From 648212d8e77c966f38837f8487fe11ac52c55ce5 Mon Sep 17 00:00:00 2001
From: Esanim <17294241+Esanim@users.noreply.github.com>
Date: Tue, 14 May 2024 11:12:38 +0200
Subject: [PATCH] feat: add cleanup policies
BREAKING CHANGE: drop support for google provider < 5.14 due to adding cleanup policies
---
README.md | 68 +++++++++++++++-
README.tfdoc.hcl | 103 +++++++++++++++++++++++-
main.tf | 35 ++++++--
test/unit-complete/_generated_google.tf | 4 +-
test/unit-complete/main.tf | 48 ++++++++++-
test/unit-disabled/_generated_google.tf | 4 +-
test/unit-minimal/_generated_google.tf | 4 +-
variables.tf | 12 +++
versions.tf | 2 +-
versions.tm.hcl | 2 +-
10 files changed, 264 insertions(+), 18 deletions(-)
diff --git a/README.md b/README.md
index 9c48e01..856ff51 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
A [Terraform] module for [Google Cloud Platform (GCP)][gcp].
**_This module supports Terraform version 1
-and is compatible with the Terraform Google Provider version 4._**
+and is compatible with the Terraform Google Provider version 5.14._**
This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
@@ -166,6 +166,72 @@ See [variables.tf] and [examples/] for details and use-cases.
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
+- [**`cleanup_policy_dry_run`**](#var-cleanup_policy_dry_run): *(Optional `bool`)*
+
+ If true, the cleanup pipeline is prevented from deleting versions in this repository.
+
+- [**`cleanup_policies`**](#var-cleanup_policies): *(Optional `any`)*
+
+ Cleanup policies for this repository.
+
+ The object accepts the following attributes:
+
+ - [**`id`**](#attr-cleanup_policies-id): *(Optional `string`)*
+
+ (Required) The identifier for this object. Format specified above.
+
+ - [**`action`**](#attr-cleanup_policies-action): *(Optional `string`)*
+
+ (Optional) Policy action. Possible values are: DELETE, KEEP.
+
+ - [**`condition`**](#attr-cleanup_policies-condition): *(Optional `number`)*
+
+ (Optional) Policy condition for matching versions.
+
+ The object accepts the following attributes:
+
+ - [**`tag_state`**](#attr-cleanup_policies-condition-tag_state): *(Optional `string`)*
+
+ (Optional) Match versions by tag status.
+ Possible values are: TAGGED, UNTAGGED, ANY.
+
+ Default is `"ANY"`.
+
+ - [**`tag_prefixes`**](#attr-cleanup_policies-condition-tag_prefixes): *(Optional `string`)*
+
+ (Optional) Match versions by tag prefix. Applied on any prefix match.
+
+ - [**`version_name_prefixes`**](#attr-cleanup_policies-condition-version_name_prefixes): *(Optional `string`)*
+
+ (Optional) Match versions by version name prefix. Applied on any prefix match.
+
+ - [**`package_name_prefixes`**](#attr-cleanup_policies-condition-package_name_prefixes): *(Optional `string`)*
+
+ (Optional) Match versions by package prefix. Applied on any prefix match.
+
+ - [**`older_than`**](#attr-cleanup_policies-condition-older_than): *(Optional `string`)*
+
+ (Optional) Match versions older than a duration.
+
+ - [**`newer_than`**](#attr-cleanup_policies-condition-newer_than): *(Optional `string`)*
+
+ (Optional) Match versions newer than a duration.
+
+ - [**`most_recent_versions`**](#attr-cleanup_policies-most_recent_versions): *(Optional `number`)*
+
+ (Optional) Policy condition for retaining a minimum number of versions.
+ May only be specified with a Keep action.
+
+ The object accepts the following attributes:
+
+ - [**`package_name_prefixes`**](#attr-cleanup_policies-most_recent_versions-package_name_prefixes): *(Optional `string`)*
+
+ (Optional) Match versions by package prefix. Applied on any prefix match.
+
+ - [**`keep_count`**](#attr-cleanup_policies-most_recent_versions-keep_count): *(Optional `string`)*
+
+ (Optional) Minimum number of versions to keep.
