Setup a 'meta' cloud project for managing all projects

[yuvipanda]

Background

We're currently planning on giving each customer their own GCP project, to simplify billing. We need to maintain an automated way to:

1. Create projects
2. Map billing accounts to projects
3. Make sure 2i2c staff are given appropriate rights to projects

In addition, we probably will have meta 2i2c services that should live somewhere. Currently, they would be:

1. KMS key we use for sops encryption
2. (Eventually) analytics infrastructure we might run
3. Terraform state kept in s3

We should have a terraform setup that sets all these up.

Expected timeline

Some of this work blocks #332, so that should take upto a week. We can mop up the long-tail within about 4-6 weeks.

Steps to complete this goal

• Create git repo for hosting 2i2c-wide terraform projects
• Create a 2i2c GCP Organization, since you need those to programattically create projects
• Move our gcs based Terraform statefiles to this project
• Write terraform code to create projects and maintain relationships with billing accounts
• Write terraform code to give 2i2c engineers appropriate permissions to a project
• Move our KMS key for sops encryption to this project

[yuvipanda]

I created an organization under 2i2c.org, with id 184174754493

[yuvipanda]

Created an organization with name two-eye-two-see-org. I need to verify what billing account it is under though.

[yuvipanda]

Created https://github.com/2i2c-org/org-ops to hold terraform code + state.

[yuvipanda]

This sort of ended up not working out, because access control for most clouds is unfortunately very manual.

Closing in favor of 2i2c-org/org-ops#4