Add retention policy (#133)
This commit is contained in:
parent
d45934e544
commit
daf3dc41e7
|
@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
|
|||
## [Unreleased]
|
||||
- Fix GCS2BQ (issue: 128)
|
||||
- make VPC creation optional in `net-vpc` module to allow managing a pre-existing VPC
|
||||
- add retention_policy in `gcs` module
|
||||
|
||||
## [3.2.0] - 2020-08-29
|
||||
|
||||
|
|
|
@ -45,12 +45,39 @@ module "buckets" {
|
|||
iam_roles = {
|
||||
bucket-two = ["roles/storage.admin"]
|
||||
}
|
||||
kms_keys = {
|
||||
encryption_keys = {
|
||||
bucket-two = local.kms_key.self_link,
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Example with retention policy
|
||||
|
||||
```hcl
|
||||
module "buckets" {
|
||||
source = "./modules/gcs"
|
||||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
names = ["bucket-one", "bucket-two"]
|
||||
bucket_policy_only = {
|
||||
bucket-one = false
|
||||
}
|
||||
iam_members = {
|
||||
bucket-two = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
}
|
||||
iam_roles = {
|
||||
bucket-two = ["roles/storage.admin"]
|
||||
}
|
||||
|
||||
retention_policies = {
|
||||
bucket-one = { retention_period = 100 , is_locked = true}
|
||||
bucket-two = { retention_period = 900 }
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -68,6 +95,7 @@ module "buckets" {
|
|||
| *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *storage_class* | Bucket storage class. | <code title="">string</code> | | <code title="">MULTI_REGIONAL</code> |
|
||||
| *versioning* | Optional map to set versioning keyed by name, defaults to false. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *retention_policies* | Optional map to set up retention policy keyed by bucket name. | <code title="map(bool)">map(map(string))</code> | | <code title="">{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ locals {
|
|||
: join("-", [var.prefix, lower(var.location), ""])
|
||||
)
|
||||
kms_keys = { for name in var.names : name => lookup(var.encryption_keys, name, null) }
|
||||
retention_policy = { for name in var.names : name => lookup(var.retention_policies, name, null) }
|
||||
}
|
||||
|
||||
resource "google_storage_bucket" "buckets" {
|
||||
|
@ -63,6 +64,14 @@ resource "google_storage_bucket" "buckets" {
|
|||
default_kms_key_name = local.kms_keys[each.key]
|
||||
}
|
||||
}
|
||||
|
||||
dynamic retention_policy {
|
||||
for_each = local.retention_policy[each.key] == null ? [] : [""]
|
||||
content {
|
||||
retention_period = local.retention_policy[each.key]["retention_period"]
|
||||
is_locked = lookup(local.retention_policy[each.key], "is_locked", false)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_binding" "bindings" {
|
||||
|
|
|
@ -83,3 +83,9 @@ variable "versioning" {
|
|||
type = map(bool)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "retention_policies" {
|
||||
description = "Per-bucket retention policy."
|
||||
type = map(map(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue