Skip to content

Commit ceb785d

Browse files
kierramariekierramarie
authored
feat: expose retention_rule in cos base module (#1006)
* feat: expose retention_rule in cos base module * fix: retention_rule validation
1 parent 0e97a9b commit ceb785d

File tree

7 files changed

+76
-1
lines changed

7 files changed

+76
-1
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -916,7 +916,7 @@ module "cluster_pattern" {
916916
| <a name="input_appid"></a> [appid](#input\_appid) | The App ID instance to be used for the teleport vsi deployments | <pre>object({<br/> name = optional(string)<br/> resource_group = optional(string)<br/> use_data = optional(bool)<br/> keys = optional(list(string))<br/> use_appid = bool<br/> })</pre> | <pre>{<br/> "use_appid": false<br/>}</pre> | no |
917917
| <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br/> resource_group = string<br/> receive_global_events = bool<br/> collector_bucket_name = string<br/> add_route = bool<br/> })</pre> | n/a | yes |
918918
| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br/> object({<br/> name = string # Name of Cluster<br/> vpc_name = string # Name of VPC<br/> subnet_names = list(string) # List of vpc subnets for cluster<br/> workers_per_subnet = number # Worker nodes per subnet.<br/> machine_type = string # Worker node flavor<br/> kube_type = string # iks or openshift<br/> kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> pod_subnet = optional(string) # Portable subnet for pods<br/> service_subnet = optional(string) # Portable subnet for services<br/> resource_group = string # Resource Group used for cluster<br/> cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters<br/> access_tags = optional(list(string), [])<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint<br/> disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers<br/> cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion<br/> operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed<br/> verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false.<br/> use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints.<br/> allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool).<br/> labels = optional(map(string)) # A list of labels that you want to add to the default worker pool.<br/> enable_ocp_console = optional(bool) # Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint.<br/> addons = optional(object({ # Map of OCP cluster add-on versions to install<br/> debug-tool = optional(string)<br/> image-key-synchronizer = optional(string)<br/> openshift-data-foundation = optional(string)<br/> vpc-file-csi-driver = optional(string)<br/> static-route = optional(string)<br/> cluster-autoscaler = optional(string)<br/> vpc-block-csi-driver = optional(string)<br/> ibm-storage-operator = optional(string)<br/> }), {})<br/> manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources.<br/> kms_config = optional(<br/> object({<br/> crk_name = string # Name of key<br/> private_endpoint = optional(bool) # Private endpoint<br/> })<br/> )<br/> worker_pools = optional(<br/> list(<br/> object({<br/> name = string # Worker pool name<br/> vpc_name = string # VPC name<br/> workers_per_subnet = number # Worker nodes per subnet<br/> flavor = string # Worker node flavor<br/> subnet_names = list(string) # List of vpc subnets for worker pool<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool.<br/> })<br/> )<br/> )<br/> })<br/> )</pre> | n/a | yes |
919-
| <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br/> object({<br/> name = string<br/> use_data = optional(bool)<br/> resource_group = string<br/> plan = optional(string)<br/> random_suffix = optional(bool) # Use a random suffix for COS instance<br/> access_tags = optional(list(string), [])<br/> skip_kms_s2s_auth_policy = optional(bool, false) # skip auth policy between this instance and kms instance, useful if existing resources are used<br/> skip_flowlogs_s2s_auth_policy = optional(bool, false) # skip auth policy between flow logs service and this instance, set to true if this policy is already in place on account<br/> skip_atracker_s2s_auth_policy = optional(bool, false) # skip auth policyt between atracker service and this instance, set to true if this is existing recipient of atracker already<br/> buckets = list(object({<br/> name = string<br/> storage_class = string<br/> endpoint_type = string<br/> force_delete = bool<br/> single_site_location = optional(string)<br/> region_location = optional(string)<br/> cross_region_location = optional(string)<br/> kms_key = optional(string)<br/> access_tags = optional(list(string), [])<br/> allowed_ip = optional(list(string), [])<br/> hard_quota = optional(number)<br/> archive_rule = optional(object({<br/> days = number<br/> archive_filter_prefix = optional(string)<br/> enable = bool<br/> rule_id = optional(string)<br/> type = string<br/> }))<br/> expire_rule = optional(object({<br/> days = optional(number)<br/> expire_filter_prefix = optional(string)<br/> date = optional(string)<br/> enable = bool<br/> expired_object_delete_marker = optional(string)<br/> prefix = optional(string)<br/> rule_id = optional(string)<br/> }))<br/> activity_tracking = optional(object({<br/> activity_tracker_crn = string<br/> read_data_events = bool<br/> write_data_events = bool<br/> management_events = bool<br/> }))<br/> metrics_monitoring = optional(object({<br/> metrics_monitoring_crn = string<br/> request_metrics_enabled = optional(bool)<br/> usage_metrics_enabled = optional(bool)<br/> }))<br/> }))<br/> keys = optional(<br/> list(object({<br/> name = string<br/> role = string<br/> enable_HMAC = bool<br/> }))<br/> )<br/><br/> })<br/> )</pre> | n/a | yes |
919+
| <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br/> object({<br/> name = string<br/> use_data = optional(bool)<br/> resource_group = string<br/> plan = optional(string)<br/> random_suffix = optional(bool) # Use a random suffix for COS instance<br/> access_tags = optional(list(string), [])<br/> skip_kms_s2s_auth_policy = optional(bool, false) # skip auth policy between this instance and kms instance, useful if existing resources are used<br/> skip_flowlogs_s2s_auth_policy = optional(bool, false) # skip auth policy between flow logs service and this instance, set to true if this policy is already in place on account<br/> skip_atracker_s2s_auth_policy = optional(bool, false) # skip auth policyt between atracker service and this instance, set to true if this is existing recipient of atracker already<br/> buckets = list(object({<br/> name = string<br/> storage_class = string<br/> endpoint_type = string<br/> force_delete = bool<br/> single_site_location = optional(string)<br/> region_location = optional(string)<br/> cross_region_location = optional(string)<br/> kms_key = optional(string)<br/> access_tags = optional(list(string), [])<br/> allowed_ip = optional(list(string), [])<br/> hard_quota = optional(number)<br/> archive_rule = optional(object({<br/> days = number<br/> archive_filter_prefix = optional(string)<br/> enable = bool<br/> rule_id = optional(string)<br/> type = string<br/> }))<br/> expire_rule = optional(object({<br/> days = optional(number)<br/> expire_filter_prefix = optional(string)<br/> date = optional(string)<br/> enable = bool<br/> expired_object_delete_marker = optional(string)<br/> prefix = optional(string)<br/> rule_id = optional(string)<br/> }))<br/> activity_tracking = optional(object({<br/> activity_tracker_crn = string<br/> read_data_events = bool<br/> write_data_events = bool<br/> management_events = bool<br/> }))<br/> metrics_monitoring = optional(object({<br/> metrics_monitoring_crn = string<br/> request_metrics_enabled = optional(bool)<br/> usage_metrics_enabled = optional(bool)<br/> }))<br/> retention_rule = optional(object({<br/> default = number<br/> maximum = number<br/> minimum = number<br/> permanent = optional(bool)<br/> }))<br/> }))<br/> keys = optional(<br/> list(object({<br/> name = string<br/> role = string<br/> enable_HMAC = bool<br/> }))<br/> )<br/><br/> })<br/> )</pre> | n/a | yes |
920920
| <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
921921
| <a name="input_existing_vpc_cbr_zone_id"></a> [existing\_vpc\_cbr\_zone\_id](#input\_existing\_vpc\_cbr\_zone\_id) | ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md). | `string` | `null` | no |
922922
| <a name="input_f5_template_data"></a> [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | <pre>object({<br/> tmos_admin_password = optional(string)<br/> license_type = optional(string)<br/> byol_license_basekey = optional(string)<br/> license_host = optional(string)<br/> license_username = optional(string)<br/> license_password = optional(string)<br/> license_pool = optional(string)<br/> license_sku_keyword_1 = optional(string)<br/> license_sku_keyword_2 = optional(string)<br/> license_unit_of_measure = optional(string)<br/> do_declaration_url = optional(string)<br/> as3_declaration_url = optional(string)<br/> ts_declaration_url = optional(string)<br/> phone_home_url = optional(string)<br/> template_source = optional(string)<br/> template_version = optional(string)<br/> app_id = optional(string)<br/> tgactive_url = optional(string)<br/> tgstandby_url = optional(string)<br/> tgrefresh_url = optional(string)<br/> })</pre> | <pre>{<br/> "license_type": "none"<br/>}</pre> | no |

