Add managed folders support to gcs module

blueprints/data-solutions/shielded-folder/log-export.tf

@@ -49,11 +49,6 @@ locals {
       : null
     )
   } : {}
-  gcs_storage_class = (
-    length(split("-", var.log_locations.storage)) < 2
-    ? "MULTI_REGIONAL"
-    : "REGIONAL"
-  )
   log_types = toset([for k, v in var.log_sinks : v.type])
   log_keys = {
     for service, key in local._log_keys : service => key if key != null
@@ -110,7 +105,6 @@ module "log-export-gcs" {
   name           = "audit-logs"
   prefix         = var.prefix
   location       = replace(var.log_locations.storage, "europe", "EU")
-  storage_class  = local.gcs_storage_class
   encryption_key = var.enable_features.encryption ? module.log-kms[var.log_locations.storage].keys["storage"].id : null
 }
 

fast/stages/0-bootstrap/automation.tf

@@ -182,27 +182,25 @@ module "automation-project" {
 # output files bucket
 
 module "automation-tf-output-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = module.automation-project.project_id
-  name          = "iac-core-outputs-0"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
-  depends_on    = [module.organization]
+  source     = "../../../modules/gcs"
+  project_id = module.automation-project.project_id
+  name       = "iac-core-outputs-0"
+  prefix     = local.prefix
+  location   = local.locations.gcs
+  versioning = true
+  depends_on = [module.organization]
 }
 
 # this stage's bucket and service account
 
 module "automation-tf-bootstrap-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = module.automation-project.project_id
-  name          = "iac-core-bootstrap-0"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
-  depends_on    = [module.organization]
+  source     = "../../../modules/gcs"
+  project_id = module.automation-project.project_id
+  name       = "iac-core-bootstrap-0"
+  prefix     = local.prefix
+  location   = local.locations.gcs
+  versioning = true
+  depends_on = [module.organization]
 }
 
 module "automation-tf-bootstrap-sa" {
@@ -250,13 +248,12 @@ module "automation-tf-bootstrap-r-sa" {
 # resource hierarchy stage's bucket and service account
 
 module "automation-tf-resman-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = module.automation-project.project_id
-  name          = "iac-core-resman-0"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = module.automation-project.project_id
+  name       = "iac-core-resman-0"
+  prefix     = local.prefix
+  location   = local.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.automation-tf-resman-sa.iam_email]
     "roles/storage.objectViewer" = [module.automation-tf-resman-r-sa.iam_email]
@@ -329,13 +326,12 @@ module "automation-tf-resman-r-sa" {
 # VPC SC stage's bucket and service account
 
 module "automation-tf-vpcsc-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = module.automation-project.project_id
-  name          = "iac-core-vpcsc-0"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = module.automation-project.project_id
+  name       = "iac-core-vpcsc-0"
+  prefix     = local.prefix
+  location   = local.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.automation-tf-vpcsc-sa.iam_email]
     "roles/storage.objectViewer" = [module.automation-tf-vpcsc-r-sa.iam_email]

fast/stages/0-bootstrap/checklist.tf

@@ -128,15 +128,14 @@ check "checklist" {
 # checklist files bucket
 
 module "automation-tf-checklist-gcs" {
-  source        = "../../../modules/gcs"
-  count         = local.uses_checklist ? 1 : 0
-  project_id    = module.automation-project.project_id
-  name          = "iac-core-checklist-0"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
-  depends_on    = [module.organization]
+  source     = "../../../modules/gcs"
+  count      = local.uses_checklist ? 1 : 0
+  project_id = module.automation-project.project_id
+  name       = "iac-core-checklist-0"
+  prefix     = local.prefix
+  location   = local.locations.gcs
+  versioning = true
+  depends_on = [module.organization]
 }
 
 resource "google_storage_bucket_object" "checklist_data" {

fast/stages/0-bootstrap/log-export.tf

@@ -75,13 +75,12 @@ module "log-export-dataset" {
 }
 
 module "log-export-gcs" {
-  source        = "../../../modules/gcs"
-  count         = contains(local.log_types, "storage") ? 1 : 0
-  project_id    = module.log-export-project.project_id
-  name          = "logs"
-  prefix        = local.prefix
-  location      = local.locations.gcs
-  storage_class = local.gcs_storage_class
+  source     = "../../../modules/gcs"
+  count      = contains(local.log_types, "storage") ? 1 : 0
+  project_id = module.log-export-project.project_id
+  name       = "logs"
+  prefix     = local.prefix
+  location   = local.locations.gcs
 }
 
 module "log-export-logbucket" {

fast/stages/0-bootstrap/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,11 +16,6 @@
 
