diff --git a/modules/gcs/README.md b/modules/gcs/README.md index 81103d25bc..100ee8269b 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -309,36 +309,37 @@ module "bucket" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [location](variables.tf#L156) | Bucket location. | string | ✓ | | -| [name](variables.tf#L199) | Bucket name suffix. | string | ✓ | | -| [project_id](variables.tf#L257) | Bucket project id. | string | ✓ | | +| [location](variables.tf#L162) | Bucket location. | string | ✓ | | +| [name](variables.tf#L205) | Bucket name suffix. | string | ✓ | | +| [project_id](variables.tf#L263) | Bucket project id. | string | ✓ | | | [autoclass](variables.tf#L17) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool | | null | | [cors](variables.tf#L23) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | | [custom_placement_config](variables.tf#L34) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | | [default_event_based_hold](variables.tf#L40) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | -| [encryption_key](variables.tf#L46) | KMS key that will be used for encryption. | string | | null | -| [force_destroy](variables.tf#L52) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | -| [iam](variables.tf#L58) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [iam_bindings](variables.tf#L64) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | -| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | -| [iam_by_principals](variables.tf#L94) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | -| [labels](variables.tf#L101) | Labels to be attached to all buckets. | map(string) | | {} | -| [lifecycle_rules](variables.tf#L107) | Bucket lifecycle rule. | map(object({…})) | | {} | -| [logging_config](variables.tf#L162) | Bucket logging configuration. | object({…}) | | null | -| [managed_folders](variables.tf#L171) | Managed folders to create within the bucket in {PATH => CONFIG} format. | map(object({…})) | | {} | -| [notification_config](variables.tf#L204) | GCS Notification configuration. | object({…}) | | null | -| [objects_to_upload](variables.tf#L221) | Objects to be uploaded to bucket. | map(object({…})) | | {} | -| [prefix](variables.tf#L247) | Optional prefix used to generate the bucket name. | string | | null | -| [public_access_prevention](variables.tf#L262) | Prevents public access to the bucket. | string | | null | -| [requester_pays](variables.tf#L272) | Enables Requester Pays on a storage bucket. | bool | | null | -| [retention_policy](variables.tf#L278) | Bucket retention policy. | object({…}) | | null | -| [rpo](variables.tf#L287) | Bucket recovery point objective. | string | | null | -| [soft_delete_retention](variables.tf#L297) | The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Set to 0 to override the default and disable. | number | | null | -| [storage_class](variables.tf#L303) | Bucket storage class. | string | | "STANDARD" | -| [tag_bindings](variables.tf#L313) | Tag bindings for this folder, in key => tag value id format. | map(string) | | {} | -| [uniform_bucket_level_access](variables.tf#L320) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | -| [versioning](variables.tf#L326) | Enable versioning, defaults to false. | bool | | null | -| [website](variables.tf#L332) | Bucket website. | object({…}) | | null | +| [enable_object_retention](variables.tf#L46) | Enables object retention on a storage bucket. | bool | | null | +| [encryption_key](variables.tf#L52) | KMS key that will be used for encryption. | string | | null | +| [force_destroy](variables.tf#L58) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | +| [iam](variables.tf#L64) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_bindings](variables.tf#L70) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | +| [iam_bindings_additive](variables.tf#L85) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | +| [iam_by_principals](variables.tf#L100) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | +| [labels](variables.tf#L107) | Labels to be attached to all buckets. | map(string) | | {} | +| [lifecycle_rules](variables.tf#L113) | Bucket lifecycle rule. | map(object({…})) | | {} | +| [logging_config](variables.tf#L168) | Bucket logging configuration. | object({…}) | | null | +| [managed_folders](variables.tf#L177) | Managed folders to create within the bucket in {PATH => CONFIG} format. | map(object({…})) | | {} | +| [notification_config](variables.tf#L210) | GCS Notification configuration. | object({…}) | | null | +| [objects_to_upload](variables.tf#L227) | Objects to be uploaded to bucket. | map(object({…})) | | {} | +| [prefix](variables.tf#L253) | Optional prefix used to generate the bucket name. | string | | null | +| [public_access_prevention](variables.tf#L268) | Prevents public access to the bucket. | string | | null | +| [requester_pays](variables.tf#L278) | Enables Requester Pays on a storage bucket. | bool | | null | +| [retention_policy](variables.tf#L284) | Bucket retention policy. | object({…}) | | null | +| [rpo](variables.tf#L293) | Bucket recovery point objective. | string | | null | +| [soft_delete_retention](variables.tf#L303) | The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Set to 0 to override the default and disable. | number | | null | +| [storage_class](variables.tf#L309) | Bucket storage class. | string | | "STANDARD" | +| [tag_bindings](variables.tf#L319) | Tag bindings for this folder, in key => tag value id format. | map(string) | | {} | +| [uniform_bucket_level_access](variables.tf#L326) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | +| [versioning](variables.tf#L332) | Enable versioning, defaults to false. | bool | | null | +| [website](variables.tf#L338) | Bucket website. | object({…}) | | null | ## Outputs diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index 3c1a3ec6b7..b8293b2a8a 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -29,6 +29,7 @@ resource "google_storage_bucket" "bucket" { uniform_bucket_level_access = var.uniform_bucket_level_access labels = var.labels default_event_based_hold = var.default_event_based_hold + enable_object_retention = var.enable_object_retention requester_pays = var.requester_pays public_access_prevention = var.public_access_prevention rpo = var.rpo diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 56958721a9..3610fb721d 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -43,6 +43,12 @@ variable "default_event_based_hold" { default = null } +variable "enable_object_retention" { + description = "Enables object retention on a storage bucket." + type = bool + default = null +} + variable "encryption_key" { description = "KMS key that will be used for encryption." type = string diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf index f569ce5af2..a8bbbe4026 100644 --- a/modules/gcs/versions.tf +++ b/modules/gcs/versions.tf @@ -26,4 +26,4 @@ terraform { version = ">= 6.1.0, < 7.0.0" # tftest } } -} +} \ No newline at end of file