From 4c31ce9d6dca0533b12ee3c9a465cf1bca28af87 Mon Sep 17 00:00:00 2001
From: PePe Amengual <jose.amengual@gmail.com>
Date: Wed, 9 Oct 2019 08:24:55 -0700
Subject: [PATCH] Adding lifecycle rule support (#18)

---
 README.md         | 12 ++++++++----
 docs/terraform.md | 41 +++++++++++++++++++++++++++++++++++++++++
 main.tf           | 17 +++++++++++++++++
 variables.tf      | 24 ++++++++++++++++++++++++
 4 files changed, 90 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index dd6febe7..969967ee 100644
--- a/README.md
+++ b/README.md
@@ -92,9 +92,13 @@ Available targets:
 | enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
 | force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
 | kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| lifecycle_rule_enabled | Enable or disable lifecycle rule | bool | `false` | no |
 | name | Name  (e.g. `app` or `cluster`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| noncurrent_version_expiration_days | Specifies when noncurrent object versions expire | number | `90` | no |
+| noncurrent_version_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier | number | `30` | no |
 | policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
+| prefix | Prefix identifying one or more objects to which the rule applies | string | `` | no |
 | region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
 | sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
@@ -261,13 +265,13 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 |---|---|---|---|
 
   [osterman_homepage]: https://github.com/osterman
-  [osterman_avatar]: https://github.com/osterman.png?size=150
+  [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png
   [aknysh_homepage]: https://github.com/aknysh
-  [aknysh_avatar]: https://github.com/aknysh.png?size=150
+  [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png
   [maximmi_homepage]: https://github.com/maximmi
-  [maximmi_avatar]: https://github.com/maximmi.png?size=150
+  [maximmi_avatar]: https://img.cloudposse.com/150x150/https://github.com/maximmi.png
   [joshmyers_homepage]: https://github.com/joshmyers
-  [joshmyers_avatar]: https://github.com/joshmyers.png?size=150
+  [joshmyers_avatar]: https://img.cloudposse.com/150x150/https://github.com/joshmyers.png
 
 
 
diff --git a/docs/terraform.md b/docs/terraform.md
index e69de29b..cf3cfc2d 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -0,0 +1,41 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| acl | The canned ACL to apply. We recommend `private` to avoid exposing sensitive information | string | `private` | no |
+| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
+| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
+| attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
+| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
+| enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
+| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
+| kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| lifecycle_rule_enabled | Enable or disable lifecycle rule | bool | `false` | no |
+| name | Name  (e.g. `app` or `cluster`) | string | - | yes |
+| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| noncurrent_version_expiration_days | Specifies when noncurrent object versions expire | number | `90` | no |
+| noncurrent_version_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier | number | `30` | no |
+| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
+| prefix | Prefix identifying one or more objects to which the rule applies | string | `` | no |
+| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
+| sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
+| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `<map>` | no |
+| user_enabled | Set to `true` to create an IAM user with permission to access the bucket | bool | `false` | no |
+| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| access_key_id | The access key ID |
+| bucket_arn | Bucket ARN |
+| bucket_domain_name | FQDN of bucket |
+| bucket_id | Bucket Name (aka ID) |
+| enabled | Is module enabled |
+| secret_access_key | The secret access key. This will be written to the state file in plain-text |
+| user_arn | The ARN assigned by AWS for the user |
+| user_enabled | Is user creation enabled |
+| user_name | Normalized IAM user name |
+| user_unique_id | The user unique ID assigned by AWS |
+
diff --git a/main.tf b/main.tf
index a6b8b421..abf874a5 100644
--- a/main.tf
+++ b/main.tf
@@ -21,6 +21,23 @@ resource "aws_s3_bucket" "default" {
     enabled = var.versioning_enabled
   }
 
+  lifecycle_rule {
+    id      = module.default_label.id
+    enabled = var.lifecycle_rule_enabled
+    prefix  = var.prefix
+    tags    = module.default_label.tags
+
+    noncurrent_version_transition {
+      days          = var.noncurrent_version_transition_days
+      storage_class = "GLACIER"
+    }
+
+    noncurrent_version_expiration {
+      days = var.noncurrent_version_expiration_days
+    }
+  }
+
+
   # https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
   # https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#enable-default-server-side-encryption
   server_side_encryption_configuration {
diff --git a/variables.tf b/variables.tf
index 1413c453..914747c0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -98,3 +98,27 @@ variable "allow_encrypted_uploads_only" {
   default     = false
   description = "Set to `true` to prevent uploads of unencrypted objects to S3 bucket"
 }
+
+variable "lifecycle_rule_enabled" {
+  type        = bool
+  default     = false
+  description = "Enable or disable lifecycle rule"
+}
+
+variable "prefix" {
+  type        = string
+  default     = ""
+  description = "Prefix identifying one or more objects to which the rule applies"
+}
+
+variable "noncurrent_version_transition_days" {
+  type        = number
+  default     = 30
+  description = "Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier"
+}
+
+variable "noncurrent_version_expiration_days" {
+  type        = number
+  default     = 90
+  description = "Specifies when noncurrent object versions expire"
+}