IAM
This commit is contained in:
		
							
								
								
									
										63
									
								
								terraform/environments/dev/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										63
									
								
								terraform/environments/dev/main.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,63 @@ | ||||
| terraform { | ||||
|   required_providers { | ||||
|     google = { | ||||
|       source  = "hashicorp/google" | ||||
|       version = "~> 6.0" | ||||
|     } | ||||
|   } | ||||
| } | ||||
|  | ||||
| provider "google" { | ||||
|   project = var.project_id | ||||
|   region  = var.region | ||||
| } | ||||
|  | ||||
| module "network" { | ||||
|   source = "../../modules/network" | ||||
|    | ||||
|   # Variables d'entrée | ||||
|   project_name = var.project_name | ||||
|   region      = var.region | ||||
|    | ||||
|   # Autres variables spécifiques au module | ||||
|   backend_cidr = var.backend_cidr | ||||
|   frontend_cidr = var.frontend_cidr | ||||
|   database_cidr = var.database_cidr | ||||
|   ssh_source_ranges = var.ssh_source_ranges | ||||
| } | ||||
|  | ||||
| module "compute" { | ||||
|   source = "../../modules/compute" | ||||
|    | ||||
|   # Variables d'entrée | ||||
|   sub1 = module.network.subnet["frontend"] | ||||
|   sub2 = module.network.subnet["backend"] | ||||
|   sub3 = module.network.subnet["database"] | ||||
|  | ||||
|   # Autres variables spécifiques au module | ||||
|   zone = var.zone | ||||
|   instance_type = var.instance_type | ||||
| } | ||||
|  | ||||
|  | ||||
| module "iam" { | ||||
|   source     = "../../modules/iam" | ||||
|   project_id = var.project_id | ||||
| } | ||||
|  | ||||
| data "google_client_openid_userinfo" "me" { | ||||
| } | ||||
|  | ||||
| resource "local_file" "ansible_config" { | ||||
|   content = templatefile("${path.module}/../../templates/ansible.cfg.tpl", | ||||
|     { | ||||
|       remote_user = data.google_client_openid_userinfo.me.email | ||||
|     } | ||||
|   ) | ||||
|   filename = "../../../ansible/ansible.cfg" | ||||
| } | ||||
|  | ||||
| resource "local_file" "service_account" { | ||||
|   content  = base64decode(module.iam.service_account_key) | ||||
|   filename = "../../../ansible/service_account.json" | ||||
| } | ||||
							
								
								
									
										0
									
								
								terraform/environments/dev/outputs.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								terraform/environments/dev/outputs.tf
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										54
									
								
								terraform/environments/dev/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										54
									
								
								terraform/environments/dev/variables.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,54 @@ | ||||
| variable "project_id" { | ||||
|   description = "ID du projet GCP" | ||||
|   type        = string | ||||
|   default     = "secret-proton-443214-n6" | ||||
| } | ||||
|  | ||||
| variable "project_name" { | ||||
|   description = "nom_du_projet" | ||||
|   type        = string | ||||
|   default     = "terraforming" | ||||
| } | ||||
|  | ||||
| variable "region" { | ||||
|   description = "emplacement" | ||||
|   type        = string | ||||
|   default     = "europe-west4" | ||||
| } | ||||
|  | ||||
| variable "frontend_cidr" { | ||||
|   description = "addr_front" | ||||
|   type        = string | ||||
|   default     = "10.0.1.0/24" | ||||
| } | ||||
|  | ||||
| variable "backend_cidr" { | ||||
|   description = "addr_back" | ||||
|   type        = string | ||||
|   default     = "10.0.2.0/24" | ||||
| } | ||||
|  | ||||
| variable "database_cidr" { | ||||
|   description = "addr_bdd" | ||||
|   type        = string | ||||
|   default     = "10.0.3.0/24" | ||||
| } | ||||
|  | ||||
| variable "ssh_source_ranges" { | ||||
|   description = "addr_ssh" | ||||
|   type        = string | ||||
|   default     = "0.0.0.0/0" | ||||
| } | ||||
|  | ||||
| variable "instance_type" { | ||||
|   description = "type d'instance" | ||||
|   type        = string | ||||
|   default     = "e2-micro" | ||||
| } | ||||
|  | ||||
| variable "zone" { | ||||
|   description = "zone" | ||||
|   type        = string | ||||
|   default     = "europe-west4-a" | ||||
| } | ||||
|  | ||||
							
								
								
