zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/gcs
History
lcaggio 1b450fe444
Add Cloud KMS support to GCS module (#87) 
* Add support to Cloud KMS

* Fixes

* Fix tests

* Fix tests

* - change variable name to be consistent with BQ module
 - remove output, not needed
 - change string default value to null

* use locals to pre-populate kms key variable for all names

* rename kms variable, fix prefix check in locals

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 		2020-06-05 21:59:34 +02:00
..
README.md Add Cloud KMS support to GCS module (#87) 2020-06-05 21:59:34 +02:00
main.tf Add Cloud KMS support to GCS module (#87) 2020-06-05 21:59:34 +02:00
outputs.tf
variables.tf Add Cloud KMS support to GCS module (#87) 2020-06-05 21:59:34 +02:00
versions.tf

README.md

Google Cloud Storage Module

TODO

Example

module "buckets" {
  source     = "./modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  names      = ["bucket-one", "bucket-two"]
  bucket_policy_only = {
    bucket-one = false
  }
  iam_members = {
    bucket-two = {
      "roles/storage.admin" = ["group:storage@example.com"]
    }
  }
  iam_roles = {
    bucket-two = ["roles/storage.admin"]
  }
}

Example with Cloud KMS

module "buckets" {
  source     = "./modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  names      = ["bucket-one", "bucket-two"]
  bucket_policy_only = {
    bucket-one = false
  }
  iam_members = {
    bucket-two = {
      "roles/storage.admin" = ["group:storage@example.com"]
    }
  }
  iam_roles = {
    bucket-two = ["roles/storage.admin"]
  }
  kms_keys = {
    bucket-two = local.kms_key.self_link,
  }
}

Variables

name description type required default
names Bucket name suffixes. list(string)
project_id Bucket project id. string
bucket_policy_only Optional map to disable object ACLS keyed by name, defaults to true. map(bool) {}
encryption_keys Per-bucket KMS keys that will be used for encryption. map(string) {}
force_destroy Optional map to set force destroy keyed by name, defaults to false. map(bool) {}
iam_members IAM members keyed by bucket name and role. map(map(list(string))) {}
iam_roles IAM roles keyed by bucket name. map(list(string)) {}
labels Labels to be attached to all buckets. map(string) {}
location Bucket location. string EU
prefix Prefix used to generate the bucket name. string null
storage_class Bucket storage class. string MULTI_REGIONAL
versioning Optional map to set versioning keyed by name, defaults to false. map(bool) {}

Outputs

name description sensitive
bucket Bucket resource (for single use).
buckets Bucket resources.
name Bucket name (for single use).
names Bucket names.
names_list List of bucket names.
url Bucket URL (for single use).
urls Bucket URLs.
urls_list List of bucket URLs.