resource "google_service_account" "terraform_sa" {
  account_id   = "${var.projet_main}-tf-sa"
  project      = var.projet_main
  display_name = "Terraform service account for ${var.project}"
}

resource "google_project_iam_member" "sa_compute_admin" {
  project = var.projet_main
  role    = "roles/compute.instanceAdmin.v1"
  member  = "serviceAccount:${google_service_account.terraform_sa.email}"
}

resource "google_project_iam_member" "sa_os_login" {
  project = var.projet_main
  role    = "roles/compute.osLogin"
  member  = "serviceAccount:${google_service_account.terraform_sa.email}"
}

resource "google_service_account_key" "terraform_sa_key" {
  service_account_id = google_service_account.terraform_sa.name
}

resource "google_project_metadata" "oslogin" {
  project = var.projet_main
  metadata = {
    enable-oslogin = "TRUE"
  }
}