Untitled
unknown
plain_text
a year ago
3.6 kB
3
Indexable
locals {
# Workarounds for the optional(type) bug - https://github.com/hashicorp/terraform/issues/24142
retention_policy = var.retention_policy == null ? [] : [var.retention_policy]
logging = var.log_bucket == null ? [] : [var.log_bucket]
lifecycle_rules = var.lifecycle_rules == null ? [] : var.lifecycle_rules
admins = coalesce(var.admins, [])
creators = coalesce(var.creators, [])
viewers = coalesce(var.viewers, [])
storage_admins = coalesce(var.storage_admins, [])
folders = coalesce(var.folders, [])
prefix = data.google_project.project.number
name = "${local.prefix}-${var.name}"
}
# Getting the number of the project for the bucket prefix
data "google_project" "project" {
project_id = var.project_id
}
resource "google_storage_bucket" "bucket" {
project = var.project_id
name = local.name
uniform_bucket_level_access = coalesce(var.uniform_bucket_level_access, true)
storage_class = var.storage_class
location = var.location
force_destroy = coalesce(var.force_destroy, false)
labels = var.labels
versioning {
enabled = coalesce(var.versioning, false)
}
dynamic "logging" {
for_each = local.logging
content {
log_bucket = var.log_bucket
#log_object = var.log_object
}
}
dynamic "retention_policy" {
for_each = local.retention_policy
content {
is_locked = var.retention_policy.is_locked
retention_period = var.retention_policy.retention_period
}
}
dynamic "lifecycle_rule" {
for_each = local.lifecycle_rules
content {
action {
type = lifecycle_rule.value.action.type
storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
}
condition {
age = lookup(lifecycle_rule.value.condition, "age", null)
created_before = lookup(lifecycle_rule.value.condition, "created_before", null)
with_state = lookup(lifecycle_rule.value.condition, "with_state", lookup(lifecycle_rule.value.condition, "is_live", false) ? "LIVE" : null)
num_newer_versions = lookup(lifecycle_rule.value.condition, "num_newer_versions", null)
}
}
}
}
# It will create folders for the bucket
resource "google_storage_bucket_object" "folders" {
for_each = toset(local.folders)
bucket = google_storage_bucket.bucket.name
name = "${each.value}/" # it will create folder
content = "null" # This isn't used but required
}
# -----------------------------------------------------
# Addative
# -----------------------------------------------------
resource "google_storage_bucket_iam_member" "admins" {
bucket = google_storage_bucket.bucket.name
for_each = toset(local.admins)
role = "roles/storage.objectAdmin"
member = each.value
}
resource "google_storage_bucket_iam_member" "creators" {
bucket = google_storage_bucket.bucket.name
for_each = toset(local.creators)
role = "roles/storage.objectCreator"
member = each.value
}
resource "google_storage_bucket_iam_member" "viewers" {
bucket = google_storage_bucket.bucket.name
for_each = toset(local.viewers)
role = "roles/storage.objectCreator"
member = each.value
}
resource "google_storage_bucket_iam_member" "storage_admins" {
bucket = google_storage_bucket.bucket.name
for_each = toset(local.storage_admins)
role = "roles/storage.admin"
member = each.value
}