History

Israel Herraiz 7df527e1ef Bump versions EVERYWHERE		2022-12-23 00:06:42 +01:00
..
README.md	refactor GCS module and tests (#1066 )	2022-12-22 12:27:09 +01:00
main.tf	refactor GCS module and tests (#1066 )	2022-12-22 12:27:09 +01:00
outputs.tf	Fix FAST audit logs when using pubsub as destination	2022-06-10 12:25:26 +02:00
variables.tf	refactor GCS module and tests (#1066 )	2022-12-22 12:27:09 +01:00
versions.tf	Bump versions EVERYWHERE	2022-12-23 00:06:42 +01:00

README.md

Google Cloud Storage Module

Example

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
}
# tftest modules=1 resources=2

Example with Cloud KMS

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
  encryption_key = "my-encryption-key"
}
# tftest modules=1 resources=2

Example with retention policy

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
  retention_policy = {
    retention_period = 100
    is_locked        = true
  }
  logging_config = {
    log_bucket        = var.bucket
    log_object_prefix = null
  }
}
# tftest modules=1 resources=2

Example with lifecycle rule

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
  lifecycle_rules = {
    lr-0 = {
      action = {
        type          = "SetStorageClass"
        storage_class = "STANDARD"
      }
      condition = {
        age = 30
      }
    }
  }
}
# tftest modules=1 resources=2

Minimal example with GCS notifications

module "bucket-gcs-notification" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  notification_config = {
    enabled           = true
    payload_format    = "JSON_API_V1"
    sa_email          = "service-<project-number>@gs-project-accounts.iam.gserviceaccount.com" # GCS SA email must be passed or fetched from projects module.
    topic_name        = "gcs-notification-topic"
    event_types       = ["OBJECT_FINALIZE"]
    custom_attributes = {}
  }
}
# tftest modules=1 resources=4

Variables

name	description	type	required	default
name	Bucket name suffix.	`string`	✓
project_id	Bucket project id.	`string`	✓
cors	CORS configuration for the bucket. Defaults to null.	`object({…})`		`null`
encryption_key	KMS key that will be used for encryption.	`string`		`null`
force_destroy	Optional map to set force destroy keyed by name, defaults to false.	`bool`		`false`
iam	IAM bindings in {ROLE => [MEMBERS]} format.	`map(list(string))`		`{}`
labels	Labels to be attached to all buckets.	`map(string)`		`{}`
lifecycle_rules	Bucket lifecycle rule.	`map(object({…}))`		`{}`
location	Bucket location.	`string`		`"EU"`
logging_config	Bucket logging configuration.	`object({…})`		`null`
notification_config	GCS Notification configuration.	`object({…})`		`null`
prefix	Optional prefix used to generate the bucket name.	`string`		`null`
retention_policy	Bucket retention policy.	`object({…})`		`null`
storage_class	Bucket storage class.	`string`		`"MULTI_REGIONAL"`
uniform_bucket_level_access	Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API).	`bool`		`true`
versioning	Enable versioning, defaults to false.	`bool`		`false`
website	Bucket website.	`object({…})`		`null`

Outputs

name	description	sensitive
bucket	Bucket resource.
id	Bucket ID (same as name).
name	Bucket name.
notification	GCS Notification self link.
topic	Topic ID used by GCS.
url	Bucket URL.