diff --git a/terraform/environement/dev/.terraform/modules/modules.json b/terraform/environement/dev/.terraform/modules/modules.json index 27ce02f..2bf5e6f 100644 --- a/terraform/environement/dev/.terraform/modules/modules.json +++ b/terraform/environement/dev/.terraform/modules/modules.json @@ -1 +1 @@ -{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"compute","Source":"../../modules/compute","Dir":"../../modules/compute"},{"Key":"network","Source":"../../modules/network","Dir":"../../modules/network"}]} \ No newline at end of file +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"compute","Source":"../../modules/compute","Dir":"../../modules/compute"},{"Key":"iam","Source":"../../modules/iam","Dir":"../../modules/iam"},{"Key":"network","Source":"../../modules/network","Dir":"../../modules/network"}]} \ No newline at end of file diff --git a/terraform/environement/dev/main.tf b/terraform/environement/dev/main.tf index ce90e2b..ad443d3 100644 --- a/terraform/environement/dev/main.tf +++ b/terraform/environement/dev/main.tf @@ -34,4 +34,8 @@ module "compute" { database_subnet_id = module.network.subnet_ids["database"] } +module "iam" { + source = "../../modules/iam" + project_id = var.project_name +} diff --git a/terraform/environement/dev/terraform.tfstate b/terraform/environement/dev/terraform.tfstate index 5b715b1..48d16ab 100644 --- a/terraform/environement/dev/terraform.tfstate +++ b/terraform/environement/dev/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.1", - "serial": 34, + "serial": 41, "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7", "outputs": { "backend_instance_name": { @@ -538,6 +538,147 @@ } ] }, + { + "module": "module.iam", + "mode": "data", + "type": "google_client_openid_userinfo", + "name": "me", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "email": "clement.jannaire@gmail.com", + "id": "clement.jannaire@gmail.com" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_os_login_ssh_public_key", + "name": "me", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "expiration_time_usec": "", + "fingerprint": "71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d", + "id": "users/clement.jannaire@gmail.com/sshPublicKeys/71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d", + "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvHKPTKUCVRU0a55sV7nlVuaAANya9BSoNHvyQ2NkBVxys87rkAIm8TR8JVBFOGSFEihkfJI2kz5XniUuj35G8SiECDv53YLSyJOoJ9EATs7RmZkk15ZsZ7XiOyOiX1fTpXvR4Mw5b4D/bg+mTfAXb7rbOCD3MmEcG4sGrX6iLCRnRMvzvxUBOwY/Jk3i+wg951buyzkJ+bTvOCzkSP5gX5lmcZaH7jfVOaGnFVOk1KHpTw0wNadJ/dS05AlaJJ0/kBFwt56biU09oZndVDR3ttSuYh9jiI25S57U3BEpXYj8wt8bbi+3N3b8o+ENUF8yeUkG5+UGEwVNToLL3Jk6zYuqgXDhyKw4K1n5DZbrqpHKFyVA3jbQh/PlP/oaJ7OT62lU+Oug6qAVUoz1+E7F4yf302KpvID49Q1LoFiTlDEtMuj//7mdr2L8KHEraUAWU8bxgVuP2tSJbwBmEJeT84dOShPc1u9rKPwvvzogvkWD3J9K5p3pANtC7vUCkCuc= clement_jannaire_gmail_com\n", + "project": "fluted-agency-478713-h5", + "timeouts": null, + "user": "clement.jannaire@gmail.com" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.iam.data.google_client_openid_userinfo.me" + ] + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_project_iam_binding", + "name": "terraform_viewer", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "condition": [], + "etag": "BwZFHH+2K0U=", + "id": "fluted-agency-478713-h5/roles/viewer", + "members": [ + "serviceAccount:terraform@fluted-agency-478713-h5.iam.gserviceaccount.com" + ], + "project": "fluted-agency-478713-h5", + "role": "roles/viewer" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.iam.google_service_account.terraform" + ] + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_service_account", + "name": "terraform", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "terraform", + "create_ignore_already_exists": null, + "description": "", + "disabled": false, + "display_name": "Terraform Service Account", + "email": "terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "member": "serviceAccount:terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "name": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "project": "fluted-agency-478713-h5", + "timeouts": null, + "unique_id": "113799660286299501126" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_service_account_key", + "name": "terraform", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com/keys/3f90f00d6a96040007c614f42b0365ad3912e195", + "keepers": null, + "key_algorithm": "KEY_ALG_RSA_2048", + "name": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com/keys/3f90f00d6a96040007c614f42b0365ad3912e195", + "private_key": "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiZmx1dGVkLWFnZW5jeS00Nzg3MTMtaDUiLAogICJwcml2YXRlX2tleV9pZCI6ICIzZjkwZjAwZDZhOTYwNDAwMDdjNjE0ZjQyYjAzNjVhZDM5MTJlMTk1IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5NSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNZT3M4eHlObTQydnNjXG5YTm1jNnpiVkYwY3hQWGdJazZ3REFVTmI5RjhOOEM3UlpFbXN2SXpqajhrTFl3T1BrcXpnbVNqTjhxSFR4VmxVXG5ubXJHYWp1K3E1anZEdGc2eDNJZDZvTDhCclhMVVVabXZOUWJiaEhzZzVmUEZEa2xicDdSd0pZWEUyb0NlTnZ4XG5PUFBUWG5sQnAxN1FsSDlzSmFNUUVBQlVReEJMMGEzTEdiY3V2WHlGUk5jVElzN3BwVmg3U2o3cC9aUGxkellLXG55R3p4OXRnV0ZleG1PZi9tRStpNUFxYS9LWXNCNnF4YWp2Nm9MdUdtdGF1L1pIaFk5SXFRNTBLcnpyTHgyUmZMXG5ESnU3dFQzYk5VNjkzbWljRnlNdUlSb1ZERlFSQ1htaDMyaTFqZDh6THUwdFBrRnJXbTRBWnlTK3BNL3M1Ly9sXG5tQndoYUFzUEFnTUJBQUVDZ2dFQUJJUDZFV2Y3elZmeGl1M1dKcWx6ZnU2cDFmUVUwMnhOOWVqYnJxYVpDempNXG5xcmxtMWhEaHZQNU80RitYZzNLK1hnc3RBcTduemZoVXBnWHM5T1hCeis0WEkwQTFlY2pnd2JKcklENnl0YzA3XG5ZV0RJaWVmQjhGb1c3cldTM0dGanBLVXB6cFZzMTVYdU1FR1lPZlRiYys4YkNPVGV3cjU3RDhicHU1WWhyWjRHXG42Yjh2NDVIb0pPa25WdkE4d0ZpSHZFZnUzNk9DQnhLeEVUd3BqVWRaQU1BZzF5NkdwSDRhZXNYck5QS1hQQnpSXG5QWUF4dmpGQ2Qyb0dWMkpqTndSTlJZUGN0UmpXZi90M2tmbUZYQlFVN2F0cUVJbDN3dER4RlBneWIzcTM0enBrXG5rcHZpSHlZd3Y5aldOUVp3emR3OHZRZWpMVWhxQTZwOGExbG5PNWhrd1FLQmdRRE1YM0RjcURyUTJjTFNHZ1NIXG44MG44L0FISCs0TjVIWFZBY0JpZkRIb29ZeTRPSVZyOCtoQU54SGlFTXEyd3dqTVVlQWxGaTFKNldLQUZsYnlXXG5GV0VFaXBpZGEyRjRpV3pkQWNTSE1SNzhCNVBUaVFDL0o4OGtRejd1K2gzRncrSmVkSkZLKzlQR3Uyei8wUFdwXG5XYnVqUnRDMytyS08vdjU4ZTVCSjVRY2toUUtCZ1FDK3IxVnBjQ2FHOUFkQkFxZk1yZ1lEYkYwZWZuNFpZMDNLXG44bjNzUWhPUUZMdHBhKzhaczQzL3RsU3NMZldCN1FLOWdXbGcxTlBqaDI5OThibHpkalV5anh6V284ZGE5VlVjXG5rbHNoZjl5MWV4ZUNENGM4WVRuSmR0U05INFZLR0MxMEVNejNabldocmxTZW9UUFBWbnk4M05TTjFGUlNUVEFXXG5JcTN2RTFkZmd3S0JnUUN5OHI2Mzl2WEkrV09FNUJNamx2c3A4TjcrWkZQeU1NRUI4eVViM3FqM3hDQUhiMTFrXG5OUERwblNhSlduYUxWdit5NUlmNXhNd3JKSDY1WlNzRG55U2IvVjgwTjFuWldUdGhLTE1VVFFaOFY0WXdxcjFrXG5vMDdVeWF6SlEyZmVTbTVqbGwzQjhrNjByRmY4aHRNVHZlWjJTUU5vbExMVVVxSXlEVitCMUhBMG9RS0JnQ2lzXG5SNENzL2xyTTFIdEdjTHBVNkUxMG9Nd3ZXUUJiVVMyWDJjbzZNZWdLdEFzQmpjZWlxQWhDUVA5VThrZ2JZUGxCXG5FRlFxTVdRWDhHMGgwVmZTZi9oZjFGdm9KVTYrZzhBTGE4clNkaVp6c2dqNC9QU2hIRzFmbm1qWHIxdWxtcFJtXG5QUUlNWmN6dDNYalVrN09IRkNaSXlFSFVaNFFDbU40djJYL2tWVCszQW9HQUhPd05jczQzbU53d1FDNkRmQ1J6XG4rUERZMDNrd1Fkc1dmbDl3d2NhNWlaSGlMZ3VvT2kzdEtwbVlmUmRjMVNRSjRlV1BCcHpaWjh6ckhiT1RHTUpMXG54TGdBbi9hODVsWmg2WGFmbWRkWWRnS0g5S1N0eVQ2WmVDLzJZOFV1Umo5ZkwwU0lzNEgzRVM5T3ZwUjBNQ2dUXG53TlN5SUFxY1VoSm0rZ1Mzd0lUYlVxVT1cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJ0ZXJyYWZvcm1AZmx1dGVkLWFnZW5jeS00Nzg3MTMtaDUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfaWQiOiAiMTEzNzk5NjYwMjg2Mjk5NTAxMTI2IiwKICAiYXV0aF91cmkiOiAiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGgiLAogICJ0b2tlbl91cmkiOiAiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLAogICJhdXRoX3Byb3ZpZGVyX3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3YxL2NlcnRzIiwKICAiY2xpZW50X3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS90ZXJyYWZvcm0lNDBmbHV0ZWQtYWdlbmN5LTQ3ODcxMy1oNS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgInVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo=", + "private_key_type": "TYPE_GOOGLE_CREDENTIALS_FILE", + "public_key": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvRENDQWVTZ0F3SUJBZ0lJY2Jrclc0WEtjYzh3RFFZSktvWklodmNOQVFFRkJRQXdJREVlTUJ3R0ExVUUKQXd3Vk1URXpOems1TmpZd01qZzJNams1TlRBeE1USTJNQ0FYRFRJMU1USXdOREE0TlRZd01Gb1lEems1T1RreApNak14TWpNMU9UVTVXakFnTVI0d0hBWURWUVFEREJVeE1UTTNPVGsyTmpBeU9EWXlPVGsxTURFeE1qWXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ1lPczh4eU5tNDJ2c2NYTm1jNnpiVkYwY3gKUFhnSWs2d0RBVU5iOUY4TjhDN1JaRW1zdkl6amo4a0xZd09Qa3F6Z21Tak44cUhUeFZsVW5tckdhanUrcTVqdgpEdGc2eDNJZDZvTDhCclhMVVVabXZOUWJiaEhzZzVmUEZEa2xicDdSd0pZWEUyb0NlTnZ4T1BQVFhubEJwMTdRCmxIOXNKYU1RRUFCVVF4QkwwYTNMR2JjdXZYeUZSTmNUSXM3cHBWaDdTajdwL1pQbGR6WUt5R3p4OXRnV0ZleG0KT2YvbUUraTVBcWEvS1lzQjZxeGFqdjZvTHVHbXRhdS9aSGhZOUlxUTUwS3J6ckx4MlJmTERKdTd0VDNiTlU2OQozbWljRnlNdUlSb1ZERlFSQ1htaDMyaTFqZDh6THUwdFBrRnJXbTRBWnlTK3BNL3M1Ly9sbUJ3aGFBc1BBZ01CCkFBR2pPREEyTUF3R0ExVWRFd0VCL3dRQ01BQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU0KTUFvR0NDc0dBUVVGQndNQ01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ0xjaFNjOFp6dFdHWmVPVnlSTUJSKwphSjJ6dXFiaHZHSzJWRFBXODgweXNhNmhrNkttc09TVHl3UnhHSWZjMjB4UTE2Y2ZSSy9pRVhaSHhZN0IzU3hHClZvTFFIZTJUejVmZitpSzh6eHNCa2dRWDFBaVRweExBM0dUeFJLZHY3MW1GbytpQTNnQ283K2VmdlNob0ExRE8KRGpQYUZyOHA3Vk9aZW1BQ2pFMzRxc0piaU56YTM1Y2lycG9leHRNampPNjVyRm4wODVINTh2UGwrTjIrU0wxdQpEcFJPUmw5ZU1SS1hVUytqS3dXL3Y3R0l0bG13aUpmSnNiSUdDTEhTRDNhVUhLaWJtazQwSFh1SHl3eGtoUXdhCm1oU0lYQmI0M2FQOGlzQUVYMmdWdTV6TjJKWHYxQWthUWk1MDVVRStrRmNpNjNjRVF4V2xseE1vaVZieHBFWGUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "public_key_data": null, + "public_key_type": "TYPE_X509_PEM_FILE", + "service_account_id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "valid_after": "2025-12-04T08:56:00Z", + "valid_before": "9999-12-31T23:59:59Z" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "private_key" + } + ] + ], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.iam.google_service_account.terraform" + ] + } + ] + }, { "module": "module.network", "mode": "managed", diff --git a/terraform/environement/dev/terraform.tfstate.backup b/terraform/environement/dev/terraform.tfstate.backup index 717032e..8bf10f9 100644 --- a/terraform/environement/dev/terraform.tfstate.backup +++ b/terraform/environement/dev/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.1", - "serial": 33, + "serial": 39, "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7", "outputs": { "backend_instance_name": { @@ -117,7 +117,7 @@ "labels": {}, "provisioned_iops": 0, "provisioned_throughput": 0, - "resource_manager_tags": null, + "resource_manager_tags": {}, "size": 10, "storage_pool": "", "type": "pd-standard" @@ -142,7 +142,7 @@ "id": "projects/fluted-agency-478713-h5/zones/europe-west9-b/instances/backend-instance", "instance_id": "5962845577067397518", "label_fingerprint": "42WmSpB8rSM=", - "labels": null, + "labels": {}, "machine_type": "e2-medium", "metadata": { "enable-oslogin": "TRUE" @@ -173,7 +173,7 @@ "params": [], "project": "fluted-agency-478713-h5", "reservation_affinity": [], - "resource_policies": null, + "resource_policies": [], "scheduling": [ { "automatic_restart": true, @@ -264,7 +264,7 @@ "labels": {}, "provisioned_iops": 0, "provisioned_throughput": 0, - "resource_manager_tags": null, + "resource_manager_tags": {}, "size": 20, "storage_pool": "", "type": "pd-standard" @@ -289,7 +289,7 @@ "id": "projects/fluted-agency-478713-h5/zones/europe-west9-b/instances/database-instance", "instance_id": "3381403986872271246", "label_fingerprint": "42WmSpB8rSM=", - "labels": null, + "labels": {}, "machine_type": "e2-medium", "metadata": { "enable-oslogin": "TRUE" @@ -320,7 +320,7 @@ "params": [], "project": "fluted-agency-478713-h5", "reservation_affinity": [], - "resource_policies": null, + "resource_policies": [], "scheduling": [ { "automatic_restart": true, @@ -411,7 +411,7 @@ "labels": {}, "provisioned_iops": 0, "provisioned_throughput": 0, - "resource_manager_tags": null, + "resource_manager_tags": {}, "size": 10, "storage_pool": "", "type": "pd-standard" @@ -436,7 +436,7 @@ "id": "projects/fluted-agency-478713-h5/zones/europe-west9-b/instances/frontend-instance", "instance_id": "824861855395381646", "label_fingerprint": "42WmSpB8rSM=", - "labels": null, + "labels": {}, "machine_type": "e2-medium", "metadata": { "enable-oslogin": "TRUE" @@ -473,7 +473,7 @@ "params": [], "project": "fluted-agency-478713-h5", "reservation_affinity": [], - "resource_policies": null, + "resource_policies": [], "scheduling": [ { "automatic_restart": true, @@ -538,6 +538,120 @@ } ] }, + { + "module": "module.iam", + "mode": "data", + "type": "google_client_openid_userinfo", + "name": "me", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "email": "clement.jannaire@gmail.com", + "id": "clement.jannaire@gmail.com" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_project_iam_binding", + "name": "terraform_viewer", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "condition": [], + "etag": "BwZFHH+2K0U=", + "id": "fluted-agency-478713-h5/roles/viewer", + "members": [ + "serviceAccount:terraform@fluted-agency-478713-h5.iam.gserviceaccount.com" + ], + "project": "fluted-agency-478713-h5", + "role": "roles/viewer" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.iam.google_service_account.terraform" + ] + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_service_account", + "name": "terraform", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "terraform", + "create_ignore_already_exists": null, + "description": "", + "disabled": false, + "display_name": "Terraform Service Account", + "email": "terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "member": "serviceAccount:terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "name": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "project": "fluted-agency-478713-h5", + "timeouts": null, + "unique_id": "113799660286299501126" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_service_account_key", + "name": "terraform", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com/keys/3f90f00d6a96040007c614f42b0365ad3912e195", + "keepers": null, + "key_algorithm": "KEY_ALG_RSA_2048", + "name": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com/keys/3f90f00d6a96040007c614f42b0365ad3912e195", + "private_key": "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiZmx1dGVkLWFnZW5jeS00Nzg3MTMtaDUiLAogICJwcml2YXRlX2tleV9pZCI6ICIzZjkwZjAwZDZhOTYwNDAwMDdjNjE0ZjQyYjAzNjVhZDM5MTJlMTk1IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5NSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNZT3M4eHlObTQydnNjXG5YTm1jNnpiVkYwY3hQWGdJazZ3REFVTmI5RjhOOEM3UlpFbXN2SXpqajhrTFl3T1BrcXpnbVNqTjhxSFR4VmxVXG5ubXJHYWp1K3E1anZEdGc2eDNJZDZvTDhCclhMVVVabXZOUWJiaEhzZzVmUEZEa2xicDdSd0pZWEUyb0NlTnZ4XG5PUFBUWG5sQnAxN1FsSDlzSmFNUUVBQlVReEJMMGEzTEdiY3V2WHlGUk5jVElzN3BwVmg3U2o3cC9aUGxkellLXG55R3p4OXRnV0ZleG1PZi9tRStpNUFxYS9LWXNCNnF4YWp2Nm9MdUdtdGF1L1pIaFk5SXFRNTBLcnpyTHgyUmZMXG5ESnU3dFQzYk5VNjkzbWljRnlNdUlSb1ZERlFSQ1htaDMyaTFqZDh6THUwdFBrRnJXbTRBWnlTK3BNL3M1Ly9sXG5tQndoYUFzUEFnTUJBQUVDZ2dFQUJJUDZFV2Y3elZmeGl1M1dKcWx6ZnU2cDFmUVUwMnhOOWVqYnJxYVpDempNXG5xcmxtMWhEaHZQNU80RitYZzNLK1hnc3RBcTduemZoVXBnWHM5T1hCeis0WEkwQTFlY2pnd2JKcklENnl0YzA3XG5ZV0RJaWVmQjhGb1c3cldTM0dGanBLVXB6cFZzMTVYdU1FR1lPZlRiYys4YkNPVGV3cjU3RDhicHU1WWhyWjRHXG42Yjh2NDVIb0pPa25WdkE4d0ZpSHZFZnUzNk9DQnhLeEVUd3BqVWRaQU1BZzF5NkdwSDRhZXNYck5QS1hQQnpSXG5QWUF4dmpGQ2Qyb0dWMkpqTndSTlJZUGN0UmpXZi90M2tmbUZYQlFVN2F0cUVJbDN3dER4RlBneWIzcTM0enBrXG5rcHZpSHlZd3Y5aldOUVp3emR3OHZRZWpMVWhxQTZwOGExbG5PNWhrd1FLQmdRRE1YM0RjcURyUTJjTFNHZ1NIXG44MG44L0FISCs0TjVIWFZBY0JpZkRIb29ZeTRPSVZyOCtoQU54SGlFTXEyd3dqTVVlQWxGaTFKNldLQUZsYnlXXG5GV0VFaXBpZGEyRjRpV3pkQWNTSE1SNzhCNVBUaVFDL0o4OGtRejd1K2gzRncrSmVkSkZLKzlQR3Uyei8wUFdwXG5XYnVqUnRDMytyS08vdjU4ZTVCSjVRY2toUUtCZ1FDK3IxVnBjQ2