Adding the changes for bucket backup retention (IBM-Cloud#6283)

* Adding the changes for bucket backup retention

* Addressing the review comments

* Making initial_delete_after_days as required parameter

Author: IBM-diksha

examples/ibm-cos-bucket/README.md

@@ -540,6 +540,97 @@ resource "ibm_cos_bucket_lifecycle_configuration"  "lifecycle" {
   }
 }
 ```
+
+## Bucket Backup 
+
+Provides 2 seperate resources - `ibm_cos_backup_vault` and `ibm_cos_backup_policy` to manage the backup policies and the backup vaults to store the backup of a COS bucket.
+
+## Example usage
+
+```terraform
+resource "ibm_cos_bucket" "backup-source-bucket" {
+  bucket_name           = "bucket-name"
+  resource_instance_id  = "cos_instance_id"
+  cross_region_location = "us"
+  storage_class         = "standard"
+  object_versioning {
+    enable = true
+  }
+
+}
+
+
+resource "ibm_cos_backup_vault" "backup-vault" {
+  backup_vault_name                   = "backup_vault_name"
+  service_instance_id                 = "cos_instance_id to create backup vault"
+  region                              = "us"
+  activity_tracking_management_events = true
+  metrics_monitoring_usage_metrics    = true
+  kms_key_crn                         = "crn:v1:staging:public:kms:us-south:a/997xxxxxxxxxxxxxxxxxxxxxx54:5xxxxxxxa-fxxb-4xx8-9xx4-f1xxxxxxxxx5:key:af5667d5-dxx5-4xxf-8xxf-exxxxxxxf1d"
+}
+
+
+resource "ibm_iam_authorization_policy" "policy" {
+  roles = [
+    "Backup Manager", "Writer"
+  ]
+  subject_attributes {
+    name  = "accountId"
+    value = "account_id of the cos account"
+  }
+  subject_attributes {
+    name  = "serviceName"
+    value = "cloud-object-storage"
+  }
+  subject_attributes {
+    name  = "serviceInstance"
+    value = "exxxxx34-xxxx-xxxx-xxxx-d6xxxxxxxx9"
+  }
+  subject_attributes {
+    name  = "resource"
+    value = "source-bucket-name"
+  }
+  subject_attributes {
+    name  = "resourceType"
+    value = "bucket"
+  }
+  resource_attributes {
+    name     = "accountId"
+    operator = "stringEquals"
+    value    = "account id of the cos account of backup vault"
+  }
+  resource_attributes {
+    name     = "serviceName"
+    operator = "stringEquals"
+    value    = "cloud-object-storage"
+  }
+  resource_attributes {
+    name     = "serviceInstance"
+    operator = "stringEquals"
+    value    = "exxxxx34-xxxx-xxxx-xxxx-d6xxxxxxxx9"
+  }
+  resource_attributes {
+    name     = "resource"
+    operator = "stringEquals"
+    value    = "backup-vault-name"
+  }
+  resource_attributes {
+    name     = "resourceType"
+    operator = "stringEquals"
+    value    = "backup-vault"
+  }
+}
+
+resource "ibm_cos_backup_policy" "policy" {
+  bucket_crn              = ibm_cos_bucket.bucket.crn
+  initial_delete_after_days       = 2
+  policy_name             = "policy_name"
+  target_backup_vault_crn = ibm_cos_backup_vault.backup-vault.backup_vault_crn
+  backup_type             = "continuous"
+}
+
+```
+
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Requirements
@@ -625,5 +716,14 @@ resource "ibm_cos_bucket_lifecycle_configuration"  "lifecycle" {
 | object_size_greater_than | Expiration rule will be applicable to the objects having size greater than specified value of his argument. | `int` | No
 | object_size_less_than | Expiration rule will be applicable to the objects having size lesser than specified value of his argument. | `int` | No
 | tag | Expiration rule will be applicable to the objects having the key-value tags specified by this attribute. | `object` | Yes
-
+| backup_vault_name                   | Name of the backup vault.                                                                                                                                                                                                                                                                                                                                                                                      | `string` | Yes      |
+| service_instance_id                 | CRN of the COS instance where the backup vault is to be created.                                                                                                                                                                                                                                                                                                                                               | `string` | Yes      |
+| activity_tracking_management_events | Whether to send notification for the management events for backup vault.                                                                                                                                                                                                                                                                                                                                       | `bool`   | No       |
+| metrics_monitoring_usage_metrics    | Whether usage metrics are collected for this backup vault.                                                                                                                                                                                                                                                                                                                                                     | `bool`   | No       |
+| kms_key_crn                         | Crn of the Key protect root.                                                                                                                                                                                                                                                                                                                                                                                   | `string` | No       |
+| bucket_crn                          | CRN of the source bucket.                                                                                                                                                                                                                                                                                                                                                                                      | `string` | Yes      |
+| initial_delete_after_days                   | Number of days after which the data contained within the RecoveryRange will be deleted.                                                                                                                                                                                                                                                                                                                        | `int`    | Yes      |
+| policy_name                         | Name of the policy.                                                                                                                                                                                                                                                                                                                                                                                            | `string` | Yes      |
+| backup_type                         | Backup type. Currently only  `continuous` is supported.                                                                                                                                                                                                                                                                                                                                                        | `string` | Yes      |
+| target_backup_vault_crn             | CRN of the target backup vault.                                                                                                                                                                                                                                                                                                                                                                                | `string` | Yes      |
 {: caption="inputs"}

examples/ibm-cos-bucket/main.tf

@@ -724,14 +724,14 @@ resource "ibm_cos_bucket_lifecycle_configuration"  "lifecycle" {
       days = 1
     }
     filter {
-      and{
-        prefix = "%s"
-        tags{
-          key = "%s"
-          value = "%s"
-          }
-        object_size_greater_than = "%d"
-        object_size_less_than = "%d"
+      and {
+        prefix = "foo"
+        tags {
+          key   = "key"
+          value = "value"
+        }
+        object_size_greater_than = 20
+        object_size_less_than    = 40
       }
     }
     rule_id = "id"
@@ -757,19 +757,102 @@ resource "ibm_cos_bucket_lifecycle_configuration"  "lifecycle" {
       days = 1
     }
     filter {
-      and{
-        tags{
-          key = "%s"
-          value = "%s"
-          }
-	tags{
-          key = "%s"
-          value = "%s"
-	}
+      and {
+        tags {
+          key   = "key1"
+          value = "value1"
+        }
+        tags {
+          key   = "key2"
+          value = "value2"
+        }
       }
     }  
     rule_id = "id"
     status = "enable"
   }
 }
 
+
+resource "ibm_cos_bucket" "backup-source-bucket" {
+  bucket_name           = "bucket-name"
+  resource_instance_id  = "cos_instance_id"
+  cross_region_location = "us"
+  storage_class         = "standard"
+  object_versioning {
+    enable = true
+  }
+
+}
+
+
+resource "ibm_cos_backup_vault" "backup-vault" {
+  backup_vault_name                   = "backup_vault_name"
+  service_instance_id                 = "cos_instance_id to create backup vault"
+  region                              = "us"
+  activity_tracking_management_events = true
+  metrics_monitoring_usage_metrics    = true
+  kms_key_crn                         = "crn:v1:staging:public:kms:us-south:a/997xxxxxxxxxxxxxxxxxxxxxx54:5xxxxxxxa-fxxb-4xx8-9xx4-f1xxxxxxxxx5:key:af5667d5-dxx5-4xxf-8xxf-exxxxxxxf1d"
+}
+
+
+resource "ibm_iam_authorization_policy" "policy" {
+  roles = [
+    "Backup Manager", "Writer"
+  ]
+  subject_attributes {
+    name  = "accountId"
+    value = "account_id of the cos account"
+  }
+  subject_attributes {
+    name  = "serviceName"
+    value = "cloud-object-storage"
+  }
+  subject_attributes {
+    name  = "serviceInstance"
+    value = "exxxxx34-xxxx-xxxx-xxxx-d6xxxxxxxx9"
+  }
+  subject_attributes {
+    name  = "resource"
+    value = "source-bucket-name"
+  }
+  subject_attributes {
+    name  = "resourceType"
+    value = "bucket"
+  }
+  resource_attributes {
+    name     = "accountId"
+    operator = "stringEquals"
+    value    = "account id of the cos account of backup vault"
+  }
+  resource_attributes {
+    name     = "serviceName"
+    operator = "stringEquals"
+    value    = "cloud-object-storage"
+  }
+  resource_attributes {
+    name     = "serviceInstance"
+    operator = "stringEquals"
+    value    = "exxxxx34-xxxx-xxxx-xxxx-d6xxxxxxxx9"
+  }
+  resource_attributes {
+    name     = "resource"
+    operator = "stringEquals"
+    value    = "backup-vault-name"
+  }
+  resource_attributes {
+    name     = "resourceType"
+    operator = "stringEquals"
+    value    = "backup-vault"
+  }
+}
+
+resource "ibm_cos_backup_policy" "policy" {
+  bucket_crn              = ibm_cos_bucket.bucket.crn
+  initial_delete_after_days       = 2
+  policy_name             = "policy_name"
+  target_backup_vault_crn = ibm_cos_backup_vault.backup-vault.backup_vault_crn
+  backup_type             = "continuous"
+}
+
+

go.mod

@@ -19,8 +19,8 @@ require (
 	github.com/IBM/eventstreams-go-sdk v1.4.0
 	github.com/IBM/go-sdk-core/v5 v5.19.1
 	github.com/IBM/ibm-backup-recovery-sdk-go v1.0.3
-	github.com/IBM/ibm-cos-sdk-go v1.12.0
-	github.com/IBM/ibm-cos-sdk-go-config/v2 v2.2.0
+	github.com/IBM/ibm-cos-sdk-go v1.12.2
+	github.com/IBM/ibm-cos-sdk-go-config/v2 v2.3.0
 	github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20250305134146-e023c2e84762
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta
 	github.com/IBM/keyprotect-go-client v0.15.1

go.sum

@@ -130,10 +130,10 @@ github.com/IBM/go-sdk-core/v5 v5.19.1 h1:sleVks1O4XjgF4YEGvyDh6PZbP6iZhlTPeDkQc8
 github.com/IBM/go-sdk-core/v5 v5.19.1/go.mod h1:Q3BYO6iDA2zweQPDGbNTtqft5tDcEpm6RTuqMlPcvbw=
 github.com/IBM/ibm-backup-recovery-sdk-go v1.0.3 h1:9TZHocmCfgmF8TGVrpP1kFyQbjcqLNW7+bM07lefpKQ=
 github.com/IBM/ibm-backup-recovery-sdk-go v1.0.3/go.mod h1:jsYutWlnGysdCNoAk0zoIXb2vfKM9TmMpiUkI4pVuXY=
-github.com/IBM/ibm-cos-sdk-go v1.12.0 h1:Wrk3ve4JS3euhl7XjNFd3RlvPT56199G2/rKaPWpRKU=
-github.com/IBM/ibm-cos-sdk-go v1.12.0/go.mod h1:v/VBvFuysZMIX9HcaIrz6a+FLVw9px8fq6XabFwD+E4=
-github.com/IBM/ibm-cos-sdk-go-config/v2 v2.2.0 h1:H5XSKuOEf+z+506ITq3FSXhFNBaZt7OLpH4OTQGcNXw=
-github.com/IBM/ibm-cos-sdk-go-config/v2 v2.2.0/go.mod h1:ci4tI9mIZEtN6cenuVN9RWyNJu8CkWHmYH758K2lVEQ=
+github.com/IBM/ibm-cos-sdk-go v1.12.2 h1:71A4tDl8u6BZ548h71ecEe7fw5bBA7ECTVqYmeSQWQA=
+github.com/IBM/ibm-cos-sdk-go v1.12.2/go.mod h1:ODYcmrmdpjo5hVguq9RbD6xmC8xb1XZMG7NefUbJNcc=
+github.com/IBM/ibm-cos-sdk-go-config/v2 v2.3.0 h1:956Nqk0eKI3lq+AkzWXZDid4UZHRz0wWh1LwkleBsWk=
+github.com/IBM/ibm-cos-sdk-go-config/v2 v2.3.0/go.mod h1:chnQxV+i38wD0aIi4KNU5bP2uzPtc7EHqB3/8Rhyjlg=
 github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20250305134146-e023c2e84762 h1:eB640+EihADOu56O2p/9JuuEUnSKX5I2URFd8/g92HY=
 github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20250305134146-e023c2e84762/go.mod h1:M2JyuyeWHPtgGNeezr6YqVRuaav2MpY8Ha4QrEYvMoI=
 github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta h1:P1fdIfKsD9xvJQ5MHIEztPS9yfNf9x+VDTamaYcmqcs=
@@ -1339,9 +1339,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ=
 golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

ibm/acctest/acctest.go

@@ -39,6 +39,9 @@ var (
 	CosBackupPolicyID               string
 	BucketCRN                       string
 	BackupVaultName                 string
+	BackupVaultName2                string
+	BackupVaultCrn                  string
+	BackupVaultCrn2                 string
 	ActivityTrackerInstanceCRN      string
 	MetricsMonitoringCRN            string
 	KmsKeyCrn                       string
@@ -596,6 +599,21 @@ func init() {
 		BackupVaultName = ""
 		fmt.Println("[WARN] Set the environment variable IBM_COS_Backup_Vault with a VALID BACKUP VAULT NAME  for testing ibm_cos_backup_vault* resources")
 	}
+	BackupVaultName2 = os.Getenv("IBM_COS_Backup_Vault2")
+	if BackupVaultName2 == "" {
+		BackupVaultName2 = ""
+		fmt.Println("[WARN] Set the environment variable IBM_COS_Backup_Vault2 with a VALID BACKUP VAULT NAME  for testing ibm_cos_backup_vault* resources")
+	}
+	BackupVaultCrn = os.Getenv("IBM_COS_Backup_Vault_Crn")
+	if BackupVaultCrn == "" {
+		BackupVaultCrn = ""
+		fmt.Println("[WARN] Set the environment variable IBM_COS_Backup_Crn with a VALID BACKUP VAULT CRN  for testing ibm_cos_backup_vault* resources")
+	}
+	BackupVaultCrn2 = os.Getenv("IBM_COS_Backup_Vault_Crn2")
+	if BackupVaultCrn2 == "" {
+		BackupVaultCrn2 = ""
+		fmt.Println("[WARN] Set the environment variable IBM_COS_Backup_Crn2 with a VALID BACKUP VAULT CRN  for testing ibm_cos_backup_vault* resources")
+	}
 	KmsKeyCrn = os.Getenv("IBM_KMS_KEY_CRN")
 	if KmsKeyCrn == "" {
 		KmsKeyCrn = ""

ibm/service/cos/data_source_ibm_cos_backup_policy.go

@@ -21,6 +21,11 @@ func DataSourceIBMCosBackupPolicy() *schema.Resource {
 				Required:    true,
 				Description: "Name of the source bucket",
 			},
+			"initial_delete_after_days": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Number of days after which the objects inside backup vault should be deleted.",
+			},
 			"policy_id": {
 				Type:        schema.TypeString,
 				Required:    true,
@@ -68,6 +73,9 @@ func dataSourceIBMCosBackupPolicyRead(d *schema.ResourceData, meta interface{})
 			d.Set("policy_name", aws.String(*res.PolicyName))
 			policy_name = *res.PolicyName
 		}
+		if res.InitialRetention.DeleteAfterDays != nil {
+			d.Set("initial_delete_after_days", int((*res.InitialRetention.DeleteAfterDays)))
+		}
 		if res.TargetBackupVaultCrn != nil {
 			d.Set("target_backup_vault_crn", aws.String(*res.TargetBackupVaultCrn))
 			target_backup_vault_crn = *res.TargetBackupVaultCrn

ibm/service/cos/data_source_ibm_cos_backup_policy_test.go

@@ -23,6 +23,7 @@ func TestAccIBMCOSBackupPolicyDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_cos_backup_policy.policy", "bucket_name"),
 					resource.TestCheckResourceAttrSet("data.ibm_cos_backup_policy.policy", "policy_id"),
 					resource.TestCheckResourceAttr("data.ibm_cos_backup_policy.policy", "backup_type", "continuous"),
+					resource.TestCheckResourceAttrSet("data.ibm_cos_backup_policy.policy", "initial_delete_after_days"),
 				),
 			},
 		},