diff --git a/main.tf b/main.tf index e9bcb12d3910e712010ead116d37555721c62ea5..cd56a13d54d10a86ecac305e8b983e16505d18c1 100644 --- a/main.tf +++ b/main.tf @@ -3,6 +3,7 @@ # ip_space - get from bluecat provider (terraform) # VPN (BGP) # write to DB +# ADD PROJECT IAM (EDITOR) resource "random_id" "id" { byte_length = 2 @@ -23,6 +24,13 @@ resource "google_project" "gcp_project" { } } +resource "google_project_iam_member" "project_iam" { + project = "${google_project.gcp_project.project_id}" + role = "roles/editor" + member = "group:${var.project_mcomm}" +} + + locals{ filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"google_project.gcp_project.project_id\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" } diff --git a/modules/terraform-google-gcp-at-um-billing/main.tf b/modules/terraform-google-gcp-at-um-billing/main.tf new file mode 100644 index 0000000000000000000000000000000000000000..936f331ccc453d4a8413eed9c4680e892cbe7f60 --- /dev/null +++ b/modules/terraform-google-gcp-at-um-billing/main.tf @@ -0,0 +1,14 @@ +data "google_billing_account" "billing_id" { + # display_name = "${var.prefix}-${var.project_id}-billing" + billing_account = "billingAccounts/${var.billing_id}" +} + +resource "google_billing_account_iam_member" "binding" { + billing_account_id = var.billing_id + role = "roles/billing.viewer" + member = "group:${var.billing_mcomm}" +} + + +# EDITOR; nested in billing MCOMM - umich-gcp-project-tf-test@umich.edu +# umich-gcp-project-tf-test-billing@umich.edu \ No newline at end of file diff --git a/modules/terraform-google-gcp-at-um-billing/variables.tf b/modules/terraform-google-gcp-at-um-billing/variables.tf new file mode 100644 index 0000000000000000000000000000000000000000..c7b146e7861df06e0285e06369dd5996d8886578 --- /dev/null +++ b/modules/terraform-google-gcp-at-um-billing/variables.tf @@ -0,0 +1,8 @@ +variable "project_id" { +} +variable "billing_id" { +} +variable "prefix" { +} +variable "billing_mcomm" { +} diff --git a/modules/terraform-google-gcp-at-um-vpn/main.tf b/modules/terraform-google-gcp-at-um-vpn/main.tf index fe3567d9785b9562cd970f3d8a3ecfa3547a132d..a48441314fff9104dce6eadca9b5bc0ab5908921 100644 --- a/modules/terraform-google-gcp-at-um-vpn/main.tf +++ b/modules/terraform-google-gcp-at-um-vpn/main.tf @@ -15,6 +15,7 @@ resource "bluecat_ip4_network" "gcp_network" { size = var.network_size } +# calculate subnet information; rounds up based on the number regions provided (divided by 2) locals{ subnets = {for x in var.regions : x => cidrsubnet(bluecat_ip4_network.gcp_network.cidr, ceil(length(var.regions)/2), index(var.regions, x))} } @@ -57,19 +58,16 @@ resource "google_compute_vpn_gateway" "vpn_gw" { # reserve static IP for vpn gateway resource "google_compute_address" "vpn_gw_ip" { -# name = "${var.prefix}-bgp-vpn-gateway" name = google_compute_vpn_gateway.vpn_gw.name - project = var.project_id - # region = "us-central1" # How do we decide which one? - region = var.regions[0] - # region = local.subnets[0].each + project = var.project_id + region = var.regions[0] } -#create forwarding rules +# create forwarding rules resource "google_compute_forwarding_rule" "fr_esp" { name = "fr-esp" project = var.project_id - region = var.regions[0] # should be a variable + region = var.regions[0] ip_protocol = "ESP" ip_address = "${google_compute_address.vpn_gw_ip.address}" target = "${google_compute_vpn_gateway.vpn_gw.self_link}" @@ -78,7 +76,7 @@ resource "google_compute_forwarding_rule" "fr_esp" { resource "google_compute_forwarding_rule" "fr_udp500" { name = "fr-udp500" project = var.project_id - region = var.regions[0] # should be a variable + region = var.regions[0] ip_protocol = "UDP" port_range = "500" ip_address = "${google_compute_address.vpn_gw_ip.address}" @@ -88,7 +86,7 @@ resource "google_compute_forwarding_rule" "fr_udp500" { resource "google_compute_forwarding_rule" "fr_udp4500" { name = "fr-udp4500" project = var.project_id - region = var.regions[0] # should be a variable + region = var.regions[0] ip_protocol = "UDP" port_range = "4500" ip_address = "${google_compute_address.vpn_gw_ip.address}" @@ -104,15 +102,15 @@ resource "google_compute_router" "vpn_router" { asn = var.cloud_asn } } - + +# Create a BGP Interface/Session based on the number of bgp networks specified in resource "google_compute_router_interface" "bgp-interface" { count = length(var.bgp_network) name = "bgp-vpn-interface${count.index}" # should use var/count project = var.project_id router = "${google_compute_router.vpn_router.name}" - region = var.regions[0] # need a var - # ip_range = var.vpn_connection_info["${count.index}"].value # need a var - ip_range = var.bgp_network[count.index] # need a var + region = var.regions[0] + ip_range = var.bgp_network[count.index] vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels } diff --git a/outputs.tf b/outputs.tf index ce4cef246d19580436e0e7403e42e89c11436807..86d3abb4c20d1104e58411bced1b9d35c54a08b3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -5,3 +5,7 @@ output "project_id" { output "prefix" { value = var.prefix } + +output "billing_id" { + value = var.billing_id +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 1254e50d6e61cb8a3a04990f22252089052ee0d4..d3897d3ca1140162e7a4dbd328da502b448dd65c 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,6 @@ variable "prefix" { default = "um" } - variable "project_name" { default = "" } @@ -12,7 +11,7 @@ variable "division" { default = "" } -variable "mcomm_group" { +variable "project_mcomm" { default = "" } variable "billing_id" {