cos.tf

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,21 @@ resource "ibm_cos_bucket" "buckets" {
126126
usage_metrics_enabled = metrics_monitoring.value.usage_metrics_enabled
127127
}
128128
}
129+
130+
dynamic "retention_rule" {
131+
for_each = (
132+
each.value.retention_rule == null
133+
? []
134+
: [each.value.retention_rule]
135+
)
136+
137+
content {
138+
default = retention_rule.value.default
139+
minimum = retention_rule.value.minimum
140+
maximum = retention_rule.value.maximum
141+
permanent = retention_rule.value.permanent
142+
}
143+
}
129144
}
130145

131146
resource "time_sleep" "wait_for_cos_bucket_lifecycle" {

patterns/mixed/override.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,12 @@
6565
"enable": true,
6666
"days": 0,
6767
"type": "Glacier"
68+
},
69+
"retention_rule": {
70+
"default": 1,
71+
"maximum": 1,
72+
"minimum": 1,
73+
"permanent": false
6874
}
6975
}
7076
],

patterns/roks/override.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,12 @@
108108
"enable": true,
109109
"days": 0,
110110
"type": "Glacier"
111+
},
112+
"retention_rule": {
113+
"default": 1,
114+
"maximum": 1,
115+
"minimum": 1,
116+
"permanent": false
111117
}
112118
}
113119
],

patterns/vpc/override.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,12 @@
2929
"enable": true,
3030
"days": 0,
3131
"type": "Glacier"
32+
},
33+
"retention_rule": {
34+
"default": 1,
35+
"maximum": 1,
36+
"minimum": 1,
37+
"permanent": false
3238
}
3339
}
3440
],

patterns/vsi/override.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,12 @@
8888
"enable": true,
8989
"days": 0,
9090
"type": "Glacier"
91+
},
92+
"retention_rule": {
93+
"default": 1,
94+
"maximum": 1,
95+
"minimum": 1,
96+
"permanent": false
9197
}
9298
}
9399
],

variables.tf

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -581,6 +581,12 @@ variable "cos" {
581581
request_metrics_enabled = optional(bool)
582582
usage_metrics_enabled = optional(bool)
583583
}))
584+
retention_rule = optional(object({
585+
default = number
586+
maximum = number
587+
minimum = number
588+
permanent = optional(bool)
589+
}))
584590
}))
585591
keys = optional(
586592
list(object({
@@ -748,6 +754,36 @@ variable "cos" {
748754
]
749755
) == 0
750756
}
757+
758+
validation {
759+
error_message = "`retention_rule.minimum` value must be less than or equal to the `retention_rule.default` value."
760+
condition = length(
761+
flatten(
762+
[
763+
for instance in var.cos :
764+
[
765+
for bucket in instance.buckets :
766+
bucket.retention_rule == null ? true : bucket.retention_rule.minimum <= bucket.retention_rule.default
767+
]
768+
]
769+
)
770+
) == length(flatten([for instance in var.cos : [for bucket in instance.buckets : true]]))
771+
}
772+
773+
validation {
774+
error_message = "`retention_rule.default` value must be less than or equal to the `retention_rule.maximum` value."
775+
condition = length(
776+
flatten(
777+
[
778+
for instance in var.cos :
779+
[
780+
for bucket in instance.buckets :
781+
bucket.retention_rule == null ? true : bucket.retention_rule.default <= bucket.retention_rule.maximum
782+
]
783+
]
784+
)
785+
) == length(flatten([for instance in var.cos : [for bucket in instance.buckets : true]]))
786+
}
751787
}
752788

753789
##############################################################################

0 commit comments

Comments
 (0)