feat: SOC2 compliant bucket creation by adding versioning flag #42
Description
Feature Request
The agentless scanning module is currently missing the flag to set versioning for the created bucket.
Current bucket resource configuratoin:
resource "google_storage_bucket" "lacework_bucket" {
count = var.global ? 1 : 0
project = local.scanning_project_id
name = local.bucket_name
force_destroy = var.bucket_force_destroy
location = local.region
uniform_bucket_level_access = var.bucket_enable_ubla
dynamic "lifecycle_rule" {
for_each = var.bucket_lifecycle_rule_age > 0 ? [1] : []
content {
condition {
age = var.bucket_lifecycle_rule_age
}
action {
type = "Delete"
}
}
}
labels = merge(var.labels)
depends_on = [google_project_service.required_apis]
}
Proposed change:
resource "google_storage_bucket" "lacework_bucket" {
count = var.global ? 1 : 0
project = local.scanning_project_id
name = local.bucket_name
force_destroy = var.bucket_force_destroy
location = local.region
uniform_bucket_level_access = var.bucket_enable_ubla
versioning {
enabled = var.bucket_enable_versioning
}
dynamic "lifecycle_rule" {
for_each = var.bucket_lifecycle_rule_age > 0 ? [1] : []
content {
condition {
age = var.bucket_lifecycle_rule_age
}
action {
type = "Delete"
}
}
}
labels = merge(var.labels)
depends_on = [google_project_service.required_apis]
}
Where an additional input variable bucket_enable_versioning is added, with default true.
variable "bucket_enable_versioning" {
description = "Boolean for enabling Bucket Versioning on the created bucket. Default is `true`."
type = bool
default = true
}