Google Cloud Storage Terraform Module

Terraform module which creates a cloud storage bucket on GCP.

Inspired by and adapted from this and its source code.

• GCP Storage Bucket

Terraform versions

Supported version 0.15 and higher.

Usage

module "gcp-cloud-storage" {
  source = "git::https://github.com/lucasberlang/gcp-cloud-storage.git?ref=v1.4.0"

  [...]
}

The value of the ref source argument can be any terraform module version, please see version list. We recommend the use of the most updated version.

Requirements

Name	Version
terraform	>= 0.15
google	~> 4.0

Providers

Name	Version
google	4.46.0

Modules

No modules.

Resources

Name	Type
google_storage_bucket.bucket	resource
google_storage_bucket_iam_binding.bindings	resource
google_storage_bucket_object.empty_folder	resource

Inputs

Name	Description	Type	Default	Required
autoclass	While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.	bool	false	no
cloudbuild_gcs_name	Bucket name without prefix for cloud build.	string	null	no
cors	CORS configuration for the bucket. Defaults to null. origin: The list of Origins eligible to receive CORS response headers. Note: * is permitted in the list of origins, and means any Origin. method: The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: * is permitted in the list of methods, and means any method. response_header: The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains. max_age_seconds: The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.	object({ origin = list(string) method = list(string) response_header = list(string) max_age_seconds = number })	null	no
dual_data_locations	The list of individual regions that comprise a dual-region bucket.	list(string)	null	no
encryption_key	KMS key that will be used for encryption.	string	null	no
folders	Create empties folder in the bucket. Folders name should end with /	set(string)	[]	no
force_destroy	Optional map to set force destroy keyed by name, defaults to false.	bool	false	no
iam	IAM bindings in {ROLE => [MEMBERS]} format.	map(list(string))	{}	no
lifecycle_rule	Bucket lifecycle rule. type: The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload. storage_class: The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. age: Minimum age of an object in days to satisfy this condition. created_before: A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC. with_state: Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: LIVE, ARCHIVED, ANY. matches_storage_class: Storage Class of objects to satisfy this condition. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, DURABLE_REDUCED_AVAILABILITY. num_newer_versions: Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition. custom_time_before: A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition. days_since_custom_time: Days since the date set in the customTime metadata for the object. This condition is satisfied when the current date and time is at least the specified number of days after the customTime. days_since_noncurrent_time: Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object. noncurrent_time_before: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.	map(object({ type = string storage_class = optional(string) age = optional(number) created_before = optional(string) with_state = optional(string) matches_storage_class = optional(list(string)) num_newer_versions = optional(number) custom_time_before = optional(string) days_since_custom_time = optional(string) days_since_noncurrent_time = optional(string) noncurrent_time_before = optional(string) }))	{ "default": { "num_newer_versions": 3, "type": "Delete" } }	no
location	Bucket location.	string	"europe-west4"	no
logging_config	Bucket logging configuration. log_bucket: The bucket that will receive log objects. log_object_prefix: The object prefix for log objects. If it's not provided, by default GCS sets this to this bucket's name.	object({ log_bucket = string log_object_prefix = string })	null	no
name	Bucket name suffix.	string	null	no
offset	The offset to be added to the google cloud storage	number	1	no
project_id	Bucket project id.	string	n/a	yes
retention_policy	Bucket retention policy. retention_period: The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds. is_locked: If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.	object({ retention_period = number is_locked = bool })	null	no
storage_class	Bucket storage class.	string	"STANDARD"	no
tags	A mapping of tags to assign to all resources	map(string)	n/a	yes
uniform_bucket_level_access	Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API).	bool	true	no
versioning	Enable versioning.	bool	true	no
website	Bucket website. main_page_suffix: Behaves as the bucket's directory index where missing objects are treated as potential directories. not_found_page: The custom object to return when a requested resource is not found.	object({ main_page_suffix = string not_found_page = string })	null	no

Outputs

Name	Description
bucket	Bucket resource.
id	Bucket ID (same as name).
name	Bucket name.
self_link	The URI of the created resource.
url	Bucket URL.

Test

Environment

Since most automated tests written with Terratest can make potentially destructive changes in your environment, we strongly recommend running tests in an environment that is totally separate from production. For example, if you are testing infrastructure code for GCP, you should run your tests in a completely separate GCP account.

Requirements

Terratest uses the Go testing framework. To use terratest, you need to install:

• Go (requires version >=1.13)

Running

Now you should be able to run the example test.

1. Change your working directory to the test/src folder.
2. Each time you want to run the tests:

go test -timeout 20m

Terraform CLI

On the examples/dummy folder, perform the following commands.

• Get the plugins:

terraform init

• Review and apply the infrastructure test build:

terraform apply -var-file=fixtures.europe-west3.tfvars

• Remove all resources:

terraform destroy -auto-approve