+
#### Extended Resource Configuration
- [**`iam`**](#var-iam): *(Optional `list(iam)`)*
diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
index f0cf4be..4dfa041 100644
--- a/README.tfdoc.hcl
+++ b/README.tfdoc.hcl
@@ -40,7 +40,7 @@ section {
A [Terraform] module for [Google Cloud Platform (GCP)][gcp].
**_This module supports Terraform version 1
- and is compatible with the Terraform Google Provider version 4._**
+ and is compatible with the Terraform Google Provider version 5.14._**
This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
@@ -216,6 +216,107 @@ section {
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
END
}
+
+ variable "cleanup_policy_dry_run" {
+ type = bool
+ description = <<-END
+ If true, the cleanup pipeline is prevented from deleting versions in this repository.
+ END
+ }
+
+ variable "cleanup_policies" {
+ type = any
+ description = <<-END
+ Cleanup policies for this repository.
+ END
+
+ attribute "id" {
+ type = string
+ description = <<-END
+ (Required) The identifier for this object. Format specified above.
+ END
+ }
+
+ attribute "action" {
+ type = string
+ description = <<-END
+ (Optional) Policy action. Possible values are: DELETE, KEEP.
+ END
+ }
+
+ attribute "condition" {
+ type = number
+ description = <<-END
+ (Optional) Policy condition for matching versions.
+ END
+
+ attribute "tag_state" {
+ type = string
+ default = "ANY"
+ description = <<-END
+ (Optional) Match versions by tag status.
+ Possible values are: TAGGED, UNTAGGED, ANY.
+ END
+ }
+
+ attribute "tag_prefixes" {
+ type = string
+ description = <<-END
+ (Optional) Match versions by tag prefix. Applied on any prefix match.
+ END
+ }
+
+ attribute "version_name_prefixes" {
+ type = string
+ description = <<-END
+ (Optional) Match versions by version name prefix. Applied on any prefix match.
+ END
+ }
+
+ attribute "package_name_prefixes" {
+ type = string
+ description = <<-END
+ (Optional) Match versions by package prefix. Applied on any prefix match.
+ END
+ }
+
+ attribute "older_than" {
+ type = string
+ description = <<-END
+ (Optional) Match versions older than a duration.
+ END
+ }
+
+ attribute "newer_than" {
+ type = string
+ description = <<-END
+ (Optional) Match versions newer than a duration.
+ END
+ }
+ }
+
+ attribute "most_recent_versions" {
+ type = number
+ description = <<-END
+ (Optional) Policy condition for retaining a minimum number of versions.
+ May only be specified with a Keep action.
+ END
+
+ attribute "package_name_prefixes" {
+ type = string
+ description = <<-END
+ (Optional) Match versions by package prefix. Applied on any prefix match.
+ END
+ }
+
+ attribute "keep_count" {
+ type = string
+ description = <<-END
+ (Optional) Minimum number of versions to keep.
+ END
+ }
+ }
+ }
}
section {
diff --git a/main.tf b/main.tf
index 3c6f038..b95ff6c 100644
--- a/main.tf
+++ b/main.tf
@@ -4,13 +4,34 @@ resource "google_artifact_registry_repository" "repository" {
depends_on = [var.module_depends_on]
- repository_id = var.repository_id
- format = var.format
- location = var.location
- description = var.description
- labels = var.labels
- kms_key_name = var.kms_key_name
- project = var.project
+ repository_id = var.repository_id
+ format = var.format
+ location = var.location
+ description = var.description
+ labels = var.labels
+ kms_key_name = var.kms_key_name
+ project = var.project
+ cleanup_policy_dry_run = var.cleanup_policy_dry_run
+ dynamic "cleanup_policies" {
+ for_each = var.cleanup_policies != null ? var.cleanup_policies : []
+
+ content {
+ id = cleanup_policies.value.id
+ action = cleanup_policies.value.action
+ condition {
+ tag_state = cleanup_policies.value.condition.tag_state
+ tag_prefixes = cleanup_policies.value.condition.tag_prefixes
+ version_name_prefixes = cleanup_policies.value.condition.version_name_prefixes
+ package_name_prefixes = cleanup_policies.value.condition.package_name_prefixes
+ older_than = cleanup_policies.value.condition.older_than
+ newer_than = cleanup_policies.value.condition.newer_than
+ }
+ most_recent_versions {
+ package_name_prefixes = cleanup_policies.value.most_recent_versions.package_name_prefixes
+ keep_count = cleanup_policies.value.most_recent_versions.keep_count
+ }
+ }
+ }
timeouts {
create = try(var.module_timeouts.google_artifact_registry_repository.create, null)
diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
index 21ab0c7..677480e 100644
--- a/test/unit-complete/_generated_google.tf
+++ b/test/unit-complete/_generated_google.tf
@@ -23,11 +23,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.14"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 4.0"
+ version = "~> 5.14"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
index bba6334..b7a7496 100644
--- a/test/unit-complete/main.tf
+++ b/test/unit-complete/main.tf
@@ -1,5 +1,5 @@
module "test-sa" {
- source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.0.10"
+ source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.2.1"
account_id = "service-account-id-${local.random_suffix}"
}
@@ -193,5 +193,51 @@ module "test2" {
}
module_depends_on = ["nothing"]
+}
+
+module "cleanup_policies" {
+ source = "../.."
