Add public access prevention variable to bucket module

joreetz-otto · joreetz-otto · commit 0686cec26f62 · 2025-01-15T13:12:40.000+01:00
diff --git a/tf/bucket/main.tf b/tf/bucket/main.tf
@@ -31,6 +31,7 @@ resource "google_storage_bucket" "main" {
   location = var.location
 
   force_destroy               = var.force_destroy
+  public_access_prevention    = var.public_access_prevention
   uniform_bucket_level_access = true
 
   dynamic "retention_policy" {
diff --git a/tf/bucket/variables.tf b/tf/bucket/variables.tf
@@ -1,7 +1,13 @@
+variable "admins" {
+  description = "IAM-style members who will be granted roles/storage.objectAdmin on bucket."
+  type        = list(string)
+  default     = []
+}
 
-variable "name" {
-  description = "The name of the bucket."
-  type        = string
+variable "force_destroy" {
+  description = "When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run."
+  type        = bool
+  default     = false
 }
 
 variable "location" {
@@ -10,23 +16,22 @@ variable "location" {
   default     = "europe-west1"
 }
 
-variable "force_destroy" {
-  description = "When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run."
-  type        = bool
-  default     = false
+variable "name" {
+  description = "The name of the bucket."
+  type        = string
 }
 
-
-variable "admins" {
-  description = "IAM-style members who will be granted roles/storage.objectAdmin on bucket."
-  type        = list(string)
-  default     = []
+variable "public_access_prevention" {
+  description = "The public access prevention configuration for this bucket."
+  type        = string
+  default     = "inherited"
 }
 
-variable "viewers" {
-  description = "IAM-style members who will be granted roles/storage.objectViewer on bucket."
-  type        = list(string)
-  default     = []
+variable "retention_policy" {
+  type        = map(any)
+  nullable    = true
+  default     = null
+  description = "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."
 }
 
 variable "users" {
@@ -35,9 +40,8 @@ variable "users" {
   default     = []
 }
 
-variable "retention_policy" {
-  type        = map(any)
-  nullable    = true
-  default     = null
-  description = "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."
+variable "viewers" {
+  description = "IAM-style members who will be granted roles/storage.objectViewer on bucket."
+  type        = list(string)
+  default     = []
 }
