Open flunderpero opened 3 years ago
maqiuyujoyce
commented
3 years ago Hi @flunderpero , thank you for your question. Could you clarify a bit more about your scenario?
flunderpero
commented
3 years ago Hi @maqiuyujoyce, I just want to be able to set the flag that prevents a bucket from being made public by accident (see link above). Currently, I just set it by hand for the buckets that contain the most sensitive information and the config-connector reconciliation process leaves that flag untouched.
Right now, there is no way to specify that flag via config-connector.
jcanseco
commented
3 years ago I just want to be able to set the flag that prevents a bucket from being made public by accident (see link above)
Hi @flunderpero, could you perhaps be talking about a different page? The linked page seems to only be talking about how to make objects in a bucket publicly accessible, but not about preventing buckets from being made public by accident (though we might just be missing something).
Perhaps you might have meant this page instead?
If so, then by a "flag that prevents a bucket from being made public by accident", are you perhaps referring to the To enforce public access prevention at the bucket level part of that page?
If that is the case, then I believe what you're looking for is support for the iamConfiguration.publicAccessPrevention field here.
Given that this resource is one of our old Terraform-based resources, I'll go ahead and just bump this Terraform request which is requesting support for that very same field.
flunderpero
commented
3 years ago @jcanseco You are totally right about everything! Sorry, that I was not able to be precise enough.
jcanseco
commented
3 years ago No problem at all @flunderpero! Happy to help :)
See https://cloud.google.com/storage/docs/access-control/making-data-public