DRAFT : Feat/add quarentine bucket #3
Conversation
…and object viewers
…rrespond to a naming convention to the quarentine
…rrespond to a naming convention to the quarentine
| @@ -11,6 +11,12 @@ This Terraform module allows you to configure and deploy a data lake with: | |||
| - Quarantine bucket | |||
| ... | |||
|
|
|||
| ## Requirements: | |||
| User or service account credentials with the following roles must be used to set the IAM policies to the resources: | |||
There was a problem hiding this comment.
| User or service account credentials with the following roles must be used to set the IAM policies to the resources: | |
| Roles required to deploy this module: |
There was a problem hiding this comment.
Typo: quarantine, not quarentine
There was a problem hiding this comment.
Lint the python code with something like flake8 please
| return data["attributes"] | ||
|
|
||
| def move_object_to_quarentine(bucket_name : str, object_name : str ) -> None: | ||
| logging.warn(f"Will move the object {object_name} to the quarentine bucket {destination_bucket} ") |
There was a problem hiding this comment.
Ça fonctionne ça ? J'ai l'impression que destination_bucket est pas encore défini ligne 39.
There was a problem hiding this comment.
De plus, si le bucket de quarantaine est le même bucket que le bucket où a été posé le fichier initialement, le message risque de pas être clair. Je pense que "Moving file {object_name} to quarantine {destination_bucket}/{quarantine_path}" serait plus compréhensible.
| custom_attributes = { | ||
| regex = var.object_validation_regex # "^([a-z]{2}\\d{3}|[a-z]{3}\\d{2})-[a-z]{2}-\\d{2}$" | ||
| } | ||
| event_types = ["OBJECT_FINALIZE", "OBJECT_DELETE", "OBJECT_ARCHIVE", "OBJECT_METADATA_UPDATE"] |
There was a problem hiding this comment.
Enlever OBJECT_ARCHIVE
| data "google_storage_project_service_account" "gcs_account" { | ||
| } | ||
|
|
||
| resource "google_pubsub_topic_iam_binding" "bind_gcs_svc_acc" { |
| variable "storage_admins" { | ||
| description = "Liste of members that can create/delete/edit a bucket" | ||
| type = list(string) | ||
| default = [] | ||
| } |
There was a problem hiding this comment.
Pas dans le scope de ce module
| variable "object_admins" { | ||
| description = "Liste of members that can create/delete an object" | ||
| type = list(string) | ||
| default = [] | ||
| } | ||
|
|
||
| variable "object_viewers" { | ||
| description = "List of members that can view objects" | ||
| type = list(string) | ||
| default = [] | ||
| } |
There was a problem hiding this comment.
Il faut pouvoir donner des rôles par bucket, plutôt que par landing zone, je pense.
No description provided.