main.tf

# Still need:
# billing
# ip_space - get from bluecat provider (terraform)
# VPN (BGP)
# write to DB
# ADD PROJECT IAM (EDITOR)

resource "random_id" "id" {
    byte_length = 2
}

locals{
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25) 
}

resource "google_project" "gcp_project" {    
    name = "${var.project_name}"        
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
    folder_id = local.folder[var.division]    
    billing_account = var.billing_id
    auto_create_network = false
    labels = {
        "shortcode" = var.shortcode 
    } 
}

resource "google_project_iam_member" "project_iam" {
    project = "${google_project.gcp_project.project_id}"
    role    = "roles/editor"
    member  = "group:${var.project_mcomm}"
}           


locals{        
    # filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"${google_project.gcp_project.project_id}\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" 
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" 
}

resource "google_logging_project_sink" "log_export" {
    project = "${google_project.gcp_project.project_id}"
    name = "${google_project.gcp_project.project_id}-log-export"
    destination = "${var.log_export_destination}"
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
    filter = local.filter_string
    unique_writer_identity = true    
}

# Give unique writer permission to publish/write to pub/sub topic
resource google_pubsub_topic_iam_member "publisher" {
    project = "vci-mcloud-service" # should make this a var    
    topic = "${var.log_export_destination}"    
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}

resource "google_project_service" "compute-api" {
  project = "${google_project.gcp_project.project_id}"
  service = "compute.googleapis.com"
  # disable_dependent_services = true
}
locals {
    default_cidr = "10.255.0.0/16"
    default_regions = ["us-central1", "us-east1", "us-east4", "us-west1"]
    default_subnets = {for x in local.default_regions : x => cidrsubnet(local.default_cidr,4,index(local.default_regions, x))}
}

resource "google_compute_network" "default_vpc" {
    project = "${google_project.gcp_project.project_id}"
    name = "${var.prefix}-default-vpc"
    routing_mode = "GLOBAL"
    auto_create_subnetworks = false    
}

resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
    project = "${google_project.gcp_project.project_id}"
    name = "default-${each.key}"
    region = each.key
    ip_cidr_range = each.value
    network = google_compute_network.default_vpc.self_link
}