test

.gitea/workflows/validate.yml

@@ -55,6 +55,6 @@ jobs:
         id: plan
         run: terraform plan
 
-#      - name: Terraform Apply
-#        id: apply
-#        run: terraform apply -auto-approve
+      - name: Terraform Apply
+        id: apply
+        run: terraform apply -auto-approve

.terraform.lock.hcl

@@ -2,22 +2,62 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/google" {
-  version     = "6.16.0"
-  constraints = "~> 6.16.0"
+  version     = "5.45.0"
+  constraints = ">= 3.43.0, >= 3.45.0, >= 4.28.0, >= 5.22.0, >= 5.33.0, < 6.0.0"
   hashes = [
-    "h1:xu1ZOAgciMrxGk81qhnNmUG+yt6o4eq7qI8awc3/oLk=",
-    "zh:1e263d01a64740d550f14c83e91efaf5b3f7ee46163cce58b736da284e488377",
-    "zh:5b0885ee8875b98ef75f558e278ac5f2ba0850e0e6579c898d75a488be227e93",
-    "zh:6eb8d06a5cf9843e7a4dd18bd93fc785bdec9f5aebdef748bfbe349c0e085ce5",
-    "zh:82f57bcccc35271f39a090b687c37489f81ddeec2a792e7f5341c7cdcc51fa5c",
-    "zh:898d7ed728f45c3124e2bfbbde57b762e59c9c54e020453edc9454858d65a8c5",
-    "zh:8effa4a08cc3ffce2048b4e51ad6df0c288ce0c79c161b9716a16b482d2f18be",
-    "zh:ac80c44c9dc0c7016c3422390b17380ad03257abc09a224734ed359b2cd61d0a",
-    "zh:c2e03eba3d9af62948ba82aa1de627c692731b9a7dd46119b932c6fc9514306c",
-    "zh:ca77c67f72e7210112f485ef0fc555fde3ac818de9b7136f0b37142893ba6428",
-    "zh:ea8ccff7fece47be816f3f20fdd61b8ac3a72f515720c579a2560183b1e17658",
+    "h1:EE17hNaULEGzLdVIS3GC4DZj4aPyJQ78mGzkMpta41g=",
+    "zh:02916a209c660806a7ef30c3e404cd139705bdd401646791ac8876259d10d560",
+    "zh:3cd831a98d9de617d334be4885a253dcf7dfb54a383cf366482303fdd5fd7162",
+    "zh:42dfb0db08b7086f8de4f1d2f8326d3e07c99016ce6ca91f3d310458111acc97",
+    "zh:4a8cb3569e5006da3bc631bc340f0c6020f3d6140c4eb5821d92d0ff23fde2dd",
+    "zh:614e86cd8e793c8d622a869860f71dcedef783c1a72d754c8af919c1209b1f89",
+    "zh:7d42ec15014891c6b65c0115c2fc0e95066f71497ad9c56639f490f0922daa2c",
+    "zh:813d3f741280a75baea1bfb0eeaaf4c2910218bd7e3607749a1a86d89a17c4dd",
+    "zh:823a9133c1dc96d7069bb838438a4aa5bef1344aa9077521d129915f6371fe65",
+    "zh:98803e908ddf283a6967cc213b34bf0c04ba866a02a3e516db6462053625aad5",
+    "zh:bc47ab6583e549cd86f2fa6a69cdfdf85b795e1184b0e5e25b194bbf82377b32",
+    "zh:d0a8e77af1f1a1fab9f7867cc8b2b700dd988398093a7a3e3273dac6875c161a",
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-    "zh:f5d626eb6e9015022796849d6ba733627fa9e082302a8658dd83fc74c75db162",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/google-beta" {
+  version     = "6.17.0"
+  constraints = ">= 5.22.0"
+  hashes = [
+    "h1:PbCB1KZwCBSvmsqpGKsRBpjjykHHe1Rk0WD8+undr2U=",
+    "zh:41018bb792fbc6eeb389be133ebeb88df5c0c7ab1cdd70cb49ef3b834b5253ef",
+    "zh:464a0432a42a0973a7cdaf40713a0e54adf74a18db2d9390b00ab691a7cbab14",
+    "zh:57d8f8c2f8d2ea2512ba73caf58b80b6643e268e63dd33aa6b3908f8e9c92e8c",
+    "zh:5a7e90f80f6a8fe19597053565565c4d85efd9896cbe28038c8e1f9452acef74",
+    "zh:5c5ad4eed1bc1c42c088555aa90c99e499b2904e4de0009aacf57fff90ebb2de",
+    "zh:6c950ac6dc08c4db26762717907109665989bb3c6faa0be2db8bf65f82112eaa",
+    "zh:846c821a7664b29569626dcba87667416b399a506ca86f045263e3b918dc73c6",
+    "zh:e06a2ac6afa592127e01768bf3b47051ac010e8c7ddc515dbd42b232d2ecfa2e",
+    "zh:ea2eec97f55eff6cf5cc67f41b1d4d4ec4403b1f61cd762dc1c028ba50e3b349",
+    "zh:f0e102bfdb2c70b747e7a439b31fe2c03480b598f46193325287a51ef744d2fa",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f76136bfb3c9c0848ff84a3bf98fba1b61c13124ade4194020d18583951b9df2",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.6.3"
+  constraints = ">= 2.2.0, >= 3.0.0"
+  hashes = [
+    "h1:+UItZOLue/moJfnI3tqZBQbXUYR4ZnqPYfJDJPgLZy0=",
+    "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451",
+    "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8",
+    "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe",
+    "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1",
+    "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36",
+    "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30",
+    "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615",
+    "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad",
+    "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556",
+    "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
   ]
 }
 

