fix: fixes lint issues and generates metadata (#207)

Co-authored-by: Awais Malik <awmalik@google.com>

Makefile

@@ -15,7 +15,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.4
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.10
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

build/int.cloudbuild.yaml

@@ -41,4 +41,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.4'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.4'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

metadata.yaml

@@ -0,0 +1,271 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-cloud-storage
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  title: Terraform Google Cloud Storage Module
+  source:
+    repo: https://github.com/terraform-google-modules/terraform-google-cloud-storage.git
+    sourceType: git
+  version: 3.4.0
+  actuationTool:
+    type: Terraform
+    version: '>= 0.13'
+  subBlueprints:
+  - name: simple_bucket
+    location: modules/simple_bucket
+  examples:
+  - name: multiple_buckets
+    location: examples/multiple_buckets
+  - name: simple_bucket
+    location: examples/simple_bucket
+  variables:
+  - name: admins
+    description: IAM-style members who will be granted roles/storage.objectAdmin on all buckets.
+    type: list(string)
+    default: []
+    required: false
+  - name: bucket_admins
+    description: Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket admins.
+    type: map(string)
+    default: {}
+    required: false
+  - name: bucket_creators
+    description: Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket creators.
+    type: map(string)
+    default: {}
+    required: false
+  - name: bucket_hmac_key_admins
+    description: Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket HMAC Key admins.
+    type: map(string)
+    default: {}
+    required: false
+  - name: bucket_lifecycle_rules
+    description: Additional lifecycle_rules for specific buckets. Map of lowercase unprefixed name => list of lifecycle rules to configure.
+    type: |-
+      map(set(object({
+          # Object with keys:
+          # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
+          # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
+          action = map(string)
+
+          # Object with keys:
+          # - age - (Optional) Minimum age of an object in days to satisfy this condition.
+          # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
+          # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
+          # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
+          # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
+          # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
+          # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
+          # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
+          # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
+          condition = map(string)
+        })))
+    default: {}
+    required: false
+  - name: bucket_policy_only
+    description: Disable ad-hoc ACLs on specified buckets. Defaults to true. Map of lowercase unprefixed name => boolean
+    type: map(bool)
+    default: {}
+    required: false
+  - name: bucket_storage_admins
+    description: Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket storage admins.
+    type: map(string)
+    default: {}
+    required: false
+  - name: bucket_viewers
+    description: Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket viewers.
+    type: map(string)
+    default: {}
+    required: false
+  - name: cors
+    description: 'Set of maps of mixed type attributes for CORS values. See appropriate attribute types here: https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors'
+    type: set(any)
+    default: []
+    required: false
+  - name: creators
+    description: IAM-style members who will be granted roles/storage.objectCreators on all buckets.
+    type: list(string)
+    default: []
+    required: false
+  - name: default_event_based_hold
+    description: Enable event based hold to new objects added to specific bucket. Defaults to false. Map of lowercase unprefixed name => boolean
+    type: map(bool)
+    default: {}
+    required: false
+  - name: encryption_key_names
+    description: Optional map of lowercase unprefixed name => string, empty strings are ignored.
+    type: map(string)
+    default: {}
+    required: false
+  - name: folders
+    description: Map of lowercase unprefixed name => list of top level folder objects.
+    type: map(list(string))
+    default: {}
+    required: false
+  - name: force_destroy
+    description: Optional map of lowercase unprefixed name => boolean, defaults to false.
+    type: map(bool)
+    default: {}
+    required: false
+  - name: hmac_key_admins
+    description: IAM-style members who will be granted roles/storage.hmacKeyAdmin on all buckets.
+    type: list(string)
+    default: []
+    required: false
+  - name: labels
+    description: Labels to be attached to the buckets
+    type: map(string)
+    default: {}
+    required: false
+  - name: lifecycle_rules
+    description: List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string.
+    type: |-
+      set(object({
+          # Object with keys:
+          # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
+          # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
+          action = map(string)
+
+          # Object with keys:
+          # - age - (Optional) Minimum age of an object in days to satisfy this condition.
+          # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
+          # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
+          # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
+          # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
+          # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
+          # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
+          # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
+          # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
+          condition = map(string)
+        }))
+    default: []
+    required: false
+  - name: location
+    description: Bucket location.
+    type: string
+    default: EU
+    required: false
+  - name: logging
+    description: Map of lowercase unprefixed name => bucket logging config object. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#logging
+    type: any
+    default: {}
+    required: false
+  - name: names
+    description: Bucket name suffixes.
+    type: list(string)
+    required: true
+  - name: prefix
+    description: Prefix used to generate the bucket name.
+    type: string
+    required: true
+  - name: project_id
+    description: Bucket project id.
+    type: string
+    required: true
+  - name: randomize_suffix
+    description: Adds an identical, but randomized 4-character suffix to all bucket names
+    type: bool
+    default: false
+    required: false
+  - name: retention_policy
+    description: Map of retention policy values. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket#retention_policy
+    type: any
+    default: {}
+    required: false
+  - name: set_admin_roles
+    description: Grant roles/storage.objectAdmin role to admins and bucket_admins.
+    type: bool
+    default: false
+    required: false
+  - name: set_creator_roles
+    description: Grant roles/storage.objectCreator role to creators and bucket_creators.
+    type: bool
+    default: false
+    required: false
+  - name: set_hmac_key_admin_roles
+    description: Grant roles/storage.hmacKeyAdmin role to hmac_key_admins and bucket_hmac_key_admins.
+    type: bool
+    default: false
+    required: false
+  - name: set_storage_admin_roles
+    description: Grant roles/storage.admin role to storage_admins and bucket_storage_admins.
+    type: bool
+    default: false
+    required: false
+  - name: set_viewer_roles
+    description: Grant roles/storage.objectViewer role to viewers and bucket_viewers.
+    type: bool
+    default: false
+    required: false
+  - name: storage_admins
+    description: IAM-style members who will be granted roles/storage.admin on all buckets.
+    type: list(string)
+    default: []
+    required: false
+  - name: storage_class
+    description: Bucket storage class.
+    type: string
+    default: STANDARD
+    required: false
+  - name: versioning
+    description: Optional map of lowercase unprefixed name => boolean, defaults to false.
+    type: map(bool)
+    default: {}
+    required: false
+  - name: viewers
+    description: IAM-style members who will be granted roles/storage.objectViewer on all buckets.
+    type: list(string)
+    default: []
+    required: false
+  - name: website
+    description: 'Map of website values. Supported attributes: main_page_suffix, not_found_page'
+    type: map(any)
+    default: {}
+    required: false
+  outputs:
+  - name: bucket
+    description: Bucket resource (for single use).
+  - name: buckets
+    description: Bucket resources as list.
+  - name: buckets_map
+    description: Bucket resources by name.
+  - name: name
+    description: Bucket name (for single use).
+  - name: names
+    description: Bucket names.
+  - name: names_list
+    description: List of bucket names.
+  - name: url
+    description: Bucket URL (for single use).
+  - name: urls
+    description: Bucket URLs.
+  - name: urls_list
+    description: List of bucket URLs.
+  roles:
+  - level: Project
+    roles:
+    - roles/storage.admin
+    - roles/iam.serviceAccountUser
+  services:
+  - iam.googleapis.com
+  - storage-api.googleapis.com
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com
+  - serviceusage.googleapis.com