diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md
index 14233a0ac..59236a4b2 100644
--- a/modules/artifact-registry/README.md
+++ b/modules/artifact-registry/README.md
@@ -6,6 +6,7 @@ This module simplifies the creation of repositories using Google Cloud Artifact
- [Standard Repository](#standard-repository)
- [Remote and Virtual Repositories](#remote-and-virtual-repositories)
- [Additional Docker and Maven Options](#additional-docker-and-maven-options)
+- [Cleanup Policies](#cleanup-policies)
- [Variables](#variables)
- [Outputs](#outputs)
@@ -100,20 +101,56 @@ module "registry-maven" {
# tftest modules=2 resources=2
```
+
+## Cleanup Policies
+
+```hcl
+
+module "registry-docker" {
+ source = "./fabric/modules/artifact-registry"
+ project_id = var.project_id
+ location = "europe-west1"
+ name = "docker-cleanup-policies"
+ format = { docker = {} }
+ cleanup_policy_dry_run = false
+ cleanup_policies = {
+ keep-5-versions = {
+ action = "KEEP"
+ most_recent_versions = {
+ package_name_prefixes = ["test"]
+ keep_count = 5
+ }
+ }
+ keep-tagged-release = {
+ action = "KEEP"
+ condition = {
+ tag_state = "TAGGED"
+ tag_prefixes = ["release"]
+ package_name_prefixes = ["webapp", "mobile"]
+ }
+ }
+ }
+}
+
+
+# tftest modules=1 resources=1 inventory=cleanup-policies.yaml
+```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L68) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | |
-| [name](variables.tf#L93) | Registry name. | string | ✓ | |
-| [project_id](variables.tf#L98) | Registry project id. | string | ✓ | |
-| [description](variables.tf#L17) | An optional description for the repository. | string | | "Terraform-managed registry" |
-| [encryption_key](variables.tf#L23) | The KMS key name to use for encryption at rest. | string | | null |
-| [format](variables.tf#L29) | Repository format. | object({…}) | | { docker = {} } |
-| [iam](variables.tf#L56) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [labels](variables.tf#L62) | Labels to be attached to the registry. | map(string) | | {} |
-| [mode](variables.tf#L73) | Repository mode. | object({…}) | | { standard = true } |
+| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | map(object({…default = null | ✓ | |
+| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | |
+| [name](variables.tf#L120) | Registry name. | string | ✓ | |
+| [project_id](variables.tf#L125) | Registry project id. | string | ✓ | |
+| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | bool | | null |
+| [description](variables.tf#L44) | An optional description for the repository. | string | | "Terraform-managed registry" |
+| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | string | | null |
+| [format](variables.tf#L56) | Repository format. | object({…}) | | { docker = {} } |
+| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [labels](variables.tf#L89) | Labels to be attached to the registry. | map(string) | | {} |
+| [mode](variables.tf#L100) | Repository mode. | object({…}) | | { standard = true } |
## Outputs
diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf
index 5b23a193d..e24890054 100644
--- a/modules/artifact-registry/main.tf
+++ b/modules/artifact-registry/main.tf
@@ -20,6 +20,7 @@ locals {
}
resource "google_artifact_registry_repository" "registry" {
+ provider = google-beta
project = var.project_id
location = var.location
description = var.description
@@ -29,6 +30,35 @@ resource "google_artifact_registry_repository" "registry" {
mode = "${upper(local.mode_string)}_REPOSITORY"
kms_key_name = var.encryption_key
+ cleanup_policy_dry_run = var.cleanup_policy_dry_run
+ dynamic "cleanup_policies" {
+ for_each = var.cleanup_policies == null ? {} : var.cleanup_policies
+ content {
+ id = cleanup_policies.key
+ action = cleanup_policies.value.action
+
+ dynamic "condition" {
+ for_each = (cleanup_policies.value.condition != null) ? [""] : []
+ content {
+ tag_state = cleanup_policies.value.condition.tag_state
+ tag_prefixes = cleanup_policies.value.condition.tag_prefixes
+ version_name_prefixes = cleanup_policies.value.condition.version_name_prefixes
+ package_name_prefixes = cleanup_policies.value.condition.package_name_prefixes
+ newer_than = cleanup_policies.value.condition.newer_than
+ older_than = cleanup_policies.value.condition.older_than
+ }
+ }
+
+ dynamic "most_recent_versions" {
+ for_each = (cleanup_policies.value.most_recent_versions != null) ? [""] : []
+ content {
+ package_name_prefixes = cleanup_policies.value.most_recent_versions.package_name_prefixes
+ keep_count = cleanup_policies.value.most_recent_versions.keep_count
+ }
+ }
+ }
+ }
+
dynamic "docker_config" {
# TODO: open a bug on the provider for this permadiff
for_each = (
diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf
index b49c9a551..d80ed3014 100644
--- a/modules/artifact-registry/variables.tf
+++ b/modules/artifact-registry/variables.tf
@@ -14,6 +14,33 @@
* limitations under the License.
*/
+variable "cleanup_policies" {
+ description = "Object containing details about the cleanup policies for an Artifact Registry repository."
+ type = map(object({
+ action = string
+ condition = optional(object({
+ tag_state = optional(string)
+ tag_prefixes = optional(list(string))
+ older_than = optional(string)
+ newer_than = optional(string)
+ package_name_prefixes = optional(list(string))
+ version_name_prefixes = optional(list(string))
+ }))
+ most_recent_versions = optional(object({
+ package_name_prefixes = optional(list(string))
+ keep_count = optional(number)
+ }))
+ }))
+
+ default = null
+}
+
+variable "cleanup_policy_dry_run" {
+ description = "If true, the cleanup pipeline is prevented from deleting versions in this repository."
+ type = bool
+ default = null
+}
+
variable "description" {
description = "An optional description for the repository."
type = string
diff --git a/tests/modules/artifact_registry/examples/cleanup-policies.yaml b/tests/modules/artifact_registry/examples/cleanup-policies.yaml
new file mode 100644
index 000000000..f39fb8a13
--- /dev/null
+++ b/tests/modules/artifact_registry/examples/cleanup-policies.yaml
@@ -0,0 +1,46 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+values:
+ module.registry-docker.google_artifact_registry_repository.registry:
+ cleanup_policies:
+ - id: keep-tagged-release
+ action: KEEP
+ condition:
+ - package_name_prefixes:
+ - webapp
+ - mobile
+ tag_prefixes:
+ - release
+ tag_state: TAGGED
+ - id: keep-5-versions
+ action: KEEP
+ condition: []
+ most_recent_versions:
+ - keep_count: 5
+ package_name_prefixes:
+ - test
+ cleanup_policy_dry_run: false
+ format: DOCKER
+ location: europe-west1
+ mode: STANDARD_REPOSITORY
+ project: project-id
+ repository_id: docker-cleanup-policies
+
+
+counts:
+ google_artifact_registry_repository: 1
+ modules: 1
+ resources: 1