github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/ops/service-accounts/weave-flux/main.tf

github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/ops/service-accounts/weave-flux/main.tf (about)

     1  provider "google" {
     2    project = var.gcp_project
     3    region  = var.region
     4    zone    = var.zone
     5  }
     6  
     7  terraform {
     8    backend "gcs" {
     9      # this bucket lives in the bacalhau-cicd google project
    10      # https://console.cloud.google.com/storage/browser/bacalhau-global-storage;tab=objects?project=bacalhau-cicd
    11      bucket = "bacalhau-global-storage"
    12      prefix = "terraform/state"
    13    }
    14  }
    15  
    16  resource "google_service_account" "sa" {
    17    account_id   = var.service_account_name
    18    display_name = "Service Account For Weave Flux - ${terraform.workspace}"
    19  }
    20  
    21  resource "google_service_account_key" "sak" {
    22    service_account_id = google_service_account.sa.name
    23  }
    24  
    25  resource "google_project_iam_binding" "compute_role" {
    26    project = var.gcp_project
    27    role    = "roles/compute.admin"
    28  
    29    members = [
    30      "serviceAccount:${google_service_account.sa.email}",
    31    ]
    32  }
    33  
    34  resource "google_project_iam_member" "terraform_state_role" {
    35    project = "bacalhau-cicd"
    36    role    = "roles/storage.admin"
    37    member  = "serviceAccount:${google_service_account.sa.email}"
    38  }
    39  
    40  resource "local_file" "key_file" {
    41    content  = base64decode(google_service_account_key.sak.private_key)
    42    filename = "${path.module}/${var.service_account_name}-${terraform.workspace}.json"
    43  }