From 3a2484843c6825f133ba8e05cfdb10de34d6ee07 Mon Sep 17 00:00:00 2001 From: Thomas Colomb Date: Fri, 1 Dec 2023 11:33:02 +0100 Subject: [PATCH] artifact-registry: Support cleanup policies (#1891) --- modules/artifact-registry/README.md | 55 ++++++++++++++++--- modules/artifact-registry/main.tf | 30 ++++++++++ modules/artifact-registry/variables.tf | 27 +++++++++ .../examples/cleanup-policies.yaml | 46 ++++++++++++++++ 4 files changed, 149 insertions(+), 9 deletions(-) create mode 100644 tests/modules/artifact_registry/examples/cleanup-policies.yaml diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md index 14233a0ac..59236a4b2 100644 --- a/modules/artifact-registry/README.md +++ b/modules/artifact-registry/README.md @@ -6,6 +6,7 @@ This module simplifies the creation of repositories using Google Cloud Artifact - [Standard Repository](#standard-repository) - [Remote and Virtual Repositories](#remote-and-virtual-repositories) - [Additional Docker and Maven Options](#additional-docker-and-maven-options) +- [Cleanup Policies](#cleanup-policies) - [Variables](#variables) - [Outputs](#outputs) @@ -100,20 +101,56 @@ module "registry-maven" { # tftest modules=2 resources=2 ``` + +## Cleanup Policies + +```hcl + +module "registry-docker" { + source = "./fabric/modules/artifact-registry" + project_id = var.project_id + location = "europe-west1" + name = "docker-cleanup-policies" + format = { docker = {} } + cleanup_policy_dry_run = false + cleanup_policies = { + keep-5-versions = { + action = "KEEP" + most_recent_versions = { + package_name_prefixes = ["test"] + keep_count = 5 + } + } + keep-tagged-release = { + action = "KEEP" + condition = { + tag_state = "TAGGED" + tag_prefixes = ["release"] + package_name_prefixes = ["webapp", "mobile"] + } + } + } +} + + +# tftest modules=1 resources=1 inventory=cleanup-policies.yaml +``` ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [location](variables.tf#L68) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | | -| [name](variables.tf#L93) | Registry name. | string | ✓ | | -| [project_id](variables.tf#L98) | Registry project id. | string | ✓ | | -| [description](variables.tf#L17) | An optional description for the repository. | string | | "Terraform-managed registry" | -| [encryption_key](variables.tf#L23) | The KMS key name to use for encryption at rest. | string | | null | -| [format](variables.tf#L29) | Repository format. | object({…}) | | { docker = {} } | -| [iam](variables.tf#L56) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | -| [labels](variables.tf#L62) | Labels to be attached to the registry. | map(string) | | {} | -| [mode](variables.tf#L73) | Repository mode. | object({…}) | | { standard = true } | +| [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | map(object({…default = null | ✓ | | +| [location](variables.tf#L95) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | string | ✓ | | +| [name](variables.tf#L120) | Registry name. | string | ✓ | | +| [project_id](variables.tf#L125) | Registry project id. | string | ✓ | | +| [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | bool | | null | +| [description](variables.tf#L44) | An optional description for the repository. | string | | "Terraform-managed registry" | +| [encryption_key](variables.tf#L50) | The KMS key name to use for encryption at rest. | string | | null | +| [format](variables.tf#L56) | Repository format. | object({…}) | | { docker = {} } | +| [iam](variables.tf#L83) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| [labels](variables.tf#L89) | Labels to be attached to the registry. | map(string) | | {} | +| [mode](variables.tf#L100) | Repository mode. | object({…}) | | { standard = true } | ## Outputs diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf index 5b23a193d..e24890054 100644 --- a/modules/artifact-registry/main.tf +++ b/modules/artifact-registry/main.tf @@ -20,6 +20,7 @@ locals { } resource "google_artifact_registry_repository" "registry" { + provider = google-beta project = var.project_id location = var.location description = var.description @@ -29,6 +30,35 @@ resource "google_artifact_registry_repository" "registry" { mode = "${upper(local.mode_string)}_REPOSITORY" kms_key_name = var.encryption_key + cleanup_policy_dry_run = var.cleanup_policy_dry_run + dynamic "cleanup_policies" { + for_each = var.cleanup_policies == null ? {} : var.cleanup_policies + content { + id = cleanup_policies.key + action = cleanup_policies.value.action + + dynamic "condition" { + for_each = (cleanup_policies.value.condition != null) ? [""] : [] + content { + tag_state = cleanup_policies.value.condition.tag_state + tag_prefixes = cleanup_policies.value.condition.tag_prefixes + version_name_prefixes = cleanup_policies.value.condition.version_name_prefixes + package_name_prefixes = cleanup_policies.value.condition.package_name_prefixes + newer_than = cleanup_policies.value.condition.newer_than + older_than = cleanup_policies.value.condition.older_than + } + } + + dynamic "most_recent_versions" { + for_each = (cleanup_policies.value.most_recent_versions != null) ? [""] : [] + content { + package_name_prefixes = cleanup_policies.value.most_recent_versions.package_name_prefixes + keep_count = cleanup_policies.value.most_recent_versions.keep_count + } + } + } + } + dynamic "docker_config" { # TODO: open a bug on the provider for this permadiff for_each = ( diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf index b49c9a551..d80ed3014 100644 --- a/modules/artifact-registry/variables.tf +++ b/modules/artifact-registry/variables.tf @@ -14,6 +14,33 @@ * limitations under the License. */ +variable "cleanup_policies" { + description = "Object containing details about the cleanup policies for an Artifact Registry repository." + type = map(object({ + action = string + condition = optional(object({ + tag_state = optional(string) + tag_prefixes = optional(list(string)) + older_than = optional(string) + newer_than = optional(string) + package_name_prefixes = optional(list(string)) + version_name_prefixes = optional(list(string)) + })) + most_recent_versions = optional(object({ + package_name_prefixes = optional(list(string)) + keep_count = optional(number) + })) + })) + + default = null +} + +variable "cleanup_policy_dry_run" { + description = "If true, the cleanup pipeline is prevented from deleting versions in this repository." + type = bool + default = null +} + variable "description" { description = "An optional description for the repository." type = string diff --git a/tests/modules/artifact_registry/examples/cleanup-policies.yaml b/tests/modules/artifact_registry/examples/cleanup-policies.yaml new file mode 100644 index 000000000..f39fb8a13 --- /dev/null +++ b/tests/modules/artifact_registry/examples/cleanup-policies.yaml @@ -0,0 +1,46 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: +values: + module.registry-docker.google_artifact_registry_repository.registry: + cleanup_policies: + - id: keep-tagged-release + action: KEEP + condition: + - package_name_prefixes: + - webapp + - mobile + tag_prefixes: + - release + tag_state: TAGGED + - id: keep-5-versions + action: KEEP + condition: [] + most_recent_versions: + - keep_count: 5 + package_name_prefixes: + - test + cleanup_policy_dry_run: false + format: DOCKER + location: europe-west1 + mode: STANDARD_REPOSITORY + project: project-id + repository_id: docker-cleanup-policies + + +counts: + google_artifact_registry_repository: 1 + modules: 1 + resources: 1