Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COS bucket: configuration of Archive and Expiraton policies #1590

Closed
lifemikey opened this issue Jun 24, 2020 · 4 comments · Fixed by #2079
Closed

COS bucket: configuration of Archive and Expiraton policies #1590

lifemikey opened this issue Jun 24, 2020 · 4 comments · Fixed by #2079
Assignees
@hkantare

Comments

@lifemikey
Copy link

Ability to configure archive and expiration policies on the COS bucket with Terraform

  • ibm_cos_bucket

Archive doc
https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-archive

Expiration doc
https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-expiry

Reference
https://bigblue.aha.io/features/OBJ-382
https://bigblue.aha.io/ideas/IDEA-I-3135
@lifemikey lifemikey changed the title Cloud Object Storage bucket configuration of Archive and Expiraton policies COS bucket: configuration of Archive and Expiraton policies Jun 24, 2020
@mschenk42
Copy link
Contributor

We are also looking for this functionality.

@l2fprod
Copy link
Member

l2fprod commented Aug 7, 2020

as a workaround I've been using a null_resource:

resource null_resource flowlogs_bucket_expiration {
  triggers = {
    bucket_id = ibm_cos_bucket.flowlogs_bucket.id
  }

  provisioner "local-exec" {
    command = "./set_bucket_expiration.sh"
    environment = {
      ENDPOINT = "s3.${var.region}.cloud-object-storage.appdomain.cloud"
      BUCKET=ibm_cos_bucket.flowlogs_bucket.bucket_name
      API_KEY=ibm_resource_key.cos_key.credentials.apikey
    }
  }
}

and ./set_bucket_expiration.sh

#!/bin/sh
set -e

PAYLOAD="<LifecycleConfiguration>
  <Rule>
    <ID>expiration</ID>
    <Status>Enabled</Status>
    <Filter>
      <Prefix/>
    </Filter>
    <Expiration>
      <Days>1</Days>
    </Expiration>
  </Rule>
</LifecycleConfiguration>"

TOKEN=$(curl -X POST \
   'https://iam.cloud.ibm.com/identity/token' \
   -H 'content-type: application/x-www-form-urlencoded' \
   -H 'accept: application/json' \
   -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$API_KEY")

PAYLOAD_MD5=$(echo -n "$PAYLOAD" | openssl dgst -r -md5 -binary | openssl enc -base64)

ACCESS_TOKEN=$(echo $TOKEN | jq -r .access_token)

curl -X PUT \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: text/plain" \
  -H "Content-MD5: $PAYLOAD_MD5" \
  --data "$PAYLOAD" \
  https://$ENDPOINT/$BUCKET?lifecycle

@bstoutenburgh bstoutenburgh mentioned this issue Sep 21, 2020
Closed
@ZVilusinsky
Copy link

@l2fprod Thanks for pointing that out, I ve been using the same thing to remove default access policy (since I want only bucket access for the credentials, not whole cos) and did not thought about applying it to this case too.

@wderezin wderezin mentioned this issue Dec 1, 2020
Merged
@wderezin
Copy link
Contributor

wderezin commented Dec 1, 2020
edited
Loading

@hkantare I submitted a PR #2079 that implements this. Take a look and see if you like the solution. I still have to add the test cases & test but the resource code is done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hkantare hkantare

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cos expire TheWeatherCompany/terraform-provider-ibm
6 participants
@mschenk42 @wderezin @lifemikey @l2fprod @hkantare @ZVilusinsky