backends.tf

@@ -0,0 +1,5 @@
+terraform {
+  backend "local" {
+    path = "state/terraform.tfstate"
+  }
+}

data.tf

@@ -0,0 +1,3 @@
+data "google_organization" "org" {
+  organization = "organizations/${var.org_id}"
+}

folder.tf

@@ -1,96 +0,0 @@
-# Dossier de premier niveau de notre organisation.
-resource "google_folder" "HPROD" {
-  display_name = "HPROD"
-  parent       = "organizations/297908706207"
-}
-
-resource "google_folder" "PREPROD" {
-  display_name = "PREPROD"
-  parent       = "organizations/297908706207"
-}
-
-resource "google_folder" "PROD" {
-  display_name = "PROD"
-  parent       = "organizations/297908706207"
-}
-
-resource "google_folder" "SANDBOX" {
-  display_name = "SANDBOX"
-  parent       = "organizations/297908706207"
-}
-
-# Dossier imbriqué dans un autre dossier.
-# Périmètre DATA
-resource "google_folder" "DATA_HPROD" {
-  display_name = "DATA"
-  parent       = google_folder.HPROD.name
-}
-
-resource "google_folder" "DATA_PREPROD" {
-  display_name = "DATA"
-  parent       = google_folder.PREPROD.name
-}
-
-resource "google_folder" "DATA_PROD" {
-  display_name = "DATA"
-  parent       = google_folder.PROD.name
-}
-
-resource "google_folder" "DATA_SANDBOX" {
-  display_name = "DATA"
-  parent       = google_folder.SANDBOX.name
-}
-
-# Périmètre INFRA
-resource "google_folder" "INFRA_HPROD" {
-  display_name = "INFRA"
-  parent       = google_folder.HPROD.name
-}
-
-resource "google_folder" "INFRA_PREPROD" {
-  display_name = "INFRA"
-  parent       = google_folder.PREPROD.name
-}
-
-resource "google_folder" "INFRA_PROD" {
-  display_name = "INFRA"
-  parent       = google_folder.PROD.name
-}
-
-# Périmètre PUBLIC
-resource "google_folder" "PUBLIC_HPROD" {
-  display_name = "PUBLIC"
-  parent       = google_folder.HPROD.name
-}
-
-resource "google_folder" "PUBLIC_PREPROD" {
-  display_name = "PUBLIC"
-  parent       = google_folder.PREPROD.name
-}
-
-resource "google_folder" "PUBLIC_PROD" {
-  display_name = "PUBLIC"
-  parent       = google_folder.PROD.name
-}
-
-# Périmètre SECURITY
-resource "google_folder" "SECURITY_HPROD" {
-  display_name = "SECURITY"
-  parent       = google_folder.HPROD.name
-}
-
-resource "google_folder" "SECURITY_PREPROD" {
-  display_name = "SECURITY"
-  parent       = google_folder.PREPROD.name
-}
-
-resource "google_folder" "SECURITY_PROD" {
-  display_name = "SECURITY"
-  parent       = google_folder.PROD.name
-}
-
-# Périmètre OPS
-resource "google_folder" "OPS_PROD" {
-  display_name = "OPS"
-  parent       = google_folder.PROD.name
-}

