test

2025-01-23 21:07:46 +01:00 · 2025-01-23 21:07:46 +01:00 · 7d1a34e24e
commit 7d1a34e24e
parent e6a1e16702
11 changed files with 196 additions and 158 deletions
--- a/.gitea/workflows/validate.yml
+++ b/.gitea/workflows/validate.yml
@ -55,6 +55,6 @@ jobs:
        id: plan
        run: terraform plan
-#      - name: Terraform Apply
+      - name: Terraform Apply
-#        id: apply
+        id: apply
-#        run: terraform apply -auto-approve
+        run: terraform apply -auto-approve
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -2,22 +2,62 @@
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/google" {
-  version     = "6.16.0"
+  version     = "5.45.0"
-  constraints = "~> 6.16.0"
+  constraints = ">= 3.43.0, >= 3.45.0, >= 4.28.0, >= 5.22.0, >= 5.33.0, < 6.0.0"
  hashes = [
-    "h1:xu1ZOAgciMrxGk81qhnNmUG+yt6o4eq7qI8awc3/oLk=",
+    "h1:EE17hNaULEGzLdVIS3GC4DZj4aPyJQ78mGzkMpta41g=",
-    "zh:1e263d01a64740d550f14c83e91efaf5b3f7ee46163cce58b736da284e488377",
+    "zh:02916a209c660806a7ef30c3e404cd139705bdd401646791ac8876259d10d560",
-    "zh:5b0885ee8875b98ef75f558e278ac5f2ba0850e0e6579c898d75a488be227e93",
+    "zh:3cd831a98d9de617d334be4885a253dcf7dfb54a383cf366482303fdd5fd7162",
-    "zh:6eb8d06a5cf9843e7a4dd18bd93fc785bdec9f5aebdef748bfbe349c0e085ce5",
+    "zh:42dfb0db08b7086f8de4f1d2f8326d3e07c99016ce6ca91f3d310458111acc97",
-    "zh:82f57bcccc35271f39a090b687c37489f81ddeec2a792e7f5341c7cdcc51fa5c",
+    "zh:4a8cb3569e5006da3bc631bc340f0c6020f3d6140c4eb5821d92d0ff23fde2dd",
-    "zh:898d7ed728f45c3124e2bfbbde57b762e59c9c54e020453edc9454858d65a8c5",
+    "zh:614e86cd8e793c8d622a869860f71dcedef783c1a72d754c8af919c1209b1f89",
-    "zh:8effa4a08cc3ffce2048b4e51ad6df0c288ce0c79c161b9716a16b482d2f18be",
+    "zh:7d42ec15014891c6b65c0115c2fc0e95066f71497ad9c56639f490f0922daa2c",
-    "zh:ac80c44c9dc0c7016c3422390b17380ad03257abc09a224734ed359b2cd61d0a",
+    "zh:813d3f741280a75baea1bfb0eeaaf4c2910218bd7e3607749a1a86d89a17c4dd",
-    "zh:c2e03eba3d9af62948ba82aa1de627c692731b9a7dd46119b932c6fc9514306c",
+    "zh:823a9133c1dc96d7069bb838438a4aa5bef1344aa9077521d129915f6371fe65",
-    "zh:ca77c67f72e7210112f485ef0fc555fde3ac818de9b7136f0b37142893ba6428",
+    "zh:98803e908ddf283a6967cc213b34bf0c04ba866a02a3e516db6462053625aad5",
-    "zh:ea8ccff7fece47be816f3f20fdd61b8ac3a72f515720c579a2560183b1e17658",
+    "zh:bc47ab6583e549cd86f2fa6a69cdfdf85b795e1184b0e5e25b194bbf82377b32",
    "zh:d0a8e77af1f1a1fab9f7867cc8b2b700dd988398093a7a3e3273dac6875c161a",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-    "zh:f5d626eb6e9015022796849d6ba733627fa9e082302a8658dd83fc74c75db162",
+  ]
 }
 provider "registry.terraform.io/hashicorp/google-beta" {
  version     = "6.17.0"
  constraints = ">= 5.22.0"
  hashes = [
    "h1:PbCB1KZwCBSvmsqpGKsRBpjjykHHe1Rk0WD8+undr2U=",
    "zh:41018bb792fbc6eeb389be133ebeb88df5c0c7ab1cdd70cb49ef3b834b5253ef",
    "zh:464a0432a42a0973a7cdaf40713a0e54adf74a18db2d9390b00ab691a7cbab14",
    "zh:57d8f8c2f8d2ea2512ba73caf58b80b6643e268e63dd33aa6b3908f8e9c92e8c",
    "zh:5a7e90f80f6a8fe19597053565565c4d85efd9896cbe28038c8e1f9452acef74",
    "zh:5c5ad4eed1bc1c42c088555aa90c99e499b2904e4de0009aacf57fff90ebb2de",
    "zh:6c950ac6dc08c4db26762717907109665989bb3c6faa0be2db8bf65f82112eaa",
    "zh:846c821a7664b29569626dcba87667416b399a506ca86f045263e3b918dc73c6",
    "zh:e06a2ac6afa592127e01768bf3b47051ac010e8c7ddc515dbd42b232d2ecfa2e",
    "zh:ea2eec97f55eff6cf5cc67f41b1d4d4ec4403b1f61cd762dc1c028ba50e3b349",
    "zh:f0e102bfdb2c70b747e7a439b31fe2c03480b598f46193325287a51ef744d2fa",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
    "zh:f76136bfb3c9c0848ff84a3bf98fba1b61c13124ade4194020d18583951b9df2",
  ]
 }
 provider "registry.terraform.io/hashicorp/random" {
  version     = "3.6.3"
  constraints = ">= 2.2.0, >= 3.0.0"
  hashes = [
