From 77e5299a9d0d6b7827403d6012ff779d9009f6b9 Mon Sep 17 00:00:00 2001 From: Hayden B Date: Wed, 4 Sep 2024 08:43:39 -0700 Subject: [PATCH] Remove unused preprod TUF GCS bucket (#1251) No longer needed, preprod is now served via GitHub Pages. Signed-off-by: Hayden Blauzvern --- terraform/gcp/modules/sigstore/sigstore.tf | 1 - terraform/gcp/modules/sigstore/variables.tf | 5 -- terraform/gcp/modules/tuf/tuf.tf | 63 --------------------- terraform/gcp/modules/tuf/variables.tf | 5 -- 4 files changed, 74 deletions(-) diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf index 0a506b491..97c68850f 100644 --- a/terraform/gcp/modules/sigstore/sigstore.tf +++ b/terraform/gcp/modules/sigstore/sigstore.tf @@ -59,7 +59,6 @@ module "tuf" { project_id = var.project_id tuf_bucket = var.tuf_bucket - tuf_preprod_bucket = var.tuf_preprod_bucket tuf_bucket_member = var.tuf_bucket_member gcs_logging_enabled = var.gcs_logging_enabled gcs_logging_bucket = var.gcs_logging_bucket diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf index 057de55ae..3fb88091f 100644 --- a/terraform/gcp/modules/sigstore/variables.tf +++ b/terraform/gcp/modules/sigstore/variables.tf @@ -66,11 +66,6 @@ variable "tuf_bucket" { description = "Name of GCS bucket for TUF root." } -variable "tuf_preprod_bucket" { - type = string - description = "Name of GCS bucket for preprod/staged TUF root." -} - variable "tuf_bucket_member" { type = string description = "User(s) to grant access to the TUF GCS buckets." diff --git a/terraform/gcp/modules/tuf/tuf.tf b/terraform/gcp/modules/tuf/tuf.tf index 7a476adca..11b7c4487 100644 --- a/terraform/gcp/modules/tuf/tuf.tf +++ b/terraform/gcp/modules/tuf/tuf.tf @@ -90,66 +90,3 @@ resource "google_storage_bucket_iam_member" "tuf_sa_editor" { depends_on = [google_storage_bucket.tuf, google_service_account.tuf-sa] } - -resource "google_storage_bucket" "tuf_preprod" { - name = var.tuf_preprod_bucket - location = var.region - project = var.project_id - - storage_class = var.storage_class - uniform_bucket_level_access = true - - versioning { - enabled = true - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - with_state = "ANY" - num_newer_versions = 10 - } - } - lifecycle_rule { - action { - type = "Delete" - } - condition { - days_since_noncurrent_time = 730 - } - } - - dynamic "logging" { - for_each = var.gcs_logging_enabled ? [1] : [] - content { - log_bucket = var.gcs_logging_bucket - } - } - - website { - main_page_suffix = var.main_page_suffix - } -} - -resource "google_storage_bucket_iam_member" "public_tuf_preprod_member" { - bucket = google_storage_bucket.tuf_preprod.name - role = "roles/storage.legacyObjectReader" - member = var.tuf_bucket_member - - depends_on = [google_storage_bucket.tuf_preprod] -} - -resource "google_storage_bucket_iam_member" "tuf_sa_preprod_editor" { - for_each = toset([ - "roles/storage.objectUser", - "roles/storage.legacyBucketReader" - ]) - - bucket = google_storage_bucket.tuf_preprod.name - role = each.key - member = format("serviceAccount:%s@%s.iam.gserviceaccount.com", var.tuf_service_account_name, var.project_id) - - depends_on = [google_storage_bucket.tuf_preprod, google_service_account.tuf-sa] -} diff --git a/terraform/gcp/modules/tuf/variables.tf b/terraform/gcp/modules/tuf/variables.tf index b14fefece..8d938c1f8 100644 --- a/terraform/gcp/modules/tuf/variables.tf +++ b/terraform/gcp/modules/tuf/variables.tf @@ -34,11 +34,6 @@ variable "tuf_bucket" { description = "Name of GCS bucket for TUF root." } -variable "tuf_preprod_bucket" { - type = string - description = "Name of GCS bucket for preprod/staged TUF root." -} - variable "tuf_bucket_member" { type = string description = "User, group, or service account to grant access to the TUF GCS buckets. Use 'allUsers' for general access, or e.g. group:mygroup@myorg.com for granular access."