diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf index 000c973..aefd6d6 100644 --- a/terraform/environments/dev/main.tf +++ b/terraform/environments/dev/main.tf @@ -34,4 +34,9 @@ module "compute" { frontend_subnet_id = module.network.subnets.frontend backend_subnet_id = module.network.subnets.backend database_subnet_id = module.network.subnets.database +} + +module "iam" { + source ="../../modules/iam" + project_id = var.peoject_id } \ No newline at end of file diff --git a/terraform/environments/dev/outputs.tf b/terraform/environments/dev/outputs.tf index e69de29..28112d1 100644 --- a/terraform/environments/dev/outputs.tf +++ b/terraform/environments/dev/outputs.tf @@ -0,0 +1,28 @@ +output "ip_internes" { + value = module.compute.ip_internes +} + +output "ip_public_frontend" { + value = module.compute.ip_public_frontend +} + +output "nom_instances" { + value = module.compute.nom_instances +} + +output "service_account_email" { + value = module.iam.service_account_email +} + +output "service_account_key" { + sensitive = true + value = module.iam.service_account_key +} + +output "vpc" { + value = module.network.vpc +} + +output "subnets" { + value = module.network.subnets +} \ No newline at end of file diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf index 2006c04..87611c6 100644 --- a/terraform/modules/iam/main.tf +++ b/terraform/modules/iam/main.tf @@ -1,26 +1,27 @@ -# SERVICE ACCOUNT - -resource "google_service_account" "sa" { - account_id = var.service_account_id - display_name = var.service_account_display_name +resource "google_service_account" "service_account" { + account_id = "terraform" + display_name = "terraform" } - -# CUSTOM ROLE (optionnel) - -resource "google_project_iam_custom_role" "custom_role" { - role_id = var.custom_role_id - title = var.custom_role_title - description = var.custom_role_description - permissions = var.custom_role_permissions - project = var.project_id +resource "google_service_account_key" "mykey" { + service_account_id = google_service_account.service_account.name + public_key_type = "TYPE_X509_PEM_FILE" } - -# IAM BINDING : attache le rôle custom au service account - -resource "google_project_iam_member" "sa_role_binding" { +resource "google_project_iam_binding" "custom_service_account" { project = var.project_id - role = google_project_iam_custom_role.custom_role.name - member = "serviceAccount:${google_service_account.sa.email}" + role = "roles/viewer" + + members = [ + "serviceAccount:${google_service_account.service_account.email}", + ] } + +data "google_client_openid_userinfo" "me" { +} + +resource "google_os_login_ssh_public_key" "cache" { + user = data.google_client_openid_userinfo.me.email + project = var.project_id + key = file("~/.ssh/id_ed25519.pub") +} \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf index a0a5e4a..0a61850 100644 --- a/terraform/modules/iam/variables.tf +++ b/terraform/modules/iam/variables.tf @@ -2,33 +2,3 @@ variable "project_id" { description = "ID du projet GCP" type = string } - -variable "service_account_id" { - description = "Identifiant du service account (ex: my-sa)" - type = string -} - -variable "service_account_display_name" { - description = "Nom affiché du service account" - type = string -} - -variable "custom_role_id" { - description = "ID du rôle personnalisé" - type = string -} - -variable "custom_role_title" { - description = "Titre du rôle personnalisé" - type = string -} - -variable "custom_role_description" { - description = "Description du rôle personnalisé" - type = string -} - -variable "custom_role_permissions" { - description = "Permissions du rôle personnalisé" - type = list(string) -}