    "h1:+UItZOLue/moJfnI3tqZBQbXUYR4ZnqPYfJDJPgLZy0=",
    "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451",
    "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8",
    "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe",
    "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1",
    "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36",
    "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30",
    "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615",
    "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad",
    "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556",
    "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
  ]
 }
--- a/backends.tf
+++ b/backends.tf
@ -0,0 +1,5 @@
 terraform {
  backend "local" {
    path = "state/terraform.tfstate"
  }
 }
--- a/data.tf
+++ b/data.tf
@ -0,0 +1,3 @@
 data "google_organization" "org" {
  organization = "organizations/${var.org_id}"
 }
--- a/folder.tf
+++ b/folder.tf
@ -1,96 +0,0 @@
 # Dossier de premier niveau de notre organisation.
 resource "google_folder" "HPROD" {
  display_name = "HPROD"
  parent       = "organizations/297908706207"
 }
 resource "google_folder" "PREPROD" {
  display_name = "PREPROD"
  parent       = "organizations/297908706207"
 }
 resource "google_folder" "PROD" {
  display_name = "PROD"
  parent       = "organizations/297908706207"
 }
 resource "google_folder" "SANDBOX" {
  display_name = "SANDBOX"
  parent       = "organizations/297908706207"
 }
 # Dossier imbriqué dans un autre dossier.
 # Périmètre DATA
 resource "google_folder" "DATA_HPROD" {
  display_name = "DATA"
  parent       = google_folder.HPROD.name
 }
 resource "google_folder" "DATA_PREPROD" {
  display_name = "DATA"
  parent       = google_folder.PREPROD.name
 }
 resource "google_folder" "DATA_PROD" {
  display_name = "DATA"
  parent       = google_folder.PROD.name
 }
 resource "google_folder" "DATA_SANDBOX" {
  display_name = "DATA"
  parent       = google_folder.SANDBOX.name
 }
 # Périmètre INFRA
 resource "google_folder" "INFRA_HPROD" {
  display_name = "INFRA"
  parent       = google_folder.HPROD.name
 }
 resource "google_folder" "INFRA_PREPROD" {
  display_name = "INFRA"
  parent       = google_folder.PREPROD.name
 }
 resource "google_folder" "INFRA_PROD" {
  display_name = "INFRA"
  parent       = google_folder.PROD.name
 }
 # Périmètre PUBLIC
 resource "google_folder" "PUBLIC_HPROD" {
  display_name = "PUBLIC"
  parent       = google_folder.HPROD.name
 }
 resource "google_folder" "PUBLIC_PREPROD" {
  display_name = "PUBLIC"
  parent       = google_folder.PREPROD.name
 }
 resource "google_folder" "PUBLIC_PROD" {
  display_name = "PUBLIC"
  parent       = google_folder.PROD.name
 }
 # Périmètre SECURITY
 resource "google_folder" "SECURITY_HPROD" {
  display_name = "SECURITY"
  parent       = google_folder.HPROD.name
 }
 resource "google_folder" "SECURITY_PREPROD" {
  display_name = "SECURITY"
  parent       = google_folder.PREPROD.name
 }
 resource "google_folder" "SECURITY_PROD" {
  display_name = "SECURITY"
  parent       = google_folder.PROD.name
 }
 # Périmètre OPS
 resource "google_folder" "OPS_PROD" {
  display_name = "OPS"
  parent       = google_folder.PROD.name
 }
--- a/folders.tf
+++ b/folders.tf
@ -0,0 +1,71 @@
 module "cs-common" {
  source  = "terraform-google-modules/folders/google"
  version = "~> 4.0"
  parent = "organizations/${var.org_id}"
  names = [
    "Common",
  ]
 }
 locals {
  folders_level_1 = compact(flatten([for parent, children in var.folders : length(children) == 0 ?
  [] : [for child, _ in children : join("/", [parent, child])]]))
  # this level is not needed for all resource hierarchies
  folders_level_2 = compact(flatten([for parent, children in var.folders : length(children) == 0 ?
    [] : [for child, grandchildren in children : length(grandchildren) == 0 ?
