Skip to content

Commit

Permalink
feat: update bucket properties (google provider 5.10+)
Browse files Browse the repository at this point in the history
BREAKING CHANGE: drop support for google providers < 5.10
  • Loading branch information
Esanim committed Mar 1, 2024
1 parent 13b48d7 commit 2e55580
Show file tree
Hide file tree
Showing 10 changed files with 288 additions and 11 deletions.
85 changes: 84 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
A [Terraform](https://www.terraform.io) module to create a [Google Cloud Storage](https://cloud.google.com/storage) on [Google Cloud Services (GCP)](https://cloud.google.com/).

**_This module supports Terraform version 1
and is compatible with the Terraform Google Provider version 4._** and 5._**
and is compatible with the Terraform Google Provider version >= 5.10

This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
Expand Down Expand Up @@ -104,9 +104,12 @@ See [variables.tf] and [examples/] for details and use-cases.
}
condition = {
age = 60
no_age = false
created_before = "2018-08-20"
with_state = "LIVE"
matches_storage_class = ["REGIONAL"]
matches_prefix = ["bucket"]
matches_suffix = []
num_newer_versions = 10
custom_time_before = "1970-01-01"
days_since_custom_time = 1
Expand Down Expand Up @@ -142,6 +145,10 @@ See [variables.tf] and [examples/] for details and use-cases.

Minimum age of an object in days to satisfy this condition.

- [**`no_age`**](#attr-lifecycle_rules-condition-no_age): *(Optional `bool`)*<a name="attr-lifecycle_rules-condition-no_age"></a>

While set true, age value will be omitted. Required to set true when age is unset in the config file.

- [**`created_before`**](#attr-lifecycle_rules-condition-created_before): *(Optional `string`)*<a name="attr-lifecycle_rules-condition-created_before"></a>

A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC.
Expand All @@ -154,6 +161,14 @@ See [variables.tf] and [examples/] for details and use-cases.

Storage Class of objects to satisfy this condition. Supported values include: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`, `DURABLE_REDUCED_AVAILABILITY`.

- [**`matches_prefix`**](#attr-lifecycle_rules-condition-matches_prefix): *(Optional `string`)*<a name="attr-lifecycle_rules-condition-matches_prefix"></a>

One or more matching name prefixes to satisfy this condition.

- [**`matches_suffix`**](#attr-lifecycle_rules-condition-matches_suffix): *(Optional `string`)*<a name="attr-lifecycle_rules-condition-matches_suffix"></a>

One or more matching name suffixes to satisfy this condition.

- [**`num_newer_versions`**](#attr-lifecycle_rules-condition-num_newer_versions): *(Optional `number`)*<a name="attr-lifecycle_rules-condition-num_newer_versions"></a>

Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
Expand Down Expand Up @@ -203,6 +218,33 @@ See [variables.tf] and [examples/] for details and use-cases.

The custom object to return when a requested resource is not found.

- [**`autoclass`**](#var-autoclass): *(Optional `object(website)`)*<a name="var-autoclass"></a>

The bucket's Autoclass configuration.

Example:

```hcl
autoclass = {
enabled = true
terminal_storage_class = "NEARLINE"
}
```

The `website` object accepts the following attributes:

- [**`enabled`**](#attr-autoclass-enabled): *(**Required** `string`)*<a name="attr-autoclass-enabled"></a>

While set to true, autoclass automatically transitions
objects in your bucket to appropriate storage classes
based on each object's access pattern.

- [**`terminal_storage_class`**](#attr-autoclass-terminal_storage_class): *(Optional `string`)*<a name="attr-autoclass-terminal_storage_class"></a>

The storage class that objects in the bucket eventually
transition to if they are not read for a certain length of time.
Supported values include: NEARLINE, ARCHIVE.

- [**`cors`**](#var-cors): *(Optional `list(cors)`)*<a name="var-cors"></a>

The bucket's Cross-Origin Resource Sharing (CORS) configuration.
Expand Down Expand Up @@ -240,6 +282,16 @@ See [variables.tf] and [examples/] for details and use-cases.

The id of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in.

