terraform-google-modules · g-awmalik · Nov 1, 2023 · Oct 31, 2023 · Oct 31, 2023 · Nov 1, 2023
diff --git a/modules/bq-log-alerting/logging/cloud_function/package.json b/modules/bq-log-alerting/logging/cloud_function/package.json
@@ -1,6 +1,6 @@
 {
   "dependencies": {
-    "@google-cloud/bigquery": ">=0.10.0",
+    "@google-cloud/bigquery": "^6.0.0",
     "@google-cloud/security-center": ">=3.0.1",
     "crypto-js": "^3.0.0"
   }

diff --git a/modules/storage/README.md b/modules/storage/README.md
@@ -64,6 +64,7 @@ so that all dependencies are met.
 | location | The location of the storage bucket. | `string` | `"US"` | no |
 | log\_sink\_writer\_identity | The service account that logging uses to write log entries to the destination. (This is available as an output coming from the root module). | `string` | n/a | yes |
 | project\_id | The ID of the project in which the storage bucket will be created. | `string` | n/a | yes |
+| public\_access\_prevention | Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses public access prevention. only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `"inherited"` | no |
 | retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
 | storage\_bucket\_labels | Labels to apply to the storage bucket. | `map(string)` | `{}` | no |
 | storage\_bucket\_name | The name of the storage bucket to be created and used for log entries matching the filter. | `string` | n/a | yes |

diff --git a/modules/storage/main.tf b/modules/storage/main.tf
@@ -39,7 +39,7 @@ resource "google_storage_bucket" "bucket" {
   force_destroy               = var.force_destroy
   uniform_bucket_level_access = var.uniform_bucket_level_access
   labels                      = var.storage_bucket_labels
-
+  public_access_prevention    = var.public_access_prevention
   versioning {
     enabled = var.versioning
   }

diff --git a/modules/storage/metadata.yaml b/modules/storage/metadata.yaml
@@ -139,6 +139,11 @@ spec:
     type: bool
     default: false
     required: false
+  - name: public_access_prevention
+    description: Prevents public access to a bucket.
+    type: string
+    default: inherited
+    required: false
   outputs:
   - name: console_link
     description: The console link to the destination storage bucket

diff --git a/modules/storage/variables.tf b/modules/storage/variables.tf
@@ -105,3 +105,9 @@ variable "data_locations" {
   type        = list(string)
   default     = null
 }
+
+variable "public_access_prevention" {
+  description = "Prevents public access to a bucket. Acceptable values are \"inherited\" or \"enforced\". If \"inherited\", the bucket uses public access prevention. only if the bucket is subject to the public access prevention organization policy constraint."
+  type        = string
+  default     = "inherited"
+}
diff --git a/modules/storage/versions.tf b/modules/storage/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.40, < 5.0"
+      version = ">= 4.42, < 5.0"
     }
   }