diff --git a/README.md b/README.md index 6f3d00f6..bd8559ae 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ Functional examples are included in the | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | admins | IAM-style members who will be granted roles/storage.objectAdmin on all buckets. | `list(string)` | `[]` | no | +| autoclass | Optional map of lowercase unprefixed bucket name => boolean, defaults to false. | `map(bool)` | `{}` | no | | bucket\_admins | Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket admins. | `map(string)` | `{}` | no | | bucket\_creators | Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket creators. | `map(string)` | `{}` | no | | bucket\_hmac\_key\_admins | Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket HMAC Key admins. | `map(string)` | `{}` | no | diff --git a/examples/simple_bucket/main.tf b/examples/simple_bucket/main.tf index 42f7db40..a3cc89c2 100644 --- a/examples/simple_bucket/main.tf +++ b/examples/simple_bucket/main.tf @@ -40,4 +40,6 @@ module "bucket" { role = "roles/storage.objectViewer" member = "group:test-gcp-ops@test.blueprints.joonix.net" }] + + autoclass = true } diff --git a/main.tf b/main.tf index c3a234a8..305ba25f 100644 --- a/main.tf +++ b/main.tf @@ -69,6 +69,13 @@ resource "google_storage_bucket" "buckets" { lower(each.value), false, ) + autoclass { + enabled = lookup( + var.autoclass, + lower(each.value), + false, + ) + } # Having a permanent encryption block with default_kms_key_name = "" works but results in terraform applying a change every run # There is no enabled = false attribute available to ask terraform to ignore the block dynamic "encryption" { diff --git a/metadata.yaml b/metadata.yaml index 146e7417..12431130 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -239,6 +239,11 @@ spec: type: map(any) default: {} required: false + - name: autoclass + description: Optional map of lowercase unprefixed bucket name => boolean, defaults to false. + type: map(bool) + default: {} + required: false outputs: - name: bucket description: Bucket resource (for single use). diff --git a/modules/simple_bucket/README.md b/modules/simple_bucket/README.md index 581e2810..d6672709 100644 --- a/modules/simple_bucket/README.md +++ b/modules/simple_bucket/README.md @@ -38,6 +38,7 @@ Functional examples are included in the | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| autoclass | While set to true, autoclass is enabled for this bucket. | `bool` | `false` | no | | bucket\_policy\_only | Enables Bucket Policy Only access to a bucket. | `bool` | `true` | no | | cors | Configuration of CORS for bucket with structure as defined in https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#cors. | `any` | `[]` | no | | custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. |
object({| `null` | no | diff --git a/modules/simple_bucket/main.tf b/modules/simple_bucket/main.tf index 5ba4e5e8..0a38d804 100644 --- a/modules/simple_bucket/main.tf +++ b/modules/simple_bucket/main.tf @@ -28,6 +28,10 @@ resource "google_storage_bucket" "bucket" { enabled = var.versioning } + autoclass { + enabled = var.autoclass + } + dynamic "retention_policy" { for_each = var.retention_policy == null ? [] : [var.retention_policy] content { diff --git a/modules/simple_bucket/metadata.yaml b/modules/simple_bucket/metadata.yaml index 53913a29..d2594b1d 100644 --- a/modules/simple_bucket/metadata.yaml +++ b/modules/simple_bucket/metadata.yaml @@ -129,6 +129,11 @@ spec: type: map(any) default: {} required: false + - name: autoclass + description: While set to true, autoclass is enabled for this bucket. + type: bool + default: false + required: false outputs: - name: bucket description: The created storage bucket diff --git a/modules/simple_bucket/variables.tf b/modules/simple_bucket/variables.tf index fd282fb6..35a7a320 100644 --- a/modules/simple_bucket/variables.tf +++ b/modules/simple_bucket/variables.tf @@ -54,6 +54,12 @@ variable "versioning" { default = true } +variable "autoclass" { + description = "While set to true, autoclass is enabled for this bucket." + type = bool + default = false +} + variable "force_destroy" { description = "When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects." type = bool diff --git a/modules/simple_bucket/versions.tf b/modules/simple_bucket/versions.tf index db2a47f8..e2c6e292 100644 --- a/modules/simple_bucket/versions.tf +++ b/modules/simple_bucket/versions.tf @@ -20,7 +20,7 @@ terraform { google = { source = "hashicorp/google" - version = ">= 4.42, < 5.0" + version = ">= 4.46, < 5.0" } } diff --git a/variables.tf b/variables.tf index 5a8df373..75de2273 100644 --- a/variables.tf +++ b/variables.tf @@ -60,6 +60,12 @@ variable "versioning" { default = {} } +variable "autoclass" { + description = "Optional map of lowercase unprefixed bucket name => boolean, defaults to false." + type = map(bool) + default = {} +} + variable "encryption_key_names" { description = "Optional map of lowercase unprefixed name => string, empty strings are ignored." type = map(string) diff --git a/versions.tf b/versions.tf index e04267b8..370bd72e 100644 --- a/versions.tf +++ b/versions.tf @@ -20,7 +20,7 @@ terraform { google = { source = "hashicorp/google" - version = ">= 4.42, < 5.0" + version = ">= 4.46, < 5.0" } random = {
data_locations = list(string)
})