zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add public_access_prevention

This commit is contained in:
devuonocar 2023-10-30 18:23:33 +01:00
parent 68dea5530a
commit 96c1342d55
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/gcs/README.md
View File

@ -196,6 +196,7 @@ module "bucket" {
| [notification_config](variables.tf#L169) | GCS Notification configuration. | <code title="object&#40;&#123;&#10; enabled &#61; bool&#10; payload_format &#61; string&#10; topic_name &#61; string&#10; sa_email &#61; string&#10; event_types &#61; optional&#40;list&#40;string&#41;&#41;&#10; custom_attributes &#61; optional&#40;map&#40;string&#41;&#41;&#10; object_name_prefix &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | <code title="map&#40;object&#40;&#123;&#10; name &#61; string&#10; metadata &#61; optional&#40;map&#40;string&#41;&#41;&#10; content &#61; optional&#40;string&#41;&#10; source &#61; optional&#40;string&#41;&#10; cache_control &#61; optional&#40;string&#41;&#10; content_disposition &#61; optional&#40;string&#41;&#10; content_encoding &#61; optional&#40;string&#41;&#10; content_language &#61; optional&#40;string&#41;&#10; content_type &#61; optional&#40;string&#41;&#10; event_based_hold &#61; optional&#40;bool&#41;&#10; temporary_hold &#61; optional&#40;bool&#41;&#10; detect_md5hash &#61; optional&#40;string&#41;&#10; storage_class &#61; optional&#40;string&#41;&#10; kms_key_name &#61; optional&#40;string&#41;&#10; customer_encryption &#61; optional&#40;object&#40;&#123;&#10; encryption_algorithm &#61; optional&#40;string&#41;&#10; encryption_key &#61; string&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | <code>string</code> | | <code>null</code> |
| [public_access_prevention](variables.tf#L224) | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | <code>string</code> | | <code>&#34;inherited&#34;</code> |
| [requester_pays](variables.tf#L224) | Enables Requester Pays on a storage bucket. | <code>bool</code> | | <code>null</code> |
| [retention_policy](variables.tf#L230) | Bucket retention policy. | <code title="object&#40;&#123;&#10; retention_period &#61; number&#10; is_locked &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [storage_class](variables.tf#L239) | Bucket storage class. | <code>string</code> | | <code>&#34;MULTI_REGIONAL&#34;</code> |

1
modules/gcs/main.tf
View File

@ -29,6 +29,7 @@ resource "google_storage_bucket" "bucket" {
labels = var.labels
default_event_based_hold = var.default_event_based_hold
requester_pays = var.requester_pays
public_access_prevention = var.public_access_prevention
versioning {
enabled = var.versioning
}

6
modules/gcs/variables.tf
View File

@ -221,6 +221,12 @@ variable "project_id" {
type = string
}
variable "public_access_prevention" {
description = "Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint."
type = string
default = "inherited"
}
variable "requester_pays" {
description = "Enables Requester Pays on a storage bucket."
type = bool