Add terraform configuration for account management

accounts/service-accounts/main.tf

@@ -0,0 +1,24 @@
+resource "google_service_account" "gitlab_ci" {
+  account_id   = "gitlab-ci"
+  display_name = "Gitlab CI"
+}
+
+resource "google_service_account_key" "gitlab_ci" {
+  service_account_id = "${google_service_account.gitlab_ci.id}"
+  public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
+resource "google_project_iam_policy" "gitlab_policy" {
+  project     = "${var.project_id}"
+  policy_data = "${data.google_iam_policy.gitlab_ci.policy_data}"
+}
+
+data "google_iam_policy" "gitlab_ci" {
+  binding {
+    role = "roles/container.developer"
+
+    members = [
+      "serviceAccount:${google_service_account.gitlab_ci.email}",
+    ]
+  }
+}

accounts/service-accounts/outputs.tf

@@ -0,0 +1,3 @@
+output "gitlab_sa_key" {
+  value = "${google_service_account_key.gitlab_ci.private_key}"
+}

accounts/service-accounts/providers.tf

@@ -0,0 +1,5 @@
+provider "google" {
+  version = "~> 1.4.0"
+  project = "${var.project_id}"
+  region  = "${var.region}"
+}

accounts/service-accounts/terraform.tfvars.example

@@ -0,0 +1,2 @@
+project_id = "example-123456"
+region = "europe-west1"

accounts/service-accounts/variables.tf

@@ -0,0 +1,10 @@
+## ---------------------
+## Provider configuration
+## ---------------------
+variable "project_id" {
+  description = "Project ID in GCP"
+}
+
+variable "region" {
+  description = "Region in which to manage GCP resources"
+}