diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 81103d25bc..100ee8269b 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -309,36 +309,37 @@ module "bucket" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L156) | Bucket location. | string
| ✓ | |
-| [name](variables.tf#L199) | Bucket name suffix. | string
| ✓ | |
-| [project_id](variables.tf#L257) | Bucket project id. | string
| ✓ | |
+| [location](variables.tf#L162) | Bucket location. | string
| ✓ | |
+| [name](variables.tf#L205) | Bucket name suffix. | string
| ✓ | |
+| [project_id](variables.tf#L263) | Bucket project id. | string
| ✓ | |
| [autoclass](variables.tf#L17) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool
| | null
|
| [cors](variables.tf#L23) | CORS configuration for the bucket. Defaults to null. | object({…})
| | null
|
| [custom_placement_config](variables.tf#L34) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string)
| | null
|
| [default_event_based_hold](variables.tf#L40) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool
| | null
|
-| [encryption_key](variables.tf#L46) | KMS key that will be used for encryption. | string
| | null
|
-| [force_destroy](variables.tf#L52) | Optional map to set force destroy keyed by name, defaults to false. | bool
| | false
|
-| [iam](variables.tf#L58) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
-| [iam_bindings](variables.tf#L64) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…}))
| | {}
|
-| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…}))
| | {}
|
-| [iam_by_principals](variables.tf#L94) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string))
| | {}
|
-| [labels](variables.tf#L101) | Labels to be attached to all buckets. | map(string)
| | {}
|
-| [lifecycle_rules](variables.tf#L107) | Bucket lifecycle rule. | map(object({…}))
| | {}
|
-| [logging_config](variables.tf#L162) | Bucket logging configuration. | object({…})
| | null
|
-| [managed_folders](variables.tf#L171) | Managed folders to create within the bucket in {PATH => CONFIG} format. | map(object({…}))
| | {}
|
-| [notification_config](variables.tf#L204) | GCS Notification configuration. | object({…})
| | null
|
-| [objects_to_upload](variables.tf#L221) | Objects to be uploaded to bucket. | map(object({…}))
| | {}
|
-| [prefix](variables.tf#L247) | Optional prefix used to generate the bucket name. | string
| | null
|
-| [public_access_prevention](variables.tf#L262) | Prevents public access to the bucket. | string
| | null
|
-| [requester_pays](variables.tf#L272) | Enables Requester Pays on a storage bucket. | bool
| | null
|
-| [retention_policy](variables.tf#L278) | Bucket retention policy. | object({…})
| | null
|
-| [rpo](variables.tf#L287) | Bucket recovery point objective. | string
| | null
|
-| [soft_delete_retention](variables.tf#L297) | The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Set to 0 to override the default and disable. | number
| | null
|
-| [storage_class](variables.tf#L303) | Bucket storage class. | string
| | "STANDARD"
|
-| [tag_bindings](variables.tf#L313) | Tag bindings for this folder, in key => tag value id format. | map(string)
| | {}
|
-| [uniform_bucket_level_access](variables.tf#L320) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool
| | true
|
-| [versioning](variables.tf#L326) | Enable versioning, defaults to false. | bool
| | null
|
-| [website](variables.tf#L332) | Bucket website. | object({…})
| | null
|
+| [enable_object_retention](variables.tf#L46) | Enables object retention on a storage bucket. | bool
| | null
|
+| [encryption_key](variables.tf#L52) | KMS key that will be used for encryption. | string
| | null
|
+| [force_destroy](variables.tf#L58) | Optional map to set force destroy keyed by name, defaults to false. | bool
| | false
|
+| [iam](variables.tf#L64) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
+| [iam_bindings](variables.tf#L70) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…}))
| | {}
|
+| [iam_bindings_additive](variables.tf#L85) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…}))
| | {}
|
+| [iam_by_principals](variables.tf#L100) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string))
| | {}
|
+| [labels](variables.tf#L107) | Labels to be attached to all buckets. | map(string)
| | {}
|
+| [lifecycle_rules](variables.tf#L113) | Bucket lifecycle rule. | map(object({…}))
| | {}
|
+| [logging_config](variables.tf#L168) | Bucket logging configuration. | object({…})
| | null
|
+| [managed_folders](variables.tf#L177) | Managed folders to create within the bucket in {PATH => CONFIG} format. | map(object({…}))
| | {}
|
+| [notification_config](variables.tf#L210) | GCS Notification configuration. | object({…})
| | null
|
+| [objects_to_upload](variables.tf#L227) | Objects to be uploaded to bucket. | map(object({…}))
| | {}
|
+| [prefix](variables.tf#L253) | Optional prefix used to generate the bucket name. | string
| | null
|
+| [public_access_prevention](variables.tf#L268) | Prevents public access to the bucket. | string
| | null
|
+| [requester_pays](variables.tf#L278) | Enables Requester Pays on a storage bucket. | bool
| | null
|
+| [retention_policy](variables.tf#L284) | Bucket retention policy. | object({…})
| | null
|
+| [rpo](variables.tf#L293) | Bucket recovery point objective. | string
| | null
|
+| [soft_delete_retention](variables.tf#L303) | The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Set to 0 to override the default and disable. | number
| | null
|
+| [storage_class](variables.tf#L309) | Bucket storage class. | string
| | "STANDARD"
|
+| [tag_bindings](variables.tf#L319) | Tag bindings for this folder, in key => tag value id format. | map(string)
| | {}
|
+| [uniform_bucket_level_access](variables.tf#L326) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool
| | true
|
+| [versioning](variables.tf#L332) | Enable versioning, defaults to false. | bool
| | null
|
+| [website](variables.tf#L338) | Bucket website. | object({…})
| | null
|
## Outputs
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index 3c1a3ec6b7..b8293b2a8a 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -29,6 +29,7 @@ resource "google_storage_bucket" "bucket" {
uniform_bucket_level_access = var.uniform_bucket_level_access
labels = var.labels
default_event_based_hold = var.default_event_based_hold
+ enable_object_retention = var.enable_object_retention
requester_pays = var.requester_pays
public_access_prevention = var.public_access_prevention
rpo = var.rpo
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index 56958721a9..3610fb721d 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -43,6 +43,12 @@ variable "default_event_based_hold" {
default = null
}
+variable "enable_object_retention" {
+ description = "Enables object retention on a storage bucket."
+ type = bool
+ default = null
+}
+
variable "encryption_key" {
description = "KMS key that will be used for encryption."
type = string
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index f569ce5af2..a8bbbe4026 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -26,4 +26,4 @@ terraform {
version = ">= 6.1.0, < 7.0.0" # tftest
}
}
-}
+}
\ No newline at end of file