Skip to content
GitLab
Switch branch/tag
Find file Normal viewHistoryPermalink
main.tf 2.77 KB
Newer Older
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
1 
# Still need:
Kenny Moore's avatar
Working provisioning code    
Kenny Moore committed
2
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
3 
# write to DB
Kenny Moore's avatar
Working provisioning code    
Kenny Moore committed
4
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
5
Kenny Moore's avatar
Initial Import  
Kenny Moore committed
6
7
8
9
10
11
12
13 
resource "random_id" "id" {
    byte_length = 2
}

locals{
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25) 
}
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
14 
resource "google_project" "gcp_project" {
Kenny Moore's avatar
Initial Import  
Kenny Moore committed
15
16
17
18 
    name = "${var.project_name}"        
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
    folder_id = local.folder[var.division]    
    billing_account = var.billing_id
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
19 
    auto_create_network = false
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
20 
    labels = {
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
21 
        "shortcode" = var.shortcode
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
22
23
24 
    } 
}
Kenny Moore's avatar
Adjusted var to mcomm; project editor complete    
Kenny Moore committed
25
26
27
28
29
30
31 
resource "google_project_iam_member" "project_iam" {
    project = "${google_project.gcp_project.project_id}"
    role    = "roles/editor"
    member  = "group:${var.project_mcomm}"
}
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
32 
locals{
Kenny Moore's avatar
Fix log filter    
Kenny Moore committed
33
34 
    # filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"${google_project.gcp_project.project_id}\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" 
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\""
Kenny Moore's avatar
Initial Import  
Kenny Moore committed
35
36
37
38
39
40 
}

resource "google_logging_project_sink" "log_export" {
    project = "${google_project.gcp_project.project_id}"
    name = "${google_project.gcp_project.project_id}-log-export"
    destination = "${var.log_export_destination}"
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
41 
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
Kenny Moore's avatar
BGP VPN established    
Kenny Moore committed
42 
    filter = local.filter_string
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
43 
    unique_writer_identity = true
Kenny Moore's avatar
Initial Import  
Kenny Moore committed
44
45 
}
Kenny Moore's avatar
bgp vpn configured on cloud side    
Kenny Moore committed
46 
# Give unique writer permission to publish/write to pub/sub topic
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
47
48 
resource google_pubsub_topic_iam_member "publisher" {
    project = "vci-mcloud-service" # should make this a var
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
49 
    topic = "${var.log_export_destination}"
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
50
51
52
53 
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
54
55
56
57 
resource "google_project_service" "compute-api" {
  project = "${google_project.gcp_project.project_id}"
  service = "compute.googleapis.com"
  # disable_dependent_services = true
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
58 
}
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
59
60
61
62 
locals {
    default_cidr = "10.255.0.0/16"
    default_regions = ["us-central1", "us-east1", "us-east4", "us-west1"]
    default_subnets = {for x in local.default_regions : x => cidrsubnet(local.default_cidr,4,index(local.default_regions, x))}
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
63
64 
}
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
65 
resource "google_compute_network" "default_vpc" {
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
66 
    project = "${google_project.gcp_project.project_id}"
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
67 
    name = "${var.prefix}-default-vpc"
Kenny Moore's avatar
Mostly networking added    
Kenny Moore committed
68 
    routing_mode = "GLOBAL"
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
69
70
71 
    auto_create_subnetworks = false    
}
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
72
73 
resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
Kenny Moore's avatar
logging done; networking in progress    
Kenny Moore committed
74 
    project = "${google_project.gcp_project.project_id}"
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
75 
    name = "default-${each.key}"
Kenny Moore's avatar
Multi-vpc working    
Kenny Moore committed
76
77 
    region = each.key
    ip_cidr_range = each.value
Kenny Moore's avatar
Separate Network/VPN Module    
Kenny Moore committed
78
79 
    network = google_compute_network.default_vpc.self_link
}