sparkfabrik · paolomainardi · Aug 29, 2024 · Aug 29, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,10 @@ Following semver, any non backwards compatible feature implies that the next rel
 
 ## [Unreleased]
 
+### Added
+
+- FEATURE: add the cleanup policies management for the repositories.
+
 ## [0.4.0] - 2024-05-02
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.3.0...0.4.0)

diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ This module is provided without any kind of warranty and is GPL3 licensed.
 | <a name="input_default_location"></a> [default\_location](#input\_default\_location) | The default location for the Artifact Registry repositories. | `string` | `"europe-west1"` | no |
 | <a name="input_enable_api"></a> [enable\_api](#input\_enable\_api) | Enable the Artifact Registry API. | `bool` | `true` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The GCP project ID that hosts the Artifact Registry. | `string` | n/a | yes |
-| <a name="input_repositories"></a> [repositories](#input\_repositories) | List of Artifact Registry repositories to create. | <pre>map(object({<br>    description            = string<br>    format                 = optional(string, "DOCKER")<br>    mode                   = optional(string, "STANDARD_REPOSITORY")<br>    cleanup_policy_dry_run = optional(bool, true)<br>    docker_immutable_tags  = optional(bool, true)<br>    virtual_repository_config = optional(map(object({<br>      repository = string<br>      priority   = optional(number, 0)<br>    })), null)<br>    remote_repository_config_docker = optional(object({<br>      description                                           = optional(string, "")<br>      custom_repository_uri                                 = string<br>      disable_upstream_validation                           = optional(bool, false)<br>      username_password_credentials_username                = optional(string, "")<br>      username_password_credentials_password_secret_version = optional(string, "")<br>    }), null)<br>    readers  = optional(list(string), [])<br>    writers  = optional(list(string), [])<br>    location = optional(string, "")<br>  }))</pre> | n/a | yes |
+| <a name="input_repositories"></a> [repositories](#input\_repositories) | List of Artifact Registry repositories to create. | <pre>map(object({<br>    description            = string<br>    format                 = optional(string, "DOCKER")<br>    mode                   = optional(string, "STANDARD_REPOSITORY")<br>    cleanup_policy_dry_run = optional(bool, true)<br>    cleanup_policies = optional(map(object({<br>      action = optional(string, ""),<br>      condition = optional(object({<br>        tag_state             = optional(string),<br>        tag_prefixes          = optional(list(string), []),<br>        version_name_prefixes = optional(list(string), []),<br>        package_name_prefixes = optional(list(string), []),<br>        older_than            = optional(string),<br>        newer_than            = optional(string),<br>      }), {}),<br>      most_recent_versions = optional(object({<br>        package_name_prefixes = optional(list(string), []),<br>        keep_count            = optional(number, 0)<br>      }), {})<br>    })), {})<br>    docker_immutable_tags = optional(bool, true)<br>    virtual_repository_config = optional(map(object({<br>      repository = string<br>      priority   = optional(number, 0)<br>    })), null)<br>    remote_repository_config_docker = optional(object({<br>      description                                           = optional(string, "")<br>      custom_repository_uri                                 = string<br>      disable_upstream_validation                           = optional(bool, false)<br>      username_password_credentials_username                = optional(string, "")<br>      username_password_credentials_password_secret_version = optional(string, "")<br>    }), null)<br>    readers  = optional(list(string), [])<br>    writers  = optional(list(string), [])<br>    location = optional(string, "")<br>  }))</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -44,6 +44,34 @@ resource "google_artifact_registry_repository" "repositories" {
   location               = each.value.location != "" ? each.value.location : var.default_location
   cleanup_policy_dry_run = each.value.cleanup_policy_dry_run
 
+  dynamic "cleanup_policies" {
+    for_each = each.value.cleanup_policies
+    content {
+      id     = cleanup_policies.key
+      action = cleanup_policies.value.action
+
+      dynamic "condition" {
+        for_each = cleanup_policies.value.condition != {} ? [cleanup_policies.value.condition] : []
+        content {
+          tag_state             = condition.value.tag_state
+          tag_prefixes          = condition.value.tag_prefixes
+          version_name_prefixes = condition.value.version_name_prefixes
+          package_name_prefixes = condition.value.package_name_prefixes
+          older_than            = condition.value.older_than
+          newer_than            = condition.value.newer_than
+        }
+      }
+
+      dynamic "most_recent_versions" {
+        for_each = cleanup_policies.value.most_recent_versions != {} && cleanup_policies.value.most_recent_versions.keep_count != 0 ? [cleanup_policies.value.most_recent_versions] : []
+        content {
+          package_name_prefixes = most_recent_versions.value.package_name_prefixes
+          keep_count            = most_recent_versions.value.keep_count
+        }
+      }
+    }
+  }
+
   dynamic "virtual_repository_config" {
     for_each = each.value.mode == "VIRTUAL_REPOSITORY" ? each.value.virtual_repository_config : {}
 

diff --git a/variables.tf b/variables.tf
@@ -23,7 +23,22 @@ variable "repositories" {
     format                 = optional(string, "DOCKER")
     mode                   = optional(string, "STANDARD_REPOSITORY")
     cleanup_policy_dry_run = optional(bool, true)
-    docker_immutable_tags  = optional(bool, true)
+    cleanup_policies = optional(map(object({
+      action = optional(string, ""),
+      condition = optional(object({
+        tag_state             = optional(string),
+        tag_prefixes          = optional(list(string), []),
+        version_name_prefixes = optional(list(string), []),
+        package_name_prefixes = optional(list(string), []),
+        older_than            = optional(string),
+        newer_than            = optional(string),
+      }), {}),
+      most_recent_versions = optional(object({
+        package_name_prefixes = optional(list(string), []),
+        keep_count            = optional(number, 0)
+      }), {})
+    })), {})
+    docker_immutable_tags = optional(bool, true)
     virtual_repository_config = optional(map(object({
       repository = string
       priority   = optional(number, 0)
@@ -39,7 +54,23 @@ variable "repositories" {
     writers  = optional(list(string), [])
     location = optional(string, "")
   }))
+
   description = "List of Artifact Registry repositories to create."
+
+  validation {
+    condition     = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : contains(["DELETE", "KEEP"], policy.action)])
+    error_message = "Cleanup policy action must be either DELETE or KEEP."
+  }
+
+  validation {
+    condition     = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : policy.condition.tag_state == null || contains(["ANY", "TAGGED", "UNTAGGED"], policy.condition.tag_state)])
+    error_message = "Tag state must be ANY, TAGGED, or UNTAGGED."
+  }
+
+  validation {
+    condition     = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : policy.most_recent_versions == {} || policy.most_recent_versions.keep_count == null || policy.most_recent_versions.keep_count >= 0])
+    error_message = "Keep count must be a non-negative number."
+  }
 }
 
 variable "artifact_registry_listers_custom_role_name" {