feat: Add simple bucket submodule (#35)

README.md

@@ -7,6 +7,9 @@ The resources/services/activations/deletions that this module will create/trigge
 - One or more GCS buckets
 - Zero or more IAM bindings for those buckets
 
+If you only wish to create a single bucket, consider using the
+[simple bucket](modules/simple_bucket) submodule instead.
+
 ## Compatibility
 
  This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html)
@@ -120,4 +123,3 @@ information on contributing to this module.
 [project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
 [terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html
 [terraform]: https://www.terraform.io/downloads.html
-

examples/simple_bucket/main.tf

@@ -0,0 +1,27 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "bucket" {
+  source = "../../modules/simple_bucket"
+
+  name       = "example-bucket"
+  project_id = "example-project"
+  location   = "us-east1"
+  iam_members = [{
+    role   = "roles/storage.viewer"
+    member = "user:example-user@example.com"
+  }]
+}

kitchen.yml

@@ -26,13 +26,13 @@ platforms:
   - name: default
 
 suites:
-  - name: simple_example
+  - name: multiple_buckets
     driver:
-      root_module_directory: test/fixtures/simple_example/
+      root_module_directory: test/fixtures/multiple_buckets/
     verifier:
       color: false
       systems:
-        - name: simple_example local
+        - name: multiple_buckets local
           backend: local
           controls:
             - gsutil

modules/simple_bucket/README.md

@@ -0,0 +1,94 @@
+# Terraform Google Cloud Storage Module
+
+This module makes it easy to create a GCS bucket, and assign basic permissions on it to arbitrary users.
+
+The resources/services/activations/deletions that this module will create/trigger are:
+
+- One GCS bucket
+- Zero or more IAM bindings for that bucket
+
+## Compatibility
+
+This module is meant for use with Terraform 0.12.
+
+## Usage
+
+Basic usage of this module is as follows:
+
+```hcl
+module "bucket" {
+  source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
+  version = "~> 0.1"
+
+  name     = "example-bucket"
+  project  = "example-project"
+  location = "us-east1"
+  iam_members = [{
+    role   = "roles/storage.viewer"
+    member = "user:example-user@example.com"
+  }]
+}
+```
+
+Functional examples are included in the
+[examples](../../examples/) directory.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| bucket\_policy\_only | Enables Bucket Policy Only access to a bucket. | bool | `"true"` | no |
+| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket | object | `"null"` | no |
+| force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | bool | `"false"` | no |
+| iam\_members | The list of IAM members to grant permissions on the bucket. | object | `<list>` | no |
+| labels | A set of key/value label pairs to assign to the bucket. | map(string) | `"null"` | no |
+| location | The location of the bucket. | string | n/a | yes |
+| name | The name of the bucket. | string | n/a | yes |
+| project\_id | The ID of the project to create the bucket in. | string | n/a | yes |
+| retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | object | `"null"` | no |
+| storage\_class | The Storage Class of the new bucket. | string | `"null"` | no |
+| versioning | While set to true, versioning is fully enabled for this bucket. | bool | `"true"` | no |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Requirements
+
+These sections describe requirements for using this module.
+
+### Software
+
+The following dependencies must be available:
+
+- [Terraform][terraform] v0.12
+- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0
+
+### Service Account
+
+User or service account credentials with the following roles must be used to provision the resources of this module:
+
+- Storage Admin: `roles/storage.admin`
+
+The [Project Factory module][project-factory-module] and the
+[IAM module][iam-module] may be used in combination to provision a
+service account with the necessary roles applied.
+
+### APIs
+
+A project with the following APIs enabled must be used to host the
+resources of this module:
+
+- Google Cloud Storage JSON API: `storage-api.googleapis.com`
+
+The [Project Factory module][project-factory-module] can be used to
+provision a project with the necessary APIs enabled.
+
+## Contributing
+
+Refer to the [contribution guidelines](./CONTRIBUTING.md) for
+information on contributing to this module.
+
+[iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google
+[project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
+[terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html
+[terraform]: https://www.terraform.io/downloads.html

modules/simple_bucket/main.tf

@@ -0,0 +1,53 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_storage_bucket" "bucket" {
+  name               = var.name
+  project            = var.project_id
+  location           = var.location
+  storage_class      = var.storage_class
+  bucket_policy_only = var.bucket_policy_only
+  labels             = var.labels
+  force_destroy      = var.force_destroy
+
+  versioning {
+    enabled = var.versioning
+  }
+
+  dynamic "retention_policy" {
+    for_each = var.retention_policy == null ? [] : [var.retention_policy]
+    content {
+      is_locked        = var.retention_policy.is_locked
+      retention_period = var.retention_policy.retention_period
+    }
+  }
+
+  dynamic "encryption" {
+    for_each = var.encryption == null ? [] : [var.encryption]
+    content {
+      default_kms_key_name = var.encryption.default_kms_key_name
+    }
+  }
+}
+
+resource "google_storage_bucket_iam_member" "members" {
+  for_each = {
+    for m in var.iam_members : "${m.role} ${m.member}" => m
+  }
+  bucket = google_storage_bucket.bucket.name
+  role   = each.value.role
+  member = each.value.member
+}

modules/simple_bucket/variables.tf

@@ -0,0 +1,87 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "name" {
+  description = "The name of the bucket."
+  type        = string
+}
+
+variable "project_id" {
+  description = "The ID of the project to create the bucket in."
+  type        = string
+}
+
+variable "location" {
+  description = "The location of the bucket."
+  type        = string
+}
+
+variable "storage_class" {
+  description = "The Storage Class of the new bucket."
+  type        = string
+  default     = null
+}
+
+variable "labels" {
+  description = "A set of key/value label pairs to assign to the bucket."
+  type        = map(string)
+  default     = null
+}
+
+
+variable "bucket_policy_only" {
+  description = "Enables Bucket Policy Only access to a bucket."
+  type        = bool
+  default     = true
+}
+
+variable "versioning" {
+  description = "While set to true, versioning is fully enabled for this bucket."
+  type        = bool
+  default     = true
+}
+
+variable "force_destroy" {
+  description = "When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects."
+  type        = bool
+  default     = false
+}
+
+variable "iam_members" {
+  description = "The list of IAM members to grant permissions on the bucket."
+  type = list(object({
+    role   = string
+    member = string
+  }))
+  default = []
+}
+
+variable "retention_policy" {
+  description = "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."
+  type = object({
+    is_locked        = bool
+    retention_period = number
+  })
+  default = null
+}
+
+variable "encryption" {
+  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket"
+  type = object({
+    default_kms_key_name = string
+  })
+  default = null
+}

test/fixtures/simple_example/main.tf → test/fixtures/multiple_buckets/main.tf

@@ -20,12 +20,12 @@ provider "random" {
 
 resource "random_pet" "main" {
   length    = 1
-  prefix    = "simple-example"
+  prefix    = "multiple-buckets"
   separator = "-"
 }
 
 module "example" {
-  source     = "../../../examples/simple_example"
+  source     = "../../../examples/multiple_buckets"
   project_id = var.project_id
   prefix     = random_pet.main.id
   names      = ["one", "two"]

test/integration/simple_example/inspec.yml → test/integration/multiple_buckets/inspec.yml

@@ -1,4 +1,4 @@
-name: simple_example
+name: multiple_buckets
 attributes:
   - name: project_id
     required: true