Fix/17/lifecycle rules

README.md

@@ -51,6 +51,7 @@ Functional examples are included in the
 | creators | IAM-style members who will be granted roles/storage.objectCreators on all buckets. | list | `<list>` | no |
 | force\_destroy | Optional map of lowercase unprefixed name => boolean, defaults to false. | map | `<map>` | no |
 | labels | Labels to be attached to the buckets | map | `<map>` | no |
+| lifecycle\_rules | List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string. | object | `<list>` | no |
 | location | Bucket location. | string | `"EU"` | no |
 | names | Bucket name suffixes. | list(string) | n/a | yes |
 | prefix | Prefix used to generate the bucket name. | string | n/a | yes |

examples/simple_example/main.tf

@@ -24,5 +24,16 @@ module "cloud_storage" {
   prefix             = var.prefix
   names              = var.names
   bucket_policy_only = var.bucket_policy_only
+
+  lifecycle_rules = [{
+    action = {
+      type          = "SetStorageClass"
+      storage_class = "NEARLINE"
+    }
+    condition = {
+      age                   = "10"
+      matches_storage_class = "MULTI_REGIONAL,STANDARD,DURABLE_REDUCED_AVAILABILITY"
+    }
+  }]
 }
 

examples/simple_example/variables.tf

@@ -33,4 +33,3 @@ variable "bucket_policy_only" {
   description = "Disable ad-hoc ACLs on specified buckets. Defaults to true. Map of lowercase unprefixed name => boolean"
   type        = map(string)
 }
-

main.tf

@@ -42,6 +42,24 @@ resource "google_storage_bucket" "buckets" {
       false,
     )
   }
+  dynamic "lifecycle_rule" {
+    for_each = var.lifecycle_rules
+    content {
+      action {
+        type          = lifecycle_rule.value.action.type
+        storage_class = lifecycle_rule.value.action.storage_class
+      }
+      condition {
+        age                   = lookup(lifecycle_rule.value.condition, "age", null)
+        created_before        = lookup(lifecycle_rule.value.condition, "created_before", null)
+        with_state            = lookup(lifecycle_rule.value.condition, "with_state", null)
+        is_live               = lookup(lifecycle_rule.value.condition, "is_live", null)
+        matches_storage_class = contains(keys(lifecycle_rule.value.condition), "matches_storage_class") ? split(",", lifecycle_rule.value.condition["matches_storage_class"]) : null
+        num_newer_versions    = lookup(lifecycle_rule.value.condition, "num_newer_versions", null)
+      }
+    }
+  }
+
 }
 
 resource "google_storage_bucket_iam_binding" "admins" {

test/fixtures/simple_example/main.tf

@@ -35,4 +35,3 @@ module "example" {
     "two" = false
   }
 }
-

test/fixtures/simple_example/variables.tf

@@ -18,4 +18,3 @@ variable "project_id" {
   description = "The ID of the project in which to provision resources."
   type        = string
 }
-

test/integration/simple_example/controls/gsutil.rb

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'json'
+
 control "gsutil" do
   title "gsutil"
 
@@ -33,4 +35,37 @@
     its(:stderr) { should eq "" }
     its(:stdout) { should include "Enabled: False" }
   end
+
+  get_lifecycle_0_out = command("gsutil lifecycle get gs://#{attribute("names_list")[0]}")
+  rule = JSON.parse(get_lifecycle_0_out.stdout)['rule'][0]
+
+  describe get_lifecycle_0_out do
+    let(:action) { rule['action'] }
+    let(:condition) { rule['condition'] }
+
+    its(:exit_status) { should eq 0 }
+    its(:stderr) { should eq "" }
+    it { expect(action['storageClass']).to eq("NEARLINE") }
+    it { expect(action['type']).to eq("SetStorageClass") }
+    it { expect(condition['age']).to eq(10) }
+    it { expect(condition['isLive']).to eq(false) }
+    it { expect(condition['matchesStorageClass']).to eq(%w(MULTI_REGIONAL STANDARD DURABLE_REDUCED_AVAILABILITY)) }
+  end
+
+  get_lifecycle_1_out = command("gsutil lifecycle get gs://#{attribute("names_list")[1]}")
+  rule_1 = JSON.parse(get_lifecycle_1_out.stdout)['rule'][0]
+
+  describe command("gsutil lifecycle get gs://#{attribute("names_list")[1]}") do
+    let(:action) { rule_1['action'] }
+    let(:condition) { rule_1['condition'] }
+
+    its(:exit_status) { should eq 0 }
+    its(:stderr) { should eq "" }
+    it { expect(action['storageClass']).to eq("NEARLINE") }
+    it { expect(action['type']).to eq("SetStorageClass") }
+    it { expect(condition['age']).to eq(10) }
+    it { expect(condition['isLive']).to eq(false) }
+    it { expect(condition['matchesStorageClass']).to eq(%w(MULTI_REGIONAL STANDARD DURABLE_REDUCED_AVAILABILITY)) }
+  end
+
 end

variables.tf

@@ -104,3 +104,14 @@ variable "set_viewer_roles" {
   default     = false
 }
 
+variable "lifecycle_rules" {
+  type = set(object({
+    action = object({
+      type          = string
+      storage_class = string
+    })
+    condition = map(string)
+  }))
+  default     = []
+  description = "List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string."
+}