+
+ module_enabled = true
+ repository_id = "unit-complete-2-${local.random_suffix}"
+ format = "NPM"
+ location = "europe-west3"
+
+ policy_bindings = [
+ {
+ role = "roles/artifactregistry.reader"
+ members = [
+ "user:member@example.com",
+ "computed:myserviceaccount",
+ ]
+ }
+ ]
+
+ description = "An artifact registry created by an automated unit-test in https://github.com/mineiros-io/terraform-google-artifact-registry-repository."
+
+ project = var.gcp_project
+
+ cleanup_policy_dry_run = true
+ cleanup_policies = [
+ {
+ id = "delete-prerelease"
+ action = "DELETE"
+ condition = {
+ tag_state = "TAGGED"
+ tag_prefixes = ["alpha", "v0"]
+ version_name_prefixes = ["prefix1", "prefix2"]
+ package_name_prefixes = ["prefix1", "prefix2"]
+ older_than = "2592000s"
+ newer_than = "1d"
+ }
+ most_recent_versions = {
+ package_name_prefixes = ["prefix1", "prefix2"]
+ keep_count = 1
+ }
+ }
+ ]
+
+ module_depends_on = ["nothing"]
}
+
diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
index b702a20..b9c3e68 100644
--- a/test/unit-disabled/_generated_google.tf
+++ b/test/unit-disabled/_generated_google.tf
@@ -23,11 +23,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.14"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 4.0"
+ version = "~> 5.14"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
index e17dcec..2f2d5b1 100644
--- a/test/unit-minimal/_generated_google.tf
+++ b/test/unit-minimal/_generated_google.tf
@@ -23,11 +23,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "4.0"
+ version = "5.14"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "4.0"
+ version = "5.14"
}
random = {
source = "hashicorp/random"
diff --git a/variables.tf b/variables.tf
index fc53190..f0acd95 100644
--- a/variables.tf
+++ b/variables.tf
@@ -50,6 +50,18 @@ variable "project" {
default = null
}
+variable "cleanup_policy_dry_run" {
+ description = "(Optional) If true, the cleanup pipeline is prevented from deleting versions in this repository."
+ type = bool
+ default = false
+}
+
+variable "cleanup_policies" {
+ description = "(Optional) Cleanup policies for this repository."
+ type = any
+ default = null
+}
+
# ------------------------------------------------------------------------------
# MODULE CONFIGURATION PARAMETERS
# These variables are used to configure the module.
diff --git a/versions.tf b/versions.tf
index 461cc2f..64d7109 100644
--- a/versions.tf
+++ b/versions.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.0, <6"
+ version = ">= 5.14, <6"
}
}
}
diff --git a/versions.tm.hcl b/versions.tm.hcl
index 2856519..ee877c7 100644
--- a/versions.tm.hcl
+++ b/versions.tm.hcl
@@ -1,7 +1,7 @@
globals {
minimum_terraform_version = "1.0"
- minimum_provider_version = "4.0"
+ minimum_provider_version = "5.14"
provider = "google-beta"
provider_version_constraint = ">= ${global.minimum_provider_version}, <6"