Add a new kubernetes-security-ci-logs bucket

Signed-off-by: Marko Mudrinić <[email protected]>

Author: xmudrii

infra/gcp/terraform/k8s-infra-prow/buckets.tf

@@ -82,7 +82,7 @@ module "testgrid_config_bucket" {
   ]
 }
 
-// Create gs://k8s-ci-logs to store logs from Prow jobs.
+// Create gs://kubernetes-ci-logs to store logs from Prow jobs.
 module "prow_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
   version = "~> 5"
@@ -144,3 +144,30 @@ resource "google_pubsub_topic" "kubernetes_ci_logs_topic" {
   name    = "kubernetes-ci-logs-updates"
   project = module.project.project_id
 }
+
+// Create gs://kubernetes-security-ci-logs private bucket to store logs from Prow jobs running in
+// the kubernetes-security org.
+module "prow_security_bucket" {
+  source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
+  version = "~> 5"
+
+  name       = "kubernetes-security-ci-logs"
+  project_id = module.project.project_id
+  location   = "us-central1"
+  lifecycle_rules = [{
+    action = {
+      type = "Delete"
+    }
+    condition = {
+      age        = 30 # 30d
+      with_state = "ANY"
+    }
+  }]
+
+  iam_members = [
+    {
+      role   = "roles/storage.objectAdmin"
+      member = "serviceAccount:${google_service_account.prow.email}"
+    },
+  ]
+}