Skip to content
This repository has been archived by the owner on Sep 16, 2024. It is now read-only.

Commit

Permalink
Revert "add support for gcr buckets with uniform_bucket_level_access …
Browse files Browse the repository at this point in the history 
…= true (#30)" (#31)

This reverts commit b882a21.
  • Loading branch information
@anouarchattouna
anouarchattouna authored Jan 18, 2022
1 parent b882a21 commit 9eb0fde
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 49 deletions.
29 changes: 15 additions & 14 deletions .terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 0 additions & 7 deletions data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,2 @@
# get project details
data "google_project" "this" {}

data "google_storage_bucket" "bucket" {
for_each = toset(local.buckets)

name = each.value
}

17 changes: 4 additions & 13 deletions iam.tf
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,14 @@
# Grant cleaner service account access to delete references in Google Container Registry
# for buckets with uniform_bucket_level_access = false
resource "google_storage_bucket_access_control" "this" {
for_each = toset(local.google_storage_bucket_access_control)
for_each = {
for item in toset(local.project_storage_region) : "${item.storage_region}.${item.project_id}" => item
}

bucket = each.value
bucket = each.value.storage_region != "" ? "${each.value.storage_region}.artifacts.${each.value.project_id}.appspot.com" : "artifacts.${each.value.project_id}.appspot.com"
role = "WRITER"
entity = "user-${google_service_account.cleaner.email}"
}

# Grant cleaner service account access to delete references in Google Container Registry
# for buckets with uniform_bucket_level_access = true
resource "google_storage_bucket_iam_member" "this" {
for_each = toset(local.google_storage_bucket_iam_member)

bucket = each.value
role = "roles/storage.legacyBucketWriter"
member = "serviceAccount:${google_service_account.cleaner.email}"
}

# Add IAM policy binding to the Cloud Run service
resource "google_cloud_run_service_iam_binding" "this" {
location = google_cloud_run_service.this.location
Expand Down
14 changes: 0 additions & 14 deletions locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,18 +67,4 @@ locals {
}
]
])

buckets = [
for repo in var.gcr_repositories : repo.storage_region != null ? "${repo.storage_region}.artifacts.${repo.project_id != null ? repo.project_id : local.google_project_id}.appspot.com" : "artifacts.${repo.project_id != null ? repo.project_id : local.google_project_id}.appspot.com"
]

# Buckets having uniform_bucket_level_access = true
google_storage_bucket_iam_member = [
for bucket in local.buckets : bucket if data.google_storage_bucket.bucket[bucket].uniform_bucket_level_access
]

# Buckets having uniform_bucket_level_access = false
google_storage_bucket_access_control = [
for bucket in local.buckets : bucket if !data.google_storage_bucket.bucket[bucket].uniform_bucket_level_access
]
}
2 changes: 1 addition & 1 deletion versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.88.0"
version = ">= 4.1.0"
}
}
}

0 comments on commit 9eb0fde

Please sign in to comment.