fix: bucket acls, readme

terraform/module/main.tf

@@ -29,11 +29,24 @@ resource "google_storage_bucket_acl" "bucket_acl" {
   bucket = google_storage_bucket.bucket.name
 
   role_entity = [
-    "READER:allUsers",
+    "OWNER:project-owners-${var.project_number}",
+    "OWNER:project-editors-${var.project_number}",
+    "READER:project-viewers-${var.project_number}",
     "OWNER:user-${google_service_account.uploader_sa.email}",
   ]
 }
 
+resource "google_storage_default_object_acl" "default_acl" {
+  bucket = google_storage_bucket.bucket.name
+
+  role_entity = [
+    "READER:allUsers",
+    "OWNER:project-owners-${var.project_number}",
+    "OWNER:project-editors-${var.project_number}",
+    "READER:project-viewers-${var.project_number}",
+  ]
+}
+
 resource "google_storage_bucket_object" "index" {
   name   = "index.html"
   source = "${path.module}/public/index.html"

terraform/module/variables.tf

@@ -8,6 +8,11 @@ variable "project" {
   type        = string
 }
 
+variable "project_number" {
+  type        = string
+  description = "The numeric project ID"
+}
+
 variable "domain" {
   description = "DNS name to serve static content"
   type        = string