This is an automated email from the ASF dual-hosted git repository. dmysakovets pushed a commit to branch terraform in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 33913ed31acb453dad442e14955e90f15d53d2d6 Author: Dyoma33 <[email protected]> AuthorDate: Mon May 27 19:13:05 2019 +0300 [terraform] Creating terraform scripts for SSN(GCP) --- infrastructure-provisioning/terraform/main/main.tf | 20 ++++++++++++++++++++ .../terraform/modules/global/service_accounts.tf | 22 ++++++++++++++++++++++ .../terraform/modules/global/variables.tf | 19 +++++++++++++++++++ .../terraform/modules/global/vpc.tf | 0 .../terraform/modules/ssn/instance.tf | 0 .../terraform/modules/ssn/network.tf | 0 .../terraform/modules/ssn/variables.tf | 0 7 files changed, 61 insertions(+) diff --git a/infrastructure-provisioning/terraform/main/main.tf b/infrastructure-provisioning/terraform/main/main.tf new file mode 100644 index 0000000..758889a --- /dev/null +++ b/infrastructure-provisioning/terraform/main/main.tf @@ -0,0 +1,20 @@ +provider "google" { + source = "../modules/global" + project = "${var.project}" + credentials = "${var.credentials}" + region = "${var.region}" +} +module "service_accounts" { + source = "../modules/global" + service_name = "${var.project}" +} +module "vpc" { + source = "../modules/global" + var_ssn_public_subnet = "${var.ssn_public_subnet}" + var_ssn_private_subnet = "${var.ssn_private_subnet}" +} +module "ssn" { + source = "../modules/ssn" + var_ssn_public_subnet = "${var.ssn_public_subnet}" + var_ssn_private_subnet = "${var.ssn_private_subnet}" +} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/modules/global/service_accounts.tf b/infrastructure-provisioning/terraform/modules/global/service_accounts.tf new file mode 100644 index 0000000..fe6699a --- /dev/null +++ b/infrastructure-provisioning/terraform/modules/global/service_accounts.tf @@ -0,0 +1,22 @@ +resource "google_service_account" "ssn_sa" { + account_id = "${var.service_name}-ssn-sa" + display_name = "${var.service_name}-ssn-sa" +} + +# Create a Service Account key by default +resource "google_service_account_key" "nodes_sa_key" { + depends_on = ["google_project_iam_member.iam"] + service_account_id = "${google_service_account.nodes_sa.name}" +} + +resource "google_project_iam_custom_role" "custom_ssn_role" { + role_id = "${var.service_name}-ssn-role" + title = "${var.service_name}-ssn-role" + permissions = "${var.ssn_policy}" +} + +resource "google_project_iam_member" "iam" { + count = "${length(var.ssn_roles)}" + member = "serviceAccount:${google_service_account.nodes_sa.email}" + role = "${element(var.service_account_iam_roles, count.index)}" +} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/modules/global/variables.tf b/infrastructure-provisioning/terraform/modules/global/variables.tf new file mode 100644 index 0000000..47b3e93 --- /dev/null +++ b/infrastructure-provisioning/terraform/modules/global/variables.tf @@ -0,0 +1,19 @@ +variable "project" { + default = "service_base_name" +} + +variable "region" { + default = "us-east1" +} + +variable "credentials" { + default = "/path/to/service_account.json" +} + +variable "ssn_roles" { + default = "/path/to/ssn_roles.json" +} + +variable "ssn_police" { + default = "/path/to/ssn_policy.json" +} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/modules/global/vpc.tf b/infrastructure-provisioning/terraform/modules/global/vpc.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure-provisioning/terraform/modules/ssn/instance.tf b/infrastructure-provisioning/terraform/modules/ssn/instance.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure-provisioning/terraform/modules/ssn/network.tf b/infrastructure-provisioning/terraform/modules/ssn/network.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure-provisioning/terraform/modules/ssn/variables.tf b/infrastructure-provisioning/terraform/modules/ssn/variables.tf new file mode 100644 index 0000000..e69de29 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
