Remove unused preprod TUF GCS bucket (#1251)

No longer needed, preprod is now served via GitHub Pages. Signed-off-by: Hayden Blauzvern <[email protected]>
sigstore · Sep 4, 2024 · 77e5299 · 77e5299
1 parent c94db91
commit 77e5299
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 74 deletions.
diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf
@@ -59,7 +59,6 @@ module "tuf" {
   project_id = var.project_id
 
   tuf_bucket          = var.tuf_bucket
-  tuf_preprod_bucket  = var.tuf_preprod_bucket
   tuf_bucket_member   = var.tuf_bucket_member
   gcs_logging_enabled = var.gcs_logging_enabled
   gcs_logging_bucket  = var.gcs_logging_bucket

diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf
@@ -66,11 +66,6 @@ variable "tuf_bucket" {
   description = "Name of GCS bucket for TUF root."
 }
 
-variable "tuf_preprod_bucket" {
-  type        = string
-  description = "Name of GCS bucket for preprod/staged TUF root."
-}
-
 variable "tuf_bucket_member" {
   type        = string
   description = "User(s) to grant access to the TUF GCS buckets."

diff --git a/terraform/gcp/modules/tuf/tuf.tf b/terraform/gcp/modules/tuf/tuf.tf
@@ -90,66 +90,3 @@ resource "google_storage_bucket_iam_member" "tuf_sa_editor" {
 
   depends_on = [google_storage_bucket.tuf, google_service_account.tuf-sa]
 }
-
-resource "google_storage_bucket" "tuf_preprod" {
-  name     = var.tuf_preprod_bucket
-  location = var.region
-  project  = var.project_id
-
-  storage_class               = var.storage_class
-  uniform_bucket_level_access = true
-
-  versioning {
-    enabled = true
-  }
-
-  lifecycle_rule {
-    action {
-      type = "Delete"
-    }
-    condition {
-      with_state         = "ANY"
-      num_newer_versions = 10
-    }
-  }
-  lifecycle_rule {
-    action {
-      type = "Delete"
-    }
-    condition {
-      days_since_noncurrent_time = 730
-    }
-  }
-
-  dynamic "logging" {
-    for_each = var.gcs_logging_enabled ? [1] : []
-    content {
-      log_bucket = var.gcs_logging_bucket
-    }
-  }
-
-  website {
-    main_page_suffix = var.main_page_suffix
-  }
-}
-
-resource "google_storage_bucket_iam_member" "public_tuf_preprod_member" {
-  bucket = google_storage_bucket.tuf_preprod.name
-  role   = "roles/storage.legacyObjectReader"
-  member = var.tuf_bucket_member
-
-  depends_on = [google_storage_bucket.tuf_preprod]
-}
-
-resource "google_storage_bucket_iam_member" "tuf_sa_preprod_editor" {
-  for_each = toset([
-    "roles/storage.objectUser",
-    "roles/storage.legacyBucketReader"
-  ])
-
-  bucket = google_storage_bucket.tuf_preprod.name
-  role   = each.key
-  member = format("serviceAccount:%s@%s.iam.gserviceaccount.com", var.tuf_service_account_name, var.project_id)
-
-  depends_on = [google_storage_bucket.tuf_preprod, google_service_account.tuf-sa]
-}
diff --git a/terraform/gcp/modules/tuf/variables.tf b/terraform/gcp/modules/tuf/variables.tf
@@ -34,11 +34,6 @@ variable "tuf_bucket" {
   description = "Name of GCS bucket for TUF root."
 }
 
-variable "tuf_preprod_bucket" {
-  type        = string
-  description = "Name of GCS bucket for preprod/staged TUF root."
-}
-
 variable "tuf_bucket_member" {
   type        = string
   description = "User, group, or service account to grant access to the TUF GCS buckets. Use 'allUsers' for general access, or e.g. group:[email protected] for granular access."