diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf index 0a506b491..97c68850f 100644 --- a/terraform/gcp/modules/sigstore/sigstore.tf +++ b/terraform/gcp/modules/sigstore/sigstore.tf @@ -59,7 +59,6 @@ module "tuf" { project_id = var.project_id tuf_bucket = var.tuf_bucket - tuf_preprod_bucket = var.tuf_preprod_bucket tuf_bucket_member = var.tuf_bucket_member gcs_logging_enabled = var.gcs_logging_enabled gcs_logging_bucket = var.gcs_logging_bucket diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf index 057de55ae..3fb88091f 100644 --- a/terraform/gcp/modules/sigstore/variables.tf +++ b/terraform/gcp/modules/sigstore/variables.tf @@ -66,11 +66,6 @@ variable "tuf_bucket" { description = "Name of GCS bucket for TUF root." } -variable "tuf_preprod_bucket" { - type = string - description = "Name of GCS bucket for preprod/staged TUF root." -} - variable "tuf_bucket_member" { type = string description = "User(s) to grant access to the TUF GCS buckets." diff --git a/terraform/gcp/modules/tuf/tuf.tf b/terraform/gcp/modules/tuf/tuf.tf index 7a476adca..11b7c4487 100644 --- a/terraform/gcp/modules/tuf/tuf.tf +++ b/terraform/gcp/modules/tuf/tuf.tf @@ -90,66 +90,3 @@ resource "google_storage_bucket_iam_member" "tuf_sa_editor" { depends_on = [google_storage_bucket.tuf, google_service_account.tuf-sa] } - -resource "google_storage_bucket" "tuf_preprod" { - name = var.tuf_preprod_bucket - location = var.region - project = var.project_id - - storage_class = var.storage_class - uniform_bucket_level_access = true - - versioning { - enabled = true - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - with_state = "ANY" - num_newer_versions = 10 - } - } - lifecycle_rule { - action { - type = "Delete" - } - condition { - days_since_noncurrent_time = 730 - } - } - - dynamic "logging" { - for_each = var.gcs_logging_enabled ? [1] : [] - content { - log_bucket = var.gcs_logging_bucket - } - } - - website { - main_page_suffix = var.main_page_suffix - } -} - -resource "google_storage_bucket_iam_member" "public_tuf_preprod_member" { - bucket = google_storage_bucket.tuf_preprod.name - role = "roles/storage.legacyObjectReader" - member = var.tuf_bucket_member - - depends_on = [google_storage_bucket.tuf_preprod] -} - -resource "google_storage_bucket_iam_member" "tuf_sa_preprod_editor" { - for_each = toset([ - "roles/storage.objectUser", - "roles/storage.legacyBucketReader" - ]) - - bucket = google_storage_bucket.tuf_preprod.name - role = each.key - member = format("serviceAccount:%s@%s.iam.gserviceaccount.com", var.tuf_service_account_name, var.project_id) - - depends_on = [google_storage_bucket.tuf_preprod, google_service_account.tuf-sa] -} diff --git a/terraform/gcp/modules/tuf/variables.tf b/terraform/gcp/modules/tuf/variables.tf index b14fefece..8d938c1f8 100644 --- a/terraform/gcp/modules/tuf/variables.tf +++ b/terraform/gcp/modules/tuf/variables.tf @@ -34,11 +34,6 @@ variable "tuf_bucket" { description = "Name of GCS bucket for TUF root." } -variable "tuf_preprod_bucket" { - type = string - description = "Name of GCS bucket for preprod/staged TUF root." -} - variable "tuf_bucket_member" { type = string description = "User, group, or service account to grant access to the TUF GCS buckets. Use 'allUsers' for general access, or e.g. group:mygroup@myorg.com for granular access."