infra/gcp/k8s-infra-public-pii: fix post-deployment issue of 2031.

Fix of a typo in the service name Ensure bucket k8s-infra-artifacts-gsclogs is not deleted with Terraoform Remove non-working IAM binding Signed-off-by: Arnaud Meukam <[email protected]>
kubernetes · Jun 14, 2021 · 94f48fe · 94f48fe
1 parent 3877257
commit 94f48fe
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf b/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf
@@ -45,7 +45,7 @@ resource "google_project_service" "project" {
   for_each = toset([
     "bigquery.googleapis.com",
     "bigqueryreservation.googleapis.com",
-    "bigquerytransfer.googleapis.com",
+    "bigquerydatatransfer.googleapis.com",
     "storage-component.googleapis.com"
   ])
 
@@ -83,7 +83,7 @@ resource "google_storage_bucket" "audit-logs-gcs" {
 
   // NOTE: Prevent the bucket from being deleted
   lifecycle {
-    prevent_destroy = false
+    prevent_destroy = true
   }
 }
 
@@ -102,7 +102,7 @@ resource "google_storage_bucket_iam_policy" "analytics_objectadmin_policy" {
   policy_data = data.google_iam_policy.storage_policy_objectadmin.policy_data
 }
 
-data "google_iam_policy" "storage_policy_legacybucketwriter" {
+/* data "google_iam_policy" "storage_policy_legacybucketwriter" {
   binding {
     role = "roles/storage.legacyBucketWriter"
     members = [
@@ -114,7 +114,7 @@ data "google_iam_policy" "storage_policy_legacybucketwriter" {
 resource "google_storage_bucket_iam_policy" "analytics_legacybucketwriter_policy" {
   bucket      = google_storage_bucket.audit-logs-gcs.name
   policy_data = data.google_iam_policy.storage_policy_legacybucketwriter.policy_data
-}
+} */
 
 // Allow ready-only access to [email protected]
 resource "google_storage_bucket_iam_member" "artificats-gcs-logs" {