From 94f48fe04a451115610f9d7a87e4670f7bf3bd94 Mon Sep 17 00:00:00 2001 From: Arnaud Meukam Date: Mon, 14 Jun 2021 20:30:52 +0200 Subject: [PATCH] infra/gcp/k8s-infra-public-pii: fix post-deployment issue of 2031. Fix of a typo in the service name Ensure bucket k8s-infra-artifacts-gsclogs is not deleted with Terraoform Remove non-working IAM binding Signed-off-by: Arnaud Meukam --- infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf b/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf index b4da14c4ed8e..ab1fc00030fd 100644 --- a/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf +++ b/infra/gcp/clusters/projects/k8s-infra-public-pii/main.tf @@ -45,7 +45,7 @@ resource "google_project_service" "project" { for_each = toset([ "bigquery.googleapis.com", "bigqueryreservation.googleapis.com", - "bigquerytransfer.googleapis.com", + "bigquerydatatransfer.googleapis.com", "storage-component.googleapis.com" ]) @@ -83,7 +83,7 @@ resource "google_storage_bucket" "audit-logs-gcs" { // NOTE: Prevent the bucket from being deleted lifecycle { - prevent_destroy = false + prevent_destroy = true } } @@ -102,7 +102,7 @@ resource "google_storage_bucket_iam_policy" "analytics_objectadmin_policy" { policy_data = data.google_iam_policy.storage_policy_objectadmin.policy_data } -data "google_iam_policy" "storage_policy_legacybucketwriter" { +/* data "google_iam_policy" "storage_policy_legacybucketwriter" { binding { role = "roles/storage.legacyBucketWriter" members = [ @@ -114,7 +114,7 @@ data "google_iam_policy" "storage_policy_legacybucketwriter" { resource "google_storage_bucket_iam_policy" "analytics_legacybucketwriter_policy" { bucket = google_storage_bucket.audit-logs-gcs.name policy_data = data.google_iam_policy.storage_policy_legacybucketwriter.policy_data -} +} */ // Allow ready-only access to k8s-infra-gcs-access-logs@kubernetes.io resource "google_storage_bucket_iam_member" "artificats-gcs-logs" {