend" { - project = var.project_id - name = "frontend-instance" +resource "google_compute_instance" "vm_frontend" { + name = "vm-frontend" machine_type = var.instance_type zone = var.zone - tags = ["frontend", "ssh"] boot_disk { initialize_params { @@ -27,26 +12,21 @@ resource "google_compute_instance" "frontend" { } network_interface { - subnetwork = var.frontend_subnet_id - access_config {} # IP publique + subnetwork = var.frontend_subnet_id } + tags = ["frontend", "ssh"] + metadata = { enable-oslogin = "TRUE" } } -############################################ -# 2. INSTANCE BACKEND -############################################ - -resource "google_compute_instance" "backend" { - project = var.project_id - name = "backend-instance" +resource "google_compute_instance" "vm_backend" { + name = "vm-backend" machine_type = var.instance_type zone = var.zone - tags = ["backend", "ssh"] boot_disk { initialize_params { @@ -57,24 +37,19 @@ resource "google_compute_instance" "backend" { network_interface { subnetwork = var.backend_subnet_id - # Pas d'IP publique → aucun access_config } + tags = ["backend", "ssh"] + metadata = { enable-oslogin = "TRUE" } } -############################################ -# 3. INSTANCE DATABASE -############################################ - -resource "google_compute_instance" "database" { - project = var.project_id - name = "database-instance" +resource "google_compute_instance" "vm_database" { + name = "vm-database" machine_type = var.instance_type zone = var.zone - tags = ["database", "ssh"] boot_disk { initialize_params { @@ -85,10 +60,11 @@ resource "google_compute_instance" "database" { network_interface { subnetwork = var.database_subnet_id - # Pas d'IP publique } + tags = ["database", "ssh"] + metadata = { enable-oslogin = "TRUE" } -} +} \ No newline at end of file diff --git a/terraform/modules/compute/outputs.tf b/terraform/modules/compute/outputs.tf index 1c26c5a..e685448 100644 --- a/terraform/modules/compute/outputs.tf +++ b/terraform/modules/compute/outputs.tf @@ -1,19 +1,24 @@ -output "frontend_ip" { - value = google_compute_instance.frontend.network_interface[0].access_config[0].nat_ip -} +# À vous d'exposer : +# 1. Les IPs internes de toutes les instances +# 2. L'IP publique du frontend +# 3. Les noms des instances -output "backend_ip" { - value = google_compute_instance.backend.network_interface[0].network_ip -} - -output "database_ip" { - value = google_compute_instance.database.network_interface[0].network_ip -} - -output "instance_names" { +output "ip_internes" { value = { - frontend = google_compute_instance.frontend.name - backend = google_compute_instance.backend.name - database = google_compute_instance.database.name + frontend = google_compute_instance.vm_frontend.network_interface[0].network_ip + backend = google_compute_instance.vm_backend.network_interface[0].network_ip + database = google_compute_instance.vm_database.network_interface[0].network_ip + } +} + +output "ip_public_frontend" { + value = google_compute_instance.vm_frontend.network_interface[0].access_config[0].nat_ip +} + +output "nom_instances" { + value = { + frontend = google_compute_instance.vm_frontend.name + backend = google_compute_instance.vm_backend.name + database = google_compute_instance.vm_database.name } } diff --git a/terraform/modules/compute/variables.tf b/terraform/modules/compute/variables.tf index 42d678a..f4b3eee 100644 --- a/terraform/modules/compute/variables.tf +++ b/terraform/modules/compute/variables.tf @@ -1,35 +1,25 @@ -variable "project_id" { - type = string - description = "ID du projet GCP." - default = "ok" -} variable "instance_type" { - type = string - description = "Type de machine pour les instances." - default = "e2-small" + description = "type de l'instance" + type = string } variable "zone" { - type = string - description = "Zone GCP où déployer les instances." - default = "europe-west9-b" + description = "Nom de la zone" + type = string } variable "frontend_subnet_id" { - type = string - description = "ID du sous réseau frontend." - default = "" + description = "id du frontend" + type = string } variable "backend_subnet_id" { - type = string - description = "ID du sous-réseau backend." - default = "" + description = "id du backend" + type = string } variable "database_subnet_id" { - type = string - description = "ID du sous-réseau database." - default = "" + description = "id du database" + type = string } diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf index 8068d19..7be5c9d 100644 --- a/terraform/modules/iam/main.tf +++ b/terraform/modules/iam/main.tf @@ -1,51 +1,28 @@ -############################################ -# 1. COMPTE DE SERVICE TERRAFORM -############################################ -resource "google_service_account" "terraform_sa" { - account_id = "terraform-sa" - display_name = "Terraform Service Account" - project = var.project_id +resource "google_service_account" "service_account" { + account_id = "terraform" + display_name = "terraform" } -############################################ -# 2. CLÉ DU COMPTE DE SERVICE -############################################ - -resource "google_service_account_key" "terraform_sa_key" { - service_account_id = google_service_account.terraform_sa.name +resource "google_service_account_key" "mykey" { + service_account_id = google_service_account.service_account.name + public_key_type = "TYPE_X509_PEM_FILE" } -############################################ -# 3. RÔLES IAM -############################################ +resource "google_project_iam_binding" "custom_service_account" { + project = var.project_id + role = "roles/viewer" -# Liste des rôles nécessaires au déploiement -locals { - terraform_roles = [ - "roles/compute.admin", - "roles/iam.serviceAccountUser", - "roles/iam.serviceAccountAdmin", - "roles/storage.admin", - "roles/compute.networkAdmin", - "roles/compute.securityAdmin" + members = [ + "serviceAccount:${google_service_account.service_account.email}", ] } -resource "google_project_iam_member" "terraform_sa_roles" { - for_each = toset(local.terraform_roles) - - project = var.project_id - role = each.value - member = "serviceAccount:${google_service_account.terraform_sa.email}" +data "google_client_openid_userinfo" "me" { } -############################################ -# 4. OS LOGIN + CLÉ SSH -############################################ - -resource "google_os_login_ssh_public_key" "oslogin_ssh_key" { +resource "google_os_login_ssh_public_key" "cache" { + user = data.google_client_openid_userinfo.me.email project = var.project_id - user = google_service_account.terraform_sa.email - key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwvtrSp4IaaEFQ3u9xcyKKlWpucIeZFyXguamjg3+MOwBZmHBptnNd1i/2hv4q+ezA1Jq1SEqZ4uNeKB9P76Q43Nv+pqYkPxm8lfueU/ZrEomjpseEZEHipHyD5WQd+idrbrHqqcISkIktyyFvSEbDELqfe4+IvvR1zvsHXA/onisJ6lCwoDKSXwFp/wWhuzEILpzE5EGXsX4E/lbieWradVLDbvF0QNDBlcYc1zfuYQ8BG4rKcvw7xwqr243UzPBKWndd63IqbNOBfi8V1jqj96mP6kddohxl+Caz5lsh66Pp97GDnSAn9jNk8HAI3Ws0K540PSII5AqgdRJEbuI1Y0saUP3p1uDkysosYSqJU/SAxux00E/2/rLfdvaf7czEwHECAvEcLdvmceOqHJrKh2pSgb5MZ1oq3E6jMvCAiJNT0n6i+iRalGarl46CY6rQakEq3d84pgt7lH1mN3ZstKWJocppFMZRaCPdwgtTwbBTDPJm8TZ85QbtfyZumZU= julian_gallego180105_gmail_com" -} + key = file("~/.ssh/id_ed25519.pub") +} \ No newline at end of file diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf index 16333fc..ff5e1ae 100644 --- a/terraform/modules/iam/outputs.tf +++ b/terraform/modules/iam/outputs.tf @@ -1,18 +1,11 @@ -############################################ -# 1. EMAIL DU COMPTE DE SERVICE -############################################ output "service_account_email" { - description = "Email du service account utilisé par Terraform." - value = google_service_account.terraform_sa.email + description = "Service account email." + value = google_service_account.service_account.email } -############################################ -# 2. CLÉ DU COMPTE DE SERVICE -############################################ - output "service_account_key" { - description = "Clé privée du service account (JSON)." - value = google_service_account_key.terraform_sa_key.private_key + description = "Service account key." sensitive = true -} + value = google_service_account_key.mykey.private_key +} \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf index c29d321..7afef4c 100644 --- a/terraform/modules/iam/variables.tf +++ b/terraform/modules/iam/variables.tf @@ -1,5 +1,5 @@ -variable "project_id" { - type = string - description = "ID du projet GCP." -} +variable "project_id" { + description = "ID du projet" + type = string +} \ No newline at end of file diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf index e2746bf..7c88232 100644 --- a/terraform/modules/network/main.tf +++ b/terraform/modules/network/main.tf @@ -1,51 +1,33 @@ -############################################ -# 1. VPC PERSONNALISÉ -############################################ -resource "google_compute_network" "vpc" { - name = "${var.project_name}-vpc" +resource "google_compute_network" "vpc_terraform" { + name = "vpc-terraform" auto_create_subnetworks = false } -provider "google" { - project = var.project_name - region = var.region -} - -############################################ -# 2. SOUS-RÉSEAUX -############################################ - -resource "google_compute_subnetwork" "frontend" { - name = "${var.project_name}-frontend-subnet" +resource "google_compute_subnetwork" "subnet_frontend" { + name = "frontend" + network = google_compute_network.vpc_terraform.id ip_cidr_range = var.frontend_cidr region = var.region - network = google_compute_network.vpc.id } -resource "google_compute_subnetwork" "backend" { - name = "${var.project_name}-backend-subnet" +resource "google_compute_subnetwork" "subnet_backend" { + name = "backend" + network = google_compute_network.vpc_terraform.id ip_cidr_range = var.backend_cidr