Commit 4cb702d7 authored by Adam Robinson's avatar Adam Robinson
Browse files

initial import

parents
locals {
short_mcomm = split("@", var.mcomm_group_email)[0]
}
resource "gcp_folder" "customer_folder" {
display_name = local.short_mcomm
parent = var.division_folder_ids[var.division]
}
data "google_iam_policy" "customer_folder_policy" {
binding {
role = "roles/browser"
members = [
"group:${var.mcomm_group_email}",
]
}
binding {
role = "roles/resourcemanager.folderViewer"
members = [
"group:${var.mcomm_group_email}",
]
}
binding {
role = "roles/resourcemanager.projectCreator"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
}
resource "google_folder_iam_policy" "customer_folder_policy" {
folder = gcp_folder.customer_folder.name
policy_data = data.google_iam_policy.customer_folder_policy.policy_data
}
resource "random_id" "customer_bucket_id" {
byte_length = 2
}
resource "google_storage_bucket" "customer_bucket" {
project = var.customer_bucket_project_id
name = "gcp-at-um-${local.short_mcomm}-${random_id.customer_bucket_id.hex}"
location = "US"
storage_class = "STANDARD"
bucket_policy_only = true
versioning {
enabled = true
}
}
resource "google_service_account" "customer_service_account" {
project = var.customer_service_account_project_id
account_id = "${local.short_mcomm}-tf"
description = "${local.short_mcomm} Terraform Service Account"
}
data "google_iam_policy" "customer_bucket_policy" {
binding {
role = "roles/storage.legacyBucketWriter"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
binding {
role = "roles/storage.objectViewer"
members = [
"group:${var.mcomm_group_email}",
]
}
}
resource "google_storage_bucket_iam_policy" "customer_bucket_policy" {
bucket = google_storage_bucket.customer_bucket.name
policy_data = data.google_iam_policy.customer_bucket_policy.policy_data
}
// Need to make a customer Git repo
// Need to write to a customer database
resource "google_billing_subaccount" "customer_subaccount" {
display_name = "${local.short_mcomm}"
master_billing_account = var.master_billing_account_id
rename_on_destroy = true
}
resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
}
data "google_iam_policy" "customer_billing_account_policy" {
binding {
role = "roles/billing.user"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
binding {
role = "organizations/715302536254/roles/UM_billingUser"
members = [
"group:${var.mcomm_group_email}",
]
}
}
output "billing_account_id" {
value = google_billing_subaccount.customer_subaccount.billing_account_id
}
output "terraform_service_account" {
value = google_service_account.customer_service_account.name
}
output "terraform_state_bucket" {
value = google_storage_bucket.customer_bucket.name
}
output "folder_id" {
value = gcp_folder.customer_folder.id
}
\ No newline at end of file
variable "requestor" {
type = string
description = "The person that made the initial request for the GCP Customer Folder"
}
variable "mcomm_group_email" {
type = string
description = "The MCommunity Group to be given permission to the GCP Customer Folder"
}
variable "shortcode" {
type = string
description = "The default shortcode to associate with the billing subaccount"
}
variable "billing_contact" {
type = string
description = "A contact to use for billing questions about the GCP Billing Subaccount"
}
variable "division_folder_ids" {
type = map(string)
description = "The folder ID of the top level folder of the service"
}
variable "division" {
type = string
description = "Must be one of \"campus\",\"its\", or \"michigan_medicine\""
}
variable "customer_bucket_project_id" {
type = string
description = "The project that will contain customer Terraform state buckets"
}
variable "customer_service_account_project_id" {
type = string
description = "The project that will contain customer Terraform service accounts"
}
variable "master_billing_account_id" {
type = string
description = "The ID of the master billing account"
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment