refs platform/3059: GCP Bucket Default Soft Delete off

sparkfabrik · Aug 7, 2024 · c94b5ff · c94b5ff
1 parent fd6fd0b
commit c94b5ff
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -34,8 +34,11 @@ Then perform the following commands on the root folder:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | certmanager\_email | Email used to retrieve SSL certificates from Let's Encrypt | `string` | n/a | yes |
+| cloud\_nat\_dynamic\_port\_allocation | Enable Dynamic Port Allocation. If cloud\_nat\_min\_ports\_per\_vm is set, cloud\_nat\_min\_ports\_per\_vm must be set to a power of two greater than or equal to 32. | `bool` | `false` | no |
+| cloud\_nat\_endpoint\_independent\_mapping | Specifies if endpoint independent mapping is enabled. | `bool` | `false` | no |
 | cloud\_nat\_log\_config\_enable | Indicates whether or not to export logs. | `bool` | `false` | no |
 | cloud\_nat\_log\_config\_filter | Specifies the desired filtering of logs on this NAT. Valid values are: 'ERRORS\_ONLY', 'TRANSLATIONS\_ONLY', 'ALL'. | `string` | `"ALL"` | no |
+| cloud\_nat\_max\_ports\_per\_vm | Maximum number of ports allocated to a VM from this NAT. This field can only be set when cloud\_nat\_dynamic\_port\_allocation is enabled.This will be ignored if cloud\_nat\_dynamic\_port\_allocation is set to false. | `string` | `null` | no |
 | cloud\_nat\_min\_ports\_per\_vm | Minimum number of ports allocated to a VM from this NAT config. | `string` | `"64"` | no |
 | domain | Domain for hosting gitlab functionality (ie mydomain.com would access gitlab at gitlab.mydomain.com) | `string` | `""` | no |
 | gcp\_existing\_db\_secret\_name | Setup the GCP secret name where to retrieve the password value that will be used for postgres DB. In case an empty string is passed,a random value will be filled in a default gcp secret named gitlab-db-password | `string` | `""` | no |
@@ -48,6 +51,7 @@ Then perform the following commands on the root folder:
 | gcs\_bucket\_backup\_duration | When the backup lifecycle is enabled, set the number of days after which the backup files are deleted | `number` | `120` | no |
 | gcs\_bucket\_enable\_backup\_lifecycle\_rule | Enable lifecycle rule for backup bucket | `bool` | `false` | no |
 | gcs\_bucket\_num\_newer\_version | When the bucket versioning is enabled, Delete noncurrent versions of objects if there are X newer versions of the object in the bucket. Objects subject to this rule are permanently deleted and cannot be recovered. | `number` | `2` | no |
+| gcs\_bucket\_soft\_delete\_retention | The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted.The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0 | `number` | `0` | no |
 | gcs\_bucket\_storage\_class | Bucket storage class. Supported values include: STANDARD, MULTI\_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE | `string` | `"STANDARD"` | no |
 | gcs\_bucket\_target\_storage\_class | The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: STANDARD, MULTI\_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. | `string` | `"COLDLINE"` | no |
 | gcs\_bucket\_versioned\_files\_duration | When the bucket versioning is enabled, Delete noncurrent versions of objects after they've been noncurrent for X days. Objects subject to this rule are permanently deleted and cannot be recovered. | `number` | `120` | no |

diff --git a/main.tf b/main.tf
@@ -208,8 +208,8 @@ resource "google_sql_database_instance" "gitlab_db" {
     }
 
     insights_config {
-      query_insights_enabled  = false
-    } 
+      query_insights_enabled = false
+    }
 
     backup_configuration {
       enabled    = var.postgresql_enable_backup
@@ -329,6 +329,12 @@ resource "google_storage_bucket" "gitlab_bucket" {
       }
     }
   }
+  dynamic "soft_delete_policy" {
+    for_each = var.gcs_bucket_soft_delete_retention >= 604800 && var.gcs_bucket_soft_delete_retention <= 7776000 ? [1] : []
+    content {
+      retention_duration_seconds = var.gcs_bucket_soft_delete_retention
+    }
+  }
 }
 
 resource "google_storage_bucket_iam_binding" "gitlab_bucket_iam_binding_admin" {

diff --git a/variables.tf b/variables.tf
@@ -143,6 +143,16 @@ variable "gcs_bucket_versioning" {
   default     = true
 }
 
+variable "gcs_bucket_soft_delete_retention" {
+  type        = number
+  description = "The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted.The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0"
+  default     = 0
+  validation {
+    condition     = var.gcs_bucket_soft_delete_retention == 0 || (var.gcs_bucket_soft_delete_retention >= 604800 && var.gcs_bucket_soft_delete_retention <= 7776000)
+    error_message = "The value must be in between 604800(7 days) and 7776000(90 days).To turn off this feature this field must be set to 0."
+  }
+}
+
 variable "gcs_bucket_enable_backup_lifecycle_rule" {
   type        = bool
   description = "Enable lifecycle rule for backup bucket"