- [**`custom_placement_config`**](#var-custom_placement_config): *(Optional `object(custom_placement_config)`)*<a name="var-custom_placement_config"></a>

The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.

The `custom_placement_config` object accepts the following attributes:

- [**`data_locations`**](#attr-custom_placement_config-data_locations): *(**Required** `list(string)`)*<a name="attr-custom_placement_config-data_locations"></a>

The list of individual regions that comprise a dual-region bucket. If any of the data_locations changes, it will recreate the bucket.

- [**`logging`**](#var-logging): *(Optional `object(logging)`)*<a name="var-logging"></a>

The bucket's Access & Storage Logs configuration.
Expand Down Expand Up @@ -304,6 +356,37 @@ See [variables.tf] and [examples/] for details and use-cases.

Default is `true`.

- [**`default_event_based_hold`**](#var-default_event_based_hold): *(Optional `bool`)*<a name="var-default_event_based_hold"></a>

Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.

Default is `false`.

- [**`enable_object_retention`**](#var-enable_object_retention): *(Optional `bool`)*<a name="var-enable_object_retention"></a>

Enables object retention on a storage bucket.

Default is `false`.

- [**`public_access_prevention`**](#var-public_access_prevention): *(Optional `string`)*<a name="var-public_access_prevention"></a>

Prevents public access to a bucket. Acceptable values are "inherited" or "enforced".
If "inherited", the bucket uses public access prevention. only if the bucket is subject
to the public access prevention organization policy constraint. Defaults to "inherited".

Default is `"inherited"`.

- [**`rpo`**](#var-rpo): *(Optional `string`)*<a name="var-rpo"></a>

The recovery point objective for cross-region replication of the bucket.
Applicable only for dual and multi-region buckets.
"DEFAULT" sets default replication.
"ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only.
If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets.
NOTE If used with single-region bucket, It will throw an error.

Default is `null`.

- [**`object_creators`**](#var-object_creators): *(Optional `set(string)`)*<a name="var-object_creators"></a>

A set of identities that will be able to create objects inside the bucket.
Expand Down
112 changes: 111 additions & 1 deletion README.tfdoc.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ section {
A [Terraform](https://www.terraform.io) module to create a [Google Cloud Storage](https://cloud.google.com/storage) on [Google Cloud Services (GCP)](https://cloud.google.com/).
**_This module supports Terraform version 1
and is compatible with the Terraform Google Provider version 4._** and 5._**
and is compatible with the Terraform Google Provider version >= 5.10
This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
Expand Down Expand Up @@ -136,9 +136,12 @@ section {
}
condition = {
age = 60
no_age = false
created_before = "2018-08-20"
with_state = "LIVE"
matches_storage_class = ["REGIONAL"]
matches_prefix = ["bucket"]
matches_suffix = []
num_newer_versions = 10
custom_time_before = "1970-01-01"
days_since_custom_time = 1
Expand Down Expand Up @@ -184,6 +187,13 @@ section {
END
}

attribute "no_age" {
type = bool
description = <<-END
While set true, age value will be omitted. Required to set true when age is unset in the config file.
END
}

attribute "created_before" {
type = string
description = <<-END
Expand All @@ -205,6 +215,20 @@ section {
END
}

attribute "matches_prefix" {
type = string
description = <<-END
One or more matching name prefixes to satisfy this condition.
END
}

attribute "matches_suffix" {
type = string
description = <<-END
One or more matching name suffixes to satisfy this condition.
END
}

attribute "num_newer_versions" {
type = number
description = <<-END
Expand Down Expand Up @@ -277,6 +301,38 @@ section {
}
}

variable "autoclass" {
type = object(website)
description = <<-END
The bucket's Autoclass configuration.
END
readme_example = <<-END
autoclass = {
enabled = true
terminal_storage_class = "NEARLINE"
}
END

attribute "enabled" {
required = true
type = string
description = <<-END
While set to true, autoclass automatically transitions
objects in your bucket to appropriate storage classes
based on each object's access pattern.
END
}