  [] : [for grandchild, _ in grandchildren : join("/", [parent, child, grandchild])]]]))
  # path to folder resource map
  # this map is used to reference folder from the correct module, such as
  # {
  #   "Team 1" => module.cs-folders-level-0["Team 1"]
  #   "Team 1/Production" => module.cs-folders-level-1["Team 1/Production"]
  #   "Team 1/Production/Department 1" => module.cs-folders-level-2["Team 1/Production/Department 1"]
  # }
  folder_map = merge(
    { "Common" = module.cs-common },
    { for k, v in var.folders : k => module.cs-folders-level-0[k] },
    { for path in local.folders_level_1 : path => module.cs-folders-level-1[path] },
    { for path in local.folders_level_2 : path => module.cs-folders-level-2[path] }
  )
 }
 module "cs-folders-level-0" {
  source  = "terraform-google-modules/folders/google"
  version = "~> 4.0"
  for_each = var.folders
  parent   = "organizations/${var.org_id}"
  names    = each.key[*]
 }
 module "cs-folders-level-1" {
  /*
 folder ids from this module are referenced with a full path and a
 folder name, such as
 `module.cs-folders-level-1["Production/Service-IT"].id`
 */
  source  = "terraform-google-modules/folders/google"
  version = "~> 4.0"
  for_each = toset(local.folders_level_1)
  parent   = module.cs-folders-level-0[element(split("/", each.value), 0)].id
  names    = [element(split("/", each.value), 1)]
 }
 module "cs-folders-level-2" {
  /*
 this module is not needed for all resource hierarchies
 folder ids from this module are referenced with a full path and a
 folder name, such
 as`module.cs-folders-level-2["Production/Service-IT/Team IT"].id`
 */
  source  = "terraform-google-modules/folders/google"
  version = "~> 4.0"
  for_each = toset(local.folders_level_2)
  parent   = module.cs-folders-level-1[join("/", slice(split("/", each.value), 0, 2))].id
  names    = [element(split("/", each.value), 2)]
 }
--- a/project.tf
+++ b/project.tf
@ -1,8 +0,0 @@
 # Structure de démarrage Ok à voir si le numéro d'organisation ne devrait pas être dans le Vault ?
 resource "google_project" "my_project" {
  name       = "My Project"
  project_id = "your-project-id"
  org_id     = "113433426282"
  folder_id  = google_folder.DATA_SANDBOX.name
 }
--- a/provider.tf
+++ b/provider.tf
@ -1,23 +0,0 @@
 terraform {
  required_providers {
    google = {
      version = "~> 6.16.0"
    }
  }
  required_version = ">= 1.7.5"
 }
 provider "google" {
 #  project     = var.project
  region      = var.region
 #  credentials = var.file
 }
 data "google_client_config" "default" {}
 provider "vault" {
  address = "https://vault.saint-maclou.com"
 }
 # manque la partie du vault pour récupérer l'authentification GCP afin d'obtenir les droits
--- a/providers.tf
+++ b/providers.tf
@ -0,0 +1,21 @@
 # Required if using User ADCs (Application Default Credentials) for Org Policy API.
 provider "google" {
  user_project_override = true
  billing_project       = var.billing_project
  default_labels = {
    goog-cloudsetup = "downloaded"
  }
 }
 # Required if using User ADCs (Application Default Credentials) for Cloud Identity API.
 provider "google-beta" {
  user_project_override = true
  billing_project       = var.billing_project
 }
 data "google_client_config" "default" {}
 provider "vault" {
  address = "https://vault.tips-of-mine.com"
 }
--- a/variables.tf
+++ b/variables.tf
@ -1,17 +1,22 @@
-# Ne doit pas être ici, on va fonctionner en mode liste qui se trouvera dans le fichier project.tf
+variable "billing_account" {
-#variable "project" {
+  description = "The ID of the billing account to associate projects with"
 #  description = "GCP project ID"
 #  type        = string
 #}
 variable "region" {
  description = "GCP region"
  type        = string
-  default     = "europe-west1"
+  default     = "<please enter your billing account number here>"
 }
-#variable "file" {
+variable "org_id" {
-#  description = "GCP credential"
+  description = "The organization id for the associated resources"
-#  type        = string
+  type        = string
-#  default     = "creds/service-account-key.json"
+  default     = "141601796700"
-#}
+}
 variable "billing_project" {
  description = "The project id to use for billing"
  type        = string
  default     = "CLOUD_SETUP_HOST_PROJECT_ID"
 }
 variable "folders" {
  description = "Folder structure as a map"
  type        = map
 }
--- a/versions.tf
+++ b/versions.tf
@ -0,0 +1,20 @@
 terraform {
  required_version = ">= 1.3"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">= 5.22"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = ">= 5.22"
    }
  }
  provider_meta "google" {
    module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0"
  }
  provider_meta "google-beta" {
    module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0"
  }
 }