first sync

.gitea/workflows/validate.yml

@@ -15,10 +15,27 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - uses: hashicorp/setup-terraform@v3
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.7.5
 
+      - name: Set up GCloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          project_id: ${{ secrets.GCP_PROJECT_ID }}
+          service_account_key: ${{ secrets.GCP_SA_KEY }}
+          export_default_credentials: true
+          version: '>= 506.0.0'
+
+      - name: 'Use GCloud CLI'
+        run: 'gcloud info'
+
+      - name: Authenticate with Google Cloud Platform
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_CREDENTIALS }}
+
       - name: Terraform fmt
         id: fmt
         run: terraform fmt -check -diff -recursive

folder.tf

@@ -0,0 +1,96 @@
+# Dossier de premier niveau de notre organisation.
+resource "google_folder" "HPROD" {
+  display_name = "HPROD"
+  parent       = "organizations/113433426282"
+}
+
+resource "google_folder" "PREPROD" {
+  display_name = "PREPROD"
+  parent       = "organizations/113433426282"
+}
+
+resource "google_folder" "PROD" {
+  display_name = "PROD"
+  parent       = "organizations/113433426282"
+}
+
+resource "google_folder" "SANDBOX" {
+  display_name = "SANDBOX"
+  parent       = "organizations/113433426282"
+}
+
+# Dossier imbriqué dans un autre dossier.
+# Périmètre DATA
+resource "google_folder" "DATA_HPROD" {
+  display_name = "DATA"
+  parent       = google_folder.HPROD.name
+}
+
+resource "google_folder" "DATA_PREPROD" {
+  display_name = "DATA"
+  parent       = google_folder.PREPROD.name
+}
+
+resource "google_folder" "DATA_PROD" {
+  display_name = "DATA"
+  parent       = google_folder.PROD.name
+}
+
+resource "google_folder" "DATA_SANDBOX" {
+  display_name = "DATA"
+  parent       = google_folder.SANDBOX.name
+}
+
+# Périmètre INFRA
+resource "google_folder" "INFRA_HPROD" {
+  display_name = "INFRA"
+  parent       = google_folder.HPROD.name
+}
+
+resource "google_folder" "INFRA_PREPROD" {
+  display_name = "INFRA"
+  parent       = google_folder.PREPROD.name
+}
+
+resource "google_folder" "INFRA_PROD" {
+  display_name = "INFRA"
+  parent       = google_folder.PROD.name
+}
+
+# Périmètre PUBLIC
+resource "google_folder" "PUBLIC_HPROD" {
+  display_name = "PUBLIC"
+  parent       = google_folder.HPROD.name
+}
+
+resource "google_folder" "PUBLIC_PREPROD" {
+  display_name = "PUBLIC"
+  parent       = google_folder.PREPROD.name
+}
+
+resource "google_folder" "PUBLIC_PROD" {
+  display_name = "PUBLIC"
+  parent       = google_folder.PROD.name
+}
+
+# Périmètre SECURITY
+resource "google_folder" "SECURITY_HPROD" {
+  display_name = "SECURITY"
+  parent       = google_folder.HPROD.name
+}
+
+resource "google_folder" "SECURITY_PREPROD" {
+  display_name = "SECURITY"
+  parent       = google_folder.PREPROD.name
+}
+
+resource "google_folder" "SECURITY_PROD" {
+  display_name = "SECURITY"
+  parent       = google_folder.PROD.name
+}
+
+# Périmètre OPS
+resource "google_folder" "OPS_PROD" {
+  display_name = "OPS"
+  parent       = google_folder.PROD.name
+}

project.tf

@@ -0,0 +1,8 @@
+# Structure de démarrage Ok à voir si le numéro d'organisation ne devrait pas être dans le Vault ?
+
+resource "google_project" "my_project" {
+  name       = "My Project"
+  project_id = "your-project-id"
+  org_id     = "113433426282"
+  folder_id  = google_folder.DATA_SANDBOX.name
+}

provider.tf

@@ -0,0 +1,23 @@
+terraform {
+  required_providers {
+    google = {
+      version = "~> 6.16.0"
+    }
+  }
+  required_version = ">= 1.7.5"
+}
+
+provider "google" {
+  project     = var.project
+  region      = var.region
+#  credentials = var.file
+}
+
+data "google_client_config" "default" {}
+
+provider "vault" {
+  address = "https://vault.saint-maclou.com"
+}
+
+
+# manque la partie du vault pour récupérer l'authentification GCP afin d'obtenir les droits

variables.tf

@@ -0,0 +1,17 @@
+# Ne doit pas être ici, on va fonctionner en mode liste qui se trouvera dans le fichier project.tf
+variable "project" {
+  description = "GCP project ID"
+  type        = string
+}
+
+variable "region" {
+  description = "GCP region"
+  type        = string
+  default     = "europe-west1"
+}
+
+#variable "file" {
+#  description = "GCP credential"
+#  type        = string
+#  default     = "creds/service-account-key.json"
+#}