daml/infra/modules/gcp_cdn_bucket/google_storage.tf

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0

data "google_project" "current" {
  project_id = var.project
}

locals {
  default_role_entities = [
    "OWNER:project-owners-${data.google_project.current.number}",
    "OWNER:project-editors-${data.google_project.current.number}",
    "READER:project-viewers-${data.google_project.current.number}",

    # all the objects are publicly readable!
    "READER:allUsers",
  ]
}

resource "google_storage_bucket" "default" {
  project = var.project
  name    = var.name
  labels  = var.labels

  # SLA is enough for a cache and is cheaper than MULTI_REGIONAL
  # see https://cloud.google.com/storage/docs/storage-classes
  storage_class = "REGIONAL"

  # Use a normal region since the storage_class is regional
  location = var.region

  # cleanup the cache after ${var.cache_retention_days} days
  lifecycle_rule {
    action {
      type = "Delete"
    }

    condition {
      age = var.cache_retention_days # days
    }
  }

  website {
    # This doesn't exist, but the property has to have a value, otherwise GCP
    # sets a default one and Terraform never thinks the config applies cleanly.
    # I miss AWS.
    main_page_suffix = "index.html"
  }

  force_destroy = true
}

resource "google_storage_bucket_acl" "default" {
  bucket      = google_storage_bucket.default.name
  default_acl = "publicread"
  role_entity = local.default_role_entities
}
update copyright notices for 2021 (#8257) * update copyright notices for 2021 To be merged on 2021-01-01. CHANGELOG_BEGIN CHANGELOG_END * patch-bazel-windows & da-ghc-lib 2021-01-01 21:49:51 +03:00			`# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`# SPDX-License-Identifier: Apache-2.0`

			`data "google_project" "current" {`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`project_id = var.project`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`}`

			`locals {`
			`default_role_entities = [`
			`"OWNER:project-owners-${data.google_project.current.number}",`
			`"OWNER:project-editors-${data.google_project.current.number}",`
			`"READER:project-viewers-${data.google_project.current.number}",`

			`# all the objects are publicly readable!`
			`"READER:allUsers",`
			`]`
			`}`

			`resource "google_storage_bucket" "default" {`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`project = var.project`
			`name = var.name`
			`labels = var.labels`
open-sourcing daml 2019-04-04 11:33:38 +03:00
			`# SLA is enough for a cache and is cheaper than MULTI_REGIONAL`
			`# see https://cloud.google.com/storage/docs/storage-classes`
			`storage_class = "REGIONAL"`

			`# Use a normal region since the storage_class is regional`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`location = var.region`
open-sourcing daml 2019-04-04 11:33:38 +03:00
infra: move index.html outside gcp_cdn_bucket module (#1716) * infra: gcp_cdn_bucket: update comment The cache retention can be configured, while the comment suggests its hardcoded. * infra: don't create index.html inside gcp_cdn_bucket module We might want to add a different index.html per bucket, so move that code outside the module and into the bucket-specific terraform files. Also add bucket-specific index.html files. 2019-07-02 13:14:21 +03:00			`# cleanup the cache after ${var.cache_retention_days} days`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`lifecycle_rule {`
			`action {`
			`type = "Delete"`
			`}`

			`condition {`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`age = var.cache_retention_days # days`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`}`
			`}`

fix tf config for GCP default (#5158) It looks like GCP doesn't like not having a "page suffix" set, so it sets a default. Except somehow Terraform doesn't know it's a default value, so when trying to plan without the (optional) website value set, Terraform will always find that the deployed state has changed. With this change, we set it to a value that doesn't exist and won't work, but at least Terraform will see that the deployed state matches the configured one. Note: this PR is a bit special as far as "changes" go as there will be nothing to apply: applying current master tries to get rid of this website.main_page_suffix value, but it's back on the next run. With this patch, `terraform plan` declares "nothing to apply", so this PR itself won't (need to) be applied. CHANGELOG_BEGIN CHANGELOG_END 2020-03-24 15:33:59 +03:00			`website {`
			`# This doesn't exist, but the property has to have a value, otherwise GCP`
			`# sets a default one and Terraform never thinks the config applies cleanly.`
			`# I miss AWS.`
			`main_page_suffix = "index.html"`
			`}`

open-sourcing daml 2019-04-04 11:33:38 +03:00			`force_destroy = true`
			`}`

			`resource "google_storage_bucket_acl" "default" {`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`bucket = google_storage_bucket.default.name`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`default_acl = "publicread"`
update Terraform files to match reality (#8780) * fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert 2021-02-08 20:25:04 +03:00			`role_entity = local.default_role_entities`
open-sourcing daml 2019-04-04 11:33:38 +03:00			`}`