region = var.region - network = google_compute_network.vpc.id } -resource "google_compute_subnetwork" "database" { - name = "${var.project_name}-database-subnet" +resource "google_compute_subnetwork" "subnet_database" { + name = "database" + network = google_compute_network.vpc_terraform.id ip_cidr_range = var.database_cidr region = var.region - network = google_compute_network.vpc.id } - -############################################ -# 3. FIREWALL RULES -############################################ - -# HTTP / HTTPS vers frontend -resource "google_compute_firewall" "frontend_http_https" { - name = "${var.project_name}-frontend-http-https" - network = google_compute_network.vpc.name +resource "google_compute_firewall" "allow_user_frontend" { + name = "allow-user-frontend" + network = google_compute_network.vpc_terraform.id allow { protocol = "tcp" @@ -53,31 +35,12 @@ resource "google_compute_firewall" "frontend_http_https" { } source_ranges = ["0.0.0.0/0"] - - target_tags = ["frontend"] + target_tags = ["frontend"] } - -# SSH depuis les IP autorisées -resource "google_compute_firewall" "ssh_access" { - name = "${var.project_name}-ssh" - network = google_compute_network.vpc.name - - allow { - protocol = "tcp" - ports = ["22"] - } - - source_ranges = [var.ssh_source_ranges] - - target_tags = ["frontend", "backend", "database"] -} - - -# Port 8000 du frontend vers backend -resource "google_compute_firewall" "frontend_to_backend" { - name = "${var.project_name}-frontend-to-backend" - network = google_compute_network.vpc.name +resource "google_compute_firewall" "allow_frontend_backend" { + name = "allow-frontend-backend" + network = google_compute_network.vpc_terraform.id allow { protocol = "tcp" @@ -85,14 +48,25 @@ resource "google_compute_firewall" "frontend_to_backend" { } source_tags = ["frontend"] - target_tags = ["backend"] + target_tags = ["backend"] } +resource "google_compute_firewall" "allow_ssh_all" { + name = "allow-ssh-all" + network = google_compute_network.vpc_terraform.id -# Port 3306 du backend vers database -resource "google_compute_firewall" "backend_to_database" { - name = "${var.project_name}-backend-to-database" - network = google_compute_network.vpc.name + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["ssh"] +} + +resource "google_compute_firewall" "allow_backend_database" { + name = "allow-backend-database" + network = google_compute_network.vpc_terraform.id allow { protocol = "tcp" @@ -100,5 +74,5 @@ resource "google_compute_firewall" "backend_to_database" { } source_tags = ["backend"] - target_tags = ["database"] -} + target_tags = ["database"] +} \ No newline at end of file diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf index f020c21..b2af4b0 100644 --- a/terraform/modules/network/outputs.tf +++ b/terraform/modules/network/outputs.tf @@ -1,22 +1,12 @@ -############################################ -# 1. ID du VPC -############################################ -output "vpc_id" { - description = "ID du VPC créé." - value = google_compute_network.vpc.id +output "vpc" { + value = google_compute_network.vpc_terraform.id } - -############################################ -# 2. IDs des sous-réseaux (map) -############################################ - -output "subnet_ids" { - description = "Map des IDs des sous-réseaux : frontend, backend, database." - value = { - frontend = google_compute_subnetwork.frontend.id - backend = google_compute_subnetwork.backend.id - database = google_compute_subnetwork.database.id - } -} +output "subnets" { + value = { + frontend = google_compute_subnetwork.subnet_frontend.id + backend = google_compute_subnetwork.subnet_backend.id + database = google_compute_subnetwork.subnet_database.id + } +} \ No newline at end of file diff --git a/terraform/modules/network/variables.tf b/terraform/modules/network/variables.tf index 96e1bc1..216ae87 100644 --- a/terraform/modules/network/variables.tf +++ b/terraform/modules/network/variables.tf @@ -1,35 +1,30 @@ + variable "project_name" { + description = "Nom du projet" type = string - description = "Nom du projet." - default = "ok" } variable "region" { + description = "Region du projet" type = string - description = "Région où seront déployées les ressources réseau." - default = "europe-west9-b" } variable "frontend_cidr" { + description = "CIDR for frontend subnet" type = string - description = "CIDR du sous-réseau frontend." - default = "10.0.1.0/24" } variable "backend_cidr" { + description = "CIDR for backend subnet" type = string - description = "CIDR du sous-réseau backend." - default = "10.0.2.0/24" } variable "database_cidr" { + description = "CIDR for database subnet" type = string - description = "CIDR du sous-réseau base de données." - default = "10.0.3.0/24" } variable "ssh_source_ranges" { + description = "" type = string - description = "Plages d’adresses autorisées pour l’accès SSH." - default = "0.0.0.0/0" -} +} \ No newline at end of file