feat!: add support for public_access_prevention (#218)

README.md

@@ -24,7 +24,7 @@ Basic usage of this module is as follows:
 ```hcl
 module "gcs_buckets" {
   source  = "terraform-google-modules/cloud-storage/google"
-  version = "~> 3.4"
+  version = "~> 4.0"
   project_id  = "<PROJECT ID>"
   names = ["first", "second"]
   prefix = "my-unique-prefix"
@@ -69,6 +69,7 @@ Functional examples are included in the
 | names | Bucket name suffixes. | `list(string)` | n/a | yes |
 | prefix | Prefix used to generate the bucket name. | `string` | `""` | no |
 | project\_id | Bucket project id. | `string` | n/a | yes |
+| public\_access\_prevention | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `"inherited"` | no |
 | randomize\_suffix | Adds an identical, but randomized 4-character suffix to all bucket names | `bool` | `false` | no |
 | retention\_policy | Map of retention policy values. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket#retention_policy | `any` | `{}` | no |
 | set\_admin\_roles | Grant roles/storage.objectAdmin role to admins and bucket\_admins. | `bool` | `false` | no |
@@ -108,7 +109,7 @@ The following dependencies must be available:
 
 - [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
   - For Terraform v0.11 see the [Compatibility](#compatibility) section above
-- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0
+- [Terraform Provider for GCP][terraform-provider-gcp] plugin >= v4.42
 
 ### Service Account
 

main.tf

@@ -39,11 +39,13 @@ locals {
 resource "google_storage_bucket" "buckets" {
   for_each = local.names_set
 
-  name          = join("-", compact([var.prefix, each.value, local.suffix]))
-  project       = var.project_id
-  location      = var.location
-  storage_class = var.storage_class
-  labels        = merge(var.labels, { name = replace(join("-", compact([var.prefix, each.value])), ".", "-") })
+  name                     = join("-", compact([var.prefix, each.value, local.suffix]))
+  project                  = var.project_id
+  location                 = var.location
+  storage_class            = var.storage_class
+  labels                   = merge(var.labels, { name = replace(join("-", compact([var.prefix, each.value])), ".", "-") })
+  public_access_prevention = var.public_access_prevention
+
   force_destroy = lookup(
     var.force_destroy,
     lower(each.value),

modules/simple_bucket/README.md

@@ -9,7 +9,7 @@ The resources/services/activations/deletions that this module will create/trigge
 
 ## Compatibility
 
-This module is meant for use with Terraform 0.12.
+This module is meant for use with Terraform 0.13+.
 
 ## Usage
 
@@ -18,7 +18,7 @@ Basic usage of this module is as follows:
 ```hcl
 module "bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 3.4"
+  version = "~> 4.0"
 
   name       = "example-bucket"
   project_id = "example-project"
@@ -50,6 +50,7 @@ Functional examples are included in the
 | log\_object\_prefix | The object prefix for log objects. If it's not provided, by default GCS sets this to this bucket's name | `string` | `null` | no |
 | name | The name of the bucket. | `string` | n/a | yes |
 | project\_id | The ID of the project to create the bucket in. | `string` | n/a | yes |
+| public\_access\_prevention | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `"inherited"` | no |
 | retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked        = bool<br>    retention_period = number<br>  })</pre> | `null` | no |
 | storage\_class | The Storage Class of the new bucket. | `string` | `null` | no |
 | versioning | While set to true, versioning is fully enabled for this bucket. | `bool` | `true` | no |
@@ -73,8 +74,8 @@ These sections describe requirements for using this module.
 
 The following dependencies must be available:
 
-- [Terraform][terraform] v0.12
-- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0
+- [Terraform][terraform] >= 0.13.0
+- [Terraform Provider for GCP][terraform-provider-gcp] plugin >= v4.42
 
 ### Service Account
 

modules/simple_bucket/main.tf

@@ -22,6 +22,7 @@ resource "google_storage_bucket" "bucket" {
   uniform_bucket_level_access = var.bucket_policy_only
   labels                      = var.labels
   force_destroy               = var.force_destroy
+  public_access_prevention    = var.public_access_prevention
 
   versioning {
     enabled = var.versioning

modules/simple_bucket/variables.tf

@@ -130,3 +130,9 @@ variable "website" {
   default     = {}
   description = "Map of website values. Supported attributes: main_page_suffix, not_found_page"
 }
+
+variable "public_access_prevention" {
+  description = "Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint."
+  type        = string
+  default     = "inherited"
+}

modules/simple_bucket/versions.tf

@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.31, < 5.0"
+      version = ">= 4.42, < 5.0"
     }
   }
 

variables.tf

@@ -253,3 +253,9 @@ variable "logging" {
   type        = any
   default     = {}
 }
+
+variable "public_access_prevention" {
+  description = "Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint."
+  type        = string
+  default     = "inherited"
+}

versions.tf

@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.31, < 5.0"
+      version = ">= 4.42, < 5.0"
     }
 
     random = {