Add storage/SA objects for roundtable-dev

lsst · Nov 14, 2023 · abfad09 · abfad09
1 parent ab3ebb4
commit abfad09
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/environment/deployments/data-curation/env/production.tfvars b/environment/deployments/data-curation/env/production.tfvars
@@ -80,5 +80,15 @@ git_lfs_ro_service_accounts = [
   "serviceAccount:[email protected]"
 ]
 
+# Git LFS bucket access service accounts (Dev, RW).
+git_lfs_rw_dev_service_accounts = [
+  "serviceAccount:[email protected]"
+]
+
+# Git LFS bucket access service accounts (Dev, RW).
+git_lfs_ro_dev_service_accounts = [
+  "serviceAccount:[email protected]"
+]
+
 # Increase this number to force Terraform to update the production environment.
 # Serial: 5
diff --git a/environment/deployments/data-curation/main.tf b/environment/deployments/data-curation/main.tf
@@ -167,7 +167,7 @@ resource "google_storage_bucket_iam_binding" "dp02-hips-bucket-ro-iam-binding" {
   members = var.hips_service_accounts
 }
 
-// Git LFS Storage Bucket
+// Git LFS Storage Bucket (Prod)
 module "storage_bucket_5" {
   source        = "../../../modules/bucket"
   project_id    = module.project_factory.project_id
@@ -199,6 +199,38 @@ resource "google_storage_bucket_iam_binding" "git-lfs-bucket-rw-iam-binding" {
   members = var.git_lfs_rw_service_accounts
 }
 
+// Git LFS Storage Bucket (Dev)
+module "storage_bucket_6" {
+  source        = "../../../modules/bucket"
+  project_id    = module.project_factory.project_id
+  storage_class = "REGIONAL"
+  location      = "us-central1"
+  suffix_name   = ["git-lfs-dev"]
+  prefix_name   = "rubin"
+  versioning = {
+    git-lfs-dev = false
+  }
+  force_destroy = {
+    git-lfs-dev = false
+  }
+  labels = {
+    environment = var.environment
+    application = "giftless"
+  }
+}
+// RO storage access to Git-LFS Dev bucket
+resource "google_storage_bucket_iam_binding" "git-lfs-bucket-dev-ro-iam-binding" {
+  bucket  = module.storage_bucket_6.name
+  role    = "roles/storage.objectViewer"
+  members = var.git_lfs_ro_dev_service_accounts
+}
+// RW storage access to Git-LFS Dev bucket
+resource "google_storage_bucket_iam_binding" "git-lfs-bucket-rw-iam-binding" {
+  bucket  = module.storage_bucket_6.name
+  role    = "roles/storage.objectAdmin"
+  members = var.git_lfs_rw_dev_service_accounts
+}
+
 #---------------------------------------------------------------
 // Data Curation Prod
 #---------------------------------------------------------------

diff --git a/environment/deployments/data-curation/variables.tf b/environment/deployments/data-curation/variables.tf
@@ -232,3 +232,17 @@ variable "git_lfs_rw_service_accounts" {
   description = "Service accounts used for Git-LFS Giftless access (RW)"
   default     = []
 }
+
+// Git LFS RO
+variable "git_lfs_ro_dev_service_accounts" {
+  type        = list(string)
+  description = "Service accounts used for Git-LFS Giftless Dev access (RO)"
+  default     = []
+}
+
+// Git LFS RW
+variable "git_lfs_rw_dev_service_accounts" {
+  type        = list(string)
+  description = "Service accounts used for Git-LFS Giftless Dev access (RW)"
+  default     = []
+}