UnTerraform

terraform/main.tf

@@ -1,232 +0,0 @@
-terraform {
-  required_providers {
-    google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 6.0"
-    }
-  }
-}
-
-provider "google" {
-  project = var.gcp_project_id
-  region  = var.gcp_region
-}
-
-
-# Firebase Project Setup
-resource "google_firebase_project" "default" {
-  provider = google-beta
-  project  = var.gcp_project_id
-}
-
-# Firebase Web App
-resource "google_firebase_web_app" "rothbard_portal" {
-  provider = google-beta
-  project  = google_firebase_project.default.project
-  display_name = "Rothbard Client Portal"
-
-  app_url = "https://${var.domain_name}"
-
-  # Handle OAuth redirect
-  oauth_config {
-    client_id = var.oauth_client_id
-    client_secret = var.oauth_client_secret
-  }
-}
-
-# Firestore Database
-resource "google_firestore_database" "default" {
-  provider    = google-beta
-  project     = var.gcp_project_id
-  name        = "(default)"
-  location_id = var.firestore_location
-  type        = "FIRESTORE_NATIVE"
-
-  delete_protection_state = "DISABLED"
-}
-
-# Firebase Authentication - Complete Configuration
-resource "google_identitytoolkit_config" "default" {
-  provider = google-beta
-  project  = var.gcp_project_id
-
-  sign_in_options {
-    email {
-      enabled = true
-      password_required = true
-    }
-
-    # Disable other providers for security
-    phone {
-      enabled = false
-    }
-
-    google {
-      enabled = var.enable_google_signin
-    }
-
-    facebook {
-      enabled = false
-    }
-
-    apple {
-      enabled = false
-    }
-  }
-
-  # Email configuration
-  email {
-    reset_password_template {
-      from_email_address = var.auth_from_email
-      from_display_name = var.auth_from_name
-      reply_to = var.auth_reply_to
-      subject = "Reset your Rothbard Law Group password"
-      html = file("${path.module}/templates/reset_password.html")
-      text = file("${path.module}/templates/reset_password.txt")
-    }
-
-    email_verification_template {
-      from_email_address = var.auth_from_email
-      from_display_name = var.auth_from_name
-      reply_to = var.auth_reply_to
-      subject = "Verify your Rothbard Law Group account"
-      html = file("${path.module}/templates/email_verification.html")
-      text = file("${path.module}/templates/email_verification.txt")
-    }
-  }
-
-  # Security settings
-  sign_in {
-    allow_duplicate_emails = false
-  }
-
-  # Multi-factor authentication (disabled for simplicity)
-  multi_factor_auth {
-    enabled = false
-  }
-
-  # Anonymous user access (disabled)
-  anonymous {
-    enabled = false
-  }
-}
-
-# Service Account for the Flask App
-resource "google_service_account" "flask_app" {
-  account_id   = "rothbard-flask-app"
-  display_name = "Rothbard Flask App Service Account"
-}
-
-# IAM permissions for the Flask App
-resource "google_project_iam_member" "firestore_access" {
-  project = var.gcp_project_id
-  role    = "roles/datastore.user"
-  member  = "serviceAccount:${google_service_account.flask_app.email}"
-}
-
-resource "google_project_iam_member" "firebase_admin" {
-  project = var.gcp_project_id
-  role    = "roles/firebase.admin"
-  member  = "serviceAccount:${google_service_account.flask_app.email}"
-}
-
-# Firestore Security Rules
-resource "google_firestore_security_policy" "default" {
-  project = var.gcp_project_id
-  policy = {
-    rules = [
-      {
-        description = "Allow users to read/write their own profile"
-        match = {
-          collection = "users"
-          document = "{userId}"
-        }
-        allow = [
-          {
-            resource = "read"
-            condition = {
-              name = "request.auth.uid == userId"
-            }
-          },
-          {
-            resource = "write"
-            condition = {
-              name = "request.auth.uid == userId"
-            }
-          }
-        ]
-      },
-      {
-        description = "Only authenticated users can access the database"
-        match = {
-          collection = "{collection=**}"
-        }
-        allow = [
-          {
-            resource = "read"
-            condition = {
-              name = "request.auth != null"
-            }
-          },
-          {
-            resource = "write"
-            condition = {
-              name = "request.auth != null"
-            }
-          }
-        ]
-      }
-    ]
-  }
-}
-
-# Firebase Hosting (optional - for static assets)
-resource "google_firebase_hosting_site" "default" {
-  provider = google-beta
-  project  = var.gcp_project_id
-  site_id  = "rothbard-portal"
-
-  # Default configuration for hosting
-  config {
-    public_root_dir = "public"
-    headers = [
-      {
-        headers = ["Cache-Control: public, max-age=31536000"]
-        glob = "**/*.@(jpg|jpeg|gif|png|svg|webp)"
-      },
-      {
-        headers = ["Cache-Control: public, max-age=86400"]
-        glob = "**/*.@(css|js)"
-      }
-    ]
-    redirects = [
-      {
-        status_code = 302
-        path = "/login"
-        location = "/login.html"
-      }
-    ]
-    rewrites = [
-      {
-        glob = "**"
-        path = "/index.html"
-      }
-    ]
-  }
-}
-
-# Output important values
-output "firebase_web_app_id" {
-  description = "Firebase Web App ID"
-  value       = google_firebase_web_app.rothbard_portal.app_id
-}
-
-output "firebase_project_id" {
-  description = "Firebase Project ID"
-  value       = google_firebase_project.default.project
-}
-
-output "service_account_email" {
-  description = "Service account email for Flask app"
-  value       = google_service_account.flask_app.email
-}