feat: add hierarchical namespace flag

Since v6.9.0 of terraform-provider-google, the hierarchical_namespace option is avaiblable. https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md#690-october-28-2024 More info about this feature : https://cloud.google.com/blog/products/storage-data-transfer/understanding-new-cloud-storage-hierarchical-namespace?hl=en (edit I added an Google Individual CLA)
terraform-google-modules · Dec 13, 2024 · e958b7e · e958b7e
1 parent 7459e41
commit e958b7e
Show file tree

Hide file tree

Showing 12 changed files with 61 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -63,6 +63,7 @@ Functional examples are included in the
 | encryption\_key\_names | Optional map of lowercase unprefixed name => string, empty strings are ignored. | `map(string)` | `{}` | no |
 | folders | Map of lowercase unprefixed name => list of top level folder objects. | `map(list(string))` | `{}` | no |
 | force\_destroy | Optional map of lowercase unprefixed name => boolean, defaults to false. | `map(bool)` | `{}` | no |
+| hierarchical_namespace | Optional map of lowercase unprefixed bucket name => boolean, defaults to false. | `map(bool)` | `{}` | no |
 | hmac\_key\_admins | IAM-style members who will be granted roles/storage.hmacKeyAdmin on all buckets. | `list(string)` | `[]` | no |
 | hmac\_service\_accounts | List of HMAC service accounts to grant access to GCS. | `map(string)` | `{}` | no |
 | labels | Labels to be attached to the buckets | `map(string)` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -76,6 +76,13 @@ resource "google_storage_bucket" "buckets" {
       false,
     )
   }
+  hierarchical_namespace {
+    enabled = lookup(
+      var.hierarchical_namespace,
+      lower(each.value),
+      false,
+    )
+  }
   # Having a permanent encryption block with default_kms_key_name = "" works but results in terraform applying a change every run
   # There is no enabled = false attribute available to ask terraform to ignore the block
   dynamic "encryption" {

diff --git a/metadata.display.yaml b/metadata.display.yaml
@@ -75,6 +75,9 @@ spec:
         force_destroy:
           name: force_destroy
           title: Force Destroy
+        hierarchical_namespace:
+          name: hierarchical_namespace
+          title: Hierarchical Namespace
         hmac_key_admins:
           name: hmac_key_admins
           title: Hmac Key Admins

diff --git a/metadata.yaml b/metadata.yaml
@@ -76,6 +76,10 @@ spec:
         description: Optional map of lowercase unprefixed bucket name => boolean, defaults to false.
         varType: map(bool)
         defaultValue: {}
+      - name: hierarchical_namespace
+        description: Optional map of lowercase unprefixed bucket name => boolean, defaults to false.
+        varType: map(bool)
+        defaultValue: {}
       - name: encryption_key_names
         description: Optional map of lowercase unprefixed name => string, empty strings are ignored.
         varType: map(string)
@@ -284,6 +288,11 @@ spec:
               - - object
                 - default_kms_key_name: string
             force_destroy: bool
+            hierarchical_namespace:
+              - list
+              - - object
+                - enabled: bool
+                  terminal_storage_class: string
             id: string
             labels:
               - map
@@ -402,6 +411,11 @@ spec:
                   - - object
                     - default_kms_key_name: string
                 force_destroy: bool
+                hierarchical_namespace:
+                  - list
+                  - - object
+                    - enabled: bool
+                      terminal_storage_class: string
                 id: string
                 labels:
                   - map
@@ -521,6 +535,11 @@ spec:
                   - - object
                     - default_kms_key_name: string
                 force_destroy: bool
+                hierarchical_namespace:
+                  - list
+                  - - object
+                    - enabled: bool
+                      terminal_storage_class: string
                 id: string
                 labels:
                   - map

