From 96c1342d5512f7add149c1883764766b4302ab09 Mon Sep 17 00:00:00 2001 From: devuonocar Date: Mon, 30 Oct 2023 18:23:33 +0100 Subject: [PATCH 1/3] Add public_access_prevention --- modules/gcs/README.md | 1 + modules/gcs/main.tf | 1 + modules/gcs/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index 8a26958d62..a04f965681 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -196,6 +196,7 @@ module "bucket" { | [notification_config](variables.tf#L169) | GCS Notification configuration. | object({…}) | | null | | [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | map(object({…})) | | {} | | [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | string | | null | +| [public_access_prevention](variables.tf#L224) | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | string | | "inherited" | | [requester_pays](variables.tf#L224) | Enables Requester Pays on a storage bucket. | bool | | null | | [retention_policy](variables.tf#L230) | Bucket retention policy. | object({…}) | | null | | [storage_class](variables.tf#L239) | Bucket storage class. | string | | "MULTI_REGIONAL" | diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index 1341e707cd..c19c7912e0 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -29,6 +29,7 @@ resource "google_storage_bucket" "bucket" { labels = var.labels default_event_based_hold = var.default_event_based_hold requester_pays = var.requester_pays + public_access_prevention = var.public_access_prevention versioning { enabled = var.versioning } diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 350c74baf5..4f7b9274ee 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -221,6 +221,12 @@ variable "project_id" { type = string } +variable "public_access_prevention" { + description = "Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint." + type = string + default = "inherited" +} + variable "requester_pays" { description = "Enables Requester Pays on a storage bucket." type = bool From e52af055047c6aa582991061d60bd279831ae75a Mon Sep 17 00:00:00 2001 From: devuonocar Date: Mon, 30 Oct 2023 18:34:55 +0100 Subject: [PATCH 2/3] Update README.md --- modules/gcs/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index a04f965681..326baa19c3 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -197,12 +197,12 @@ module "bucket" { | [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | map(object({…})) | | {} | | [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | string | | null | | [public_access_prevention](variables.tf#L224) | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | string | | "inherited" | -| [requester_pays](variables.tf#L224) | Enables Requester Pays on a storage bucket. | bool | | null | -| [retention_policy](variables.tf#L230) | Bucket retention policy. | object({…}) | | null | -| [storage_class](variables.tf#L239) | Bucket storage class. | string | | "MULTI_REGIONAL" | -| [uniform_bucket_level_access](variables.tf#L249) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | -| [versioning](variables.tf#L255) | Enable versioning, defaults to false. | bool | | false | -| [website](variables.tf#L261) | Bucket website. | object({…}) | | null | +| [requester_pays](variables.tf#L230) | Enables Requester Pays on a storage bucket. | bool | | null | +| [retention_policy](variables.tf#L236) | Bucket retention policy. | object({…}) | | null | +| [storage_class](variables.tf#L245) | Bucket storage class. | string | | "MULTI_REGIONAL" | +| [uniform_bucket_level_access](variables.tf#L255) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | +| [versioning](variables.tf#L261) | Enable versioning, defaults to false. | bool | | false | +| [website](variables.tf#L267) | Bucket website. | object({…}) | | null | ## Outputs From 103388bcc9a7e1c965061d9cab0b4ccd91986c68 Mon Sep 17 00:00:00 2001 From: devuonocar Date: Tue, 31 Oct 2023 10:47:28 +0100 Subject: [PATCH 3/3] Update default value --- modules/gcs/README.md | 2 +- modules/gcs/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index 326baa19c3..993e0435ff 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -196,7 +196,7 @@ module "bucket" { | [notification_config](variables.tf#L169) | GCS Notification configuration. | object({…}) | | null | | [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | map(object({…})) | | {} | | [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | string | | null | -| [public_access_prevention](variables.tf#L224) | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | string | | "inherited" | +| [public_access_prevention](variables.tf#L224) | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | string | | null | | [requester_pays](variables.tf#L230) | Enables Requester Pays on a storage bucket. | bool | | null | | [retention_policy](variables.tf#L236) | Bucket retention policy. | object({…}) | | null | | [storage_class](variables.tf#L245) | Bucket storage class. | string | | "MULTI_REGIONAL" | diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 4f7b9274ee..de8a6abd83 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -224,7 +224,7 @@ variable "project_id" { variable "public_access_prevention" { description = "Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint." type = string - default = "inherited" + default = null } variable "requester_pays" {