Merge pull request #28 from mineiros-io/lukas/add-cleanup-policy

feat: add cleanup policies

README.md

@@ -11,7 +11,7 @@
 A [Terraform] module for [Google Cloud Platform (GCP)][gcp].
 
 **_This module supports Terraform version 1
-and is compatible with the Terraform Google Provider version 4._**
+and is compatible with the Terraform Google Provider version 5.14._**
 
 This module is part of our Infrastructure as Code (IaC) framework
 that enables our users and customers to easily deploy and manage reusable,
@@ -166,6 +166,72 @@ See [variables.tf] and [examples/] for details and use-cases.
 
   The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
 
+- [**`cleanup_policy_dry_run`**](#var-cleanup_policy_dry_run): *(Optional `bool`)*<a name="var-cleanup_policy_dry_run"></a>
+
+  If true, the cleanup pipeline is prevented from deleting versions in this repository.
+
+- [**`cleanup_policies`**](#var-cleanup_policies): *(Optional `any`)*<a name="var-cleanup_policies"></a>
+
+  Cleanup policies for this repository.
+
+  The object accepts the following attributes:
+
+  - [**`id`**](#attr-cleanup_policies-id): *(Optional `string`)*<a name="attr-cleanup_policies-id"></a>
+
+    (Required) The identifier for this object. Format specified above.
+
+  - [**`action`**](#attr-cleanup_policies-action): *(Optional `string`)*<a name="attr-cleanup_policies-action"></a>
+
+    (Optional) Policy action. Possible values are: DELETE, KEEP.
+
+  - [**`condition`**](#attr-cleanup_policies-condition): *(Optional `number`)*<a name="attr-cleanup_policies-condition"></a>
+
+    (Optional) Policy condition for matching versions.
+
+    The object accepts the following attributes:
+
+    - [**`tag_state`**](#attr-cleanup_policies-condition-tag_state): *(Optional `string`)*<a name="attr-cleanup_policies-condition-tag_state"></a>
+
+      (Optional) Match versions by tag status.
+      Possible values are: TAGGED, UNTAGGED, ANY.
+
+      Default is `"ANY"`.
+
+    - [**`tag_prefixes`**](#attr-cleanup_policies-condition-tag_prefixes): *(Optional `string`)*<a name="attr-cleanup_policies-condition-tag_prefixes"></a>
+
+      (Optional) Match versions by tag prefix. Applied on any prefix match.
+
+    - [**`version_name_prefixes`**](#attr-cleanup_policies-condition-version_name_prefixes): *(Optional `string`)*<a name="attr-cleanup_policies-condition-version_name_prefixes"></a>
+
+      (Optional) Match versions by version name prefix. Applied on any prefix match.
+
+    - [**`package_name_prefixes`**](#attr-cleanup_policies-condition-package_name_prefixes): *(Optional `string`)*<a name="attr-cleanup_policies-condition-package_name_prefixes"></a>
+
+      (Optional) Match versions by package prefix. Applied on any prefix match.
+
+    - [**`older_than`**](#attr-cleanup_policies-condition-older_than): *(Optional `string`)*<a name="attr-cleanup_policies-condition-older_than"></a>
+
+      (Optional) Match versions older than a duration.
+
+    - [**`newer_than`**](#attr-cleanup_policies-condition-newer_than): *(Optional `string`)*<a name="attr-cleanup_policies-condition-newer_than"></a>
+
+      (Optional) Match versions newer than a duration.
+
+  - [**`most_recent_versions`**](#attr-cleanup_policies-most_recent_versions): *(Optional `number`)*<a name="attr-cleanup_policies-most_recent_versions"></a>
+
+    (Optional) Policy condition for retaining a minimum number of versions. 
+    May only be specified with a Keep action.
+
+    The object accepts the following attributes:
+
+    - [**`package_name_prefixes`**](#attr-cleanup_policies-most_recent_versions-package_name_prefixes): *(Optional `string`)*<a name="attr-cleanup_policies-most_recent_versions-package_name_prefixes"></a>
+
+      (Optional) Match versions by package prefix. Applied on any prefix match.
+
+    - [**`keep_count`**](#attr-cleanup_policies-most_recent_versions-keep_count): *(Optional `string`)*<a name="attr-cleanup_policies-most_recent_versions-keep_count"></a>
+
+      (Optional) Minimum number of versions to keep.
+
 #### Extended Resource Configuration
 
 - [**`iam`**](#var-iam): *(Optional `list(iam)`)*<a name="var-iam"></a>

README.tfdoc.hcl

@@ -40,7 +40,7 @@ section {
     A [Terraform] module for [Google Cloud Platform (GCP)][gcp].
 
     **_This module supports Terraform version 1
-    and is compatible with the Terraform Google Provider version 4._**
+    and is compatible with the Terraform Google Provider version 5.14._**
 
     This module is part of our Infrastructure as Code (IaC) framework
     that enables our users and customers to easily deploy and manage reusable,
@@ -216,6 +216,107 @@ section {
             The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
           END
         }
+
+        variable "cleanup_policy_dry_run" {
+          type        = bool
+          description = <<-END
+            If true, the cleanup pipeline is prevented from deleting versions in this repository.
+          END
+        }
+
+        variable "cleanup_policies" {
+          type        = any
+          description = <<-END
+            Cleanup policies for this repository.
+          END
+
+          attribute "id" {
+            type        = string
+            description = <<-END
+            (Required) The identifier for this object. Format specified above.
+          END
+          }
+
+          attribute "action" {
+            type        = string
+            description = <<-END
+            (Optional) Policy action. Possible values are: DELETE, KEEP.
+          END
+          }
+
+          attribute "condition" {
+            type        = number
+            description = <<-END
+            (Optional) Policy condition for matching versions.
+          END
+
+            attribute "tag_state" {
+              type        = string
+              default     = "ANY"
+              description = <<-END
+            (Optional) Match versions by tag status.
+            Possible values are: TAGGED, UNTAGGED, ANY.
+          END
+            }
+
+            attribute "tag_prefixes" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions by tag prefix. Applied on any prefix match.
+          END
+            }
+
+            attribute "version_name_prefixes" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions by version name prefix. Applied on any prefix match.
+          END
+            }
+
+            attribute "package_name_prefixes" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions by package prefix. Applied on any prefix match.
+          END
+            }
+
+            attribute "older_than" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions older than a duration.
+          END
+            }
+
+            attribute "newer_than" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions newer than a duration.
+          END
+            }
+          }
+
+          attribute "most_recent_versions" {
+            type        = number
+            description = <<-END
+            (Optional) Policy condition for retaining a minimum number of versions. 
+            May only be specified with a Keep action.
+          END
+
+            attribute "package_name_prefixes" {
+              type        = string
+              description = <<-END
+            (Optional) Match versions by package prefix. Applied on any prefix match.
+          END
+            }
+
+            attribute "keep_count" {
+              type        = string
+              description = <<-END
+            (Optional) Minimum number of versions to keep.
+          END
+            }
+          }
+        }
       }
 
       section {

main.tf

@@ -4,13 +4,34 @@ resource "google_artifact_registry_repository" "repository" {
 
   depends_on = [var.module_depends_on]
 
-  repository_id = var.repository_id
-  format        = var.format
-  location      = var.location
-  description   = var.description
-  labels        = var.labels
-  kms_key_name  = var.kms_key_name
-  project       = var.project
+  repository_id          = var.repository_id
+  format                 = var.format
+  location               = var.location
+  description            = var.description
+  labels                 = var.labels
+  kms_key_name           = var.kms_key_name
+  project                = var.project
+  cleanup_policy_dry_run = var.cleanup_policy_dry_run
+  dynamic "cleanup_policies" {
+    for_each = var.cleanup_policies != null ? var.cleanup_policies : []
+
+    content {
+      id     = cleanup_policies.value.id
+      action = cleanup_policies.value.action
+      condition {
+        tag_state             = cleanup_policies.value.condition.tag_state
+        tag_prefixes          = cleanup_policies.value.condition.tag_prefixes
+        version_name_prefixes = cleanup_policies.value.condition.version_name_prefixes
+        package_name_prefixes = cleanup_policies.value.condition.package_name_prefixes
+        older_than            = cleanup_policies.value.condition.older_than
+        newer_than            = cleanup_policies.value.condition.newer_than
+      }
+      most_recent_versions {
+        package_name_prefixes = cleanup_policies.value.most_recent_versions.package_name_prefixes
+        keep_count            = cleanup_policies.value.most_recent_versions.keep_count
+      }
+    }
+  }
 