diff --git a/modules/simple_bucket/README.md b/modules/simple_bucket/README.md
@@ -44,6 +44,7 @@ Functional examples are included in the
 | custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
 | encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`. | <pre>object({<br>    default_kms_key_name = string<br>  })</pre> | `null` | no |
 | force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no |
+| hierarchical_namespace | While set to true, hierarchical namespace is enabled for this bucket. | `bool` | `false` | no |
 | iam\_members | The list of IAM members to grant permissions on the bucket. | <pre>list(object({<br>    role   = string<br>    member = string<br>  }))</pre> | `[]` | no |
 | internal\_encryption\_config | Configuration for the creation of an internal Google Cloud Key Management Service (KMS) Key for use as Customer-managed encryption key (CMEK) for the GCS Bucket<br>  instead of creating one in advance and providing the key in the variable `encryption.default_kms_key_name`.<br>  create\_encryption\_key: If `true` a Google Cloud Key Management Service (KMS) KeyRing and a Key will be created<br>  prevent\_destroy: Set the prevent\_destroy lifecycle attribute on keys.<br>  key\_destroy\_scheduled\_duration: Set the period of time that versions of keys spend in the `DESTROY_SCHEDULED` state before transitioning to `DESTROYED`.<br>  key\_rotation\_period: Generate a new key every time this period passes. | <pre>object({<br>    create_encryption_key          = optional(bool, false)<br>    prevent_destroy                = optional(bool, false)<br>    key_destroy_scheduled_duration = optional(string, null)<br>    key_rotation_period            = optional(string, "7776000s")<br>  })</pre> | `{}` | no |
 | labels | A set of key/value label pairs to assign to the bucket. | `map(string)` | `null` | no |

diff --git a/modules/simple_bucket/main.tf b/modules/simple_bucket/main.tf
@@ -37,6 +37,10 @@ resource "google_storage_bucket" "bucket" {
     enabled = var.autoclass
   }
 
+  hierarchical_namespace {
+    enabled = var.hierarchical_namespace
+  }
+
   dynamic "retention_policy" {
     for_each = var.retention_policy == null ? [] : [var.retention_policy]
     content {

diff --git a/modules/simple_bucket/metadata.display.yaml b/modules/simple_bucket/metadata.display.yaml
@@ -47,6 +47,9 @@ spec:
           name: force_destroy
           title: Force Destroy
           invisible: false
+        hierarchical_namespace:
+          name: hierarchical_namespace
+          title: Hierarchical Namespace
         iam_members:
           name: iam_members
           title: Iam Members

diff --git a/modules/simple_bucket/metadata.yaml b/modules/simple_bucket/metadata.yaml
@@ -91,6 +91,10 @@ spec:
         description: While set to true, autoclass is enabled for this bucket.
         varType: bool
         defaultValue: false
+      - name: hierarchical_namespace
+        description: While set to true, hierarchical namespace is enabled for this bucket.
+        varType: bool
+        defaultValue: false
       - name: retention_policy
         description: Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.
         varType: |-
@@ -204,6 +208,11 @@ spec:
               - - object
                 - default_kms_key_name: string
             force_destroy: bool
+            hierarchical_namespace:
+              - list
+              - - object
+                - enabled: bool
+                  terminal_storage_class: string
             id: string
             labels:
               - map

diff --git a/modules/simple_bucket/variables.tf b/modules/simple_bucket/variables.tf
@@ -75,6 +75,12 @@ variable "autoclass" {
   default     = false
 }
 
+variable "hierarchical_namespace" {
+  description = "While set to true, hierarchical namespace is enable for this bucket."
+  type        = bool
+  default     = false
+}
+
 variable "retention_policy" {
   description = "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."
   type = object({

diff --git a/modules/simple_bucket/versions.tf b/modules/simple_bucket/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.43.0, < 7"
+      version = ">= 6.9.0, < 7"
     }
   }
 

diff --git a/variables.tf b/variables.tf
@@ -66,6 +66,12 @@ variable "autoclass" {
   default     = {}
 }
 
+variable "hierarchical_namespace" {
+  description = "Optional map of lowercase unprefixed bucket name => boolean, defaults to false."
+  type        = map(bool)
+  default     = {}
+}
+
 variable "encryption_key_names" {
   description = "Optional map of lowercase unprefixed name => string, empty strings are ignored."
   type        = map(string)

diff --git a/versions.tf b/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.43.0, < 7"
+      version = ">= 6.9.0, < 7"
     }
 
     random = {