									
										73
									
								
								terraform/modules/compute/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								terraform/modules/compute/main.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | ||||
| resource "google_compute_instance" "vm-front" { | ||||
|   name         = "vm-front" | ||||
|   machine_type = var.instance_type | ||||
|   zone         = var.zone | ||||
|  | ||||
|   boot_disk { | ||||
|     initialize_params { | ||||
|       image = "debian-cloud/debian-11" | ||||
|       size  = 10 | ||||
|     } | ||||
|   } | ||||
|   network_interface { | ||||
|     subnetwork = var.sub1 | ||||
|     access_config {} # IP publique | ||||
|   } | ||||
|  | ||||
|   tags = ["web", "ssh"] | ||||
|  | ||||
|   metadata = { | ||||
|     enable-oslogin = "TRUE" | ||||
|   } | ||||
| } | ||||
|  | ||||
|  | ||||
| resource "google_compute_instance" "vm-back" { | ||||
|   name         = "vm-back" | ||||
|   machine_type = var.instance_type | ||||
|   zone         = var.zone | ||||
|  | ||||
|   boot_disk { | ||||
|     initialize_params { | ||||
|       image = "debian-cloud/debian-11" | ||||
|       size  = 10 | ||||
|     } | ||||
|   } | ||||
|  | ||||
|   network_interface { | ||||
|     subnetwork = var.sub2 | ||||
|     access_config {} # IP publique | ||||
|   } | ||||
|  | ||||
|   tags = ["backend", "ssh"] | ||||
|  | ||||
|   metadata = { | ||||
|     enable-oslogin = "TRUE" | ||||
|   } | ||||
| } | ||||
|  | ||||
| resource "google_compute_instance" "vm-database" { | ||||
|   name         = "vm-database" | ||||
|   machine_type = var.instance_type | ||||
|   zone         = var.zone | ||||
|  | ||||
|   boot_disk { | ||||
|     initialize_params { | ||||
|       image = "debian-cloud/debian-11" | ||||
|       size  = 20 | ||||
|     } | ||||
|   } | ||||
|  | ||||
|   network_interface { | ||||
|     subnetwork = var.sub3 | ||||
|     access_config {} # IP publique | ||||
|   } | ||||
|  | ||||
|   tags = ["database", "ssh"] | ||||
|  | ||||
|   metadata = { | ||||
|     enable-oslogin = "TRUE" | ||||
|   } | ||||
| } | ||||
|  | ||||
|  | ||||
							
								
								
									
										18
									
								
								terraform/modules/compute/outputs.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								terraform/modules/compute/outputs.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| output "Intern"{ | ||||
|     value = { | ||||
|         ip_front = google_compute_instance.vm-front.network_interface[0].network_ip, | ||||
|         ip_back = google_compute_instance.vm-back.network_interface[0].network_ip, | ||||
|         ip_db = google_compute_instance.vm-database.network_interface[0].network_ip | ||||
|     } | ||||
| } | ||||
|  | ||||
| output "frontend_public_ip" { | ||||
|     value = google_compute_instance.vm-front.network_interface[0].access_config[0].nat_ip  | ||||
| } | ||||
| output "name"{ | ||||
|     value = { | ||||
|         name_frontend = google_compute_instance.vm-front.name | ||||
|         name_backend  = google_compute_instance.vm-back.name | ||||
|         name_database = google_compute_instance.vm-database.name | ||||
|     } | ||||
| } | ||||
							
								
								
									
										25
									
								
								terraform/modules/compute/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								terraform/modules/compute/variables.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| variable "instance_type" { | ||||
|   description = "type d'instance" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "zone" { | ||||
|   description = "zone" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "sub1"{ | ||||
|   description = "subnet1 frontend" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "sub2"{ | ||||
|   description = "subnet2 backend" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "sub3"{ | ||||
|   description = "subnet3 database" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
							
								
								
									
										24
									
								
								terraform/modules/iam/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								terraform/modules/iam/main.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| resource "google_service_account" "service_account" { | ||||
|   account_id   = "terraform" | ||||
|   display_name = "terraform" | ||||
| } | ||||
|  | ||||
| resource "google_service_account_key" "service_account" { | ||||
|   service_account_id = google_service_account.service_account.name | ||||
|   public_key_type    = "TYPE_X509_PEM_FILE" | ||||
| } | ||||
|  | ||||
| resource "google_project_iam_binding" "service_account_roles" { | ||||
|   project = var.project_id | ||||
|   role    = "roles/viewer" | ||||
|   members = ["serviceAccount:${google_service_account.service_account.email}"] | ||||
| } | ||||
|  | ||||
| data "google_client_openid_userinfo" "me" { | ||||
| } | ||||
|  | ||||
| resource "google_os_login_ssh_public_key" "add_my_key" { | ||||
|   project = var.project_id | ||||
|   user    = data.google_client_openid_userinfo.me.email | ||||
|   key     = file("~/.ssh/id_ed25519.pub") | ||||
| } | ||||
							
								
								
