terraform-google-cloud-storage
terraform-google-cloud-storage copied to clipboard
terraform-google-modules
Allow CORS and website configurations only for one bucket
TL;DR
Actually, when we use your module to create multiple buckets, we can't enable CORS for only one bucket. Could you add an enhancement to specify which bucket should be affected by the CORS ?
In the code below, I don't want my datastore bucket to have a website and cors configuration
Terraform Resources
module "buckets" {
source = "terraform-google-modules/cloud-storage/google"
version = "~> 3.3"
project_id = var.project_id
randomize_suffix = true
names = [
"website1",
"website2",
"datastore",
]
force_destroy = {
"website1" = true,
"website2" = true,
"datastore" = true,
}
prefix = var.prefix
location = var.region
# Read only access by bucket
set_viewer_roles = true
viewers = [
"group:${var.organisation_groups["viewers"]}",
]
bucket_viewers = {
"website1" = "allUsers",
"website2" = "allUsers",
}
# Write access by bucket
set_creator_roles = true
bucket_creators = {
"website1" = "group:${var.organisation_groups["website1"]}",
"website2" = "group:${var.organisation_groups["website2"]}",
}
# Read, write and delete access by bucket
set_admin_roles = true
bucket_admins = {
"website1" = "serviceAccount:${var.adminweb}",
"website2" = "serviceAccount:${var.adminweb}",
"datastore" = "serviceAccount:${var.admindata}",
}
labels = local.labels
versioning = {
"website1" = true,
"website2" = true,
"datastore" = false,
}
website = {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors = [
{
max_age_seconds = 3600
method = ["*"]
origin = ["*"]
response_header = [
"Access-Control-Allow-Origin",
"Origin",
"Content-Type",
"Content-MD5",
"Content-Disposition",
"X-Goog-Content-Length-Range",
]
}
]
}
Detailed design
Proposition of syntax
module "buckets" {
source = "terraform-google-modules/cloud-storage/google"
version = "~> 3.3"
project_id = var.project_id
randomize_suffix = true
names = [
"website1",
"website2",
"datastore",
]
force_destroy = {
"website1" = true,
"website2" = true,
"datastore" = true,
}
prefix = var.prefix
location = var.region
# Read only access by bucket
set_viewer_roles = true
viewers = [
"group:${var.organisation_groups["viewers"]}",
]
bucket_viewers = {
"website1" = "allUsers",
"website2" = "allUsers",
}
# Write access by bucket
set_creator_roles = true
bucket_creators = {
"website1" = "group:${var.organisation_groups["website1"]}",
"website2" = "group:${var.organisation_groups["website2"]}",
}
# Read, write and delete access by bucket
set_admin_roles = true
bucket_admins = {
"website1" = "serviceAccount:${var.adminweb}",
"website2" = "serviceAccount:${var.adminweb}",
"datastore" = "serviceAccount:${var.admindata}",
}
labels = local.labels
versioning = {
"website1" = true,
"website2" = true,
"datastore" = false,
}
website = {
"website1" = {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
"website2" = {
main_page_suffix = "web2.html"
not_found_page = "w404.html"
}
}
cors = {
"website1" = {
[
{
max_age_seconds = 3600
method = ["*"]
origin = ["*"]
response_header = [
"Access-Control-Allow-Origin",
"Origin",
"Content-Type",
"Content-MD5",
"Content-Disposition",
"X-Goog-Content-Length-Range",
]
}
]
}
}
Additional information
No response
PR to segment buckets by CORS: https://github.com/terraform-google-modules/terraform-google-cloud-storage/pull/296
PR to segment buckets by website configurations https://github.com/terraform-google-modules/terraform-google-cloud-storage/pull/297
Guys, I need revision. Can you help? In 7 days the PR will close automatically as it has been suspended for 60 days.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days