diff --git a/.secrets.baseline b/.secrets.baseline
index e34fec37..1c5d738b 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
- "generated_at": "2024-10-30T15:05:28Z",
+ "generated_at": "2024-11-07T00:11:34Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
@@ -90,7 +90,7 @@
"hashed_secret": "a7c93faaa770c377154ea9d4d0d17a9056dbfa95",
"is_secret": false,
"is_verified": false,
- "line_number": 195,
+ "line_number": 199,
"type": "Secret Keyword",
"verified_result": null
}
diff --git a/README.md b/README.md
index 0079cd4d..12364b17 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,7 @@ You need the following permissions to run this module.
|------|------|
| [ibm_cos_bucket.cos_bucket](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/cos_bucket) | resource |
| [ibm_cos_bucket.cos_bucket1](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/cos_bucket) | resource |
+| [ibm_cos_bucket_lifecycle_configuration.cos_bucket_lifecycle](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/cos_bucket_lifecycle_configuration) | resource |
| [ibm_cos_bucket_object_lock_configuration.lock_configuration](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/cos_bucket_object_lock_configuration) | resource |
| [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource |
| [ibm_resource_instance.cos_instance](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource |
@@ -153,6 +154,7 @@ You need the following permissions to run this module.
| [ibm_resource_tag.cos_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |
| [random_string.bucket_name_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [time_sleep.wait_for_cos_bucket_lifecycle](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
### Inputs
@@ -164,6 +166,7 @@ You need the following permissions to run this module.
| [activity\_tracker\_write\_data\_events](#input\_activity\_tracker\_write\_data\_events) | If set to true, all Object Storage bucket write events (i.e. uploads) will be sent to Activity Tracker. | `bool` | `true` | no |
| [add\_bucket\_name\_suffix](#input\_add\_bucket\_name\_suffix) | Whether to add a randomly generated 4-character suffix to the new bucket name. | `bool` | `false` | no |
| [archive\_days](#input\_archive\_days) | The number of days before the `archive_type` rule action takes effect. Applies only if `create_cos_bucket` is true. Set to `null` if you specify a bucket location in `cross_region_location` because archive data is not supported with cross-region buckets. | `number` | `90` | no |
+| [archive\_filter\_prefix](#input\_archive\_filter\_prefix) | Apply archive lifecycle rule to only objects with the following prefix. Defaults to apply to all objects. | `string` | `null` | no |
| [archive\_type](#input\_archive\_type) | The storage class or archive type to which you want the object to transition. Possible values: `Glacier`, `Accelerated`. Applies only if `create_cos_bucket` is true. | `string` | `"Glacier"` | no |
| [bucket\_cbr\_rules](#input\_bucket\_cbr\_rules) | The list of context-based restriction rules to create for the bucket. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
| [bucket\_name](#input\_bucket\_name) | The name for the new Object Storage bucket. Applies only if `create_cos_bucket` is true. | `string` | `null` | no |
@@ -178,6 +181,7 @@ You need the following permissions to run this module.
| [existing\_cos\_instance\_id](#input\_existing\_cos\_instance\_id) | The ID of an existing cloud object storage instance. Required if `create_cos_instance` is false. | `string` | `null` | no |
| [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Key Protect or Hyper Protect Crypto Services instance that holds the key specified in `kms_key_crn`. Required if `skip_iam_authorization_policy` is false. | `string` | `null` | no |
| [expire\_days](#input\_expire\_days) | The number of days before the expire rule action takes effect. Applies only if `create_cos_bucket` is true. | `number` | `365` | no |
+| [expire\_filter\_prefix](#input\_expire\_filter\_prefix) | Apply expire lifecycle rule to only objects with the following prefix. Defaults to apply to all objects. | `string` | `null` | no |
| [force\_delete](#input\_force\_delete) | Whether to delete all the objects in the Object Storage bucket before the bucket is deleted. | `bool` | `true` | no |
| [hard\_quota](#input\_hard\_quota) | The maximum amount of available storage in bytes for a bucket. If set to `null`, the quota is disabled. | `number` | `null` | no |
| [instance\_cbr\_rules](#input\_instance\_cbr\_rules) | The list of context-based restriction rules to create for the instance. | list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})) | `[]` | no |
diff --git a/main.tf b/main.tf
index 7ea06874..f04fd3c9 100644
--- a/main.tf
+++ b/main.tf
@@ -182,25 +182,6 @@ resource "ibm_cos_bucket" "cos_bucket" {
permanent = var.retention_permanent
}
}
- ## This for_each block is NOT a loop to attach to multiple archive blocks.
- ## This block is only used to conditionally add retention block depending on archive rule is enabled.