attribute "terminal_storage_class" {
type = string
description = <<-END
The storage class that objects in the bucket eventually
transition to if they are not read for a certain length of time.
Supported values include: NEARLINE, ARCHIVE.
END
}
}

variable "cors" {
type = list(cors)
description = <<-END
Expand Down Expand Up @@ -327,6 +383,21 @@ section {
END
}

variable "custom_placement_config" {
type = object(custom_placement_config)
description = <<-END
The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.
END

attribute "data_locations" {
required = true
type = list(string)
description = <<-END
The list of individual regions that comprise a dual-region bucket. If any of the data_locations changes, it will recreate the bucket.
END
}
}

variable "logging" {
type = object(logging)
description = <<-END
Expand Down Expand Up @@ -407,6 +478,45 @@ section {
END
}

variable "default_event_based_hold" {
type = bool
default = false
description = <<-END
Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.
END
}

variable "enable_object_retention" {
type = bool
default = false
description = <<-END
Enables object retention on a storage bucket.
END
}

variable "public_access_prevention" {
type = string
default = "inherited"
description = <<-END
Prevents public access to a bucket. Acceptable values are "inherited" or "enforced".
If "inherited", the bucket uses public access prevention. only if the bucket is subject
to the public access prevention organization policy constraint. Defaults to "inherited".
END
}

variable "rpo" {
type = string
default = null
description = <<-END
The recovery point objective for cross-region replication of the bucket.
Applicable only for dual and multi-region buckets.
"DEFAULT" sets default replication.
"ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only.
If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets.
NOTE If used with single-region bucket, It will throw an error.
END
}

variable "object_creators" {
type = set(string)
default = []
Expand Down
24 changes: 24 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ resource "google_storage_bucket" "bucket" {
labels = var.labels
requester_pays = var.requester_pays
uniform_bucket_level_access = var.uniform_bucket_level_access
default_event_based_hold = var.default_event_based_hold
enable_object_retention = var.enable_object_retention
public_access_prevention = try(var.public_access_prevention, "inherited")
rpo = var.rpo

dynamic "lifecycle_rule" {
for_each = var.lifecycle_rules
Expand All @@ -22,9 +26,12 @@ resource "google_storage_bucket" "bucket" {
}
condition {
age = try(lifecycle_rule.value.condition.age, null)
no_age = try(lifecycle_rule.value.condition.no_age, null)
created_before = try(lifecycle_rule.value.condition.created_before, null)
with_state = try(lifecycle_rule.value.condition.with_state, null)
matches_storage_class = try(lifecycle_rule.value.condition.matches_storage_class, null)
matches_prefix = try(lifecycle_rule.value.condition.matches_prefix, null)
matches_suffix = try(lifecycle_rule.value.condition.matches_suffix, null)
num_newer_versions = try(lifecycle_rule.value.condition.num_newer_versions, null)
custom_time_before = try(lifecycle_rule.value.condition.custom_time_before, null)
days_since_custom_time = try(lifecycle_rule.value.condition.days_since_custom_time, null)
Expand All @@ -42,6 +49,15 @@ resource "google_storage_bucket" "bucket" {
}
}

dynamic "autoclass" {
for_each = var.autoclass != null ? ["autoclass"] : []

content {
enabled = var.autoclass.enabled
terminal_storage_class = var.autoclass.terminal_storage_class
}
}

dynamic "website" {
for_each = var.website != null ? ["website"] : []

Expand Down Expand Up @@ -87,6 +103,14 @@ resource "google_storage_bucket" "bucket" {
default_kms_key_name = var.encryption_default_kms_key_name
}
}

dynamic "custom_placement_config" {
for_each = var.custom_placement_config != null ? ["custom_placement_config"] : []

content {
data_locations = var.custom_placement_config.data_locations
}
}
}

resource "google_storage_bucket_iam_member" "viewer" {
Expand Down
4 changes: 2 additions & 2 deletions test/unit-complete/_generated_google.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.0, <6"
version = ">= 5.10, <6"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.0, <6"
version = ">= 5.10, <6"
}
random = {
source = "hashicorp/random"
Expand Down
Loading

0 comments on commit 2e55580

Please sign in to comment.