									
										10
									
								
								terraform/modules/iam/outputs.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								terraform/modules/iam/outputs.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| output "service_account_email" { | ||||
|   description = "Email du compte de service" | ||||
|   value       = google_service_account.service_account.email | ||||
| } | ||||
|  | ||||
| output "service_account_key" { | ||||
|   description = "Clé du compte de service" | ||||
|   value       = google_service_account_key.service_account.private_key | ||||
|   sensitive   = true | ||||
| } | ||||
							
								
								
									
										5
									
								
								terraform/modules/iam/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								terraform/modules/iam/variables.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| # modules/iam/variables.tf | ||||
| variable "project_id" { | ||||
|   description = "ID du projet GCP" | ||||
|   type        = string | ||||
| } | ||||
							
								
								
									
										78
									
								
								terraform/modules/network/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										78
									
								
								terraform/modules/network/main.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,78 @@ | ||||
| resource "google_compute_network" "vpc" { | ||||
|   name                    = "net1" | ||||
|   auto_create_subnetworks = false | ||||
| } | ||||
|  | ||||
| # Sous-réseau | ||||
| resource "google_compute_subnetwork" "subnet1" { | ||||
|   name          = "frontend" | ||||
|   network       = google_compute_network.vpc.id | ||||
|   ip_cidr_range = var.frontend_cidr | ||||
|   region        = var.region | ||||
| } | ||||
|  | ||||
| resource "google_compute_subnetwork" "subnet2" { | ||||
|   name          = "backend" | ||||
|   network       = google_compute_network.vpc.id | ||||
|   ip_cidr_range = var.backend_cidr | ||||
|   region        = var.region | ||||
| } | ||||
|  | ||||
| resource "google_compute_subnetwork" "subnet3" { | ||||
|   name          = "database" | ||||
|   network       = google_compute_network.vpc.id | ||||
|   ip_cidr_range = var.database_cidr | ||||
|   region        = var.region | ||||
| } | ||||
|  | ||||
| resource "google_compute_firewall" "allow_http" { | ||||
|   name    = "rule-http" | ||||
|   network = google_compute_network.vpc.id | ||||
|  | ||||
|   allow { | ||||
|     protocol = "tcp" | ||||
|     ports    = ["80", "443"] | ||||
|   } | ||||
|  | ||||
|   source_ranges = ["0.0.0.0/0"] | ||||
|   target_tags   = ["web"] | ||||
| } | ||||
|  | ||||
| resource "google_compute_firewall" "allow_ssh" { | ||||
|   name    = "allow-ssh" | ||||
|   network = google_compute_network.vpc.id | ||||
|  | ||||
|   allow { | ||||
|     protocol = "tcp" | ||||
|     ports    = ["22"] | ||||
|   } | ||||
|  | ||||
|   source_ranges = [var.ssh_source_ranges] | ||||
|   target_tags   = ["ssh"] | ||||
| } | ||||
|  | ||||
| resource "google_compute_firewall" "front_to_back" { | ||||
|   name    = "front-to-back" | ||||
|   network = google_compute_network.vpc.id | ||||
|  | ||||
|   allow { | ||||
|     protocol = "tcp" | ||||
|     ports    = ["8000"] | ||||
|   } | ||||
|  | ||||
|   source_tags = ["web"] | ||||
|   target_tags   = ["backend"] | ||||
| } | ||||
|  | ||||
| resource "google_compute_firewall" "back_to_bdd" { | ||||
|   name    = "back-to-bdd" | ||||
|   network = google_compute_network.vpc.id | ||||
|  | ||||
|   allow { | ||||
|     protocol = "tcp" | ||||
|     ports    = ["8000"] | ||||
|   } | ||||
|  | ||||
|   source_tags = ["backend"] | ||||
|   target_tags   = ["database"] | ||||
| } | ||||
							
								
								
									
										11
									
								
								terraform/modules/network/outputs.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								terraform/modules/network/outputs.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| output "vpc"{ | ||||
|     value = google_compute_network.vpc.id | ||||
| } | ||||
|  | ||||
| output "subnet" { | ||||
|   value = { | ||||
|     frontend = google_compute_subnetwork.subnet1.id, | ||||
|     backend = google_compute_subnetwork.subnet2.id, | ||||
|     database = google_compute_subnetwork.subnet3.id | ||||
|   } | ||||
| } | ||||
							
								
								
									
										30
									
								
								terraform/modules/network/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								terraform/modules/network/variables.tf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | ||||
| variable "project_name" { | ||||
|   description = "nom_du_projet" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "region" { | ||||
|   description = "emplacement" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "frontend_cidr" { | ||||
|   description = "addr_front" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "backend_cidr" { | ||||
|   description = "addr_back" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "database_cidr" { | ||||
|   description = "addr_bdd" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
| variable "ssh_source_ranges" { | ||||
|   description = "addr_ssh" | ||||
|   type        = string | ||||
| } | ||||
|  | ||||
		Reference in New Issue
	
	Block a user