Incorrect documentation on is_live for google_storage_bucket

[hawksight]

Terraform Version

Terraform v0.11.7
+ provider.google v1.12.0

Affected Resource(s)

• google_storage_bucket

Terraform Configuration Files

resource "google_storage_bucket" "sql-backup" {
  count = "${length(var.sql_buckets)}"
  name  = "${lookup(var.sql_buckets[count.index], "bucket_name")}"
  project = "${var.project}"
  location = "${lookup(var.sql_buckets[count.index], "bucket_location")}"
  storage_class = "REGIONAL"
  labels {
    project = "${lookup(var.sql_buckets[count.index], "instance_project")}"
    instance = "${lookup(var.sql_buckets[count.index], "instance_name")}"
  }
  # Add a rule to delete objects older than delete_days input
  # Reference on deletions: https://cloud.google.com/storage/docs/lifecycle
  lifecycle_rule {
    "action" {
      type = "Delete"
    }
    "condition" {
      age = "${lookup(var.sql_buckets[count.index], "delete_days")}"
    }
  }
  lifecycle {
    prevent_destroy = "true"
  }
}

Expected Behavior

Reading the documentation the is_live parameter is not required for un-versioned buckets. Hence when I set the delete_days var to 10 I expect objects to be deleted after 10 days, as the bucket is not versioned.

is_live - (Optional) Relevant only for versioned objects.

Example output from gsutil lifecycle get <bucket> with my current hcl config.

{
    "rule": [
        {
            "action": {
                "type": "Delete"
            },
            "condition": {
                "age": 10,
                "isLive": false
            }
        }
    ]
}

Actual Behaviour

Objects are not being deleted after 10 days.

Because is_live defaults to false, it fills in the lifecycle rule with 'Archived'. Hence it does not match any objects in my bucket because it is un-versioned.

Steps to Reproduce

Steps untested, but given as guidance:

1. Export these vars:

export TF_VAR_NAME="<some bucket name>"
export TF_VAR_PROJECT="<some google project>"

2. Put this in a main.tf:

variable "PROJECT" {}
variable "NAME" {}

resource "google_storage_bucket" "sql-backup" {
  name  = "${var.NAME}"
  project = "${var.PROJECT}"
  location = "US"
  storage_class = "REGIONAL"

  lifecycle_rule {
    "action" {
      type = "Delete"
    }
    "condition" {
      age = "1"
    }
  }
}

3. terraform plan .. and terraform apply and then upload a file to the bucket.

4. Check file is present and the lifecycle rule is set:

gsutil ls gs://${TF_VAR_NAME}
gsutil lifecycle get gs://${TF_VAR_NAME}

5. Check after 48 hours (can take 24 hours for lifecycle rule to be implemented + 1 day) that the file is still there.

Important Factoids

The google documentation is not exactly clear when you are not using versioning on an object. You can see here that it is stated:

For the purposes of this condition, objects in non-versioned buckets are considered live.

References

I raised an issues on google cloud issue tracker to verify that the isLive parameter does matter for un-versioned buckets.

• https://issuetracker.google.com/issues/109760055

Reccomedation

This documentation should be changed. Something like the following may be more appropriate:

is_live - (Optional) Defaults to 'false' to match archived objects. If true, this condition matches live objects. Unversioned buckets have only live objects.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!