- dynamic "archive_rule" {
- for_each = local.archive_enabled
- content {
- enable = true
- days = var.archive_days
- type = var.archive_type
- }
- }
- ## This for_each block is NOT a loop to attach to multiple expire blocks.
- ## This block is only used to conditionally add retention block depending on expire rule is enabled.
- dynamic "expire_rule" {
- for_each = local.expire_enabled
- content {
- enable = true
- days = var.expire_days
- }
- }
## This for_each block is NOT a loop to attach to multiple Activity Tracker instances.
## This block is only used to conditionally attach activity tracker depending on AT CRN is provided.
dynamic "activity_tracking" {
@@ -260,25 +241,6 @@ resource "ibm_cos_bucket" "cos_bucket1" {
permanent = var.retention_permanent
}
}
- ## This for_each block is NOT a loop to attach to multiple archive blocks.
- ## This block is only used to conditionally add retention block depending on archive rule is enabled.
- dynamic "archive_rule" {
- for_each = local.archive_enabled
- content {
- enable = true
- days = var.archive_days
- type = var.archive_type
- }
- }
- ## This for_each block is NOT a loop to attach to multiple Activity Tracker instances.
- ## This block is only used to conditionally attach activity tracker depending on AT CRN is provided.
- dynamic "expire_rule" {
- for_each = local.expire_enabled
- content {
- enable = true
- days = var.expire_days
- }
- }
## This for_each block is NOT a loop to attach to multiple Activity Tracker instances.
## This block is only used to conditionally attach activity tracker depending on AT CRN is provided.
dynamic "activity_tracking" {
@@ -307,6 +269,68 @@ resource "ibm_cos_bucket" "cos_bucket1" {
}
}
+locals {
+ expiration_or_archiving_rule_enabled = (length(local.expire_enabled) != 0 || length(local.archive_enabled) != 0)
+
+ create_cos_bucket = (var.kms_encryption_enabled && var.create_cos_bucket) ? true : false
+ create_cos_bucket1 = (!var.kms_encryption_enabled && var.create_cos_bucket) ? true : false
+
+ cos_bucket_resource = local.create_cos_bucket ? ibm_cos_bucket.cos_bucket : local.create_cos_bucket1 ? ibm_cos_bucket.cos_bucket1 : null
+
+ ## Only one of these values can be set, leaving 2 of 3 null, compact function removes nulls.
+ ## We then take the only value left in the list
+ cos_region = compact([var.region, var.cross_region_location, var.single_site_location])[0]
+}
+
+resource "time_sleep" "wait_for_cos_bucket_lifecycle" {
+ count = (local.create_cos_bucket || local.create_cos_bucket1) && local.expiration_or_archiving_rule_enabled ? 1 : 0
+ # workaround for https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5778
+ create_duration = "90s"
+}
+
+resource "ibm_cos_bucket_lifecycle_configuration" "cos_bucket_lifecycle" {
+ count = (local.create_cos_bucket || local.create_cos_bucket1) && local.expiration_or_archiving_rule_enabled ? 1 : 0
+
+ depends_on = [time_sleep.wait_for_cos_bucket_lifecycle]
+
+ bucket_crn = local.cos_bucket_resource[count.index].crn
+ bucket_location = local.cos_region
+
+ dynamic "lifecycle_rule" {
+ ## This for_each block is NOT a loop to attach to multiple expiration blocks.
+ ## This block is only used to conditionally add expiration block depending on expire rule is enabled.
+ for_each = local.expire_enabled
+ content {
+ expiration {
+ days = var.expire_days
+ }
+ filter {
+ prefix = var.expire_filter_prefix != null ? var.expire_filter_prefix : ""
+ }
+ rule_id = "expiry-rule"
+ status = "enable"
+ }
+ }
+ dynamic "lifecycle_rule" {
+ ## This for_each block is NOT a loop to attach to multiple transition blocks.
+ ## This block is only used to conditionally add retention block depending on archive rule is enabled.
