add lifecycle rules for buckets, parameterize some maps

lsst · Feb 26, 2024 · 10ca7dd · 10ca7dd
1 parent dd10c96
commit 10ca7dd
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 12 deletions.
diff --git a/environment/deployments/roundtable/env/dev.tfvars b/environment/deployments/roundtable/env/dev.tfvars
@@ -75,7 +75,6 @@ vault_server_service_accounts = [
 ]
 
 vault_server_bucket_suffix = "vault-server-dev"
-vault_server_backup_bucket_suffix = "vault-server-dev-backup"
 
 # Increase this number to force Terraform to update the dev environment.
 # Serial: 6
diff --git a/environment/deployments/roundtable/env/production.tfvars b/environment/deployments/roundtable/env/production.tfvars
@@ -73,7 +73,6 @@ vault_server_service_accounts = [
 ]
 
 vault_server_bucket_suffix = "vault-server"
-vault_server_backup_bucket_suffix = "vault-server-backup"
 
 # Increase this number to force Terraform to update the prod environment.
 # Serial: 6

diff --git a/environment/deployments/roundtable/main.tf b/environment/deployments/roundtable/main.tf
@@ -44,10 +44,22 @@ module "storage_bucket" {
   suffix_name   = [ var.vault_server_bucket_suffix ]
   prefix_name   = "rubin"
   versioning = {
-    vault-server = false
+    (var.vault_server_bucket_suffix) = true
   }
+  lifecycle_rules = [
+    {
+      action = {
+	type = "Delete"
+      }
+      condition = [
+	{
+	  num_newer_versions = 3
+	}
+      ]
+    }
+  ]
   force_destroy = {
-    vault-server = false
+    (var.vault_server_bucket_suffix) = false
   }
   labels = {
     environment = var.environment
@@ -64,13 +76,25 @@ module "storage_bucket_b" {
   project_id    = module.project_factory.project_id
   storage_class = "REGIONAL"
   location      = "us-central1"
-  suffix_name   = [ var.vault_server_backup_bucket_suffix ]
+  suffix_name   = [ "${var.vault_server_bucket_suffix}-backup" ]
   prefix_name   = "rubin"
   versioning = {
-    vault-server = false
+    "${var.vault_server_bucket_suffix}-backup" = true
   }
+  lifecycle_rules = [
+    {
+      action = {
+	type = "Delete"
+      }
+      condition = [
+	{
+	  num_newer_versions = 20
+	}
+      ]
+    }
+  ]
   force_destroy = {
-    vault-server = false
+    "${var.vault_server_bucket_suffix}-backup" = false
   }
   labels = {
     environment = var.environment

diff --git a/environment/deployments/roundtable/variables.tf b/environment/deployments/roundtable/variables.tf
@@ -193,8 +193,3 @@ variable "vault_server_bucket_suffix" {
   type        = string
   description = "Suffix for bucket used for Vault server storage"
 }
-
-variable "vault_server_backup_bucket_suffix" {
-  type        = string
-  description = "Suffix for bucket used for Vault server storage backup"
-}