feat: switch to ovh provider for buckets

ffederighi · ffederighi · commit 3475e566c4d9 · 2026-01-28T11:53:53.000+01:00
diff --git a/ovh/bucket/README.md b/ovh/bucket/README.md
@@ -8,15 +8,14 @@ Create a S3 compatible object storage bucket and policy for a user with write ac
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_openstack"></a> [openstack](#requirement\_openstack) | ~> 1.49.0 |
-| <a name="requirement_ovh"></a> [ovh](#requirement\_ovh) | ~> 0.26.0 |
+| <a name="requirement_ovh"></a> [ovh](#requirement\_ovh) | ~> 2.1 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.9.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_openstack"></a> [openstack](#provider\_openstack) | ~> 1.49.0 |
+| <a name="provider_ovh"></a> [ovh](#provider\_ovh) | ~> 2.1 |
 | <a name="provider_time"></a> [time](#provider\_time) | ~> 0.9.1 |
 
 ## Modules
@@ -27,19 +26,21 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [openstack_objectstorage_container_v1.bucket](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/objectstorage_container_v1) | resource |
+| [ovh_cloud_project_storage.storage](https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_storage) | resource |
 | [time_static.last_update](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
-| [openstack_identity_auth_scope_v3.current](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/data-sources/identity_auth_scope_v3) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_cloud_project_id"></a> [cloud\_project\_id](#input\_cloud\_project\_id) | Cloud project ID for this bucket | `string` | n/a | yes |
 | <a name="input_customer"></a> [customer](#input\_customer) | Customer applied to this instance | `string` | `""` | no |
+| <a name="input_encryption_enabled"></a> [encryption\_enabled](#input\_encryption\_enabled) | A boolean that indicates whether this bucket has encryption enabled. | `string` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name applied to this instance | `string` | `""` | no |
-| <a name="input_ovh_write_user"></a> [ovh\_write\_user](#input\_ovh\_write\_user) | OVH user name who will have write access to the bucket | `string` | n/a | yes |
-| <a name="input_region"></a> [region](#input\_region) | OVH region | `string` | `"GRA"` | no |
+| <a name="input_owner_id"></a> [owner\_id](#input\_owner\_id) | Container owner user ID for this bucket | `string` | `""` | no |
+| <a name="input_region_name"></a> [region\_name](#input\_region\_name) | Region (in uppercase) applied to this bucket | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags applied to this instance | `map(string)` | <pre>{<br>  "ManagedBy": "terraform"<br>}</pre> | no |
+| <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | A boolean that indicates whether this bucket has versioning enabled. | `bool` | `true` | no |
 
 ## Outputs
 
diff --git a/ovh/bucket/bucket.tf b/ovh/bucket/bucket.tf
@@ -1,18 +1,12 @@
-data "openstack_identity_auth_scope_v3" "current" {
-  name = "current"
-}
-
-resource "openstack_objectstorage_container_v1" "bucket" {
-  name         = var.name
-  region       = var.region
-  metadata     = local.interpolated_tags
-  content_type = "application/json"
-  container_read = join(":", [
-    data.openstack_identity_auth_scope_v3.current.project_id,
-    var.ovh_write_user,
-  ])
-  container_write = join(":", [
-    data.openstack_identity_auth_scope_v3.current.project_id,
-    var.ovh_write_user,
-  ])
+resource "ovh_cloud_project_storage" "storage" {
+  name = var.name
+  service_name = var.cloud_project_id
+  region_name = var.region_name
+  owner_id = var.owner_id
+  versioning = var.versioning_enabled ? {
+    status = "enabled"
+  } : null
+  encryption = var.encryption_enabled ? {
+    sse_algorithm = "AES256"
+  } : null
 }
diff --git a/ovh/bucket/main.tf b/ovh/bucket/main.tf
@@ -8,7 +8,7 @@ locals {
     },
     var.tags
   )
-  s3_region = lower(element(regex("(.*)[[:digit:]]?$", var.region), 0))
+  s3_region = lower(element(regex("(.*)[[:digit:]]?$", var.region_name), 0))
 }
 
