Added changes from iac/ directory from commit 64f34e0 to dev

Pierre-Alexandre35 · Nov 3, 2024 · dab33b9 · dab33b9
1 parent a594885
commit dab33b9
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 65 deletions.
diff --git a/iac/main.tf b/iac/main.tf
@@ -1,14 +1,3 @@
-/* commented out: main reason is that terraform apply works locally but on the CI using service accounts cannot create projects without a parent (=organisation).
-However in order to create an organisation, we must sign up for Sign up for Google Workspace. So we keep the GCP "static" atm.
-
-resource "google_folder" "iac_project_folder" {
-  display_name = var.folder_name
-}
-
-output "folder_id" {
-  value = google_folder.iac_project_folder.id
-}
-
 # Generate a random suffix for the project ID
 resource "random_id" "project_suffix" {
   byte_length = 2  # 2 bytes = 4 hex characters (e.g., "abcd")
@@ -18,26 +7,24 @@ resource "random_id" "project_suffix" {
 resource "google_project" "gcp_prod_project" {
   name            = "travian-prod-3919"
   project_id      = "travian-3919"
-  #folder_id      = var.folder_id
   #name            = "travian-prod-${random_id.project_suffix.hex}"
   #project_id      = "travian-${random_id.project_suffix.hex}"
   billing_account = var.billing_account_id   
 }
-*/
 
 # Call the API module
 module "api" {
   source     = "./modules/api"
-  project_id = var.existing_project_id
+  project_id = google_project.gcp_prod_project.project_id
 }
 
-# Create a Google Storage Bucket within the existing project
+# Create a Google Storage Bucket within the newly created project
 resource "google_storage_bucket" "static_site" {
-  name                       = var.bucket_name
-  location                   = "EU"
-  force_destroy              = true
+  name          = var.bucket_name
+  location      = "EU"
+  force_destroy = true
   uniform_bucket_level_access = true
-  project                    = var.existing_project_id
+  project       = google_project.gcp_prod_project.project_id
 
   website {
     main_page_suffix = "index.html"
@@ -52,23 +39,23 @@ resource "google_storage_bucket" "static_site" {
   }
 }
 
-# Create a Service Account within the existing project
+# Create a Service Account within the newly created project
 resource "google_service_account" "gcs_deploy_sa" {
   account_id   = var.service_account_id
   display_name = "GCS Deploy Service Account"
-  project      = var.existing_project_id
+  project      = google_project.gcp_prod_project.project_id
 }
 
 # Assign Storage Admin Role to the Service Account
 resource "google_project_iam_member" "gcs_deploy_sa_storage_admin" {
-  project = var.existing_project_id
+  project = google_project.gcp_prod_project.project_id
   member  = "serviceAccount:${google_service_account.gcs_deploy_sa.email}"
   role    = "roles/storage.admin"
 }
 
-# Assign Object Viewer Role to Service Account for public access
+# Assign Object Viewer Role to Service Account (for public access)
 resource "google_project_iam_member" "gcs_deploy_sa_object_viewer" {
-  project = var.existing_project_id
+  project = google_project.gcp_prod_project.project_id
   member  = "serviceAccount:${google_service_account.gcs_deploy_sa.email}"
   role    = "roles/storage.objectViewer"
 }
@@ -100,35 +87,35 @@ output "gcs_deploy_sa_key" {
   description = "Service account key for deploying to GCS."
 }
 
-# Assign Cloud Build permissions to the Compute Engine default service account
+# Grant Cloud Build permissions to the Compute Engine default service account
 resource "google_project_iam_member" "cloud_build_compute_role" {
-  project = var.existing_project_id
-  member  = "serviceAccount:${var.existing_project_id}-compute@developer.gserviceaccount.com"
+  project = google_project.gcp_prod_project.project_id
+  member  = "serviceAccount:${google_project.gcp_prod_project.number}-compute@developer.gserviceaccount.com"
   role    = "roles/cloudbuild.builds.builder"
 }
 
 # Create Artifact Registry repository for Docker images
 resource "google_artifact_registry_repository" "docker_repo" {
-  project       = var.existing_project_id
-  location      = var.region
+  project     = google_project.gcp_prod_project.project_id
+  location    = var.region
   repository_id = "python-backend-repo"
-  description   = "Docker repository for Cloud Run"
-  format        = "DOCKER"
+  description = "Docker repository for Cloud Run"
+  format      = "DOCKER"
 }
 
+
 # Assign Artifact Registry permissions to Cloud Build
 resource "google_project_iam_member" "cloud_build_artifact_registry_pusher" {
-  project = var.existing_project_id
-  member  = "serviceAccount:${var.existing_project_id}@cloudbuild.gserviceaccount.com"
+  project = google_project.gcp_prod_project.project_id
+  member  = "serviceAccount:${google_project.gcp_prod_project.number}@cloudbuild.gserviceaccount.com"
   role    = "roles/artifactregistry.writer"
 }
 
-# Deploy Cloud Run service
 resource "google_cloud_run_service" "python_backend" {
   depends_on = [module.api]
 
   name     = "python-backend"
-  project  = var.existing_project_id
+  project  = google_project.gcp_prod_project.project_id
   location = var.region
 
   template {
@@ -153,17 +140,18 @@ resource "google_cloud_run_service" "python_backend" {
   }
 }
 
+
 # Allow public access to Cloud Run service
 resource "google_cloud_run_service_iam_member" "invoker" {
-  project  = var.existing_project_id
-  location = var.region
-  service  = google_cloud_run_service.python_backend.name
-  role     = "roles/run.invoker"
-  member   = "allUsers"
+  project        = google_project.gcp_prod_project.project_id
+  location       = var.region
+  service        = google_cloud_run_service.python_backend.name
+  role           = "roles/run.invoker"
+  member         = "allUsers"
 }
 
 # Output Cloud Run URL
 output "cloud_run_url" {
   value       = google_cloud_run_service.python_backend.status[0].url
   description = "URL of the deployed Python backend on Cloud Run."
-}
+}
diff --git a/iac/modules/api/main.tf b/iac/modules/api/main.tf
@@ -25,10 +25,3 @@ resource "google_project_service" "cloud_storage" {
   service = "storage.googleapis.com"
   disable_on_destroy = false
 }
-
-# Enable Cloud Billing API
-resource "google_project_service" "cloud_billing" {
-  project = var.project_id
-  service = "cloudbilling.googleapis.com"
-  disable_on_destroy = false
-}
diff --git a/iac/variables.tf b/iac/variables.tf
@@ -1,20 +1,3 @@
-/*
-variable "folder_id" {
-  description = "The ID of the organization where the folder will be created."
-  type        = string
-}
-
-variable "folder_name" {
-  description = "The name of the folder for organizing projects."
-  type        = string
-  default     = "my-projects-folder"
-}
-*/
-variable "existing_project_id" {
-  description = "ID of the manually created Google Cloud project"
-  type        = string
-  default     = "travian-3919"  # Set this to your actual project ID
-}
 variable "region" {}
 variable "bucket_name" {}
 variable "service_account_id" {}