terraform-google-modules · bharathkkb · Jul 2, 2021 · Jun 24, 2021 · Jun 24, 2021 · Jun 24, 2021
diff --git a/docs/upgrading_to_v6.0.md b/docs/upgrading_to_v6.0.md
@@ -0,0 +1,30 @@
+# Upgrading to Log Export v6.0
+
+The v6.0 release of Log Export is a backwards incompatible release and features few additional features for log retenions and bucket policy lifecycles.
+
+Breaking changes have only been made to the storage module.
+Other modules can safely update the version without needing any changes.
+
+## Migration Instructions
+
+NOTE: Users should prefer to let Terraform update their resources to the newer defaults.
+To preserve the existing defaults, see below:
+
+```diff
+module "gcs" {
+  source            = "terraform-google-modules/log-export/google//modules/storage"
+- version           = "v5.0"
++ version           = "v6.0"
+
+- expiration_days          = 365
++  lifecycle_rules = [{
++    action = {
++      type = "Delete"
++    }
++    condition = {
++      age        = 365
++      with_state = "ANY"
++    }
++  }]
+}
+```
diff --git a/examples/storage/project/main.tf b/examples/storage/project/main.tf
@@ -34,6 +34,16 @@ module "destination" {
   source                   = "../../..//modules/storage"
   project_id               = var.project_id
   storage_bucket_name      = "storage_project_${random_string.suffix.result}"
-  expiration_days          = 365
   log_sink_writer_identity = module.log_export.writer_identity
+
+  lifecycle_rules = [{
+    action = {
+      type = "Delete"
+    }
+    condition = {
+      age        = 365
+      with_state = "ANY"
+    }
+  }]
 }
+
diff --git a/modules/storage/README.md b/modules/storage/README.md
@@ -24,6 +24,27 @@ module "destination" {
   project_id               = "sample-project"
   storage_bucket_name      = "sample_storage_bucket"
   log_sink_writer_identity = "${module.log_export.writer_identity}"
+  lifecycle_rules = [
+    {
+      action = {
+        type = "Delete"
+      }
+      condition = {
+        age        = 365
+        with_state = "ANY"
+      }
+    },
+    {
+      action = {
+        type = "SetStorageClass"
+        storage_class = "COLDLINE"
+      }
+      condition = {
+        age        = 180
+        with_state = "ANY"
+      }
+    }
+  ]
 }
 ```
 
@@ -36,12 +57,13 @@ so that all dependencies are met.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| expiration\_days | Object expiration time. If unset logs will never be deleted. | `number` | `null` | no |
 | force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. | `bool` | `false` | no |
+| lifecycle\_rules | List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches\_storage\_class should be a comma delimited string. | <pre>set(object({<br>    # Object with keys:<br>    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.<br>    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.<br>    action = map(string)<br><br>    # Object with keys:<br>    # - age - (Optional) Minimum age of an object in days to satisfy this condition.<br>    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.<br>    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".<br>    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.<br>    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.<br>    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.<br>    condition = map(string)<br>  }))</pre> | `[]` | no |
 | location | The location of the storage bucket. | `string` | `"US"` | no |
 | log\_sink\_writer\_identity | The service account that logging uses to write log entries to the destination. (This is available as an output coming from the root module). | `string` | n/a | yes |
 | project\_id | The ID of the project in which the storage bucket will be created. | `string` | n/a | yes |
 | retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
+| storage\_bucket\_labels | Labels to apply to the storage bucket. | `map(string)` | `{}` | no |
 | storage\_bucket\_name | The name of the storage bucket to be created and used for log entries matching the filter. | `string` | n/a | yes |
 | storage\_class | The storage class of the storage bucket. | `string` | `"STANDARD"` | no |
 | uniform\_bucket\_level\_access | Enables Uniform bucket-level access to a bucket. | `bool` | `true` | no |

diff --git a/modules/storage/main.tf b/modules/storage/main.tf
@@ -38,20 +38,26 @@ resource "google_storage_bucket" "bucket" {
   location                    = var.location
   force_destroy               = var.force_destroy
   uniform_bucket_level_access = var.uniform_bucket_level_access
+  labels                      = var.storage_bucket_labels
 
   versioning {
     enabled = var.versioning
   }
 
   dynamic "lifecycle_rule" {
-    for_each = var.expiration_days == null ? [] : [var.expiration_days]
+    for_each = var.lifecycle_rules
     content {
       action {
-        type = "Delete"
+        type          = lifecycle_rule.value.action.type
+        storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
       }
       condition {
-        age        = var.expiration_days
-        with_state = "ANY"
+        age                    = lookup(lifecycle_rule.value.condition, "age", null)
+        created_before         = lookup(lifecycle_rule.value.condition, "created_before", null)
+        with_state             = lookup(lifecycle_rule.value.condition, "with_state", lookup(lifecycle_rule.value.condition, "is_live", false) ? "LIVE" : null)
+        matches_storage_class  = contains(keys(lifecycle_rule.value.condition), "matches_storage_class") ? split(",", lifecycle_rule.value.condition["matches_storage_class"]) : null
+        num_newer_versions     = lookup(lifecycle_rule.value.condition, "num_newer_versions", null)
+        days_since_custom_time = lookup(lifecycle_rule.value.condition, "days_since_custom_time", null)
       }
     }
   }

diff --git a/modules/storage/variables.tf b/modules/storage/variables.tf
@@ -41,16 +41,36 @@ variable "storage_class" {
   default     = "STANDARD"
 }
 
+variable "storage_bucket_labels" {
+  description = "Labels to apply to the storage bucket."
+  type        = map(string)
+  default     = {}
+}
+
 variable "uniform_bucket_level_access" {
   description = "Enables Uniform bucket-level access to a bucket."
   type        = bool
   default     = true
 }
 
-variable "expiration_days" {
-  description = "Object expiration time. If unset logs will never be deleted."
-  type        = number
-  default     = null
+variable "lifecycle_rules" {
+  type = set(object({
+    # Object with keys:
+    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
+    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
+    action = map(string)
+
+    # Object with keys:
+    # - age - (Optional) Minimum age of an object in days to satisfy this condition.
+    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
+    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
+    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
+    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
+    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
+    condition = map(string)
+  }))
+  description = "List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string."
+  default     = []
 }
 
 variable "force_destroy" {