feat: Add support for anywhere cache

Author: Neelabh94

community/modules/file-system/cloud-storage-bucket/README.md

@@ -128,6 +128,7 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [google-beta_google_storage_anywhere_cache.cache_instances](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_storage_anywhere_cache) | resource |
 | [google-beta_google_storage_bucket.bucket](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_storage_bucket) | resource |
 | [google_storage_bucket_iam_binding.viewers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_binding) | resource |
 | [random_id.resource_name_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
@@ -136,6 +137,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_anywhere_cache"></a> [anywhere\_cache](#input\_anywhere\_cache) | Anywhere Cache configurations.<br/>When you create a cache for a bucket, the cache must be created in a zone within the location of your bucket.<br/>For example, if your bucket is located in the us-east1 region, you can create a cache in us-east1-b but not us-central1-c.<br/>If your bucket is located in the ASIA dual-region, you can create a cache in any zones that make up the asia-east1 and asia-southeast1 regions.<br/>This validation only works for single regions. | <pre>object({<br/>    zones            = list(string)<br/>    ttl              = optional(string, "86400s")<br/>    admission_policy = optional(string, "admit-on-first-miss")<br/>  })</pre> | `null` | no |
 | <a name="input_autoclass"></a> [autoclass](#input\_autoclass) | Configure bucket autoclass setup<br/><br/>The autoclass config supports automatic transitions of objects in the bucket to appropriate storage classes based on each object's access pattern.<br/><br/>The terminal storage class defines that objects in the bucket eventually transition to if they are not read for a certain length of time. <br/>Supported values include: 'NEARLINE', 'ARCHIVE' (Default 'NEARLINE')<br/><br/>See Cloud documentation for more details:<br/><br/>https://cloud.google.com/storage/docs/autoclass | <pre>object({<br/>    enabled                = optional(bool, false)<br/>    terminal_storage_class = optional(string, null)<br/>  })</pre> | <pre>{<br/>  "enabled": false<br/>}</pre> | no |
 | <a name="input_deployment_name"></a> [deployment\_name](#input\_deployment\_name) | Name of the HPC deployment; used as part of name of the GCS bucket. | `string` | n/a | yes |
 | <a name="input_enable_hierarchical_namespace"></a> [enable\_hierarchical\_namespace](#input\_enable\_hierarchical\_namespace) | If true, enables hierarchical namespace for the bucket. This option must be configured during the initial creation of the bucket. | `bool` | `false` | no |
@@ -162,6 +164,7 @@ No modules.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_anywhere_cache_ids"></a> [anywhere\_cache\_ids](#output\_anywhere\_cache\_ids) | The IDs of the created Anywhere Cache instances. |
 | <a name="output_client_install_runner"></a> [client\_install\_runner](#output\_client\_install\_runner) | Runner that performs client installation needed to use gcs fuse. |
 | <a name="output_gcs_bucket_name"></a> [gcs\_bucket\_name](#output\_gcs\_bucket\_name) | Bucket name. |
 | <a name="output_gcs_bucket_path"></a> [gcs\_bucket\_path](#output\_gcs\_bucket\_path) | The gsutil bucket path with format of `gs://<bucket-name>`. |

community/modules/file-system/cloud-storage-bucket/main.tf

@@ -124,3 +124,14 @@ resource "google_storage_bucket_iam_binding" "viewers" {
   role    = "roles/storage.objectViewer"
   members = var.viewers
 }
+
+resource "google_storage_anywhere_cache" "cache_instances" {
+  for_each = var.anywhere_cache != null ? toset(var.anywhere_cache.zones) : toset([])
+
+  provider = google-beta
+
+  bucket           = google_storage_bucket.bucket.name
+  zone             = each.value
+  ttl              = var.anywhere_cache.ttl
+  admission_policy = var.anywhere_cache.admission_policy
+}

community/modules/file-system/cloud-storage-bucket/outputs.tf

@@ -67,3 +67,10 @@ output "gcs_bucket_name" {
   description = "Bucket name."
   value       = google_storage_bucket.bucket.name
 }
+
+output "anywhere_cache_ids" {
+  description = "The IDs of the created Anywhere Cache instances."
+  value = [
+    for instance in google_storage_anywhere_cache.cache_instances : instance.id
+  ]
+}

community/modules/file-system/cloud-storage-bucket/variables.tf

@@ -252,3 +252,49 @@ variable "enable_object_retention" {
   type        = bool
   default     = false
 }
+
+variable "anywhere_cache" {
+  description = <<-EOT
+    Anywhere Cache configurations.
+    When you create a cache for a bucket, the cache must be created in a zone within the location of your bucket.
+    For example, if your bucket is located in the us-east1 region, you can create a cache in us-east1-b but not us-central1-c.
+    If your bucket is located in the ASIA dual-region, you can create a cache in any zones that make up the asia-east1 and asia-southeast1 regions.
+    This validation only works for single regions.
+    EOT
+  type = object({
+    zones            = list(string)
+    ttl              = optional(string, "86400s")
+    admission_policy = optional(string, "admit-on-first-miss")
+  })
+  default = null
+
+  validation {
+    condition = var.anywhere_cache == null || alltrue([
+      for zone in var.anywhere_cache.zones : startswith(zone, var.region)
+    ])
+    error_message = "The zone for the Anywhere Cache must be within the bucket's region."
+  }
+
+  validation {
+    condition = var.anywhere_cache == null || contains(
+      ["admit-on-first-miss", "admit-on-second-miss"],
+      var.anywhere_cache.admission_policy
+    )
+    error_message = "Allowed policies are 'admit-on-first-miss' or 'admit-on-second-miss'."
+  }
+
+  validation {
+    condition     = var.anywhere_cache == null || length(var.anywhere_cache.zones) == length(distinct(var.anywhere_cache.zones))
+    error_message = "Each Anywhere Cache configuration must specify a unique zone."
+  }
+
+  validation {
+    condition = var.anywhere_cache == null || (
+      can(regex("^([0-9]+)s$", var.anywhere_cache.ttl)) ? (
+        tonumber(regex("^([0-9]+)s$", var.anywhere_cache.ttl)[0]) >= 86400 &&
+        tonumber(regex("^([0-9]+)s$", var.anywhere_cache.ttl)[0]) <= 604800
+      ) : false
+    )
+    error_message = "TTL must be between 1 day (86400s) and 7 days (604800s) and in the format 'Xs'."
+  }
+}

examples/storage-gke.yaml

@@ -94,6 +94,11 @@ deployment_groups:
       random_suffix: true
       force_destroy: true
 
+      anywhere_cache:
+        zones: [$(vars.zone)]
+        ttl: "86400s"
+        admission_policy: "admit-on-first-miss"
+
   - id: data-bucket-pv
     source: modules/file-system/gke-persistent-volume
     use: [gke_cluster, data-bucket]