main.tf 3.37 KB
Newer Older
1
# Still need:
Kenny Moore's avatar
Kenny Moore committed
2

3
# write to DB
Kenny Moore's avatar
Kenny Moore committed
4

Kenny Moore's avatar
Kenny Moore committed
5
6
7
8
9
resource "random_id" "id" {
    byte_length = 2
}

locals{
10
11
12
13
14
15
16
17
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25)
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\""
    default_cidr = "10.255.0.0/16"
    default_subnets = {for x in var.vpc_regions : x => cidrsubnet(local.default_cidr,4,index(var.vpc_regions, x))}
    pods_cidr = "10.255.128.0/17"
    pods_range = {for x in var.vpc_regions : x => cidrsubnet(local.pods_cidr,3,index(var.vpc_regions, x))}
    services_cidr = "10.255.224.0/19"
    services_range = {for x in var.vpc_regions : x => cidrsubnet(local.services_cidr,3,index(var.vpc_regions, x))}
Kenny Moore's avatar
Kenny Moore committed
18
19
}

20
resource "google_project" "gcp_project" {    
Kenny Moore's avatar
Kenny Moore committed
21
    name = var.project_name
Kenny Moore's avatar
Kenny Moore committed
22
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
23
    folder_id = var.folder_id
Kenny Moore's avatar
Kenny Moore committed
24
    billing_account = var.billing_id
Kenny Moore's avatar
Kenny Moore committed
25
    auto_create_network = false
26
    labels = {
Kenny Moore's avatar
Kenny Moore committed
27
        "shortcode" = var.shortcode 
28
    }
29
30
}

31
resource "google_project_iam_member" "project_iam" {
Kenny Moore's avatar
Kenny Moore committed
32
    project = google_project.gcp_project.project_id
33
    role    = "roles/editor"
34
    member  = "group:${var.mcomm_group_email}"
35
}
36

37
38
39
resource "google_project_service" "compute_api" {
  project = google_project.gcp_project.project_id
  service = "compute.googleapis.com"
Kenny Moore's avatar
Kenny Moore committed
40
41
}

Kenny Moore's avatar
Kenny Moore committed
42
resource "google_project_service" "pubsub_api" {    
Kenny Moore's avatar
Kenny Moore committed
43
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
44
    service = "pubsub.googleapis.com"
Kenny Moore's avatar
Kenny Moore committed
45
46
}

Kenny Moore's avatar
Kenny Moore committed
47
resource "google_logging_project_sink" "log_export" {
Kenny Moore's avatar
Kenny Moore committed
48
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
49
    name = "${google_project.gcp_project.project_id}-log-export"
Kenny Moore's avatar
Kenny Moore committed
50
    destination = var.log_export_destination
51
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
Kenny Moore's avatar
Kenny Moore committed
52
    filter = local.filter_string
Kenny Moore's avatar
Kenny Moore committed
53
    unique_writer_identity = true    
Kenny Moore's avatar
Kenny Moore committed
54
55
}

Kenny Moore's avatar
Kenny Moore committed
56
# Give unique writer permission to publish/write to pub/sub topic
57
resource "google_pubsub_topic_iam_member" "publisher" {
58
    project = "vci-mcloud-service" # should make this a var    
Kenny Moore's avatar
Kenny Moore committed
59
    topic = var.log_export_destination
60
61
62
63
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}

Kenny Moore's avatar
Kenny Moore committed
64
resource "google_compute_network" "default_vpc" {
Kenny Moore's avatar
Kenny Moore committed
65
    project = google_project.gcp_project.project_id
66
    name = "${var.vpc_prefix}-default-vpc"
Kenny Moore's avatar
Kenny Moore committed
67
    routing_mode = "GLOBAL"
68
69
70
    auto_create_subnetworks = false    
}

Kenny Moore's avatar
Kenny Moore committed
71
72
resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
Kenny Moore's avatar
Kenny Moore committed
73
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
74
    name = "default-${each.key}"
Kenny Moore's avatar
Kenny Moore committed
75
76
    region = each.key
    ip_cidr_range = each.value
77
    network = google_compute_network.default_vpc.self_link 
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
    secondary_ip_range = var.gke_vpc_ranges ? [{range_name = "${each.key}-pods", ip_cidr_range = local.pods_range[each.key]},{range_name = "${each.key}-services", ip_cidr_range = local.services_range[each.key]}] : []
}

module "vpn" {
    source = "./modules/terraform-google-gcp-at-um-vpn"
    count = var.vpn == true ? 1 : 0

    project_id      = google_project.gcp_project.project_id
    regions         = var.vpc_regions
    vpc_prefix      = var.vpc_prefix
    network_size    = var.vpn_network_size
    bgp_network     = var.vpn_bgp_network
    cloud_asn       = var.vpn_cloud_asn
    um_vpn_endpoint = var.um_vpn_endpoint
}