From 3d47fdf0e51d295a5394a56d23b9e41ad4749de1 Mon Sep 17 00:00:00 2001 From: Vallat Date: Fri, 6 Dec 2024 16:31:12 +0100 Subject: [PATCH] IAM --- terraform/environments/dev/main.tf | 63 ++++++++++++++++++++ terraform/environments/dev/outputs.tf | 0 terraform/environments/dev/variables.tf | 54 +++++++++++++++++ terraform/modules/compute/main.tf | 73 +++++++++++++++++++++++ terraform/modules/compute/outputs.tf | 18 ++++++ terraform/modules/compute/variables.tf | 25 ++++++++ terraform/modules/iam/main.tf | 24 ++++++++ terraform/modules/iam/outputs.tf | 10 ++++ terraform/modules/iam/variables.tf | 5 ++ terraform/modules/network/main.tf | 78 +++++++++++++++++++++++++ terraform/modules/network/outputs.tf | 11 ++++ terraform/modules/network/variables.tf | 30 ++++++++++ 12 files changed, 391 insertions(+) create mode 100644 terraform/environments/dev/main.tf create mode 100644 terraform/environments/dev/outputs.tf create mode 100644 terraform/environments/dev/variables.tf create mode 100644 terraform/modules/compute/main.tf create mode 100644 terraform/modules/compute/outputs.tf create mode 100644 terraform/modules/compute/variables.tf create mode 100644 terraform/modules/iam/main.tf create mode 100644 terraform/modules/iam/outputs.tf create mode 100644 terraform/modules/iam/variables.tf create mode 100644 terraform/modules/network/main.tf create mode 100644 terraform/modules/network/outputs.tf create mode 100644 terraform/modules/network/variables.tf diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf new file mode 100644 index 0000000..fcdf92e --- /dev/null +++ b/terraform/environments/dev/main.tf @@ -0,0 +1,63 @@ +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> 6.0" + } + } +} + +provider "google" { + project = var.project_id + region = var.region +} + +module "network" { + source = "../../modules/network" + + # Variables d'entrée + project_name = var.project_name + region = var.region + + # Autres variables spécifiques au module + backend_cidr = var.backend_cidr + frontend_cidr = var.frontend_cidr + database_cidr = var.database_cidr + ssh_source_ranges = var.ssh_source_ranges +} + +module "compute" { + source = "../../modules/compute" + + # Variables d'entrée + sub1 = module.network.subnet["frontend"] + sub2 = module.network.subnet["backend"] + sub3 = module.network.subnet["database"] + + # Autres variables spécifiques au module + zone = var.zone + instance_type = var.instance_type +} + + +module "iam" { + source = "../../modules/iam" + project_id = var.project_id +} + +data "google_client_openid_userinfo" "me" { +} + +resource "local_file" "ansible_config" { + content = templatefile("${path.module}/../../templates/ansible.cfg.tpl", + { + remote_user = data.google_client_openid_userinfo.me.email + } + ) + filename = "../../../ansible/ansible.cfg" +} + +resource "local_file" "service_account" { + content = base64decode(module.iam.service_account_key) + filename = "../../../ansible/service_account.json" +} diff --git a/terraform/environments/dev/outputs.tf b/terraform/environments/dev/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/environments/dev/variables.tf b/terraform/environments/dev/variables.tf new file mode 100644 index 0000000..d860eef --- /dev/null +++ b/terraform/environments/dev/variables.tf @@ -0,0 +1,54 @@ +variable "project_id" { + description = "ID du projet GCP" + type = string + default = "secret-proton-443214-n6" +} + +variable "project_name" { + description = "nom_du_projet" + type = string + default = "terraforming" +} + +variable "region" { + description = "emplacement" + type = string + default = "europe-west4" +} + +variable "frontend_cidr" { + description = "addr_front" + type = string + default = "10.0.1.0/24" +} + +variable "backend_cidr" { + description = "addr_back" + type = string + default = "10.0.2.0/24" +} + +variable "database_cidr" { + description = "addr_bdd" + type = string + default = "10.0.3.0/24" +} + +variable "ssh_source_ranges" { + description = "addr_ssh" + type = string + default = "0.0.0.0/0" +} + +variable "instance_type" { + description = "type d'instance" + type = string + default = "e2-micro" +} + +variable "zone" { + description = "zone" + type = string + default = "europe-west4-a" +} + diff --git a/terraform/modules/compute/main.tf b/terraform/modules/compute/main.tf new file mode 100644 index 0000000..2fc3959 --- /dev/null +++ b/terraform/modules/compute/main.tf @@ -0,0 +1,73 @@ +resource "google_compute_instance" "vm-front" { + name = "vm-front" + machine_type = var.instance_type + zone = var.zone + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 10 + } + } + network_interface { + subnetwork = var.sub1 + access_config {} # IP publique + } + + tags = ["web", "ssh"] + + metadata = { + enable-oslogin = "TRUE" + } +} + + +resource "google_compute_instance" "vm-back" { + name = "vm-back" + machine_type = var.instance_type + zone = var.zone + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 10 + } + } + + network_interface { + subnetwork = var.sub2 + access_config {} # IP publique + } + + tags = ["backend", "ssh"] + + metadata = { + enable-oslogin = "TRUE" + } +} + +resource "google_compute_instance" "vm-database" { + name = "vm-database" + machine_type = var.instance_type + zone = var.zone + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 20 + } + } + + network_interface { + subnetwork = var.sub3 + access_config {} # IP publique + } + + tags = ["database", "ssh"] + + metadata = { + enable-oslogin = "TRUE" + } +} + + diff --git a/terraform/modules/compute/outputs.tf b/terraform/modules/compute/outputs.tf new file mode 100644 index 0000000..756f171 --- /dev/null +++ b/terraform/modules/compute/outputs.tf @@ -0,0 +1,18 @@ +output "Intern"{ + value = { + ip_front = google_compute_instance.vm-front.network_interface[0].network_ip, + ip_back = google_compute_instance.vm-back.network_interface[0].network_ip, + ip_db = google_compute_instance.vm-database.network_interface[0].network_ip + } +} + +output "frontend_public_ip" { + value = google_compute_instance.vm-front.network_interface[0].access_config[0].nat_ip +} +output "name"{ + value = { + name_frontend = google_compute_instance.vm-front.name + name_backend = google_compute_instance.vm-back.name + name_database = google_compute_instance.vm-database.name + } +} \ No newline at end of file diff --git a/terraform/modules/compute/variables.tf b/terraform/modules/compute/variables.tf new file mode 100644 index 0000000..6a094ee --- /dev/null +++ b/terraform/modules/compute/variables.tf @@ -0,0 +1,25 @@ +variable "instance_type" { + description = "type d'instance" + type = string +} + +variable "zone" { + description = "zone" + type = string +} + +variable "sub1"{ + description = "subnet1 frontend" + type = string +} + +variable "sub2"{ + description = "subnet2 backend" + type = string +} + +variable "sub3"{ + description = "subnet3 database" + type = string +} + diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf new file mode 100644 index 0000000..993825e --- /dev/null +++ b/terraform/modules/iam/main.tf @@ -0,0 +1,24 @@ +resource "google_service_account" "service_account" { + account_id = "terraform" + display_name = "terraform" +} + +resource "google_service_account_key" "service_account" { + service_account_id = google_service_account.service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + +resource "google_project_iam_binding" "service_account_roles" { + project = var.project_id + role = "roles/viewer" + members = ["serviceAccount:${google_service_account.service_account.email}"] +} + +data "google_client_openid_userinfo" "me" { +} + +resource "google_os_login_ssh_public_key" "add_my_key" { + project = var.project_id + user = data.google_client_openid_userinfo.me.email + key = file("~/.ssh/id_ed25519.pub") +} diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf new file mode 100644 index 0000000..121bb03 --- /dev/null +++ b/terraform/modules/iam/outputs.tf @@ -0,0 +1,10 @@ +output "service_account_email" { + description = "Email du compte de service" + value = google_service_account.service_account.email +} + +output "service_account_key" { + description = "Clé du compte de service" + value = google_service_account_key.service_account.private_key + sensitive = true +} \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf new file mode 100644 index 0000000..c76c7b1 --- /dev/null +++ b/terraform/modules/iam/variables.tf @@ -0,0 +1,5 @@ +# modules/iam/variables.tf +variable "project_id" { + description = "ID du projet GCP" + type = string +} \ No newline at end of file diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf new file mode 100644 index 0000000..1906c9c --- /dev/null +++ b/terraform/modules/network/main.tf @@ -0,0 +1,78 @@ +resource "google_compute_network" "vpc" { + name = "net1" + auto_create_subnetworks = false +} + +# Sous-réseau +resource "google_compute_subnetwork" "subnet1" { + name = "frontend" + network = google_compute_network.vpc.id + ip_cidr_range = var.frontend_cidr + region = var.region +} + +resource "google_compute_subnetwork" "subnet2" { + name = "backend" + network = google_compute_network.vpc.id + ip_cidr_range = var.backend_cidr + region = var.region +} + +resource "google_compute_subnetwork" "subnet3" { + name = "database" + network = google_compute_network.vpc.id + ip_cidr_range = var.database_cidr + region = var.region +} + +resource "google_compute_firewall" "allow_http" { + name = "rule-http" + network = google_compute_network.vpc.id + + allow { + protocol = "tcp" + ports = ["80", "443"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["web"] +} + +resource "google_compute_firewall" "allow_ssh" { + name = "allow-ssh" + network = google_compute_network.vpc.id + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = [var.ssh_source_ranges] + target_tags = ["ssh"] +} + +resource "google_compute_firewall" "front_to_back" { + name = "front-to-back" + network = google_compute_network.vpc.id + + allow { + protocol = "tcp" + ports = ["8000"] + } + + source_tags = ["web"] + target_tags = ["backend"] +} + +resource "google_compute_firewall" "back_to_bdd" { + name = "back-to-bdd" + network = google_compute_network.vpc.id + + allow { + protocol = "tcp" + ports = ["8000"] + } + + source_tags = ["backend"] + target_tags = ["database"] +} \ No newline at end of file diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf new file mode 100644 index 0000000..5024333 --- /dev/null +++ b/terraform/modules/network/outputs.tf @@ -0,0 +1,11 @@ +output "vpc"{ + value = google_compute_network.vpc.id +} + +output "subnet" { + value = { + frontend = google_compute_subnetwork.subnet1.id, + backend = google_compute_subnetwork.subnet2.id, + database = google_compute_subnetwork.subnet3.id + } +} \ No newline at end of file diff --git a/terraform/modules/network/variables.tf b/terraform/modules/network/variables.tf new file mode 100644 index 0000000..4a1a208 --- /dev/null +++ b/terraform/modules/network/variables.tf @@ -0,0 +1,30 @@ +variable "project_name" { + description = "nom_du_projet" + type = string +} + +variable "region" { + description = "emplacement" + type = string +} + +variable "frontend_cidr" { + description = "addr_front" + type = string +} + +variable "backend_cidr" { + description = "addr_back" + type = string +} + +variable "database_cidr" { + description = "addr_bdd" + type = string +} + +variable "ssh_source_ranges" { + description = "addr_ssh" + type = string +} +