From 7d1a34e24ebdca880b4e7d02c501a33d887e8e54 Mon Sep 17 00:00:00 2001 From: hcornet Date: Thu, 23 Jan 2025 21:07:46 +0100 Subject: [PATCH] test --- .gitea/workflows/validate.yml | 6 +-- .terraform.lock.hcl | 68 ++++++++++++++++++++----- backends.tf | 5 ++ data.tf | 3 ++ folder.tf | 96 ----------------------------------- folders.tf | 71 ++++++++++++++++++++++++++ project.tf | 8 --- provider.tf | 23 --------- providers.tf | 21 ++++++++ variables.tf | 33 +++++++----- versions.tf | 20 ++++++++ 11 files changed, 196 insertions(+), 158 deletions(-) create mode 100644 backends.tf create mode 100644 data.tf delete mode 100644 folder.tf create mode 100644 folders.tf delete mode 100644 project.tf delete mode 100644 provider.tf create mode 100644 providers.tf create mode 100644 versions.tf diff --git a/.gitea/workflows/validate.yml b/.gitea/workflows/validate.yml index f8a8885..f038f43 100644 --- a/.gitea/workflows/validate.yml +++ b/.gitea/workflows/validate.yml @@ -55,6 +55,6 @@ jobs: id: plan run: terraform plan -# - name: Terraform Apply -# id: apply -# run: terraform apply -auto-approve \ No newline at end of file + - name: Terraform Apply + id: apply + run: terraform apply -auto-approve \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 3ab28db..e9a2ac0 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,22 +2,62 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.16.0" - constraints = "~> 6.16.0" + version = "5.45.0" + constraints = ">= 3.43.0, >= 3.45.0, >= 4.28.0, >= 5.22.0, >= 5.33.0, < 6.0.0" hashes = [ - "h1:xu1ZOAgciMrxGk81qhnNmUG+yt6o4eq7qI8awc3/oLk=", - "zh:1e263d01a64740d550f14c83e91efaf5b3f7ee46163cce58b736da284e488377", - "zh:5b0885ee8875b98ef75f558e278ac5f2ba0850e0e6579c898d75a488be227e93", - "zh:6eb8d06a5cf9843e7a4dd18bd93fc785bdec9f5aebdef748bfbe349c0e085ce5", - "zh:82f57bcccc35271f39a090b687c37489f81ddeec2a792e7f5341c7cdcc51fa5c", - "zh:898d7ed728f45c3124e2bfbbde57b762e59c9c54e020453edc9454858d65a8c5", - "zh:8effa4a08cc3ffce2048b4e51ad6df0c288ce0c79c161b9716a16b482d2f18be", - "zh:ac80c44c9dc0c7016c3422390b17380ad03257abc09a224734ed359b2cd61d0a", - "zh:c2e03eba3d9af62948ba82aa1de627c692731b9a7dd46119b932c6fc9514306c", - "zh:ca77c67f72e7210112f485ef0fc555fde3ac818de9b7136f0b37142893ba6428", - "zh:ea8ccff7fece47be816f3f20fdd61b8ac3a72f515720c579a2560183b1e17658", + "h1:EE17hNaULEGzLdVIS3GC4DZj4aPyJQ78mGzkMpta41g=", + "zh:02916a209c660806a7ef30c3e404cd139705bdd401646791ac8876259d10d560", + "zh:3cd831a98d9de617d334be4885a253dcf7dfb54a383cf366482303fdd5fd7162", + "zh:42dfb0db08b7086f8de4f1d2f8326d3e07c99016ce6ca91f3d310458111acc97", + "zh:4a8cb3569e5006da3bc631bc340f0c6020f3d6140c4eb5821d92d0ff23fde2dd", + "zh:614e86cd8e793c8d622a869860f71dcedef783c1a72d754c8af919c1209b1f89", + "zh:7d42ec15014891c6b65c0115c2fc0e95066f71497ad9c56639f490f0922daa2c", + "zh:813d3f741280a75baea1bfb0eeaaf4c2910218bd7e3607749a1a86d89a17c4dd", + "zh:823a9133c1dc96d7069bb838438a4aa5bef1344aa9077521d129915f6371fe65", + "zh:98803e908ddf283a6967cc213b34bf0c04ba866a02a3e516db6462053625aad5", + "zh:bc47ab6583e549cd86f2fa6a69cdfdf85b795e1184b0e5e25b194bbf82377b32", + "zh:d0a8e77af1f1a1fab9f7867cc8b2b700dd988398093a7a3e3273dac6875c161a", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f5d626eb6e9015022796849d6ba733627fa9e082302a8658dd83fc74c75db162", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "6.17.0" + constraints = ">= 5.22.0" + hashes = [ + "h1:PbCB1KZwCBSvmsqpGKsRBpjjykHHe1Rk0WD8+undr2U=", + "zh:41018bb792fbc6eeb389be133ebeb88df5c0c7ab1cdd70cb49ef3b834b5253ef", + "zh:464a0432a42a0973a7cdaf40713a0e54adf74a18db2d9390b00ab691a7cbab14", + "zh:57d8f8c2f8d2ea2512ba73caf58b80b6643e268e63dd33aa6b3908f8e9c92e8c", + "zh:5a7e90f80f6a8fe19597053565565c4d85efd9896cbe28038c8e1f9452acef74", + "zh:5c5ad4eed1bc1c42c088555aa90c99e499b2904e4de0009aacf57fff90ebb2de", + "zh:6c950ac6dc08c4db26762717907109665989bb3c6faa0be2db8bf65f82112eaa", + "zh:846c821a7664b29569626dcba87667416b399a506ca86f045263e3b918dc73c6", + "zh:e06a2ac6afa592127e01768bf3b47051ac010e8c7ddc515dbd42b232d2ecfa2e", + "zh:ea2eec97f55eff6cf5cc67f41b1d4d4ec4403b1f61cd762dc1c028ba50e3b349", + "zh:f0e102bfdb2c70b747e7a439b31fe2c03480b598f46193325287a51ef744d2fa", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f76136bfb3c9c0848ff84a3bf98fba1b61c13124ade4194020d18583951b9df2", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + constraints = ">= 2.2.0, >= 3.0.0" + hashes = [ + "h1:+UItZOLue/moJfnI3tqZBQbXUYR4ZnqPYfJDJPgLZy0=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/backends.tf b/backends.tf new file mode 100644 index 0000000..74af284 --- /dev/null +++ b/backends.tf @@ -0,0 +1,5 @@ +terraform { + backend "local" { + path = "state/terraform.tfstate" + } +} diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..2d9bab5 --- /dev/null +++ b/data.tf @@ -0,0 +1,3 @@ +data "google_organization" "org" { + organization = "organizations/${var.org_id}" +} diff --git a/folder.tf b/folder.tf deleted file mode 100644 index 9a69ae1..0000000 --- a/folder.tf +++ /dev/null @@ -1,96 +0,0 @@ -# Dossier de premier niveau de notre organisation. -resource "google_folder" "HPROD" { - display_name = "HPROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "PREPROD" { - display_name = "PREPROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "PROD" { - display_name = "PROD" - parent = "organizations/297908706207" -} - -resource "google_folder" "SANDBOX" { - display_name = "SANDBOX" - parent = "organizations/297908706207" -} - -# Dossier imbriqué dans un autre dossier. -# Périmètre DATA -resource "google_folder" "DATA_HPROD" { - display_name = "DATA" - parent = google_folder.HPROD.name -} - -resource "google_folder" "DATA_PREPROD" { - display_name = "DATA" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "DATA_PROD" { - display_name = "DATA" - parent = google_folder.PROD.name -} - -resource "google_folder" "DATA_SANDBOX" { - display_name = "DATA" - parent = google_folder.SANDBOX.name -} - -# Périmètre INFRA -resource "google_folder" "INFRA_HPROD" { - display_name = "INFRA" - parent = google_folder.HPROD.name -} - -resource "google_folder" "INFRA_PREPROD" { - display_name = "INFRA" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "INFRA_PROD" { - display_name = "INFRA" - parent = google_folder.PROD.name -} - -# Périmètre PUBLIC -resource "google_folder" "PUBLIC_HPROD" { - display_name = "PUBLIC" - parent = google_folder.HPROD.name -} - -resource "google_folder" "PUBLIC_PREPROD" { - display_name = "PUBLIC" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "PUBLIC_PROD" { - display_name = "PUBLIC" - parent = google_folder.PROD.name -} - -# Périmètre SECURITY -resource "google_folder" "SECURITY_HPROD" { - display_name = "SECURITY" - parent = google_folder.HPROD.name -} - -resource "google_folder" "SECURITY_PREPROD" { - display_name = "SECURITY" - parent = google_folder.PREPROD.name -} - -resource "google_folder" "SECURITY_PROD" { - display_name = "SECURITY" - parent = google_folder.PROD.name -} - -# Périmètre OPS -resource "google_folder" "OPS_PROD" { - display_name = "OPS" - parent = google_folder.PROD.name -} \ No newline at end of file diff --git a/folders.tf b/folders.tf new file mode 100644 index 0000000..310b0e3 --- /dev/null +++ b/folders.tf @@ -0,0 +1,71 @@ +module "cs-common" { + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + parent = "organizations/${var.org_id}" + names = [ + "Common", + ] +} + +locals { + folders_level_1 = compact(flatten([for parent, children in var.folders : length(children) == 0 ? + [] : [for child, _ in children : join("/", [parent, child])]])) + + # this level is not needed for all resource hierarchies + folders_level_2 = compact(flatten([for parent, children in var.folders : length(children) == 0 ? + [] : [for child, grandchildren in children : length(grandchildren) == 0 ? + [] : [for grandchild, _ in grandchildren : join("/", [parent, child, grandchild])]]])) + + # path to folder resource map + # this map is used to reference folder from the correct module, such as + # { + # "Team 1" => module.cs-folders-level-0["Team 1"] + # "Team 1/Production" => module.cs-folders-level-1["Team 1/Production"] + # "Team 1/Production/Department 1" => module.cs-folders-level-2["Team 1/Production/Department 1"] + # } + folder_map = merge( + { "Common" = module.cs-common }, + { for k, v in var.folders : k => module.cs-folders-level-0[k] }, + { for path in local.folders_level_1 : path => module.cs-folders-level-1[path] }, + { for path in local.folders_level_2 : path => module.cs-folders-level-2[path] } + ) +} + +module "cs-folders-level-0" { + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = var.folders + parent = "organizations/${var.org_id}" + names = each.key[*] +} + +module "cs-folders-level-1" { + /* +folder ids from this module are referenced with a full path and a +folder name, such as +`module.cs-folders-level-1["Production/Service-IT"].id` +*/ + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = toset(local.folders_level_1) + parent = module.cs-folders-level-0[element(split("/", each.value), 0)].id + names = [element(split("/", each.value), 1)] +} + +module "cs-folders-level-2" { + /* +this module is not needed for all resource hierarchies +folder ids from this module are referenced with a full path and a +folder name, such +as`module.cs-folders-level-2["Production/Service-IT/Team IT"].id` +*/ + source = "terraform-google-modules/folders/google" + version = "~> 4.0" + + for_each = toset(local.folders_level_2) + parent = module.cs-folders-level-1[join("/", slice(split("/", each.value), 0, 2))].id + names = [element(split("/", each.value), 2)] +} diff --git a/project.tf b/project.tf deleted file mode 100644 index a282240..0000000 --- a/project.tf +++ /dev/null @@ -1,8 +0,0 @@ -# Structure de démarrage Ok à voir si le numéro d'organisation ne devrait pas être dans le Vault ? - -resource "google_project" "my_project" { - name = "My Project" - project_id = "your-project-id" - org_id = "113433426282" - folder_id = google_folder.DATA_SANDBOX.name -} \ No newline at end of file diff --git a/provider.tf b/provider.tf deleted file mode 100644 index a17f094..0000000 --- a/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - required_providers { - google = { - version = "~> 6.16.0" - } - } - required_version = ">= 1.7.5" -} - -provider "google" { -# project = var.project - region = var.region -# credentials = var.file -} - -data "google_client_config" "default" {} - -provider "vault" { - address = "https://vault.saint-maclou.com" -} - - -# manque la partie du vault pour récupérer l'authentification GCP afin d'obtenir les droits \ No newline at end of file diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..b1c3cc1 --- /dev/null +++ b/providers.tf @@ -0,0 +1,21 @@ +# Required if using User ADCs (Application Default Credentials) for Org Policy API. +provider "google" { + user_project_override = true + billing_project = var.billing_project + default_labels = { + goog-cloudsetup = "downloaded" + } +} + +# Required if using User ADCs (Application Default Credentials) for Cloud Identity API. +provider "google-beta" { + user_project_override = true + billing_project = var.billing_project +} + +data "google_client_config" "default" {} + +provider "vault" { + address = "https://vault.tips-of-mine.com" +} + diff --git a/variables.tf b/variables.tf index b6088e2..d2ef6a4 100644 --- a/variables.tf +++ b/variables.tf @@ -1,17 +1,22 @@ -# Ne doit pas être ici, on va fonctionner en mode liste qui se trouvera dans le fichier project.tf -#variable "project" { -# description = "GCP project ID" -# type = string -#} - -variable "region" { - description = "GCP region" +variable "billing_account" { + description = "The ID of the billing account to associate projects with" type = string - default = "europe-west1" + default = "" } -#variable "file" { -# description = "GCP credential" -# type = string -# default = "creds/service-account-key.json" -#} +variable "org_id" { + description = "The organization id for the associated resources" + type = string + default = "141601796700" +} + +variable "billing_project" { + description = "The project id to use for billing" + type = string + default = "CLOUD_SETUP_HOST_PROJECT_ID" +} + +variable "folders" { + description = "Folder structure as a map" + type = map +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..c76f899 --- /dev/null +++ b/versions.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + google = { + source = "hashicorp/google" + version = ">= 5.22" + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 5.22" + } + } + provider_meta "google" { + module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0" + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0" + } +}