forked from mineiros-io/terraform-google-storage-bucket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
235 lines (195 loc) · 8.29 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# These variables must be set when using this module.
# ---------------------------------------------------------------------------------------------------------------------
variable "name" {
description = "(Required) Name of the bucket."
type = string
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# These variables have defaults, but may be overridden.
# ---------------------------------------------------------------------------------------------------------------------
variable "force_destroy" {
description = "(Optional) When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run."
type = bool
default = false
}
variable "location" {
description = "(Optional) The GCS location."
type = string
default = "US"
}
variable "project" {
description = "(Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used."
type = string
default = null
}
variable "storage_class" {
description = "(Optional) The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE."
type = string
default = "STANDARD"
validation {
condition = contains(["STANDARD", "MULTI_REGIONAL", "REGIONAL", "NEARLINE", "COLDLINE", "ARCHIVE"], var.storage_class)
error_message = "The value must only be one of these valid values: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE."
}
}
variable "lifecycle_rules" {
description = "(Optional) The bucket's Lifecycle Rules configuration."
type = any
default = []
}
variable "versioning_enabled" {
description = "(Optional) Whether versioning should be enabled."
type = bool
default = false
}
variable "rpo" {
description = "(Optional) The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets."
type = string
default = null
}
variable "default_event_based_hold" {
description = "(Optional) Whether or not to automatically apply an eventBasedHold to new objects added to the bucket."
type = bool
default = false
}
variable "enable_object_retention" {
description = "(Optional) Enables object retention on a storage bucket."
type = bool
default = false
}
variable "public_access_prevention" {
description = "Prevents public access to a bucket."
type = string
default = "inherited"
}
variable "website" {
description = "(Optional) Configuration if the bucket acts as a website."
type = any
default = null
}
variable "autoclass" {
description = "(Optional) Autoclass configuration"
type = any
default = null
}
variable "custom_placement_config" {
description = "(Optional) The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty."
type = any
default = null
}
variable "cors" {
description = "(Optional) The bucket's Cross-Origin Resource Sharing (CORS) configuration."
type = any
default = []
}
variable "encryption_default_kms_key_name" {
description = "(Optional) The id of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in."
type = string
default = null
}
variable "logging" {
description = "(Optional) The bucket's Access & Storage Logs configuration."
type = any
default = null
}
variable "retention_policy" {
description = "(Optional) Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."
type = any
default = null
}
variable "labels" {
description = "(Optional) A map of key/value label pairs to assign to the bucket."
type = map(string)
default = {}
}
variable "requester_pays" {
description = "(Optional) Enables Requester Pays on a storage bucket."
type = bool
default = false
}
variable "uniform_bucket_level_access" {
description = "(Optional) Enables Uniform bucket-level access access to a bucket."
type = bool
default = true
}
variable "object_creators" {
type = set(string)
description = "(Optional) A set of identities that will be able to create objects inside the bucket."
default = []
}
variable "object_viewers" {
type = set(string)
description = "(Optional) A set of identities that will be able to view objects inside the bucket."
default = []
}
variable "legacy_readers" {
type = set(string)
description = "(Optional) A set of identities that get the legacy bucket and object reader role assigned."
default = []
}
variable "legacy_writers" {
type = set(string)
description = "(Optional) A set of identities that get the legacy bucket and object writer role assigned."
default = []
}
variable "object_admins" {
type = set(string)
description = "(Optional) A set of identities that will be able to administrate objects inside the bucket."
default = []
}
## IAM
variable "iam" {
description = "(Optional) A list of IAM access."
type = any
default = []
# validate required keys in each object
validation {
condition = alltrue([for x in var.iam : length(setintersection(keys(x), ["role", "roles", "members"])) == 2])
error_message = "Each object in var.iam must specify a role(s) and a set of members."
}
# validate no invalid keys are in each object
validation {
condition = alltrue([for x in var.iam : length(setsubtract(keys(x), ["role", "roles", "members", "authoritative", "condition"])) == 0])
error_message = "Each object in var.iam does only support role, roles, members, authoritative and condition attributes."
}
}
variable "policy_bindings" {
description = "(Optional) A list of IAM policy bindings."
type = any
default = null
# validate required keys in each object
validation {
condition = var.policy_bindings == null ? true : alltrue([for x in var.policy_bindings : length(setintersection(keys(x), ["role", "members"])) == 2])
error_message = "Each object in var.policy_bindings must specify a role and a set of members."
}
# validate no invalid keys are in each object
validation {
condition = var.policy_bindings == null ? true : alltrue([for x in var.policy_bindings : length(setsubtract(keys(x), ["role", "members", "condition"])) == 0])
error_message = "Each object in var.policy_bindings does only support role, members and condition attributes."
}
}
variable "computed_members_map" {
type = map(string)
description = "(Optional) A map of members to replace in 'members' to handle terraform computed values. Will be ignored when policy bindings are used."
default = {}
validation {
condition = alltrue([for k, v in var.computed_members_map : can(regex("^(allUsers|allAuthenticatedUsers|(user|serviceAccount|group|domain|projectOwner|projectEditor|projectViewer):)", v))])
error_message = "The value must be a non-empty list of strings where each entry is a valid principal type identified with `user:`, `serviceAccount:`, `group:`, `domain:`, `projectOwner:`, `projectEditor:` or `projectViewer:`."
}
}
# ------------------------------------------------------------------------------
# MODULE CONFIGURATION PARAMETERS
# These variables are used to configure the module.
# ------------------------------------------------------------------------------
variable "module_enabled" {
type = bool
description = "(Optional) Whether to create resources within the module or not. Default is 'true'."
default = true
}
variable "module_depends_on" {
type = any
description = "(Optional) A list of external resources the module depends_on. Default is '[]'."
default = []
}