Reverting changes

application/main.tf

@@ -1,9 +1,9 @@
 module "gke" {
   source = "../modules/gke"
   name = "application-cluster-${var.environment}"
-  project_id = data.terraform_remote_state.infra-host-project.outputs.project_id
+  project_id = data.terraform_remote_state.infra-service-project.outputs.project_id
   network = data.terraform_remote_state.infra-host-project.outputs.network_self_link
-  service_account = data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-cluster
+  service_account = data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-cluster
   ip_range_pods = "pods"
   ip_range_services = "services"
   subnetwork = data.terraform_remote_state.infra-host-project.outputs.subnets_self_links[1]
@@ -22,9 +22,9 @@ module "gke" {
 module "gke-bastion" {
   source = "../modules/gke-bastion"
   name = "gke-bastion-${var.environment}"
-  project_id = data.terraform_remote_state.infra-host-project.outputs.project_id
+  project_id = data.terraform_remote_state.infra-service-project.outputs.project_id
   zone = "${var.region}-b"
-  service_account = data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-bastion
+  service_account = data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-bastion
   subnetwork = data.terraform_remote_state.infra-host-project.outputs.subnets_self_links[0]
   iap_members = var.iap_members
 }

infra-host-project/main.tf

@@ -62,19 +62,4 @@ module "cloud-nat" {
   project_id = module.host-vpc-project.project_id
   region     = var.cloud_nat_region
   router     = google_compute_router.router.name
-}
-
-resource "google_service_account" "accounts" {
-  count = length(var.service_accounts)
-  project = module.host-vpc-project.project_id
-  account_id = "${var.service_accounts[count.index]}-${var.environment}"
-  display_name = "${var.service_accounts[count.index]} for ${var.environment} environment"
-}
-
-locals {
-  formatted_output_sa = {for sa in var.service_accounts : sa =>
-    [
-      for sa_email in google_service_account.accounts.*.email : sa_email if length(regexall(sa, sa_email)) > 0
-    ][0]
-  }
 }

infra-host-project/outputs.tf

@@ -66,9 +66,4 @@ output "cloud_nat_region" {
 output "router_name" {
   description = "Cloud NAT router name"
   value = module.cloud-nat.router_name
-}
-
-output "service-accounts" {
-  description = "List of service account emails"
-  value = local.formatted_output_sa
 }

infra-host-project/variables.tf

@@ -31,17 +31,4 @@ variable "secondary_ranges" {
 
 variable "cloud_nat_region" {
   description = "Region where cloud nat router will be deployed. Should be the same regions as your subnetworks"
-}
-
-variable "service_accounts" {
-  description = "List of service accounts to create"
-  type = list(string)
-  default = [
-    "kafka",
-    "rabbitmq",
-    "gke-cluster",
-    "gke-bastion",
-    "terraform",
-    "mysql",
-  ]
 }

security/firewalls.tf

@@ -2,7 +2,7 @@ resource "google_compute_firewall" "gke-bastion" {
   name = "gke-bastion-${var.environment}"
   network = data.terraform_remote_state.infra-host-project.outputs.network_name
   project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  target_service_accounts = [data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-bastion]
+  target_service_accounts = [data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-bastion]
   allow {
     protocol = "tcp"
     ports = [22]
@@ -13,7 +13,7 @@ resource "google_compute_firewall" "gke-cluster" {
   name = "gke-cluster-${var.environment}"
   network = data.terraform_remote_state.infra-host-project.outputs.network_name
   project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  target_service_accounts = [data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-cluster]
+  target_service_accounts = [data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-cluster]
   allow {
     protocol = "tcp"
     ports = [80, 443]
@@ -24,7 +24,7 @@ resource "google_compute_firewall" "mysql" {
   name = "mysql-${var.environment}"
   network = data.terraform_remote_state.infra-host-project.outputs.network_name
   project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  target_service_accounts = [data.terraform_remote_state.infra-host-project.outputs.service-accounts.mysql]
+  target_service_accounts = [data.terraform_remote_state.infra-service-project.outputs.service-accounts.mysql]
   allow {
     protocol = "tcp"
     ports = [3306]
@@ -35,7 +35,7 @@ resource "google_compute_firewall" "kafka" {
   name = "kafka-${var.environment}"
   network = data.terraform_remote_state.infra-host-project.outputs.network_name
   project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  target_service_accounts = [data.terraform_remote_state.infra-host-project.outputs.service-accounts.kafka]
+  target_service_accounts = [data.terraform_remote_state.infra-service-project.outputs.service-accounts.kafka]
   allow {
     protocol = "tcp"
     ports = [9092, 9093, 9393, 9394, 24042]

security/iam.tf

@@ -15,15 +15,15 @@ locals {
 
 resource "google_project_iam_member" "gke_bastion" {
   count = length(local.gke_bastion)
-  project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  member = "serviceAccount:${data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-bastion}"
+  project = data.terraform_remote_state.infra-service-project.outputs.project_id
+  member = "serviceAccount:${data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-bastion}"
   role = local.gke_bastion[count.index]
 }
 
 resource "google_project_iam_member" "gke_cluster" {
   count = length(local.gke_cluster)
-  project = data.terraform_remote_state.infra-host-project.outputs.project_id
-  member = "serviceAccount:${data.terraform_remote_state.infra-host-project.outputs.service-accounts.gke-cluster}"
+  project = data.terraform_remote_state.infra-service-project.outputs.project_id
+  member = "serviceAccount:${data.terraform_remote_state.infra-service-project.outputs.service-accounts.gke-cluster}"
   role = local.gke_cluster[count.index]
 }