diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf index e69de29..cf259d9 100644 --- a/terraform/modules/iam/main.tf +++ b/terraform/modules/iam/main.tf @@ -0,0 +1,36 @@ +# À vous de créer : +# 1. Un compte de service pour Terraform +# 2. Une clé pour ce compte de service +# 3. Les rôles IAM nécessaires +# 4. La configuration OS Login avec votre clé SSH + + + + +resource "google_service_account" "my_account" { + display_name = "terraform" + account_id = "terraform" + +} + +resource "google_service_account_key" "key" { + service_account_id = google_service_account.my_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + +resource "google_project_iam_binding" "project_iam" { + project = var.project_id + role = "project_iam" + + members = [ + "serviceAccount: ${google_service_account.custom_service_account.email} " + ] +} + + +data "google_client_openid_userinfo""me"{} + +resource "google_os_login_ssh_public_key" "cache" { + user = data.google_client_openid_userinfo.me.email + key = file("~/.ssh/id_ed25519") +} diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf index e69de29..d7a4c38 100644 --- a/terraform/modules/iam/outputs.tf +++ b/terraform/modules/iam/outputs.tf @@ -0,0 +1,13 @@ +# À vous d'exposer : +# 1. L'email du compte de service +# 2. La clé du compte de service (sensitive = true) + + +output "service_account_email"{ + value = google_service_account.my_account.email +} + + +output "service_account_key" { + value = google_service_account_key.private_key + } \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf index 601138e..72aad0a 100644 --- a/terraform/modules/iam/variables.tf +++ b/terraform/modules/iam/variables.tf @@ -1,5 +1,7 @@ -variable "project_name" { +# À vous de définir : +# - project_id (string) + +variable "project_id" { description = "Nom du projet cidr" type = string - default = "mon-projet" } \ No newline at end of file