+ for_each = local.archive_enabled
+ content {
+ transition {
+ days = var.archive_days
+ ## The new values changed from Capatalized to all Upper case, avoid having to change values in new release
+ storage_class = upper(var.archive_type)
+
+ }
+ filter {
+ prefix = var.archive_filter_prefix != null ? var.archive_filter_prefix : ""
+ }
+ rule_id = "archive-rule"
+ status = "enable"
+ }
+ }
+}
+
locals {
bucket_crn = var.create_cos_bucket ? (var.kms_encryption_enabled ? ibm_cos_bucket.cos_bucket[0].crn : ibm_cos_bucket.cos_bucket1[0].crn) : null
bucket_id = var.create_cos_bucket ? (var.kms_encryption_enabled ? ibm_cos_bucket.cos_bucket[0].id : ibm_cos_bucket.cos_bucket1[0].id) : null
diff --git a/modules/buckets/README.md b/modules/buckets/README.md
index b1419580..3606c49a 100644
--- a/modules/buckets/README.md
+++ b/modules/buckets/README.md
@@ -82,7 +82,7 @@ You need the following permissions to run this module.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [bucket\_configs](#input\_bucket\_configs) | The Object Storage bucket configurations. | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = optional(string, null)
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = optional(string, "public")
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = string
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | n/a | yes |
+| [bucket\_configs](#input\_bucket\_configs) | The Object Storage bucket configurations. | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = optional(string, null)
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = optional(string, "public")
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = string
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
expire_filter_prefix = optional(string, null)
archive_filter_prefix = optional(string, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | n/a | yes |
### Outputs
diff --git a/modules/buckets/main.tf b/modules/buckets/main.tf
index 4346c3f3..0003d95c 100644
--- a/modules/buckets/main.tf
+++ b/modules/buckets/main.tf
@@ -88,6 +88,8 @@ module "buckets" {
management_endpoint_type_for_bucket = each.value.management_endpoint_type
force_delete = each.value.force_delete
hard_quota = each.value.hard_quota
+ expire_filter_prefix = each.value.expire_filter_prefix
+ archive_filter_prefix = each.value.archive_filter_prefix
object_locking_enabled = each.value.object_locking_enabled
object_lock_duration_days = each.value.object_lock_duration_days
object_lock_duration_years = each.value.object_lock_duration_years
diff --git a/modules/buckets/variables.tf b/modules/buckets/variables.tf
index 9ff377e0..1f0b5091 100644
--- a/modules/buckets/variables.tf
+++ b/modules/buckets/variables.tf
@@ -22,6 +22,8 @@ variable "bucket_configs" {
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
+ expire_filter_prefix = optional(string, null)
+ archive_filter_prefix = optional(string, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index 099de558..73fa52b8 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -105,7 +105,7 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the Object Storage instance created by the module. [Learn more](https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial). | `list(string)` | `[]` | no |
-| [bucket\_configs](#input\_bucket\_configs) | Object Storage bucket configurations | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = string
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = string
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = optional(string, null)
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | `[]` | no |
+| [bucket\_configs](#input\_bucket\_configs) | Object Storage bucket configurations | list(object({
access_tags = optional(list(string), [])
add_bucket_name_suffix = optional(bool, false)
bucket_name = string
kms_encryption_enabled = optional(bool, true)
kms_guid = optional(string, null)
kms_key_crn = string
skip_iam_authorization_policy = optional(bool, false)
management_endpoint_type = string
cross_region_location = optional(string, null)
storage_class = optional(string, "smart")
region_location = optional(string, null)
resource_instance_id = optional(string, null)
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
expire_filter_prefix = optional(string, null)
archive_filter_prefix = optional(string, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
activity_tracking = optional(object({
read_data_events = optional(bool, true)
write_data_events = optional(bool, true)
management_events = optional(bool, true)
}))
archive_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 20)
type = optional(string, "Glacier")
}))
expire_rule = optional(object({
enable = optional(bool, false)
days = optional(number, 365)
}))
metrics_monitoring = optional(object({
usage_metrics_enabled = optional(bool, true)
request_metrics_enabled = optional(bool, true)
metrics_monitoring_crn = optional(string, null)
}))
object_versioning = optional(object({
enable = optional(bool, false)
}))
retention_rule = optional(object({
default = optional(number, 90)
maximum = optional(number, 350)
minimum = optional(number, 90)
permanent = optional(bool, false)
}))
cbr_rules = optional(list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
tags = optional(list(object({
name = string
value = string
})), [])
operations = optional(list(object({
api_types = list(object({
api_type_id = string
}))
})))
})), [])
})) | `[]` | no |
