Restricted OBS Bucket

This modules creates an OBS Bucket with KMS SSE default encryption and user that able to access to it.

Note
Please remember that OBS and KMS work only on top level projects (eu-de or eu-nl) !!!

Usage example

provider "opentelekomcloud" {
  alias       = "top_level_project"
  max_retries = 100
  auth_url    = "https://iam.eu-de.otc.t-systems.com/v3"
  tenant_name = "eu-de"
  region      = "eu-de"
}

module "obs_restricted_eu_de" {
  source      = "iits-consulting/obs_restricted/opentelekomcloud"

  bucket_name = var.bucket_name
  providers = {
    opentelekomcloud = opentelekomcloud.top_level_project
  }
}

Requirements

Name	Version
terraform	>= 1.5.7
errorcheck	3.0.3
opentelekomcloud	~> 1.36
random	~> 3.0

Providers

Name	Version
errorcheck	3.0.3
opentelekomcloud	~> 1.36
random	~> 3.0

Modules

No modules.

Resources

Name	Type
errorcheck_is_valid.provider_project_constraint	resource
opentelekomcloud_identity_credential_v3.user_aksk	resource
opentelekomcloud_identity_group_membership_v3.user_to_obsgroup	resource
opentelekomcloud_identity_group_v3.obs_group	resource
opentelekomcloud_identity_role_assignment_v3.kms_adm_to_obs_group	resource
opentelekomcloud_identity_role_assignment_v3.obs_role_to_obs_group	resource
opentelekomcloud_identity_role_v3.bucket_access	resource
opentelekomcloud_identity_role_v3.kms_access	resource
opentelekomcloud_identity_user_v3.user	resource
opentelekomcloud_kms_key_v1.bucket_kms_key	resource
opentelekomcloud_obs_bucket.bucket	resource
random_id.bucket_kms_key_id	resource
opentelekomcloud_identity_project_v3.current	data source
opentelekomcloud_identity_project_v3.obs_project	data source

Inputs

Name	Description	Type	Default	Required
bucket_name	Bucket name. Make sure the provider for this module has tennant_name= set	string	n/a	yes
enable_versioning	Disable the versioning for the bucket. Default: true	bool	true	no
force_destroy	Destroy all objects from the bucket so that the bucket can be destroyed without error.	bool	false	no
lifecycle_rules	Lifecycle rules for the bucket. Default: null	list(object({ name = string enabled = bool prefix = optional(string) tags = optional(list(object({ key = string value = string }))) expiration = optional(object({ days = number })) transitions = optional(list(object({ days = number storage_class = string }))) noncurrent_version_expiration = optional(object({ days = number })) noncurrent_version_transitions = optional(list(object({ days = number storage_class = string }))) abort_incomplete_multipart_upload = optional(object({ days = number })) }))	[]	no
tags	n/a	map(string)	null	no
worm_policy	[Optional] Enables and sets number of years OR days for the WORM policy retention period. Only one can be set, not both.	object({ years = optional(number) days = optional(number) })	null	no

Outputs

Name	Description
bucket_access_key	OBS bucket access key for the created user. Can only access to the specific bucket and the specific KMS key used for bucket encryption.
bucket_name	OBS bucket name passthrough with dependency chain.
bucket_secret_key	OBS bucket secret key for the created user. Can only access to the specific bucket and the specific KMS key used for bucket encryption.