From 8f7494d5b4e17b6aa4c0ec2de6d9109a6d3386c2 Mon Sep 17 00:00:00 2001 From: Vallat Date: Fri, 6 Dec 2024 16:27:27 +0100 Subject: [PATCH] IAM --- terraform/environments/dev/main.tf | 63 -------------------- terraform/environments/dev/outputs.tf | 0 terraform/environments/dev/variables.tf | 54 ----------------- terraform/modules/compute/main.tf | 73 ----------------------- terraform/modules/compute/outputs.tf | 18 ------ terraform/modules/compute/variables.tf | 25 -------- terraform/modules/iam/main.tf | 24 -------- terraform/modules/iam/outputs.tf | 10 ---- terraform/modules/iam/variables.tf | 5 -- terraform/modules/network/main.tf | 78 ------------------------- terraform/modules/network/outputs.tf | 11 ---- terraform/modules/network/variables.tf | 30 ---------- 12 files changed, 391 deletions(-) delete mode 100644 terraform/environments/dev/main.tf delete mode 100644 terraform/environments/dev/outputs.tf delete mode 100644 terraform/environments/dev/variables.tf delete mode 100644 terraform/modules/compute/main.tf delete mode 100644 terraform/modules/compute/outputs.tf delete mode 100644 terraform/modules/compute/variables.tf delete mode 100644 terraform/modules/iam/main.tf delete mode 100644 terraform/modules/iam/outputs.tf delete mode 100644 terraform/modules/iam/variables.tf delete mode 100644 terraform/modules/network/main.tf delete mode 100644 terraform/modules/network/outputs.tf delete mode 100644 terraform/modules/network/variables.tf diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf deleted file mode 100644 index fcdf92e..0000000 --- a/terraform/environments/dev/main.tf +++ /dev/null @@ -1,63 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 6.0" - } - } -} - -provider "google" { - project = var.project_id - region = var.region -} - -module "network" { - source = "../../modules/network" - - # Variables d'entrée - project_name = var.project_name - region = var.region - - # Autres variables spécifiques au module - backend_cidr = var.backend_cidr - frontend_cidr = var.frontend_cidr - database_cidr = var.database_cidr - ssh_source_ranges = var.ssh_source_ranges -} - -module "compute" { - source = "../../modules/compute" - - # Variables d'entrée - sub1 = module.network.subnet["frontend"] - sub2 = module.network.subnet["backend"] - sub3 = module.network.subnet["database"] - - # Autres variables spécifiques au module - zone = var.zone - instance_type = var.instance_type -} - - -module "iam" { - source = "../../modules/iam" - project_id = var.project_id -} - -data "google_client_openid_userinfo" "me" { -} - -resource "local_file" "ansible_config" { - content = templatefile("${path.module}/../../templates/ansible.cfg.tpl", - { - remote_user = data.google_client_openid_userinfo.me.email - } - ) - filename = "../../../ansible/ansible.cfg" -} - -resource "local_file" "service_account" { - content = base64decode(module.iam.service_account_key) - filename = "../../../ansible/service_account.json" -} diff --git a/terraform/environments/dev/outputs.tf b/terraform/environments/dev/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraform/environments/dev/variables.tf b/terraform/environments/dev/variables.tf deleted file mode 100644 index d860eef..0000000 --- a/terraform/environments/dev/variables.tf +++ /dev/null @@ -1,54 +0,0 @@ -variable "project_id" { - description = "ID du projet GCP" - type = string - default = "secret-proton-443214-n6" -} - -variable "project_name" { - description = "nom_du_projet" - type = string - default = "terraforming" -} - -variable "region" { - description = "emplacement" - type = string - default = "europe-west4" -} - -variable "frontend_cidr" { - description = "addr_front" - type = string - default = "10.0.1.0/24" -} - -variable "backend_cidr" { - description = "addr_back" - type = string - default = "10.0.2.0/24" -} - -variable "database_cidr" { - description = "addr_bdd" - type = string - default = "10.0.3.0/24" -} - -variable "ssh_source_ranges" { - description = "addr_ssh" - type = string - default = "0.0.0.0/0" -} - -variable "instance_type" { - description = "type d'instance" - type = string - default = "e2-micro" -} - -variable "zone" { - description = "zone" - type = string - default = "europe-west4-a" -} - diff --git a/terraform/modules/compute/main.tf b/terraform/modules/compute/main.tf deleted file mode 100644 index 2fc3959..0000000 --- a/terraform/modules/compute/main.tf +++ /dev/null @@ -1,73 +0,0 @@ -resource "google_compute_instance" "vm-front" { - name = "vm-front" - machine_type = var.instance_type - zone = var.zone - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - size = 10 - } - } - network_interface { - subnetwork = var.sub1 - access_config {} # IP publique - } - - tags = ["web", "ssh"] - - metadata = { - enable-oslogin = "TRUE" - } -} - - -resource "google_compute_instance" "vm-back" { - name = "vm-back" - machine_type = var.instance_type - zone = var.zone - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - size = 10 - } - } - - network_interface { - subnetwork = var.sub2 - access_config {} # IP publique - } - - tags = ["backend", "ssh"] - - metadata = { - enable-oslogin = "TRUE" - } -} - -resource "google_compute_instance" "vm-database" { - name = "vm-database" - machine_type = var.instance_type - zone = var.zone - - boot_disk { - initialize_params { - image = "debian-cloud/debian-11" - size = 20 - } - } - - network_interface { - subnetwork = var.sub3 - access_config {} # IP publique - } - - tags = ["database", "ssh"] - - metadata = { - enable-oslogin = "TRUE" - } -} - - diff --git a/terraform/modules/compute/outputs.tf b/terraform/modules/compute/outputs.tf deleted file mode 100644 index 756f171..0000000 --- a/terraform/modules/compute/outputs.tf +++ /dev/null @@ -1,18 +0,0 @@ -output "Intern"{ - value = { - ip_front = google_compute_instance.vm-front.network_interface[0].network_ip, - ip_back = google_compute_instance.vm-back.network_interface[0].network_ip, - ip_db = google_compute_instance.vm-database.network_interface[0].network_ip - } -} - -output "frontend_public_ip" { - value = google_compute_instance.vm-front.network_interface[0].access_config[0].nat_ip -} -output "name"{ - value = { - name_frontend = google_compute_instance.vm-front.name - name_backend = google_compute_instance.vm-back.name - name_database = google_compute_instance.vm-database.name - } -} \ No newline at end of file diff --git a/terraform/modules/compute/variables.tf b/terraform/modules/compute/variables.tf deleted file mode 100644 index 6a094ee..0000000 --- a/terraform/modules/compute/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "instance_type" { - description = "type d'instance" - type = string -} - -variable "zone" { - description = "zone" - type = string -} - -variable "sub1"{ - description = "subnet1 frontend" - type = string -} - -variable "sub2"{ - description = "subnet2 backend" - type = string -} - -variable "sub3"{ - description = "subnet3 database" - type = string -} - diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf deleted file mode 100644 index 993825e..0000000 --- a/terraform/modules/iam/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "google_service_account" "service_account" { - account_id = "terraform" - display_name = "terraform" -} - -resource "google_service_account_key" "service_account" { - service_account_id = google_service_account.service_account.name - public_key_type = "TYPE_X509_PEM_FILE" -} - -resource "google_project_iam_binding" "service_account_roles" { - project = var.project_id - role = "roles/viewer" - members = ["serviceAccount:${google_service_account.service_account.email}"] -} - -data "google_client_openid_userinfo" "me" { -} - -resource "google_os_login_ssh_public_key" "add_my_key" { - project = var.project_id - user = data.google_client_openid_userinfo.me.email - key = file("~/.ssh/id_ed25519.pub") -} diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf deleted file mode 100644 index 121bb03..0000000 --- a/terraform/modules/iam/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -output "service_account_email" { - description = "Email du compte de service" - value = google_service_account.service_account.email -} - -output "service_account_key" { - description = "Clé du compte de service" - value = google_service_account_key.service_account.private_key - sensitive = true -} \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf deleted file mode 100644 index c76c7b1..0000000 --- a/terraform/modules/iam/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -# modules/iam/variables.tf -variable "project_id" { - description = "ID du projet GCP" - type = string -} \ No newline at end of file diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf deleted file mode 100644 index 1906c9c..0000000 --- a/terraform/modules/network/main.tf +++ /dev/null @@ -1,78 +0,0 @@ -resource "google_compute_network" "vpc" { - name = "net1" - auto_create_subnetworks = false -} - -# Sous-réseau -resource "google_compute_subnetwork" "subnet1" { - name = "frontend" - network = google_compute_network.vpc.id - ip_cidr_range = var.frontend_cidr - region = var.region -} - -resource "google_compute_subnetwork" "subnet2" { - name = "backend" - network = google_compute_network.vpc.id - ip_cidr_range = var.backend_cidr - region = var.region -} - -resource "google_compute_subnetwork" "subnet3" { - name = "database" - network = google_compute_network.vpc.id - ip_cidr_range = var.database_cidr - region = var.region -} - -resource "google_compute_firewall" "allow_http" { - name = "rule-http" - network = google_compute_network.vpc.id - - allow { - protocol = "tcp" - ports = ["80", "443"] - } - - source_ranges = ["0.0.0.0/0"] - target_tags = ["web"] -} - -resource "google_compute_firewall" "allow_ssh" { - name = "allow-ssh" - network = google_compute_network.vpc.id - - allow { - protocol = "tcp" - ports = ["22"] - } - - source_ranges = [var.ssh_source_ranges] - target_tags = ["ssh"] -} - -resource "google_compute_firewall" "front_to_back" { - name = "front-to-back" - network = google_compute_network.vpc.id - - allow { - protocol = "tcp" - ports = ["8000"] - } - - source_tags = ["web"] - target_tags = ["backend"] -} - -resource "google_compute_firewall" "back_to_bdd" { - name = "back-to-bdd" - network = google_compute_network.vpc.id - - allow { - protocol = "tcp" - ports = ["8000"] - } - - source_tags = ["backend"] - target_tags = ["database"] -} \ No newline at end of file diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf deleted file mode 100644 index 5024333..0000000 --- a/terraform/modules/network/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "vpc"{ - value = google_compute_network.vpc.id -} - -output "subnet" { - value = { - frontend = google_compute_subnetwork.subnet1.id, - backend = google_compute_subnetwork.subnet2.id, - database = google_compute_subnetwork.subnet3.id - } -} \ No newline at end of file diff --git a/terraform/modules/network/variables.tf b/terraform/modules/network/variables.tf deleted file mode 100644 index 4a1a208..0000000 --- a/terraform/modules/network/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "project_name" { - description = "nom_du_projet" - type = string -} - -variable "region" { - description = "emplacement" - type = string -} - -variable "frontend_cidr" { - description = "addr_front" - type = string -} - -variable "backend_cidr" { - description = "addr_back" - type = string -} - -variable "database_cidr" { - description = "addr_bdd" - type = string -} - -variable "ssh_source_ranges" { - description = "addr_ssh" - type = string -} -