Add MinIO Bucket Retention Resource

[SoulKyu]

Add MinIO Bucket Retention Resource

Description

This PR adds support for managing MinIO bucket retention (object lock) configurations through Terraform. The new resource minio_s3_bucket_retention enables users to configure WORM (Write-Once Read-Many) retention policies on MinIO buckets.

Features

• Full support for MinIO object lock configuration
• Compliance with SEC17a-4(f), FINRA 4511(C), and CFTC 1.31(c)-(d) requirements
• Support for both GOVERNANCE and COMPLIANCE retention modes
• Configurable retention periods in days or years
• Integration with bucket lifecycle management
• Import support for existing configurations

Example Usage

resource "minio_s3_bucket" "example" {
  bucket          = "my-bucket"
  force_destroy   = true
  object_locking  = true
}

resource "minio_s3_bucket_retention" "example" {
  bucket          = minio_s3_bucket.example.bucket
  mode            = "COMPLIANCE"
  unit            = "DAYS"
  validity_period = 30
}

Implementation Details

• Added validations for:
  • Retention modes (GOVERNANCE/COMPLIANCE)
  • Time units (DAYS/YEARS)
  • Validity periods (positive integers)
  • Bucket prerequisites (object lock enabled, versioning)
• Added warnings for lifecycle rule interactions
• Full CRUD operations support
• Comprehensive acceptance tests

Testing

Added acceptance tests covering:

• Basic retention configuration
• Updates to existing configurations
• Invalid configurations
• Configuration disappearance handling

Dependencies

This resource requires:

• MinIO server with object lock support
• Bucket with object locking enabled
• Bucket versioning enabled

Documentation

• Added comprehensive resource documentation
• Included examples for common use cases
• Added notes about interactions with other features

Notes for Reviewers

1. The resource requires object lock to be enabled during bucket creation
2. Special attention to validation of retention parameters
3. Lifecycle rule interaction handling
4. Error handling for bucket prerequisites

Be careful

This permit to activate WORM on the bucket level. A new resource need to be created to create WORM at object level.
But this would maybe be done in another PR.

[felladrin]

Great addition!
Let me know if you think we should release a v3.2.0 now, or only after your next PR.

[SoulKyu]

Great addition!

Let me know if you think we should release a v3.2.0 now, or only after your next PR.

You can add it now, won't perform a PR for the moment

[felladrin]

Alright! v3.2.0 is on the way!