folders.tf

@@ -0,0 +1,71 @@
+module "cs-common" {
+  source  = "terraform-google-modules/folders/google"
+  version = "~> 4.0"
+
+  parent = "organizations/${var.org_id}"
+  names = [
+    "Common",
+  ]
+}
+
+locals {
+  folders_level_1 = compact(flatten([for parent, children in var.folders : length(children) == 0 ?
+  [] : [for child, _ in children : join("/", [parent, child])]]))
+
+  # this level is not needed for all resource hierarchies
+  folders_level_2 = compact(flatten([for parent, children in var.folders : length(children) == 0 ?
+    [] : [for child, grandchildren in children : length(grandchildren) == 0 ?
+  [] : [for grandchild, _ in grandchildren : join("/", [parent, child, grandchild])]]]))
+
+  # path to folder resource map
+  # this map is used to reference folder from the correct module, such as
+  # {
+  #   "Team 1" => module.cs-folders-level-0["Team 1"]
+  #   "Team 1/Production" => module.cs-folders-level-1["Team 1/Production"]
+  #   "Team 1/Production/Department 1" => module.cs-folders-level-2["Team 1/Production/Department 1"]
+  # }
+  folder_map = merge(
+    { "Common" = module.cs-common },
+    { for k, v in var.folders : k => module.cs-folders-level-0[k] },
+    { for path in local.folders_level_1 : path => module.cs-folders-level-1[path] },
+    { for path in local.folders_level_2 : path => module.cs-folders-level-2[path] }
+  )
+}
+
+module "cs-folders-level-0" {
+  source  = "terraform-google-modules/folders/google"
+  version = "~> 4.0"
+
+  for_each = var.folders
+  parent   = "organizations/${var.org_id}"
+  names    = each.key[*]
+}
+
+module "cs-folders-level-1" {
+  /*
+folder ids from this module are referenced with a full path and a
+folder name, such as
+`module.cs-folders-level-1["Production/Service-IT"].id`
+*/
+  source  = "terraform-google-modules/folders/google"
+  version = "~> 4.0"
+
+  for_each = toset(local.folders_level_1)
+  parent   = module.cs-folders-level-0[element(split("/", each.value), 0)].id
+  names    = [element(split("/", each.value), 1)]
+}
+
+module "cs-folders-level-2" {
+  /*
+this module is not needed for all resource hierarchies
+folder ids from this module are referenced with a full path and a
+folder name, such
+as`module.cs-folders-level-2["Production/Service-IT/Team IT"].id`
+*/
+  source  = "terraform-google-modules/folders/google"
+  version = "~> 4.0"
+
+  for_each = toset(local.folders_level_2)
+  parent   = module.cs-folders-level-1[join("/", slice(split("/", each.value), 0, 2))].id
+  names    = [element(split("/", each.value), 2)]
+}

project.tf

@@ -1,8 +0,0 @@
-# Structure de démarrage Ok à voir si le numéro d'organisation ne devrait pas être dans le Vault ?
-
-resource "google_project" "my_project" {
-  name       = "My Project"
-  project_id = "your-project-id"
-  org_id     = "113433426282"
-  folder_id  = google_folder.DATA_SANDBOX.name
-}

provider.tf

@@ -1,23 +0,0 @@
-terraform {
-  required_providers {
-    google = {
-      version = "~> 6.16.0"
-    }
-  }
-  required_version = ">= 1.7.5"
-}
-
-provider "google" {
-#  project     = var.project
-  region      = var.region
-#  credentials = var.file
-}
-
-data "google_client_config" "default" {}
-
-provider "vault" {
-  address = "https://vault.saint-maclou.com"
-}
-
-
-# manque la partie du vault pour récupérer l'authentification GCP afin d'obtenir les droits

providers.tf

@@ -0,0 +1,21 @@
+# Required if using User ADCs (Application Default Credentials) for Org Policy API.
+provider "google" {
+  user_project_override = true
+  billing_project       = var.billing_project
+  default_labels = {
+    goog-cloudsetup = "downloaded"
+  }
+}
+
+# Required if using User ADCs (Application Default Credentials) for Cloud Identity API.
+provider "google-beta" {
+  user_project_override = true
+  billing_project       = var.billing_project
+}
+
+data "google_client_config" "default" {}
+
+provider "vault" {
+  address = "https://vault.tips-of-mine.com"
+}
+

variables.tf

@@ -1,17 +1,22 @@
-# Ne doit pas être ici, on va fonctionner en mode liste qui se trouvera dans le fichier project.tf
-#variable "project" {
-#  description = "GCP project ID"
-#  type        = string
-#}
-
-variable "region" {
-  description = "GCP region"
+variable "billing_account" {
+  description = "The ID of the billing account to associate projects with"
   type        = string
-  default     = "europe-west1"
+  default     = "<please enter your billing account number here>"
 }
 
-#variable "file" {
-#  description = "GCP credential"
-#  type        = string
-#  default     = "creds/service-account-key.json"
-#}
+variable "org_id" {
+  description = "The organization id for the associated resources"
+  type        = string
+  default     = "141601796700"
+}
+
+variable "billing_project" {
+  description = "The project id to use for billing"
+  type        = string
+  default     = "CLOUD_SETUP_HOST_PROJECT_ID"
+}
+
+variable "folders" {
+  description = "Folder structure as a map"
+  type        = map
+}

versions.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 5.22"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 5.22"
+    }
+  }
+  provider_meta "google" {
+    module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0"
+  }
+  provider_meta "google-beta" {
+    module_name = "blueprints/terraform/fs-exported-preview-2dc1f319b5a6037b/v0.1.0"
+  }
+}