 resource "time_static" "last_update" {
diff --git a/ovh/bucket/outputs.tf b/ovh/bucket/outputs.tf
@@ -1,8 +1,8 @@
 output "bucket" {
   value = {
-    "url"          = "s3://${openstack_objectstorage_container_v1.bucket.name}",
+    "url"          = "s3://${ovh_cloud_project_storage.storage.name}",
     "endpoint_url" = "https://s3.${local.s3_region}.cloud.ovh.net"
     "region"       = local.s3_region,
-    "name"         = openstack_objectstorage_container_v1.bucket.name,
+    "name"         = ovh_cloud_project_storage.storage.name,
   }
 }
diff --git a/ovh/bucket/providers.tf b/ovh/bucket/providers.tf
@@ -10,11 +10,7 @@ terraform {
     }
     ovh = {
       source  = "ovh/ovh"
-      version = "~> 0.26.0"
-    }
-    openstack = {
-      source  = "terraform-provider-openstack/openstack"
-      version = "~> 1.49.0"
+      version = "~> 2.1"
     }
   }
 }
diff --git a/ovh/bucket/variables.tf b/ovh/bucket/variables.tf
@@ -19,18 +19,30 @@ variable "tags" {
 }
 
 # bellow are specific modules variables
-variable "region" {
+variable "region_name" {
+  description = "Region (in uppercase) applied to this bucket"
   type        = string
-  description = "OVH region"
-  default     = "GRA"
 }
 
-# variable "ovh_service_name" {
-#   description = "OVH service name"
-#   type        = string
-# }
+variable "cloud_project_id" {
+  description = "Cloud project ID for this bucket"
+  type        = string
+}
+
+variable "owner_id" {
+  description = "Container owner user ID for this bucket"
+  type        = string
+  default     = ""
+}
+
+variable "versioning_enabled" {
+  description = "A boolean that indicates whether this bucket has versioning enabled."
+  type        = bool
+  default     = true
+}
 
-variable "ovh_write_user" {
-  description = "OVH user name who will have write access to the bucket"
+variable "encryption_enabled" {
+  description = "A boolean that indicates whether this bucket has encryption enabled."
   type        = string
+  default     = true
 }

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ locals {`
`8`	`8`	`},`
`9`	`9`	`var.tags`
`10`	`10`	`)`
`11`		`- s3_region = lower(element(regex("(.*)[[:digit:]]?$", var.region), 0))`
	`11`	`+ s3_region = lower(element(regex("(.*)[[:digit:]]?$", var.region_name), 0))`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`resource "time_static" "last_update" {`
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`output "bucket" {`
`2`	`2`	`value = {`
`3`		`- "url" = "s3://${openstack_objectstorage_container_v1.bucket.name}",`
	`3`	`+ "url" = "s3://${ovh_cloud_project_storage.storage.name}",`
`4`	`4`	`"endpoint_url" = "https://s3.${local.s3_region}.cloud.ovh.net"`
`5`	`5`	`"region" = local.s3_region,`
`6`		`- "name" = openstack_objectstorage_container_v1.bucket.name,`
	`6`	`+ "name" = ovh_cloud_project_storage.storage.name,`
`7`	`7`	`}`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,11 +10,7 @@ terraform {`
`10`	`10`	`}`
`11`	`11`	`ovh = {`
`12`	`12`	`source = "ovh/ovh"`
`13`		`- version = "~> 0.26.0"`
`14`		`- }`
`15`		`- openstack = {`
`16`		`- source = "terraform-provider-openstack/openstack"`
`17`		`- version = "~> 1.49.0"`
	`13`	`+ version = "~> 2.1"`
`18`	`14`	`}`
`19`	`15`	`}`
`20`	`16`	`}`