From 10ca7ddf6208d5c8643ed1eeb7b6accb5392cf76 Mon Sep 17 00:00:00 2001
From: adam <athornton@lsst.org>
Date: Mon, 26 Feb 2024 15:51:10 -0700
Subject: [PATCH] add lifecycle rules for buckets, parameterize some maps

---
 .../deployments/roundtable/env/dev.tfvars     |  1 -
 .../roundtable/env/production.tfvars          |  1 -
 environment/deployments/roundtable/main.tf    | 34 ++++++++++++++++---
 .../deployments/roundtable/variables.tf       |  5 ---
 4 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/environment/deployments/roundtable/env/dev.tfvars b/environment/deployments/roundtable/env/dev.tfvars
index 72b5bb37..cd690f9b 100644
--- a/environment/deployments/roundtable/env/dev.tfvars
+++ b/environment/deployments/roundtable/env/dev.tfvars
@@ -75,7 +75,6 @@ vault_server_service_accounts = [
 ]
 
 vault_server_bucket_suffix = "vault-server-dev"
-vault_server_backup_bucket_suffix = "vault-server-dev-backup"
 
 # Increase this number to force Terraform to update the dev environment.
 # Serial: 6
diff --git a/environment/deployments/roundtable/env/production.tfvars b/environment/deployments/roundtable/env/production.tfvars
index 86ef4961..c64c3577 100644
--- a/environment/deployments/roundtable/env/production.tfvars
+++ b/environment/deployments/roundtable/env/production.tfvars
@@ -73,7 +73,6 @@ vault_server_service_accounts = [
 ]
 
 vault_server_bucket_suffix = "vault-server"
-vault_server_backup_bucket_suffix = "vault-server-backup"
 
 # Increase this number to force Terraform to update the prod environment.
 # Serial: 6
diff --git a/environment/deployments/roundtable/main.tf b/environment/deployments/roundtable/main.tf
index a6bd9ec4..9d17a680 100644
--- a/environment/deployments/roundtable/main.tf
+++ b/environment/deployments/roundtable/main.tf
@@ -44,10 +44,22 @@ module "storage_bucket" {
   suffix_name   = [ var.vault_server_bucket_suffix ]
   prefix_name   = "rubin"
   versioning = {
-    vault-server = false
+    (var.vault_server_bucket_suffix) = true
   }
+  lifecycle_rules = [
+    {
+      action = {
+	type = "Delete"
+      }
+      condition = [
+	{
+	  num_newer_versions = 3
+	}
+      ]
+    }
+  ]
   force_destroy = {
-    vault-server = false
+    (var.vault_server_bucket_suffix) = false
   }
   labels = {
     environment = var.environment
@@ -64,13 +76,25 @@ module "storage_bucket_b" {
   project_id    = module.project_factory.project_id
   storage_class = "REGIONAL"
   location      = "us-central1"
-  suffix_name   = [ var.vault_server_backup_bucket_suffix ]
+  suffix_name   = [ "${var.vault_server_bucket_suffix}-backup" ]
   prefix_name   = "rubin"
   versioning = {
-    vault-server = false
+    "${var.vault_server_bucket_suffix}-backup" = true
   }
+  lifecycle_rules = [
+    {
+      action = {
+	type = "Delete"
+      }
+      condition = [
+	{
+	  num_newer_versions = 20
+	}
+      ]
+    }
+  ]
   force_destroy = {
-    vault-server = false
+    "${var.vault_server_bucket_suffix}-backup" = false
   }
   labels = {
     environment = var.environment
diff --git a/environment/deployments/roundtable/variables.tf b/environment/deployments/roundtable/variables.tf
index e736996b..3127347e 100644
--- a/environment/deployments/roundtable/variables.tf
+++ b/environment/deployments/roundtable/variables.tf
@@ -193,8 +193,3 @@ variable "vault_server_bucket_suffix" {
   type        = string
   description = "Suffix for bucket used for Vault server storage"
 }
-
-variable "vault_server_backup_bucket_suffix" {
-  type        = string
-  description = "Suffix for bucket used for Vault server storage backup"
-}