feat: switch to CP null-label and refactoring (#22)

.github/workflows/terraform.yml

@@ -1,6 +1,6 @@
 name: 'Validate TF manifests'
 on:
-  pull_request_target:
+  pull_request:
 
 jobs:
   terraform:

.gitignore

@@ -1,6 +1,29 @@
-# Compiled files
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
 *.tfstate
-*.tfstate.backup
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
 
-# Module directory
-.terraform/
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*

README.md

@@ -1,8 +1,8 @@
 # terraform-google-storage-bucket
-Terraform module : GCP : for creation storage buckets
+Terraform module to create and manage the storage bucket.
 
 
-* Simple example
+## Usage
 
 ```hcl
 module "awesome_bucket" {
@@ -13,59 +13,58 @@ module "awesome_bucket" {
   location    = "europe-west1"
 }
 ```
-* Example with ACL
 
-```hcl
-module "awesome_bucket_user" {
-  source     = "git::https://github.com/SweetOps/terraform-google-service-account.git?ref=master"
-  name       = "awesome"
-  stage      = "production"
-  namespace  = "sweetops"
-}
+<!--- BEGIN_TF_DOCS --->
+## Requirements
 
+| Name | Version |
+|------|---------|
+| terraform | >= 0.14 |
+| google | >= 3.0 |
 
-module "awesome_bucket" {
-  source      = "git::https://github.com/SweetOps/terraform-google-storage-bucket.git?ref=master"
-  name        = "awesome"
-  stage       = "production"
-  namespace   = "sweetops"
-  role_entity = ["READER:user-${module.awesome_bucket_user.email}"]
-  location    = "europe-west1"
-}
-```
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | >= 3.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | n/a | yes |
-| action_storage_class | The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. | `string` | `"NEARLINE"` | no |
-| action_type | The type of the action of this Lifecycle Rule. Supported values include: Delete and SetStorageClass. | `string` | `"SetStorageClass"` | no |
-| age | Minimum age of an object in days to satisfy this condition. | `number` | `60` | no |
+|------|-------------|------|---------|:--------:|
+| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
 | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| created_before | Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition. | `string` | `""` | no |
-| default_acl | Configure this ACL to be the default ACL. | `string` | `"projectPrivate"` | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | `string` | `"-"` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
-| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no |
-| force_destroy | When deleting a bucket, this boolean option will delete all contained objects. | `bool` | `false` | no |
-| kms_key_name | A Cloud KMS key that will be used to encrypt objects inserted into this bucket | `string` | `""` | no |
-| location | The GCS region. | `string` | `""` | no |
-| matches_storage_class | Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY. | `list` | <pre>[<br>  "REGIONAL"<br>]</pre> | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `""` | no |
-| num_newer_versions | Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition. | `number` | `10` | no |
-| project | The project in which the resource belongs. If it is not provided, the provider project is used. | `string` | `""` | no |
-| role_entity | List of role/entity pairs in the form ROLE:entity.Must be set if predefined_acl is not | `list` | `[]` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `""` | no |
-| storage_class | The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. | `string` | `"REGIONAL"` | no |
+| context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
+| default\_kms\_key\_name | The `id` of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. | `string` | `null` | no |
+| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `"-"` | no |
+| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. | `bool` | `false` | no |
+| id\_length\_limit | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
+| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `"lower"` | no |
+| label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
+| lifecycle\_rules | The list of bucket Lifecycle Rules.<br>  action:<br>    type:<br>      The type of the action of this Lifecycle Rule. Allowed values: `Delete` and `SetStorageClass`.<br>    storage\_class:<br>      The target Storage Class of objects affected by this Lifecycle Rule.<br>      Required if action type is `SetStorageClass`.<br>      Allowed values: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`.<br>  condition:<br>    age:<br>      Minimum age of an object in days to satisfy this condition.<br>    created\_before:<br>      Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.<br>    with\_state:<br>      Match to live and/or archived objects. Unversioned buckets have only live objects. <br>      Allowed values: `LIVE`, `ARCHIVED`, `ANY`.<br>    matches\_storage\_class:<br>      Storage Class of objects to satisfy this condition.<br>      Allowed values: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`.<br>    num\_newer\_versions:<br>      Relevant only for versioned objects. <br>      The number of newer versions of an object to satisfy this condition.<br>    custom\_time\_before:<br>      Creation date of an object in RFC 3339 (e.g. `2017-06-13`) to satisfy this condition.<br>    days\_since\_custom\_time:<br>      Date in RFC 3339 (e.g. `2017-06-13`) when an object's Custom-Time metadata is earlier than the date specified in this condition.<br>    days\_since\_noncurrent\_time:<br>      Relevant only for versioned objects. <br>      Number of days elapsed since the noncurrent timestamp of an object.<br>    noncurrent\_time\_before:<br>      Relevant only for versioned objects. <br>      The date in RFC 3339 (e.g. `2017-06-13`) when the object became nonconcurrent. | <pre>set(object({<br>    action    = any<br>    condition = any<br>  }))</pre> | `[]` | no |
+| location | The GCS region. | `string` | `null` | no |
+| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| project | The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | `null` | no |
+| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.<br>  is\_locked:<br>    If set to `true`, the bucket will be locked and permanently restrict edits to the bucket's retention policy.<br>  retention\_period:<br>    The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. | <pre>object({<br>    is_locked        = bool<br>    retention_period = number<br>  })</pre> | `null` | no |
+| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| storage\_class | The Storage Class of the new bucket. Allowed values: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`. | `string` | `"REGIONAL"` | no |
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| versioning_enabled | While set to true, versioning is fully enabled for this bucket. | `bool` | `true` | no |
-| with_state | Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: LIVE, ARCHIVED, ANY. | `string` | `"ANY"` | no |
+| versioning\_enabled | While set to `true`, versioning is fully enabled for this bucket. | `bool` | `true` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | name | The name of bucket |
-| self_link | The URI of the created resource |
+| self\_link | The URI of the created resource |
 | url | The base URL of the bucket, in the format gs://<bucket-name> |
+
+<!--- END_TF_DOCS --->
+
+## License
+The Apache-2.0 license

