Package com.hashicorp.cdktf

Interface GcsBackendConfig

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

DataTerraformRemoteStateGcsConfig

All Known Implementing Classes:

DataTerraformRemoteStateGcsConfig.Jsii$Proxy, GcsBackendConfig.Jsii$Proxy

@Generated(value="jsii-pacmak/1.93.0 (build 1706ca5)",
           date="2024-01-15T15:38:01.022Z")
@Stability(Experimental)
public interface GcsBackendConfig
extends software.amazon.jsii.JsiiSerializable

(experimental) Stores the state as an object in a configurable prefix in a pre-existing bucket on Google Cloud Storage (GCS).

The bucket must exist prior to configuring the backend.

This backend supports state locking.

Warning! It is highly recommended that you enable Object Versioning on the GCS bucket to allow for state recovery in the case of accidental deletions and human error.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/gcs

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	GcsBackendConfig.Builder	A builder for GcsBackendConfig
static final class	GcsBackendConfig.Jsii$Proxy	An implementation for GcsBackendConfig

Method Summary

Modifier and Type	Method	Description
static GcsBackendConfig.Builder	builder()
default String	getAccessToken()	(experimental) (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e.
String	getBucket()	(experimental) (Required) The name of the GCS bucket.
default String	getCredentials()	(experimental) (Optional) Local path to Google Cloud Platform account credentials in JSON format.
default String	getEncryptionKey()	(experimental) (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
default String	getImpersonateServiceAccount()	(experimental) (Optional) The service account to impersonate for accessing the State Bucket.
default List<String>	getImpersonateServiceAccountDelegates()	(experimental) (Optional) The delegation chain for an impersonating a service account.
default String	getKmsEncryptionKey()	(experimental) (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
default String	getPrefix()	(experimental) (Optional) GCS prefix inside the bucket.
default String	getStoreageCustomEndpoint()	(experimental) (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getBucket

@Stability(Experimental)
@NotNull
String getBucket()

(experimental) (Required) The name of the GCS bucket.

This name must be globally unique.

getAccessToken

@Stability(Experimental)
@Nullable
default String getAccessToken()

(experimental) (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.

getCredentials

@Stability(Experimental)
@Nullable
default String getCredentials()

(experimental) (Optional) Local path to Google Cloud Platform account credentials in JSON format.

If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.

Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.

getEncryptionKey

@Stability(Experimental)
@Nullable
default String getEncryptionKey()

(experimental) (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.

getImpersonateServiceAccount

@Stability(Experimental)
@Nullable
default String getImpersonateServiceAccount()

(experimental) (Optional) The service account to impersonate for accessing the State Bucket.

You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.

getImpersonateServiceAccountDelegates

@Stability(Experimental)
@Nullable
default List<String> getImpersonateServiceAccountDelegates()

(experimental) (Optional) The delegation chain for an impersonating a service account.

getKmsEncryptionKey

@Stability(Experimental)
@Nullable
default String getKmsEncryptionKey()

(experimental) (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.

Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see

invalid @link

{@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys

Customer-managed Encryption Keys}.

getPrefix

@Stability(Experimental)
@Nullable
default String getPrefix()

(experimental) (Optional) GCS prefix inside the bucket.

Named states for workspaces are stored in an object called /.tfstate.

getStoreageCustomEndpoint

@Stability(Experimental)
@Nullable
default String getStoreageCustomEndpoint()

(experimental) (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).

invalid @link

{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint

See here for more details}

builder

@Stability(Experimental)
static GcsBackendConfig.Builder builder()

Returns:

a GcsBackendConfig.Builder of GcsBackendConfig