search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
338 stars 647 forks source link

COS bucket: configuration of Archive and Expiraton policies #1590

Closed lifemikey closed 3 years ago

lifemikey commented 4 years ago

Ability to configure archive and expiration policies on the COS bucket with Terraform

Archive doc https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-archive

Expiration doc https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-expiry

Reference https://bigblue.aha.io/features/OBJ-382 https://bigblue.aha.io/ideas/IDEA-I-3135

mschenk42 commented 3 years ago

We are also looking for this functionality.

l2fprod commented 3 years ago

as a workaround I've been using a null_resource:

resource null_resource flowlogs_bucket_expiration {
  triggers = {
    bucket_id = ibm_cos_bucket.flowlogs_bucket.id
  }

  provisioner "local-exec" {
    command = "./set_bucket_expiration.sh"
    environment = {
      ENDPOINT = "s3.${var.region}.cloud-object-storage.appdomain.cloud"
      BUCKET=ibm_cos_bucket.flowlogs_bucket.bucket_name
      API_KEY=ibm_resource_key.cos_key.credentials.apikey
    }
  }
}

and ./set_bucket_expiration.sh

#!/bin/sh
set -e

PAYLOAD="<LifecycleConfiguration>
  <Rule>
    <ID>expiration</ID>
    <Status>Enabled</Status>
    <Filter>
      <Prefix/>
    </Filter>
    <Expiration>
      <Days>1</Days>
    </Expiration>
  </Rule>
</LifecycleConfiguration>"

TOKEN=$(curl -X POST \
   'https://iam.cloud.ibm.com/identity/token' \
   -H 'content-type: application/x-www-form-urlencoded' \
   -H 'accept: application/json' \
   -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$API_KEY")

PAYLOAD_MD5=$(echo -n "$PAYLOAD" | openssl dgst -r -md5 -binary | openssl enc -base64)

ACCESS_TOKEN=$(echo $TOKEN | jq -r .access_token)

curl -X PUT \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: text/plain" \
  -H "Content-MD5: $PAYLOAD_MD5" \
  --data "$PAYLOAD" \
  https://$ENDPOINT/$BUCKET?lifecycle
ZVilusinsky commented 3 years ago

@l2fprod Thanks for pointing that out, I ve been using the same thing to remove default access policy (since I want only bucket access for the credentials, not whole cos) and did not thought about applying it to this case too.

wderezin commented 3 years ago

@hkantare I submitted a PR #2079 that implements this. Take a look and see if you like the solution. I still have to add the test cases & test but the resource code is done.