context.tf

@@ -0,0 +1,202 @@
+#
+# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label
+# All other instances of this file should be a copy of that one
+#
+#
+# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf
+# and then place it in your Terraform module to automatically get
+# Cloud Posse's standard configuration inputs suitable for passing
+# to Cloud Posse modules.
+#
+# Modules should access the whole context as `module.this.context`
+# to get the input variables with nulls for defaults,
+# for example `context = module.this.context`,
+# and access individual variables as `module.this.<var>`,
+# with final values filled in.
+#
+# For example, when using defaults, `module.this.context.delimiter`
+# will be null, and `module.this.delimiter` will be `-` (hyphen).
+#
+
+module "this" {
+  source  = "cloudposse/label/null"
+  version = "0.24.1" # requires Terraform >= 0.13.0
+
+  enabled             = var.enabled
+  namespace           = var.namespace
+  environment         = var.environment
+  stage               = var.stage
+  name                = var.name
+  delimiter           = var.delimiter
+  attributes          = var.attributes
+  tags                = var.tags
+  additional_tag_map  = var.additional_tag_map
+  label_order         = var.label_order
+  regex_replace_chars = var.regex_replace_chars
+  id_length_limit     = var.id_length_limit
+  label_key_case      = var.label_key_case
+  label_value_case    = var.label_value_case
+
+  context = var.context
+}
+
+# Copy contents of cloudposse/terraform-null-label/variables.tf here
+
+variable "context" {
+  type = any
+  default = {
+    enabled             = true
+    namespace           = null
+    environment         = null
+    stage               = null
+    name                = null
+    delimiter           = null
+    attributes          = []
+    tags                = {}
+    additional_tag_map  = {}
+    regex_replace_chars = null
+    label_order         = []
+    id_length_limit     = null
+    label_key_case      = null
+    label_value_case    = null
+  }
+  description = <<-EOT
+    Single object for setting entire context at once.
+    See description of individual variables for details.
+    Leave string and numeric variables as `null` to use default value.
+    Individual variable settings (non-null) override settings in context object,
+    except for attributes, tags, and additional_tag_map, which are merged.
+  EOT
+
+  validation {
+    condition     = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+    error_message = "Allowed values: `lower`, `title`, `upper`."
+  }
+
+  validation {
+    condition     = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+    error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+  }
+}
+
+variable "enabled" {
+  type        = bool
+  default     = null
+  description = "Set to false to prevent the module from creating any resources"
+}
+
+variable "namespace" {
+  type        = string
+  default     = null
+  description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+}
+
+variable "environment" {
+  type        = string
+  default     = null
+  description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+}
+
+variable "stage" {
+  type        = string
+  default     = null
+  description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+}
+
+variable "name" {
+  type        = string
+  default     = null
+  description = "Solution name, e.g. 'app' or 'jenkins'"
+}
+
+variable "delimiter" {
+  type        = string
+  default     = "-"
+  description = <<-EOT
+    Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+    Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
+  EOT
+}
+
+variable "attributes" {
+  type        = list(string)
+  default     = []
+  description = "Additional attributes (e.g. `1`)"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+}
+
+variable "additional_tag_map" {
+  type        = map(string)
+  default     = {}
+  description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+}
+
+variable "label_order" {
+  type        = list(string)
+  default     = null
+  description = <<-EOT
+    The naming order of the id output and Name tag.
+    Defaults to ["namespace", "environment", "stage", "name", "attributes"].
+    You can omit any of the 5 elements, but at least one must be present.
+  EOT
+}
+
+variable "regex_replace_chars" {
+  type        = string
+  default     = null
+  description = <<-EOT
+    Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+    If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
+  EOT
+}
+
+variable "id_length_limit" {
+  type        = number
+  default     = null
+  description = <<-EOT
+    Limit `id` to this many characters (minimum 6).
+    Set to `0` for unlimited length.
+    Set to `null` for default, which is `0`.
+    Does not affect `id_full`.
+  EOT
+  validation {
+    condition     = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+    error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+  }
+}
+
+variable "label_key_case" {
+  type        = string
+  default     = "lower"
+  description = <<-EOT
+    The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
+    Possible values: `lower`, `title`, `upper`.
+    Default value: `title`.
+  EOT
+
+  validation {
+    condition     = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+    error_message = "Allowed values: `lower`, `title`, `upper`."
+  }
+}
+
+variable "label_value_case" {
+  type        = string
+  default     = null
+  description = <<-EOT
+    The letter case of output label values (also used in `tags` and `id`).
+    Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+    Default value: `lower`.
+  EOT
+
+  validation {
+    condition     = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+    error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+  }
+}
+#### End of copy of cloudposse/terraform-null-label/variables.tf

examples/basic/README.md

@@ -0,0 +1,21 @@
+<!--- BEGIN_TF_DOCS --->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.14 |
+| google | >= 3.0 |
+
+## Providers
+
+No provider.
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+<!--- END_TF_DOCS --->

examples/basic/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.0"
+    }
+  }
+  required_version = ">= 0.14"
+}