diff --git a/docs/upgrading_to_v6.0.md b/docs/upgrading_to_v6.0.md
new file mode 100644
index 00000000..3a883cd6
--- /dev/null
+++ b/docs/upgrading_to_v6.0.md
@@ -0,0 +1,30 @@
+# Upgrading to Log Export v6.0
+
+The v6.0 release of Log Export is a backwards incompatible release and features few additional features for log retenions and bucket policy lifecycles.
+
+Breaking changes have only been made to the storage module.
+Other modules can safely update the version without needing any changes.
+
+## Migration Instructions
+
+NOTE: Users should prefer to let Terraform update their resources to the newer defaults.
+To preserve the existing defaults, see below:
+
+```diff
+module "gcs" {
+ source = "terraform-google-modules/log-export/google//modules/storage"
+- version = "v5.0"
++ version = "v6.0"
+
+- expiration_days = 365
++ lifecycle_rules = [{
++ action = {
++ type = "Delete"
++ }
++ condition = {
++ age = 365
++ with_state = "ANY"
++ }
++ }]
+}
+```
diff --git a/examples/storage/project/main.tf b/examples/storage/project/main.tf
index b1a2456b..00312cda 100644
--- a/examples/storage/project/main.tf
+++ b/examples/storage/project/main.tf
@@ -34,6 +34,16 @@ module "destination" {
source = "../../..//modules/storage"
project_id = var.project_id
storage_bucket_name = "storage_project_${random_string.suffix.result}"
- expiration_days = 365
log_sink_writer_identity = module.log_export.writer_identity
+
+ lifecycle_rules = [{
+ action = {
+ type = "Delete"
+ }
+ condition = {
+ age = 365
+ with_state = "ANY"
+ }
+ }]
}
+
diff --git a/modules/storage/README.md b/modules/storage/README.md
index 2516fa68..aa4e489a 100644
--- a/modules/storage/README.md
+++ b/modules/storage/README.md
@@ -24,6 +24,27 @@ module "destination" {
project_id = "sample-project"
storage_bucket_name = "sample_storage_bucket"
log_sink_writer_identity = "${module.log_export.writer_identity}"
+ lifecycle_rules = [
+ {
+ action = {
+ type = "Delete"
+ }
+ condition = {
+ age = 365
+ with_state = "ANY"
+ }
+ },
+ {
+ action = {
+ type = "SetStorageClass"
+ storage_class = "COLDLINE"
+ }
+ condition = {
+ age = 180
+ with_state = "ANY"
+ }
+ }
+ ]
}
```
@@ -36,12 +57,13 @@ so that all dependencies are met.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| expiration\_days | Object expiration time. If unset logs will never be deleted. | `number` | `null` | no |
| force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. | `bool` | `false` | no |
+| lifecycle\_rules | List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches\_storage\_class should be a comma delimited string. | set(object({
# Object with keys:
# - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
# - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
action = map(string)
# Object with keys:
# - age - (Optional) Minimum age of an object in days to satisfy this condition.
# - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
# - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
# - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
# - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
# - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
condition = map(string)
})) | `[]` | no |
| location | The location of the storage bucket. | `string` | `"US"` | no |
| log\_sink\_writer\_identity | The service account that logging uses to write log entries to the destination. (This is available as an output coming from the root module). | `string` | n/a | yes |
| project\_id | The ID of the project in which the storage bucket will be created. | `string` | n/a | yes |
| retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | object({
is_locked = bool
retention_period_days = number
}) | `null` | no |
+| storage\_bucket\_labels | Labels to apply to the storage bucket. | `map(string)` | `{}` | no |
| storage\_bucket\_name | The name of the storage bucket to be created and used for log entries matching the filter. | `string` | n/a | yes |
| storage\_class | The storage class of the storage bucket. | `string` | `"STANDARD"` | no |
| uniform\_bucket\_level\_access | Enables Uniform bucket-level access to a bucket. | `bool` | `true` | no |
diff --git a/modules/storage/main.tf b/modules/storage/main.tf
index e3ca1f31..f7c4088e 100644
--- a/modules/storage/main.tf
+++ b/modules/storage/main.tf
@@ -38,20 +38,26 @@ resource "google_storage_bucket" "bucket" {
location = var.location
force_destroy = var.force_destroy
uniform_bucket_level_access = var.uniform_bucket_level_access
+ labels = var.storage_bucket_labels
versioning {
enabled = var.versioning
}
dynamic "lifecycle_rule" {
- for_each = var.expiration_days == null ? [] : [var.expiration_days]
+ for_each = var.lifecycle_rules
content {
action {
- type = "Delete"
+ type = lifecycle_rule.value.action.type
+ storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
}
condition {
- age = var.expiration_days
- with_state = "ANY"
+ age = lookup(lifecycle_rule.value.condition, "age", null)
+ created_before = lookup(lifecycle_rule.value.condition, "created_before", null)
+ with_state = lookup(lifecycle_rule.value.condition, "with_state", lookup(lifecycle_rule.value.condition, "is_live", false) ? "LIVE" : null)
+ matches_storage_class = contains(keys(lifecycle_rule.value.condition), "matches_storage_class") ? split(",", lifecycle_rule.value.condition["matches_storage_class"]) : null
+ num_newer_versions = lookup(lifecycle_rule.value.condition, "num_newer_versions", null)
+ days_since_custom_time = lookup(lifecycle_rule.value.condition, "days_since_custom_time", null)
}
}
}
diff --git a/modules/storage/variables.tf b/modules/storage/variables.tf
index cdf806bb..dc26ba76 100644
--- a/modules/storage/variables.tf
+++ b/modules/storage/variables.tf
@@ -41,16 +41,36 @@ variable "storage_class" {
default = "STANDARD"
}
+variable "storage_bucket_labels" {
+ description = "Labels to apply to the storage bucket."
+ type = map(string)
+ default = {}
+}
+
variable "uniform_bucket_level_access" {
description = "Enables Uniform bucket-level access to a bucket."
type = bool
default = true
}
-variable "expiration_days" {
- description = "Object expiration time. If unset logs will never be deleted."
- type = number
- default = null
+variable "lifecycle_rules" {
+ type = set(object({
+ # Object with keys:
+ # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
+ # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
+ action = map(string)
+
+ # Object with keys:
+ # - age - (Optional) Minimum age of an object in days to satisfy this condition.
+ # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
+ # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
+ # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
+ # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
+ # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
+ condition = map(string)
+ }))
+ description = "List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string."
+ default = []
}
variable "force_destroy" {