Google Cloud Storage

Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time. You can use Cloud Storage for a range of scenarios including serving website content, storing data for archival and disaster recovery, or distributing large data objects to users via direct download.

This module creates a Google Cloud Storage with these possibilities :

  • Add ACLs on the newly created cloud storage.

  • Bind IAM Roles to the newly created cloud storage.

Requirements

Name

Version

terraform

>= 1.0

google

>= 4.75.0

kubernetes

>= 2.7.1

Providers

Name

Version

google

>= 4.75.0

kubernetes

>= 2.7.1

Modules

No modules.

Resources

Name

Type

google_kms_crypto_key_iam_member.kms

resource

google_storage_bucket.gcs

resource

google_storage_bucket_access_control.access_control

resource

google_storage_bucket_acl.default_acl

resource

google_storage_bucket_acl.predefined_acl

resource

google_storage_bucket_acl.role_entity_acl

resource

google_storage_bucket_iam_member.role

resource

kubernetes_secret.s3_user_credentials

resource

google_client_config.current

data source

google_project.project

data source

Inputs

Name

Description

Type

Default

Required

adapter_absolute_path

The adapter’s absolute path

string

"/adapters/object/s3/ArmoniK.Core.Adapters.S3.dll"

no

adapter_class_name

Name of the adapter’s class

string

"ArmoniK.Core.Adapters.S3.ObjectBuilder"

no

autoclass

The bucket’s Autoclass configuration.

bool

null

no

cors

The bucket’s Cross-Origin Resource Sharing (CORS) configuration.

 

object({
    origin          = list(string)
    method          = list(string)
    response_header = list(string)
    max_age_seconds = number
  })

null

no

data_locations

The bucket’s custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.

list(string)

null

no

default_acl

Configure this ACL to be the default ACL.

string

null

no

default_event_based_hold

Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.

bool

null

no

default_kms_key_name

The id of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.

string

null

no

entity_bucket_access_control

The entity holding the permission.

string

null

no

force_destroy

When deleting a bucket, this boolean option will delete all contained objects.

bool

false

no

labels

A map of key/value label pairs to assign to the bucket.

map(string)

{}

no

lifecycle_rule

The bucket’s lifecycle rules configuration.

 

map(object({
    action = object({
      type          = string
      storage_class = string
    })
    condition = object({
      age                        = number
      created_before             = string
      with_state                 = string
      matches_storage_class      = list(string)
      matches_prefix             = list(string)
      matches_suffix             = list(string)
      num_newer_versions         = number
      custom_time_before         = string
      days_since_custom_time     = string
      days_since_noncurrent_time = string
      noncurrent_time_before     = string
    })
  }))

null

no

location

Location for the bucket: regional, dual-regional or multi-regional GCS locations.

string

n/a

yes

logging

The bucket’s Access & Storage Logs configuration.

 

object({
    log_bucket        = string
    log_object_prefix = string
  })

null

no

name

The name of the bucket.

string

n/a

yes

namespace

Namespace of ArmoniK storage resources

string

"armonik"

no

object_storage_adapter

Name of the ArmoniK adapter to use for the storage

string

"ArmoniK.Adapters.S3.ObjectStorage"

no

password

Google Cloud storage secret to use as passeword

string

""

no

predefined_acl

The canned GCS ACL to apply.

string

null

no

public_access_prevention

Prevents public access to a bucket. Acceptable values are ‘inherited’ or ‘enforced’

string

null

no

requester_pays

Enables Requester Pays on a storage bucket.

bool

null

no

retention_policy

Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained.

 

object({
    is_locked        = bool
    retention_period = number
  })

null

no

role_bucket_access_control

The access permission for the entity.

string

null

no

role_entity_acl

List of role/entity pairs in the form “ROLE:entity”.

list(string)

null

no

roles

Roles to bind to the bucket

map(set(string))

null

no

storage_class

The Storage Class of the new bucket.

string

"STANDARD"

no

uniform_bucket_level_access

Enables Uniform bucket-level access access to a bucket

bool

null

no

username

Google Cloud storage access id to use as username

string

""

no

versioning

The bucket’s Versioning configuration.

bool

null

no

website

Configuration if the bucket acts as a website. Structure is documented below.

 

object({
    main_page_suffix = string
    not_found_page   = string
  })

null

no

Outputs

Name

Description

access_control_domain

The domain associated with the bucket access control.

access_control_email

The email address associated with the bucket access control.

access_control_id

An identifier for the bucket access control

acls

The associated ACLs

bucket

bucket created on GCP

env

Elements to be set as environment variables

env_secret

Secrets to be set as environment variables

iam_members

The associated IAM policy

name

Name of the bucket

self_link

The URI of the created bucket

url

The base URL of the bucket, in the format gs://

Examples