diff --git a/.gitea/workflows/validate.yml b/.gitea/workflows/validate.yml index f8a8885..f038f43 100644 --- a/.gitea/workflows/validate.yml +++ b/.gitea/workflows/validate.yml @@ -55,6 +55,6 @@ jobs: id: plan run: terraform plan -# - name: Terraform Apply -# id: apply -# run: terraform apply -auto-approve \ No newline at end of file + - name: Terraform Apply + id: apply + run: terraform apply -auto-approve \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 3ab28db..e9a2ac0 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,22 +2,62 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.16.0" - constraints = "~> 6.16.0" + version = "5.45.0" + constraints = ">= 3.43.0, >= 3.45.0, >= 4.28.0, >= 5.22.0, >= 5.33.0, < 6.0.0" hashes = [ - "h1:xu1ZOAgciMrxGk81qhnNmUG+yt6o4eq7qI8awc3/oLk=", - "zh:1e263d01a64740d550f14c83e91efaf5b3f7ee46163cce58b736da284e488377", - "zh:5b0885ee8875b98ef75f558e278ac5f2ba0850e0e6579c898d75a488be227e93", - "zh:6eb8d06a5cf9843e7a4dd18bd93fc785bdec9f5aebdef748bfbe349c0e085ce5", - "zh:82f57bcccc35271f39a090b687c37489f81ddeec2a792e7f5341c7cdcc51fa5c", - "zh:898d7ed728f45c3124e2bfbbde57b762e59c9c54e020453edc9454858d65a8c5", - "zh:8effa4a08cc3ffce2048b4e51ad6df0c288ce0c79c161b9716a16b482d2f18be", - "zh:ac80c44c9dc0c7016c3422390b17380ad03257abc09a224734ed359b2cd61d0a", - "zh:c2e03eba3d9af62948ba82aa1de627c692731b9a7dd46119b932c6fc9514306c", - "zh:ca77c67f72e7210112f485ef0fc555fde3ac818de9b7136f0b37142893ba6428", - "zh:ea8ccff7fece47be816f3f20fdd61b8ac3a72f515720c579a2560183b1e17658", + "h1:EE17hNaULEGzLdVIS3GC4DZj4aPyJQ78mGzkMpta41g=", + "zh:02916a209c660806a7ef30c3e404cd139705bdd401646791ac8876259d10d560", + "zh:3cd831a98d9de617d334be4885a253dcf7dfb54a383cf366482303fdd5fd7162", + "zh:42dfb0db08b7086f8de4f1d2f8326d3e07c99016ce6ca91f3d310458111acc97", + "zh:4a8cb3569e5006da3bc631bc340f0c6020f3d6140c4eb5821d92d0ff23fde2dd", + "zh:614e86cd8e793c8d622a869860f71dcedef783c1a72d754c8af919c1209b1f89", + "zh:7d42ec15014891c6b65c0115c2fc0e95066f71497ad9c56639f490f0922daa2c", + "zh:813d3f741280a75baea1bfb0eeaaf4c2910218bd7e3607749a1a86d89a17c4dd", + "zh:823a9133c1dc96d7069bb838438a4aa5bef1344aa9077521d129915f6371fe65", + "zh:98803e908ddf283a6967cc213b34bf0c04ba866a02a3e516db6462053625aad5", + "zh:bc47ab6583e549cd86f2fa6a69cdfdf85b795e1184b0e5e25b194bbf82377b32", + "zh:d0a8e77af1f1a1fab9f7867cc8b2b700dd988398093a7a3e3273dac6875c161a", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f5d626eb6e9015022796849d6ba733627fa9e082302a8658dd83fc74c75db162", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "6.17.0" + constraints = ">= 5.22.0" + hashes = [ + "h1:PbCB1KZwCBSvmsqpGKsRBpjjykHHe1Rk0WD8+undr2U=", + "zh:41018bb792fbc6eeb389be133ebeb88df5c0c7ab1cdd70cb49ef3b834b5253ef", + "zh:464a0432a42a0973a7cdaf40713a0e54adf74a18db2d9390b00ab691a7cbab14", + "zh:57d8f8c2f8d2ea2512ba73caf58b80b6643e268e63dd33aa6b3908f8e9c92e8c", + "zh:5a7e90f80f6a8fe19597053565565c4d85efd9896cbe28038c8e1f9452acef74", + "zh:5c5ad4eed1bc1c42c088555aa90c99e499b2904e4de0009aacf57fff90ebb2de", + "zh:6c950ac6dc08c4db26762717907109665989bb3c6faa0be2db8bf65f82112eaa", + "zh:846c821a7664b29569626dcba87667416b399a506ca86f045263e3b918dc73c6", + "zh:e06a2ac6afa592127e01768bf3b47051ac010e8c7ddc515dbd42b232d2ecfa2e", + "zh:ea2eec97f55eff6cf5cc67f41b1d4d4ec4403b1f61cd762dc1c028ba50e3b349", + "zh:f0e102bfdb2c70b747e7a439b31fe2c03480b598f46193325287a51ef744d2fa", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f76136bfb3c9c0848ff84a3bf98fba1b61c13124ade4194020d18583951b9df2", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + constraints = ">= 2.2.0, >= 3.0.0" + hashes = [ + "h1:+UItZOLue/moJfnI3tqZBQbXUYR4ZnqPYfJDJPgLZy0=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/backends.tf b/backends.tf new file mode 100644 index 0000000..74af284 --- /dev/null +++ b/backends.tf @@ -0,0 +1,5 @@ +terraform { + backend "local" { + path = "state/terraform.tfstate" + } +} diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..2d9bab5 --- /dev/null +++ b/data.tf @@ -0,0 +1,3 @@ +data "google_organization" "org" { + organization = "organizations/${var.org_id}" +} diff --git a/folder.tf b/folder.tf deleted file mode 100644 index 9a69ae1..0000000 --- a/folder.tf +++ /dev/null @@ -1,96 +0,0 @@ -# Dossier de premier niveau de notre organisation. -resource "google_folder" "HPROD" { - display_name = "HPROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "PREPROD" { - display_name = "PREPROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "PROD" { - display_name = "PROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "SANDBOX" { - display_name = "SANDBOX" - parent = "organizations/297908706207" -} - -# Dossier imbriqué dans un autre dossier. -# Périmètre DATA -resource "google_folder" "DATA_HPROD" { - display_name = "DATA" - parent = google_folder.HPROD.name -} - -resource "google_folder" "DATA_PREPROD" { - display_name = "DATA" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "DATA_PROD" { - display_name = "DATA" - parent = google_folder.PROD.name -} - -resource "google_folder" "DATA_SANDBOX" { - display_name = "DATA" - parent = google_folder.SANDBOX.name -} - -# Périmètre INFRA -resource "google_folder" "INFRA_HPROD" { - display_name = "INFRA" - parent = google_folder.HPROD.name -} - -resource "google_folder" "INFRA_PREPROD" { - display_name = "INFRA" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "INFRA_PROD" { - display_name = "INFRA" - parent = google_folder.PROD.name -} - -# Périmètre PUBLIC -resource "google_folder" "PUBLIC_HPROD" { - display_name = "PUBLIC" - parent = google_folder.HPROD.name -} - -resource "google_folder" "PUBLIC_PREPROD" { - display_name = "PUBLIC" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "PUBLIC_PROD" { - display_name = "PUBLIC" - parent = google_folder.PROD.name -} - -# Périmètre SECURITY -resource "google_folder" "SECURITY_HPROD" { - display_name = "SECURITY" - parent = google_folder.HPROD.name -} - -resource "google_folder" "SECURITY_PREPROD" { - display_name = "SECURITY" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "SECURITY_PROD" { - display_name = "SECURITY" - parent = google_folder.PROD.name -} - -# Périmètre OPS -resource "google_folder" "OPS_PROD" { - display_name = "OPS" - parent = google_folder.PROD.name -} \ No newline at end of file diff --git a/folders.tf b/folders.tf new file mode 100644 index 0000000..310b0e3 --- /dev/null +++ b/folders.tf @@ -0,0 +1,71 @@ +module "cs-common" { + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + parent = "organizations/${var.org_id}" + names = [ + "Common", + ] +} + +locals { + folders_level_1 = compact(flatten([for parent, children in var.folders : length(children) == 0 ? + [] : [for child, _ in children : join("/", [parent, child])]])) + + # this level is not needed for all resource hierarchies + folders_level_2 = compact(flatten([for parent, children in var.folders : length(children) == 0 ? + [] : [for child, grandchildren in children : length(grandchildren) == 0 ? + [] : [for grandchild, _ in grandchildren : join("/", [parent, child, grandchild])]]])) + + # path to folder resource map + # this map is used to reference folder from the correct module, such as + # { + # "Team 1" => module.cs-folders-level-0["Team 1"] + # "Team 1/Production" => module.cs-folders-level-1["Team 1/Production"] + # "Team 1/Production/Department 1" => module.cs-folders-level-2["Team 1/Production/Department 1"] + # } + folder_map = merge( + { "Common" = module.cs-common }, + { for k, v in var.folders : k => module.cs-folders-level-0[k] }, + { for path in local.folders_level_1 : path => module.cs-folders-level-1[path] }, + { for path in local.folders_level_2 : path => module.cs-folders-level-2[path] } + ) +} + +module "cs-folders-level-0" { + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = var.folders + parent = "organizations/${var.org_id}" + names = each.key[*] +} + +module "cs-folders-level-1" { + /* +folder ids from this module are referenced with a full path and a +folder name, such as +`module.cs-folders-level-1["Production/Service-IT"].id` +*/ + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = toset(local.folders_level_1) + parent = module.cs-folders-level-0[element(split("/", each.value), 0)].id + names = [element(split("/", each.value), 1)] +} + +module "cs-folders-level-2" { + /* +this module is not needed for all resource hierarchies +folder ids from this module are referenced with a full path and a +folder name, such +as`module.cs-folders-level-2["Production/Service-IT/Team IT"].id` +*/ + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = toset(local.folders_level_2) + parent = module.cs-folders-level-1[join("/", slice(split("/", each.value), 0, 2))].id + names = [element(split("/", each.value), 2)] +} diff --git a/project.tf b/project.tf deleted file mode 100644 index a282240..0000000 --- a/project.tf +++ /dev/null @@ -1,8 +0,0 @@ -# Structure de démarrage Ok à voir si le numéro d'organisation ne devrait pas être dans le Vault ? - -resource "google_project" "my_project" { - name = "My Project" - project_id = "your-project-id" - org_id = "113433426282" - folder_id = google_folder.DATA_SANDBOX.name -} \ No newline at end of file diff --git a/provider.tf b/provider.tf deleted file mode 100644 index a17f094..0000000 --- a/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - required_providers { - google = { - version = "~> 6.16.0" - } - } - required_version = ">= 1.7.5" -} - -provider "google" { -# project = var.project - region = var.region -# credentials = var.file -} - -data "google_client_config" "default" {} - -provider "vault" { - address = "https://vault.saint-maclou.com" -} - - -# manque la partie du vault pour récupérer l'authentification GCP afin d'obtenir les droits \ No newline at end of file diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..b1c3cc1 --- /dev/null +++ b/providers.tf @@ -0,0 +1,21 @@ +# Required if using User ADCs (Application Default Credentials) for Org Policy API. +provider "google" { + user_project_override = true + billing_project = var.billing_project + default_labels = { + goog-cloudsetup = "downloaded" + } +} + +# Required if using User ADCs (Application Default Credentials) for Cloud Identity API. +provider "google-beta" { + user_project_override = true + billing_project = var.billing_project +} + +data "google_client_config" "default" {} + +provider "vault" { + address = "https://vault.tips-of-mine.com" +} + diff --git a/variables.tf b/variables.tf index b6088e2..d2ef6a4 100644 --- a/variables.tf +++ b/variables.tf @@ -1,17 +1,22 @@ -# Ne doit pas être ici, on va fonctionner en mode liste qui se trouvera dans le fichier project.tf -#variable "project" { -# description = "GCP project ID" -# type = string -#} - -variable "region" { - description = "GCP region" +variable "billing_account" { + description = "The ID of the billing account to associate projects with" type = string - default = "europe-west1" + default = "" } -#variable "file" { -# description = "GCP credential" -# type = string -# default = "creds/service-account-key.json" -#} +variable "org_id" { + description = "The organization id for the associated resources" + type = string + default = "141601796700" +} + +variable "billing_project" { + description = "The project id to use for billing" + type = string + default = "CLOUD_SETUP_HOST_PROJECT_ID" +} + +variable "folders" { + description = "Folder structure as a map" + type = map +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..c76f899 --- /dev/null +++ b/versions.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.22" + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 5.22" + } + } + provider_meta "google" { + module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0" + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0" + } +}