FHOUFkQkFxZk1yZ1lEYkYwZWZuNFpZMDNLXG44bjNzUWhPUUZMdHBhKzhaczQzL3RsU3NMZldCN1FLOWdXbGcxTlBqaDI5OThibHpkalV5anh6V284ZGE5VlVjXG5rbHNoZjl5MWV4ZUNENGM4WVRuSmR0U05INFZLR0MxMEVNejNabldocmxTZW9UUFBWbnk4M05TTjFGUlNUVEFXXG5JcTN2RTFkZmd3S0JnUUN5OHI2Mzl2WEkrV09FNUJNamx2c3A4TjcrWkZQeU1NRUI4eVViM3FqM3hDQUhiMTFrXG5OUERwblNhSlduYUxWdit5NUlmNXhNd3JKSDY1WlNzRG55U2IvVjgwTjFuWldUdGhLTE1VVFFaOFY0WXdxcjFrXG5vMDdVeWF6SlEyZmVTbTVqbGwzQjhrNjByRmY4aHRNVHZlWjJTUU5vbExMVVVxSXlEVitCMUhBMG9RS0JnQ2lzXG5SNENzL2xyTTFIdEdjTHBVNkUxMG9Nd3ZXUUJiVVMyWDJjbzZNZWdLdEFzQmpjZWlxQWhDUVA5VThrZ2JZUGxCXG5FRlFxTVdRWDhHMGgwVmZTZi9oZjFGdm9KVTYrZzhBTGE4clNkaVp6c2dqNC9QU2hIRzFmbm1qWHIxdWxtcFJtXG5QUUlNWmN6dDNYalVrN09IRkNaSXlFSFVaNFFDbU40djJYL2tWVCszQW9HQUhPd05jczQzbU53d1FDNkRmQ1J6XG4rUERZMDNrd1Fkc1dmbDl3d2NhNWlaSGlMZ3VvT2kzdEtwbVlmUmRjMVNRSjRlV1BCcHpaWjh6ckhiT1RHTUpMXG54TGdBbi9hODVsWmg2WGFmbWRkWWRnS0g5S1N0eVQ2WmVDLzJZOFV1Umo5ZkwwU0lzNEgzRVM5T3ZwUjBNQ2dUXG53TlN5SUFxY1VoSm0rZ1Mzd0lUYlVxVT1cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJ0ZXJyYWZvcm1AZmx1dGVkLWFnZW5jeS00Nzg3MTMtaDUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfaWQiOiAiMTEzNzk5NjYwMjg2Mjk5NTAxMTI2IiwKICAiYXV0aF91cmkiOiAiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGgiLAogICJ0b2tlbl91cmkiOiAiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLAogICJhdXRoX3Byb3ZpZGVyX3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3YxL2NlcnRzIiwKICAiY2xpZW50X3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS90ZXJyYWZvcm0lNDBmbHV0ZWQtYWdlbmN5LTQ3ODcxMy1oNS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgInVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo=", + "private_key_type": "TYPE_GOOGLE_CREDENTIALS_FILE", + "public_key": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvRENDQWVTZ0F3SUJBZ0lJY2Jrclc0WEtjYzh3RFFZSktvWklodmNOQVFFRkJRQXdJREVlTUJ3R0ExVUUKQXd3Vk1URXpOems1TmpZd01qZzJNams1TlRBeE1USTJNQ0FYRFRJMU1USXdOREE0TlRZd01Gb1lEems1T1RreApNak14TWpNMU9UVTVXakFnTVI0d0hBWURWUVFEREJVeE1UTTNPVGsyTmpBeU9EWXlPVGsxTURFeE1qWXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ1lPczh4eU5tNDJ2c2NYTm1jNnpiVkYwY3gKUFhnSWs2d0RBVU5iOUY4TjhDN1JaRW1zdkl6amo4a0xZd09Qa3F6Z21Tak44cUhUeFZsVW5tckdhanUrcTVqdgpEdGc2eDNJZDZvTDhCclhMVVVabXZOUWJiaEhzZzVmUEZEa2xicDdSd0pZWEUyb0NlTnZ4T1BQVFhubEJwMTdRCmxIOXNKYU1RRUFCVVF4QkwwYTNMR2JjdXZYeUZSTmNUSXM3cHBWaDdTajdwL1pQbGR6WUt5R3p4OXRnV0ZleG0KT2YvbUUraTVBcWEvS1lzQjZxeGFqdjZvTHVHbXRhdS9aSGhZOUlxUTUwS3J6ckx4MlJmTERKdTd0VDNiTlU2OQozbWljRnlNdUlSb1ZERlFSQ1htaDMyaTFqZDh6THUwdFBrRnJXbTRBWnlTK3BNL3M1Ly9sbUJ3aGFBc1BBZ01CCkFBR2pPREEyTUF3R0ExVWRFd0VCL3dRQ01BQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU0KTUFvR0NDc0dBUVVGQndNQ01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ0xjaFNjOFp6dFdHWmVPVnlSTUJSKwphSjJ6dXFiaHZHSzJWRFBXODgweXNhNmhrNkttc09TVHl3UnhHSWZjMjB4UTE2Y2ZSSy9pRVhaSHhZN0IzU3hHClZvTFFIZTJUejVmZitpSzh6eHNCa2dRWDFBaVRweExBM0dUeFJLZHY3MW1GbytpQTNnQ283K2VmdlNob0ExRE8KRGpQYUZyOHA3Vk9aZW1BQ2pFMzRxc0piaU56YTM1Y2lycG9leHRNampPNjVyRm4wODVINTh2UGwrTjIrU0wxdQpEcFJPUmw5ZU1SS1hVUytqS3dXL3Y3R0l0bG13aUpmSnNiSUdDTEhTRDNhVUhLaWJtazQwSFh1SHl3eGtoUXdhCm1oU0lYQmI0M2FQOGlzQUVYMmdWdTV6TjJKWHYxQWthUWk1MDVVRStrRmNpNjNjRVF4V2xseE1vaVZieHBFWGUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "public_key_data": null, + "public_key_type": "TYPE_X509_PEM_FILE", + "service_account_id": "projects/fluted-agency-478713-h5/serviceAccounts/terraform@fluted-agency-478713-h5.iam.gserviceaccount.com", + "valid_after": "2025-12-04T08:56:00Z", + "valid_before": "9999-12-31T23:59:59Z" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "private_key" + } + ] + ], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.iam.google_service_account.terraform" + ] + } + ] + }, { "module": "module.network", "mode": "managed", diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf index d7c5f61..380bf56 100644 --- a/terraform/modules/iam/main.tf +++ b/terraform/modules/iam/main.tf @@ -1,48 +1,38 @@ - resource "google_service_account" "terraform" { project = var.project_id - account_id = "terraform-sa" + account_id = "terraform" display_name = "Terraform Service Account" } + resource "google_service_account_key" "terraform" { service_account_id = google_service_account.terraform.name + + # Consigne : type de clé publique + public_key_type = "TYPE_X509_PEM_FILE" } +resource "google_project_iam_binding" "terraform_viewer" { + project = var.project_id + role = "roles/viewer" -locals { - terraform_roles = [ - "roles/compute.admin", - "roles/compute.networkAdmin", - "roles/iam.serviceAccountUser", + members = [ + "serviceAccount:${google_service_account.terraform.email}", ] } -resource "google_project_iam_member" "terraform_roles" { - for_each = toset(local.terraform_roles) - project = var.project_id - role = each.value - member = "serviceAccount:${google_service_account.terraform.email}" -} - - - - -resource "google_compute_project_metadata_item" "enable_oslogin" { - project = var.project_id - key = "enable-oslogin" - value = "TRUE" -} - - -resource "google_compute_project_metadata_item" "ssh_keys" { - project = var.project_id - key = "ssh-keys" - value = "student:${chomp(file("~/.ssh/id_ed25519.pub"))}" +data "google_client_openid_userinfo" "me" {} + + + +resource "google_os_login_ssh_public_key" "me" { + project = var.project_id + user = data.google_client_openid_userinfo.me.email + key = file("~/.ssh/id_ed25519.pub") } diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf index 7b8b490..85dc801 100644 --- a/terraform/modules/iam/outputs.tf +++ b/terraform/modules/iam/outputs.tf @@ -1,12 +1,14 @@ + +# A - Email du Service Account output "service_account_email" { description = "Email du compte de service Terraform" value = google_service_account.terraform.email } - +# B - Clé privée du Service Account output "service_account_key" { - description = "Clé du compte de service Terraform" + description = "Clé privée du compte de service Terraform (JSON encodé)" value = google_service_account_key.terraform.private_key sensitive = true } diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf index 2479e97..ad3f444 100644 --- a/terraform/modules/iam/variables.tf +++ b/terraform/modules/iam/variables.tf @@ -3,3 +3,4 @@ variable "project_id" { type = string } +