main.tf 3.4 KB
Newer Older
1
# Still need:
Kenny Moore's avatar
Kenny Moore committed
2

3
# write to DB
Kenny Moore's avatar
Kenny Moore committed
4

Kenny Moore's avatar
Kenny Moore committed
5

Kenny Moore's avatar
Kenny Moore committed
6
7
8
9
10
11
12
13
resource "random_id" "id" {
    byte_length = 2
}

locals{
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25) 
}

14
resource "google_project" "gcp_project" {    
Kenny Moore's avatar
Kenny Moore committed
15
    name = var.project_name
Kenny Moore's avatar
Kenny Moore committed
16
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
17
    folder_id = var.folder_id == "" ? local.folder[var.division] : var.folder_id
Kenny Moore's avatar
Kenny Moore committed
18
    billing_account = var.billing_id
Kenny Moore's avatar
Kenny Moore committed
19
    auto_create_network = false
20
    labels = {
Kenny Moore's avatar
Kenny Moore committed
21
        "shortcode" = var.shortcode 
22
    }
23
24
}

25
resource "google_project_iam_member" "project_iam" {
Kenny Moore's avatar
Kenny Moore committed
26
    project = google_project.gcp_project.project_id
27
28
    role    = "roles/editor"
    member  = "group:${var.project_mcomm}"
29
}
30
31


32
locals{        
Kenny Moore's avatar
Kenny Moore committed
33
34
    # filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"${google_project.gcp_project.project_id}\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" 
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" 
Kenny Moore's avatar
Kenny Moore committed
35
36
}

Kenny Moore's avatar
Kenny Moore committed
37
resource "google_project_service" "pubsub_api" {    
Kenny Moore's avatar
Kenny Moore committed
38
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
39
    service = "pubsub.googleapis.com"
Kenny Moore's avatar
Kenny Moore committed
40
41
}

Kenny Moore's avatar
Kenny Moore committed
42
resource "google_logging_project_sink" "log_export" {
Kenny Moore's avatar
Kenny Moore committed
43
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
44
    name = "${google_project.gcp_project.project_id}-log-export"
Kenny Moore's avatar
Kenny Moore committed
45
    destination = var.log_export_destination
46
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
Kenny Moore's avatar
Kenny Moore committed
47
    filter = local.filter_string
Kenny Moore's avatar
Kenny Moore committed
48
    unique_writer_identity = true    
Kenny Moore's avatar
Kenny Moore committed
49
50
}

Kenny Moore's avatar
Kenny Moore committed
51
# Give unique writer permission to publish/write to pub/sub topic
52
53
resource google_pubsub_topic_iam_member "publisher" {
    project = "vci-mcloud-service" # should make this a var    
Kenny Moore's avatar
Kenny Moore committed
54
    topic = var.log_export_destination
55
56
57
58
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}

Kenny Moore's avatar
Kenny Moore committed
59
resource "google_project_service" "compute-api" {
Kenny Moore's avatar
Kenny Moore committed
60
  project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
61
62
  service = "compute.googleapis.com"
  # disable_dependent_services = true
Kenny Moore's avatar
Kenny Moore committed
63
}
Kenny Moore's avatar
Kenny Moore committed
64
65
66
67
locals {
    default_cidr = "10.255.0.0/16"
    default_regions = ["us-central1", "us-east1", "us-east4", "us-west1"]
    default_subnets = {for x in local.default_regions : x => cidrsubnet(local.default_cidr,4,index(local.default_regions, x))}
68
69
70
71
    pods_cidr = "10.255.128.0/17"
    pods_range = {for x in local.default_regions : x => cidrsubnet(local.pods_cidr,3,index(local.default_regions, x))}
    services_cidr = "10.255.224.0/19"
    services_range = {for x in local.default_regions : x => cidrsubnet(local.services_cidr,3,index(local.default_regions, x))}
Kenny Moore's avatar
Kenny Moore committed
72
73
}

Kenny Moore's avatar
Kenny Moore committed
74
resource "google_compute_network" "default_vpc" {
Kenny Moore's avatar
Kenny Moore committed
75
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
76
    name = "${var.prefix}-default-vpc"
Kenny Moore's avatar
Kenny Moore committed
77
    routing_mode = "GLOBAL"
78
79
80
    auto_create_subnetworks = false    
}

Kenny Moore's avatar
Kenny Moore committed
81
82
resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
Kenny Moore's avatar
Kenny Moore committed
83
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
84
    name = "default-${each.key}"
Kenny Moore's avatar
Kenny Moore committed
85
86
    region = each.key
    ip_cidr_range = each.value
87
88
    network = google_compute_network.default_vpc.self_link 
    secondary_ip_range = var.gke ? [{range_name = "${each.key}-pods", ip_cidr_range = local.pods_range[each.key]},{range_name = "${each.key}-services", ip_cidr_range = local.services_range[each.key]}] : []
Kenny Moore's avatar
Kenny Moore committed
89
}