From 36a11c8e73d8540d13c8c5302dab62cdf39e916d Mon Sep 17 00:00:00 2001 From: Jeroen Monteban Date: Thu, 12 Oct 2023 15:57:21 +0200 Subject: [PATCH 1/4] Add autoclass to GCS --- modules/gcs/README.md | 3 ++- modules/gcs/main.tf | 3 +++ modules/gcs/variables.tf | 6 ++++++ tests/modules/gcs/examples/iam-authoritative.yaml | 2 ++ tests/modules/gcs/examples/iam-bindings-additive.yaml | 2 ++ tests/modules/gcs/examples/iam-bindings.yaml | 2 ++ tests/modules/gcs/examples/simple.yaml | 2 ++ 7 files changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index 3ea52db68b..f75e87a581 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -180,6 +180,7 @@ module "bucket" { |---|---|:---:|:---:|:---:| | [name](variables.tf#L158) | Bucket name suffix. | string | ✓ | | | [project_id](variables.tf#L213) | Bucket project id. | string | ✓ | | +| [autoclass](variables.tf#L255) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool | | false | | [cors](variables.tf#L17) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | | [custom_placement_config](variables.tf#L28) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | | [default_event_based_hold](variables.tf#L34) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | @@ -200,7 +201,7 @@ module "bucket" { | [storage_class](variables.tf#L233) | Bucket storage class. | string | | "MULTI_REGIONAL" | | [uniform_bucket_level_access](variables.tf#L243) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | | [versioning](variables.tf#L249) | Enable versioning, defaults to false. | bool | | false | -| [website](variables.tf#L255) | Bucket website. | object({…}) | | null | +| [website](variables.tf#L261) | Bucket website. | object({…}) | | null | ## Outputs diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index bd1a4429cc..e211f56286 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -32,6 +32,9 @@ resource "google_storage_bucket" "bucket" { versioning { enabled = var.versioning } + autoclass { + enabled = var.autoclass + } dynamic "website" { for_each = var.website == null ? [] : [""] diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 2579c09cdf..2e1059e196 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -252,6 +252,12 @@ variable "versioning" { default = false } +variable "autoclass" { + description = "Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false." + type = bool + default = false +} + variable "website" { description = "Bucket website." type = object({ diff --git a/tests/modules/gcs/examples/iam-authoritative.yaml b/tests/modules/gcs/examples/iam-authoritative.yaml index 84398c3cef..8956adc6c9 100644 --- a/tests/modules/gcs/examples/iam-authoritative.yaml +++ b/tests/modules/gcs/examples/iam-authoritative.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_binding.authoritative["roles/storage.admin"]: bucket: my-bucket condition: [] diff --git a/tests/modules/gcs/examples/iam-bindings-additive.yaml b/tests/modules/gcs/examples/iam-bindings-additive.yaml index edc6c6a778..2c20f9aa47 100644 --- a/tests/modules/gcs/examples/iam-bindings-additive.yaml +++ b/tests/modules/gcs/examples/iam-bindings-additive.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_member.bindings["storage-admin-with-delegated_roles"]: bucket: my-bucket condition: diff --git a/tests/modules/gcs/examples/iam-bindings.yaml b/tests/modules/gcs/examples/iam-bindings.yaml index ff3740b143..45113fae3e 100644 --- a/tests/modules/gcs/examples/iam-bindings.yaml +++ b/tests/modules/gcs/examples/iam-bindings.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_binding.bindings["storage-admin-with-delegated_roles"]: bucket: my-bucket condition: diff --git a/tests/modules/gcs/examples/simple.yaml b/tests/modules/gcs/examples/simple.yaml index 3e7a646de9..0bc34c06d3 100644 --- a/tests/modules/gcs/examples/simple.yaml +++ b/tests/modules/gcs/examples/simple.yaml @@ -34,6 +34,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: true + autoclass: + - enabled: false counts: google_storage_bucket: 1 \ No newline at end of file From 4c869e48700fa0f45bc40d7b4d620dd46d733240 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Mon, 16 Oct 2023 09:16:11 +0200 Subject: [PATCH 2/4] Fix linting --- modules/gcs/README.md | 46 ++++++++++++++++++++-------------------- modules/gcs/variables.tf | 14 ++++++------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index f75e87a581..8a26958d62 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -178,29 +178,29 @@ module "bucket" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L158) | Bucket name suffix. | string | ✓ | | -| [project_id](variables.tf#L213) | Bucket project id. | string | ✓ | | -| [autoclass](variables.tf#L255) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool | | false | -| [cors](variables.tf#L17) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | -| [custom_placement_config](variables.tf#L28) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | -| [default_event_based_hold](variables.tf#L34) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | -| [encryption_key](variables.tf#L40) | KMS key that will be used for encryption. | string | | null | -| [force_destroy](variables.tf#L46) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | -| [iam](variables.tf#L52) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [iam_bindings](variables.tf#L58) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | -| [iam_bindings_additive](variables.tf#L73) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | -| [labels](variables.tf#L88) | Labels to be attached to all buckets. | map(string) | | {} | -| [lifecycle_rules](variables.tf#L94) | Bucket lifecycle rule. | map(object({…})) | | {} | -| [location](variables.tf#L143) | Bucket location. | string | | "EU" | -| [logging_config](variables.tf#L149) | Bucket logging configuration. | object({…}) | | null | -| [notification_config](variables.tf#L163) | GCS Notification configuration. | object({…}) | | null | -| [objects_to_upload](variables.tf#L177) | Objects to be uploaded to bucket. | map(object({…})) | | {} | -| [prefix](variables.tf#L203) | Optional prefix used to generate the bucket name. | string | | null | -| [requester_pays](variables.tf#L218) | Enables Requester Pays on a storage bucket. | bool | | null | -| [retention_policy](variables.tf#L224) | Bucket retention policy. | object({…}) | | null | -| [storage_class](variables.tf#L233) | Bucket storage class. | string | | "MULTI_REGIONAL" | -| [uniform_bucket_level_access](variables.tf#L243) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | -| [versioning](variables.tf#L249) | Enable versioning, defaults to false. | bool | | false | +| [name](variables.tf#L164) | Bucket name suffix. | string | ✓ | | +| [project_id](variables.tf#L219) | Bucket project id. | string | ✓ | | +| [autoclass](variables.tf#L17) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool | | false | +| [cors](variables.tf#L23) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | +| [custom_placement_config](variables.tf#L34) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | +| [default_event_based_hold](variables.tf#L40) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | +| [encryption_key](variables.tf#L46) | KMS key that will be used for encryption. | string | | null | +| [force_destroy](variables.tf#L52) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | +| [iam](variables.tf#L58) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_bindings](variables.tf#L64) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | +| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | +| [labels](variables.tf#L94) | Labels to be attached to all buckets. | map(string) | | {} | +| [lifecycle_rules](variables.tf#L100) | Bucket lifecycle rule. | map(object({…})) | | {} | +| [location](variables.tf#L149) | Bucket location. | string | | "EU" | +| [logging_config](variables.tf#L155) | Bucket logging configuration. | object({…}) | | null | +| [notification_config](variables.tf#L169) | GCS Notification configuration. | object({…}) | | null | +| [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | map(object({…})) | | {} | +| [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | string | | null | +| [requester_pays](variables.tf#L224) | Enables Requester Pays on a storage bucket. | bool | | null | +| [retention_policy](variables.tf#L230) | Bucket retention policy. | object({…}) | | null | +| [storage_class](variables.tf#L239) | Bucket storage class. | string | | "MULTI_REGIONAL" | +| [uniform_bucket_level_access](variables.tf#L249) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | +| [versioning](variables.tf#L255) | Enable versioning, defaults to false. | bool | | false | | [website](variables.tf#L261) | Bucket website. | object({…}) | | null | ## Outputs diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 2e1059e196..350c74baf5 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,6 +14,12 @@ * limitations under the License. */ +variable "autoclass" { + description = "Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false." + type = bool + default = false +} + variable "cors" { description = "CORS configuration for the bucket. Defaults to null." type = object({ @@ -252,12 +258,6 @@ variable "versioning" { default = false } -variable "autoclass" { - description = "Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false." - type = bool - default = false -} - variable "website" { description = "Bucket website." type = object({ From 9c5fc0cc2e72af1a4f75032b7ce64d99e0ad72a7 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Mon, 16 Oct 2023 09:18:31 +0200 Subject: [PATCH 3/4] Make autoclass block dynamic --- modules/gcs/main.tf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index e211f56286..5c3f250bb4 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,8 +32,12 @@ resource "google_storage_bucket" "bucket" { versioning { enabled = var.versioning } - autoclass { - enabled = var.autoclass + + dynamic "autoclass" { + for_each = var.autoclass == null [] ? [""] + content { + enabled = var.autoclass + } } dynamic "website" { From 47b4d3e146e0c237143e2ac4de5a88fd06e60242 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Mon, 16 Oct 2023 09:21:40 +0200 Subject: [PATCH 4/4] Fix syntax --- modules/gcs/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index 5c3f250bb4..1341e707cd 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -34,7 +34,7 @@ resource "google_storage_bucket" "bucket" { } dynamic "autoclass" { - for_each = var.autoclass == null [] ? [""] + for_each = var.autoclass == null ? [] : [""] content { enabled = var.autoclass }