| [cos\_instance\_name](#input\_cos\_instance\_name) | The name to give the Object Storage instance provisioned by this module. Applies only if `create_cos_instance` is true. | `string` | `null` | no |
| [cos\_plan](#input\_cos\_plan) | The plan to use when Object Storage instances are created. Possible values: `standard`. Applies only if `create_cos_instance` is true. | `string` | `"standard"` | no |
| [cos\_tags](#input\_cos\_tags) | The list of tags to add to the Object Storage instance. Applies only if `create_cos_instance` is true. | `list(string)` | `[]` | no |
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
index fce51198..37e183c2 100644
--- a/modules/fscloud/main.tf
+++ b/modules/fscloud/main.tf
@@ -59,6 +59,8 @@ locals {
single_site_location = config.single_site_location
force_delete = config.force_delete
hard_quota = config.hard_quota
+ expire_filter_prefix = config.expire_filter_prefix
+ archive_filter_prefix = config.archive_filter_prefix
add_bucket_name_suffix = config.add_bucket_name_suffix
object_locking_enabled = config.object_locking_enabled
object_lock_duration_days = config.object_lock_duration_days
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index bf135e0a..27a73634 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -76,6 +76,8 @@ variable "bucket_configs" {
force_delete = optional(bool, true)
single_site_location = optional(string, null)
hard_quota = optional(number, null)
+ expire_filter_prefix = optional(string, null)
+ archive_filter_prefix = optional(string, null)
object_locking_enabled = optional(bool, false)
object_lock_duration_days = optional(number, 0)
object_lock_duration_years = optional(number, 0)
diff --git a/solutions/secure-cross-regional-bucket/main.tf b/solutions/secure-cross-regional-bucket/main.tf
index 3ef1d473..393c07a8 100644
--- a/solutions/secure-cross-regional-bucket/main.tf
+++ b/solutions/secure-cross-regional-bucket/main.tf
@@ -33,6 +33,8 @@ locals {
storage_class = var.bucket_storage_class
force_delete = var.force_delete
hard_quota = var.hard_quota
+ expire_filter_prefix = var.expire_filter_prefix
+ archive_filter_prefix = var.archive_filter_prefix
object_locking_enabled = var.object_locking_enabled
object_lock_duration_days = var.object_lock_duration_days
object_lock_duration_years = var.object_lock_duration_years
diff --git a/solutions/secure-cross-regional-bucket/variables.tf b/solutions/secure-cross-regional-bucket/variables.tf
index 768e51cd..9d34f062 100644
--- a/solutions/secure-cross-regional-bucket/variables.tf
+++ b/solutions/secure-cross-regional-bucket/variables.tf
@@ -110,6 +110,18 @@ variable "hard_quota" {
default = null
}
+variable "expire_filter_prefix" {
+ type = string
+ description = "Apply expire lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
+variable "archive_filter_prefix" {
+ type = string
+ description = "Apply archive lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
variable "expire_days" {
description = "The number of days before the expire rule action takes effect."
type = number
diff --git a/solutions/secure-regional-bucket/main.tf b/solutions/secure-regional-bucket/main.tf
index 22e6ec22..4047cb25 100644
--- a/solutions/secure-regional-bucket/main.tf
+++ b/solutions/secure-regional-bucket/main.tf
@@ -33,6 +33,8 @@ locals {
storage_class = var.bucket_storage_class
force_delete = var.force_delete
hard_quota = var.hard_quota
+ expire_filter_prefix = var.expire_filter_prefix
+ archive_filter_prefix = var.archive_filter_prefix
object_locking_enabled = var.object_locking_enabled
object_lock_duration_days = var.object_lock_duration_days
object_lock_duration_years = var.object_lock_duration_years
diff --git a/solutions/secure-regional-bucket/variables.tf b/solutions/secure-regional-bucket/variables.tf
index 10d602fa..8fcfdea0 100644
--- a/solutions/secure-regional-bucket/variables.tf
+++ b/solutions/secure-regional-bucket/variables.tf
@@ -111,6 +111,18 @@ variable "hard_quota" {
default = null
}
+variable "expire_filter_prefix" {
+ type = string
+ description = "Apply expire lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
+variable "archive_filter_prefix" {
+ type = string
+ description = "Apply archive lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
variable "archive_days" {
description = "The number of days before the `archive_type` rule action takes effect."
type = number
diff --git a/variables.tf b/variables.tf
index 5b8fe654..2d7ed8e1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -290,7 +290,7 @@ variable "single_site_location" {
validation {
condition = var.single_site_location == null || can(regex("ams03|mil01|mon01|par01|sjc04|sng01|che01", var.single_site_location))
- error_message = "Variable 'cross_region_location' must be 'ams03', 'mil01', 'mon01', 'par01', 'sjc04', 'sng01', 'che01' or 'null'."
+ error_message = "Variable 'single_site_location' must be 'ams03', 'mil01', 'mon01', 'par01', 'sjc04', 'sng01', 'che01' or 'null'."
}
}
@@ -300,6 +300,18 @@ variable "hard_quota" {
default = null
}
+variable "expire_filter_prefix" {
+ type = string
+ description = "Apply expire lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
+variable "archive_filter_prefix" {
+ type = string
+ description = "Apply archive lifecycle rule to only objects with the following prefix. Defaults to apply to all objects."
+ default = null
+}
+
##############################################################################
# COS bucket encryption variables
##############################################################################