From f46455752574037afa1dad1eb0b0aa2134ecae50 Mon Sep 17 00:00:00 2001 From: jeroenmonteban Date: Mon, 16 Oct 2023 09:45:10 +0200 Subject: [PATCH] Add autoclass to GCS (#1757) * Add autoclass to GCS * Fix linting * Make autoclass block dynamic * Fix syntax --------- Co-authored-by: Julio Castillo --- modules/gcs/README.md | 47 ++++++++++--------- modules/gcs/main.tf | 9 +++- modules/gcs/variables.tf | 8 +++- .../gcs/examples/iam-authoritative.yaml | 2 + .../gcs/examples/iam-bindings-additive.yaml | 2 + tests/modules/gcs/examples/iam-bindings.yaml | 2 + tests/modules/gcs/examples/simple.yaml | 2 + 7 files changed, 47 insertions(+), 25 deletions(-) diff --git a/modules/gcs/README.md b/modules/gcs/README.md index 3ea52db68..8a26958d6 100644 --- a/modules/gcs/README.md +++ b/modules/gcs/README.md @@ -178,29 +178,30 @@ module "bucket" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L158) | Bucket name suffix. | string | ✓ | | -| [project_id](variables.tf#L213) | Bucket project id. | string | ✓ | | -| [cors](variables.tf#L17) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | -| [custom_placement_config](variables.tf#L28) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | -| [default_event_based_hold](variables.tf#L34) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | -| [encryption_key](variables.tf#L40) | KMS key that will be used for encryption. | string | | null | -| [force_destroy](variables.tf#L46) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | -| [iam](variables.tf#L52) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [iam_bindings](variables.tf#L58) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | -| [iam_bindings_additive](variables.tf#L73) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | -| [labels](variables.tf#L88) | Labels to be attached to all buckets. | map(string) | | {} | -| [lifecycle_rules](variables.tf#L94) | Bucket lifecycle rule. | map(object({…})) | | {} | -| [location](variables.tf#L143) | Bucket location. | string | | "EU" | -| [logging_config](variables.tf#L149) | Bucket logging configuration. | object({…}) | | null | -| [notification_config](variables.tf#L163) | GCS Notification configuration. | object({…}) | | null | -| [objects_to_upload](variables.tf#L177) | Objects to be uploaded to bucket. | map(object({…})) | | {} | -| [prefix](variables.tf#L203) | Optional prefix used to generate the bucket name. | string | | null | -| [requester_pays](variables.tf#L218) | Enables Requester Pays on a storage bucket. | bool | | null | -| [retention_policy](variables.tf#L224) | Bucket retention policy. | object({…}) | | null | -| [storage_class](variables.tf#L233) | Bucket storage class. | string | | "MULTI_REGIONAL" | -| [uniform_bucket_level_access](variables.tf#L243) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | -| [versioning](variables.tf#L249) | Enable versioning, defaults to false. | bool | | false | -| [website](variables.tf#L255) | Bucket website. | object({…}) | | null | +| [name](variables.tf#L164) | Bucket name suffix. | string | ✓ | | +| [project_id](variables.tf#L219) | Bucket project id. | string | ✓ | | +| [autoclass](variables.tf#L17) | Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false. | bool | | false | +| [cors](variables.tf#L23) | CORS configuration for the bucket. Defaults to null. | object({…}) | | null | +| [custom_placement_config](variables.tf#L34) | The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated as REGIONAL or MULTI_REGIONAL, the parameters are empty. | list(string) | | null | +| [default_event_based_hold](variables.tf#L40) | Enable event based hold to new objects added to specific bucket, defaults to false. | bool | | null | +| [encryption_key](variables.tf#L46) | KMS key that will be used for encryption. | string | | null | +| [force_destroy](variables.tf#L52) | Optional map to set force destroy keyed by name, defaults to false. | bool | | false | +| [iam](variables.tf#L58) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [iam_bindings](variables.tf#L64) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | +| [iam_bindings_additive](variables.tf#L79) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | +| [labels](variables.tf#L94) | Labels to be attached to all buckets. | map(string) | | {} | +| [lifecycle_rules](variables.tf#L100) | Bucket lifecycle rule. | map(object({…})) | | {} | +| [location](variables.tf#L149) | Bucket location. | string | | "EU" | +| [logging_config](variables.tf#L155) | Bucket logging configuration. | object({…}) | | null | +| [notification_config](variables.tf#L169) | GCS Notification configuration. | object({…}) | | null | +| [objects_to_upload](variables.tf#L183) | Objects to be uploaded to bucket. | map(object({…})) | | {} | +| [prefix](variables.tf#L209) | Optional prefix used to generate the bucket name. | string | | null | +| [requester_pays](variables.tf#L224) | Enables Requester Pays on a storage bucket. | bool | | null | +| [retention_policy](variables.tf#L230) | Bucket retention policy. | object({…}) | | null | +| [storage_class](variables.tf#L239) | Bucket storage class. | string | | "MULTI_REGIONAL" | +| [uniform_bucket_level_access](variables.tf#L249) | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true | +| [versioning](variables.tf#L255) | Enable versioning, defaults to false. | bool | | false | +| [website](variables.tf#L261) | Bucket website. | object({…}) | | null | ## Outputs diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf index bd1a4429c..1341e707c 100644 --- a/modules/gcs/main.tf +++ b/modules/gcs/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,6 +33,13 @@ resource "google_storage_bucket" "bucket" { enabled = var.versioning } + dynamic "autoclass" { + for_each = var.autoclass == null ? [] : [""] + content { + enabled = var.autoclass + } + } + dynamic "website" { for_each = var.website == null ? [] : [""] diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf index 2579c09cd..350c74baf 100644 --- a/modules/gcs/variables.tf +++ b/modules/gcs/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,6 +14,12 @@ * limitations under the License. */ +variable "autoclass" { + description = "Enable autoclass to automatically transition objects to appropriate storage classes based on their access pattern. If set to true, storage_class must be set to STANDARD. Defaults to false." + type = bool + default = false +} + variable "cors" { description = "CORS configuration for the bucket. Defaults to null." type = object({ diff --git a/tests/modules/gcs/examples/iam-authoritative.yaml b/tests/modules/gcs/examples/iam-authoritative.yaml index 84398c3ce..8956adc6c 100644 --- a/tests/modules/gcs/examples/iam-authoritative.yaml +++ b/tests/modules/gcs/examples/iam-authoritative.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_binding.authoritative["roles/storage.admin"]: bucket: my-bucket condition: [] diff --git a/tests/modules/gcs/examples/iam-bindings-additive.yaml b/tests/modules/gcs/examples/iam-bindings-additive.yaml index edc6c6a77..2c20f9aa4 100644 --- a/tests/modules/gcs/examples/iam-bindings-additive.yaml +++ b/tests/modules/gcs/examples/iam-bindings-additive.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_member.bindings["storage-admin-with-delegated_roles"]: bucket: my-bucket condition: diff --git a/tests/modules/gcs/examples/iam-bindings.yaml b/tests/modules/gcs/examples/iam-bindings.yaml index ff3740b14..45113fae3 100644 --- a/tests/modules/gcs/examples/iam-bindings.yaml +++ b/tests/modules/gcs/examples/iam-bindings.yaml @@ -33,6 +33,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: false + autoclass: + - enabled: false module.bucket.google_storage_bucket_iam_binding.bindings["storage-admin-with-delegated_roles"]: bucket: my-bucket condition: diff --git a/tests/modules/gcs/examples/simple.yaml b/tests/modules/gcs/examples/simple.yaml index 3e7a646de..0bc34c06d 100644 --- a/tests/modules/gcs/examples/simple.yaml +++ b/tests/modules/gcs/examples/simple.yaml @@ -34,6 +34,8 @@ values: uniform_bucket_level_access: true versioning: - enabled: true + autoclass: + - enabled: false counts: google_storage_bucket: 1 \ No newline at end of file