 locals {
   env_default = [for k, v in var.environments : k if v.is_default][0]
-  gcs_storage_class = (
-    length(split("-", local.locations.gcs)) < 2
-    ? "MULTI_REGIONAL"
-    : "REGIONAL"
-  )
   principals = {
     for k, v in var.groups : k => (
       can(regex("^[a-zA-Z]+:", v))

fast/stages/1-resman/branch-data-platform.tf

@@ -169,29 +169,27 @@ module "branch-dp-prod-r-sa" {
 # automation buckets
 
 module "branch-dp-dev-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.data_platform ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "dev-resman-dp-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.data_platform ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "dev-resman-dp-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-dp-dev-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-dp-dev-r-sa[0].iam_email]
   }
 }
 
 module "branch-dp-prod-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.data_platform ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "prod-resman-dp-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.data_platform ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "prod-resman-dp-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-dp-prod-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-dp-prod-r-sa[0].iam_email]

fast/stages/1-resman/branch-gcve.tf

@@ -170,29 +170,27 @@ module "branch-gcve-prod-r-sa" {
 # automation buckets
 
 module "branch-gcve-dev-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.gcve ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "dev-resman-gcve-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.gcve ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "dev-resman-gcve-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-gcve-dev-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-gcve-dev-r-sa[0].iam_email]
   }
 }
 
 module "branch-gcve-prod-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.gcve ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "prod-resman-gcve-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.gcve ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "prod-resman-gcve-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-gcve-prod-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-gcve-prod-r-sa[0].iam_email]

fast/stages/1-resman/branch-gke.tf

@@ -170,29 +170,27 @@ module "branch-gke-prod-r-sa" {
 # automation buckets
 
 module "branch-gke-dev-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.gke ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "dev-resman-gke-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.gke ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "dev-resman-gke-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-gke-dev-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-gke-dev-r-sa[0].iam_email]
   }
 }
 
 module "branch-gke-prod-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.gke ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "prod-resman-gke-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.gke ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "prod-resman-gke-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-gke-prod-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-gke-prod-r-sa[0].iam_email]

fast/stages/1-resman/branch-networking.tf

@@ -187,13 +187,12 @@ module "branch-network-r-sa" {
 # automation bucket
 
 module "branch-network-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = var.automation.project_id
-  name          = "prod-resman-net-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = var.automation.project_id
+  name       = "prod-resman-net-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-network-sa.iam_email]
     "roles/storage.objectViewer" = [module.branch-network-r-sa.iam_email]

fast/stages/1-resman/branch-nsec.tf

@@ -79,14 +79,13 @@ moved {
 }
 
 module "branch-nsec-gcs" {
-  source        = "../../../modules/gcs"
-  count         = var.fast_features.nsec ? 1 : 0
-  project_id    = var.automation.project_id
-  name          = "prod-resman-nsec-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  count      = var.fast_features.nsec ? 1 : 0
+  project_id = var.automation.project_id
+  name       = "prod-resman-nsec-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-nsec-sa[0].iam_email]
     "roles/storage.objectViewer" = [module.branch-nsec-r-sa[0].iam_email]

fast/stages/1-resman/branch-project-factory.tf

@@ -172,13 +172,12 @@ moved {
 }
 
 module "branch-pf-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = var.automation.project_id
-  name          = "resman-pf-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = var.automation.project_id
+  name       = "resman-pf-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-pf-sa.iam_email]
     "roles/storage.objectViewer" = [module.branch-pf-r-sa.iam_email]
@@ -191,13 +190,12 @@ moved {
 }
 
 module "branch-pf-dev-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = var.automation.project_id
-  name          = "dev-resman-pf-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = var.automation.project_id
+  name       = "dev-resman-pf-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-pf-dev-sa.iam_email]
     "roles/storage.objectViewer" = [module.branch-pf-dev-r-sa.iam_email]
@@ -210,13 +208,12 @@ moved {
 }
 
 module "branch-pf-prod-gcs" {
-  source        = "../../../modules/gcs"
-  project_id    = var.automation.project_id
-  name          = "prod-resman-pf-0"
-  prefix        = var.prefix
-  location      = var.locations.gcs
-  storage_class = local.gcs_storage_class
-  versioning    = true
+  source     = "../../../modules/gcs"
+  project_id = var.automation.project_id
+  name       = "prod-resman-pf-0"
+  prefix     = var.prefix
+  location   = var.locations.gcs
+  versioning = true
   iam = {
     "roles/storage.objectAdmin"  = [module.branch-pf-prod-sa.iam_email]
     "roles/storage.objectViewer" = [module.branch-pf-prod-r-sa.iam_email]