   timeouts {
     create = try(var.module_timeouts.google_artifact_registry_repository.create, null)

test/unit-complete/_generated_google.tf

@@ -23,11 +23,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "~> 4.0"
+      version = "~> 5.14"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      version = "~> 5.14"
     }
     random = {
       source  = "hashicorp/random"

test/unit-complete/main.tf

@@ -1,5 +1,5 @@
 module "test-sa" {
-  source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.0.10"
+  source = "github.com/mineiros-io/terraform-google-service-account?ref=v0.2.1"
 
   account_id = "service-account-id-${local.random_suffix}"
 }
@@ -193,5 +193,51 @@ module "test2" {
   }
 
   module_depends_on = ["nothing"]
+}
+
+module "cleanup_policies" {
+  source = "../.."
+
+  module_enabled = true
 
+  repository_id = "unit-complete-2-${local.random_suffix}"
+  format        = "NPM"
+  location      = "europe-west3"
+
+  policy_bindings = [
+    {
+      role = "roles/artifactregistry.reader"
+      members = [
+        "user:[email protected]",
+        "computed:myserviceaccount",
+      ]
+    }
+  ]
+
+  description = "An artifact registry created by an automated unit-test in https://github.com/mineiros-io/terraform-google-artifact-registry-repository."
+
+  project = var.gcp_project
+
+  cleanup_policy_dry_run = true
+  cleanup_policies = [
+    {
+      id     = "delete-prerelease"
+      action = "DELETE"
+      condition = {
+        tag_state             = "TAGGED"
+        tag_prefixes          = ["alpha", "v0"]
+        version_name_prefixes = ["prefix1", "prefix2"]
+        package_name_prefixes = ["prefix1", "prefix2"]
+        older_than            = "2592000s"
+        newer_than            = "1d"
+      }
+      most_recent_versions = {
+        package_name_prefixes = ["prefix1", "prefix2"]
+        keep_count            = 1
+      }
+    }
+  ]
+
+  module_depends_on = ["nothing"]
 }
+

test/unit-disabled/_generated_google.tf

@@ -23,11 +23,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "~> 4.0"
+      version = "~> 5.14"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      version = "~> 5.14"
     }
     random = {
       source  = "hashicorp/random"

test/unit-minimal/_generated_google.tf

@@ -23,11 +23,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "4.0"
+      version = "5.14"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "4.0"
+      version = "5.14"
     }
     random = {
       source  = "hashicorp/random"

variables.tf

@@ -50,6 +50,18 @@ variable "project" {
   default     = null
 }
 
+variable "cleanup_policy_dry_run" {
+  description = "(Optional) If true, the cleanup pipeline is prevented from deleting versions in this repository."
+  type        = bool
+  default     = false
+}
+
+variable "cleanup_policies" {
+  description = "(Optional) Cleanup policies for this repository."
+  type        = any
+  default     = null
+}
+
 # ------------------------------------------------------------------------------
 # MODULE CONFIGURATION PARAMETERS
 # These variables are used to configure the module.

versions.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.0, <6"
+      version = ">= 5.14, <6"
     }
   }
 }

versions.tm.hcl

@@ -1,7 +1,7 @@
 globals {
   minimum_terraform_version = "1.0"
 
-  minimum_provider_version = "4.0"
+  minimum_provider_version = "5.14"
   provider                 = "google-beta"
 
   provider_version_constraint  = ">= ${global.minimum_provider_version}, <6"