digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 09:17:43 +03:00
Code Issues Projects Releases Wiki Activity
6dc769b7ad
daml/infra/modules/gcp_cdn_bucket/google_storage.tf
Gary Verhaegen cfae2d88f5
update Terraform files to match reality (#8780) 
* fixup terraform config

Two changes have happened recently that have invalidated the current
Terraform files:

1. The Terraform version has gone through a major, incompatible upgrade
   (#8190); the required updates for this are reflected in the first
   commit of this PR.
2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was
   about to expire, so Edward created a new one and updated the config
   directly. The second commit in this PR updates the Terraform config
   to match that new, already-in-prod setting.

Note: This PR applies cleanly, as there are no resulting changes in
Terraform's perception of the target state from 1, and the change from 2
has already been applied through other channels.

CHANGELOG_BEGIN
CHANGELOG_END

* update hoogle cert
2021-02-08 17:25:04 +00:00

57 lines
1.5 KiB
HCL
Raw Blame History

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
data "google_project" "current" {
project_id = var.project
}
locals {
default_role_entities = [
"OWNER:project-owners-${data.google_project.current.number}",
"OWNER:project-editors-${data.google_project.current.number}",
"READER:project-viewers-${data.google_project.current.number}",
# all the objects are publicly readable!
"READER:allUsers",
]
}
resource "google_storage_bucket" "default" {
project = var.project
name = var.name
labels = var.labels
# SLA is enough for a cache and is cheaper than MULTI_REGIONAL
# see https://cloud.google.com/storage/docs/storage-classes
storage_class = "REGIONAL"
# Use a normal region since the storage_class is regional
location = var.region
# cleanup the cache after ${var.cache_retention_days} days
lifecycle_rule {
action {
type = "Delete"
}
condition {
age = var.cache_retention_days # days
}
}
website {
# This doesn't exist, but the property has to have a value, otherwise GCP
# sets a default one and Terraform never thinks the config applies cleanly.
# I miss AWS.
main_page_suffix = "index.html"
}
force_destroy = true
}
resource "google_storage_bucket_acl" "default" {
bucket = google_storage_bucket.default.name
default_acl = "publicread"
role_entity = local.default_role_entities
}
Reference in New Issue View Git Blame Copy Permalink