Add simple bucket submodule #35
Conversation
| name = "example-bucket" | ||
| project = "example-project" | ||
| location = "us-east1" | ||
| iam_members = [{ |
There was a problem hiding this comment.
Instead of requiring users to set IAM roles themselves (and potentially misconfiguring IAM), could we use bucket_admins, bucket_creators, and bucket_viewers variables?
There was a problem hiding this comment.
Just to be clear, you mean helper iam fields in addition to iam_members?
If we require a helper field for every role it can get quite large and somewhat inflexible I imagine (esp if using custom roles, etc like in #18).
Also other modules like healthcare, etc also just have a single iam_members field.
There was a problem hiding this comment.
Fair point, I was mostly thinking about consistency with the existing module. I guess it's a nice-to-have but not required.
Agreed with should always support explicit iam_members.
There was a problem hiding this comment.
Great. I'll hold off on this for the initial version. I think it's worth it for users to understand the exact roles they are assigning as there are some subtle differences e.g. roles/storage.admin vs roles/storage.objectAdmin. We can definitely expand it in the future as you mentioned alongside explicit iam_members.
modules/simple_bucket/variables.tf
Outdated
| type = string | ||
| } | ||
|
|
||
| variable "project" { |
There was a problem hiding this comment.
For consistency, let's call this project_id.
| name = "example-bucket" | ||
| project = "example-project" | ||
| location = "us-east1" | ||
| iam_members = [{ |
There was a problem hiding this comment.
Great. I'll hold off on this for the initial version. I think it's worth it for users to understand the exact roles they are assigning as there are some subtle differences e.g. roles/storage.admin vs roles/storage.objectAdmin. We can definitely expand it in the future as you mentioned alongside explicit iam_members.
modules/simple_bucket/variables.tf
Outdated
| type = string | ||
| } | ||
|
|
||
| variable "project" { |
modules/simple_bucket/README.md
Outdated
|
|
||
| The resources/services/activations/deletions that this module will create/trigger are: | ||
|
|
||
| - One GCS buckets |
There was a problem hiding this comment.
| - One GCS buckets | |
| - One GCS buckets |
modules/simple_bucket/README.md
Outdated
| The resources/services/activations/deletions that this module will create/trigger are: | ||
|
|
||
| - One GCS buckets | ||
| - Zero or more IAM bindings for those buckets |
There was a problem hiding this comment.
| - Zero or more IAM bindings for those buckets | |
| - Zero or more IAM bindings for that bucket |
modules/simple_bucket/README.md
Outdated
| ## Compatibility | ||
|
|
||
| This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) | ||
| and need a Terraform 0.11.x-compatible version of this module, the last released version intended for |
There was a problem hiding this comment.
There's no version of this module for TF 0.11. Could probably drop this whole section.
modules/simple_bucket/README.md
Outdated
| The following dependencies must be available: | ||
|
|
||
| - [Terraform][terraform] v0.12 | ||
| - For Terraform v0.11 see the [Compatibility](#compatibility) section above |
|
D'oh. Rushed through the docs earlier. Fixed |
Co-Authored-By: Morgante Pell <[email protected]>
Co-Authored-By: Morgante Pell <[email protected]>
This module provides a simpler module for creating a single bucket. This is more consistent with the Terraform provider and other CFT modules.
It provides better defaults out of the box as well than using the provider directly: