-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More than 2 ECR lifecycle policies can't be defined for one ECR repository #6212
Comments
I'm sorry. |
Hi @RomTin 👋 Sorry you are running into trouble here. While the documentation doesn't note it, using two of the Currently you must combine the resource "aws_ecr_lifecycle_policy" "sample_policy_1" {
repository = "${aws_ecr_repository.sample.name}"
policy = <<EOF
{
"rules": [
{
"rulePriority": 1,
"description": "sample policy 1",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["sample_tag_1"],
"countType": "imageCountMoreThan",
"countNumber": 10
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 2,
"description": "sample policy 2",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["sample_tag_2"],
"countType": "imageCountMoreThan",
"countNumber": 10
},
"action": {
"type": "expire"
}
}
]
}
EOF
} How you accomplish combining the JSON is currently outside the scope of the AWS provider, however, there have been some thoughts/contributions about implementing an ECR lifecycle policy data source in Terraform (#6133), similar to the # Quick design sketch - not currently implemented and may change during development
data "aws_ecr_repository_lifecycle_policy" "rule1" {
rule {
priority = 1 # potentially optional
# ... other configuration ...
}
}
data "aws_ecr_repository_lifecycle_policy" "rule2" {
rule {
priority = 2 # potentially optional
# ... other configuration ...
}
}
data "aws_ecr_repository_lifecycle_policy" "combined" {
source_jsons = [
"${data.aws_ecr_repository_lifecycle_policy.rule1.json}",
"${data.aws_ecr_repository_lifecycle_policy.rule2.json}",
]
}
resource "aws_ecr_lifecycle_policy" "sample_policy_1" {
repository = "${aws_ecr_repository.sample.name}"
policy = "${data.aws_ecr_repository_lifecycle_policy.combined.json}"
} This can have the same benefits we get with the IAM data source where we can support combining rules, provide validation within Terraform, and allow for reusability of these configurations across multiple policies. We'll use this ticket for tracking the issue since there currently doesn't appear to be one except for the fairly new pull request. 👍 |
Hi @bflad, it's my pleasure receiving a comment from the contributor of Terraform. I'll try the solution which you advised. |
Hi folks 👋 Thanks for submitting this. We would certainly like to address this problem, likely more generically for all Terraform resources that could be potentially duplicated by same dimension (such as per-region and per-name). The enhancement that would be available to all Terraform resources, which we could then implement the Terraform AWS Provider, can be tracked upstream in the Terraform Plugin SDK: hashicorp/terraform-plugin-sdk#224. |
Hi folks 👋 Thank you for submitting this and this is an excellent use case of somewhere that Terraform and the Terraform AWS Provider could be much more helpful since in many cases they have enough information to return an error upfront during planning instead of unexpected behavior during apply. I believe this falls under the provider-wide enhancement proposal of #14394, so by adding this link here it will add a reference to that issue so we can include it as a use case when thinking about the implementation details. Since this is likely something we will want more broadly across many resources, I'm going to close this particular issue to consolidate discussions, efforts, and prioritization on the topic while the reference would serve as the cue to make this specific resource one of the initial implementations. I would suggest those 👍 upvoting and subscribing here to do so on #14394 so we can appropriately gauge interest. Please feel free to provide feedback there. Thanks again! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Terraform Version
v0.11.7
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
For multiple ECR lifecycle policies in the same single .tfstafe file
All of the ECR lifecycle policies which were defined in a single .tf file shoud be attached to the specified ECR repository.
For multiple ECR lifecycle policies in multiple .tfstafe files
When I prepared two .tfstate files, which include ECR lifecycle policiy definitions for a single ECR repository, All of the ECR lifecycle policies are attached to the specified ECR repository, and all .tfstate files should keep them.
Actual Behavior
For multiple ECR lifecycle policies in the same single .tfstafe file
Just one ECR lifecycle policy that was applied at last was attached to the ECR repository. All of the other ECR lifecycle policies were once created, and overwritten by following ECR lifecycle policy deifnitions.
e.g.)
A
andB
forECR repository a
.A
was attached to therepository a
.A
was overwritten byB
, thus policyA
was destroyed.B
was attached to therepository a
.For multiple ECR lifecycle policies in multiple .tfstafe files
e.g.)
ECR lifecycle policy A is defined in
sample_a.tf
andsample_a.tfstate
for ECR repository a.Also, ECR lifecycle policy B is defined in
sample_b.tf
andsample_b.tfstafe
for ECR repository a, too.When I applied
sample_a.tf
, ECR lifecycle policy A was correctly attached to ECR repository a . After that, I appliedsample_b.tf
and found that ECR lifecycle policy A was unexpectedly deleted and ECR lifecycle policy B was attached to ECR repository a .Steps to Reproduce
terraform apply
Important Factoids
Nothing
References
The text was updated successfully, but these errors were encountered: