naiserator icon indicating copy to clipboard operation
naiserator copied to clipboard
verified publisher icon nais

Change default settings for StorageBuckets

Open jhrv opened this issue 11 months ago • 1 comments

uniform bucket level access

uniformBucketLevelAccess: true is the default from Google, and new organizations even come with a constraint. This should be the default, and does not need to be exposed to the end user.

This will require that we change the way we grant the application service account access to the bucket. Today we create a StorageBucketAccessControl resource where we grant the user OWNER on the bucket. This we can drop, and just grant the SA roles/storage.objectUser instead.

This cleans up the logic in pkg/resourcecreator/google/storagebucket/storagebucket.go

disable soft-delete

Soft-delete is a new setting that come as default. This is not needed, and should be disabled by default by setting it to 0.

softDeletePolicy:
    retentionDurationSeconds: 0 # 604800 is default (1 week)

jhrv avatar Feb 07 '25 11:02 jhrv

Investeringsvilje: 1 uke

jhrv avatar Oct 10 '25 18:10 jhrv