diff --git a/_example/complete/example.tf b/_example/complete/example.tf index 6ca4258..bde2dc7 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -117,7 +117,8 @@ module "s3_bucket" { years = null } - versioning = true + versioning = true + force_destroy = true vpc_endpoints = [ { endpoint_count = 1 @@ -211,9 +212,7 @@ module "s3_bucket" { lifecycle_configuration_rules = [ { id = "log" - prefix = null enabled = true - tags = { "temp" : "true" } enable_glacier_transition = false enable_deeparchive_transition = false enable_standard_ia_transition = false @@ -228,12 +227,14 @@ module "s3_bucket" { deeparchive_transition_days = 0 storage_class = "GLACIER" expiration_days = 365 + filter = { + prefix = "myfolder1/myfolder2/" + tags = { "temp" : "true" } + } }, { id = "log1" - prefix = null enabled = true - tags = {} enable_glacier_transition = false enable_deeparchive_transition = false enable_standard_ia_transition = false @@ -248,6 +249,10 @@ module "s3_bucket" { glacier_transition_days = 0 deeparchive_transition_days = 0 expiration_days = 365 + filter = { + prefix = null + tags = {} + } } ] diff --git a/main.tf b/main.tf index dc96143..f228f0b 100644 --- a/main.tf +++ b/main.tf @@ -297,12 +297,51 @@ resource "aws_s3_bucket_lifecycle_configuration" "default" { status = rule.value.enabled == true ? "Enabled" : "Disabled" # Filter is always required due to https://github.com/hashicorp/terraform-provider-aws/issues/23299 - filter { - dynamic "and" { - for_each = (try(length(rule.value.prefix), 0) + try(length(rule.value.tags), 0)) > 0 ? [1] : [] - content { - prefix = rule.value.prefix == null ? "" : rule.value.prefix - tags = try(length(rule.value.tags), 0) > 0 ? rule.value.tags : {} + + # -- The `filter` block supports two types of syntaxes, with `and {}` & without `and` + # -- With `and {}` is used when user passes more than 1 attribute inside `filter` block OR if `tags` attribute is being used. + # -- Creating 3 dynamic block for `filter` to satisfy all 3 conditions - + # + # 1: required `filter` block for `aws_s3_bucket_lifecycle_configuration` resource + # 2: with `and` + # 3: without `and` + `tags` attribute + + # -- `filter` block is required for `aws_s3_bucket_lifecycle_configuration` resource + dynamic "filter" { + for_each = length(try(flatten([rule.value.filter]), [])) == 0 ? [true] : [] + content {} + } + + # -- block without `and` + dynamic "filter" { + for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) == 1] + + content { + object_size_greater_than = try(filter.value.object_size_greater_than, null) + object_size_less_than = try(filter.value.object_size_less_than, null) + prefix = try(filter.value.prefix, null) + + dynamic "tag" { + for_each = try(filter.value.tags, filter.value.tag, []) + + content { + key = tag.key + value = tag.value + } + } + } + } + + # -- block with `and` + dynamic "filter" { + for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) > 1] + + content { + and { + object_size_greater_than = try(filter.value.object_size_greater_than, null) + object_size_less_than = try(filter.value.object_size_less_than, null) + prefix = try(filter.value.prefix, null) + tags = try(filter.value.tags, filter.value.tag, null) } } } diff --git a/variables.tf b/variables.tf index 9d14386..98edb1e 100644 --- a/variables.tf +++ b/variables.tf @@ -83,9 +83,8 @@ variable "enable_lifecycle_configuration_rules" { variable "lifecycle_configuration_rules" { type = list(object({ id = string - prefix = string enabled = bool - tags = map(string) + filter = any enable_glacier_transition = bool enable_deeparchive_transition = bool