How to create nexus cleanup policy

[SomniVertix]

Describe the bug
Not sure if its a bug or if I'm just missing something, but I can't seem to find where to define/create cleanup policies?

Expected behavior
Use of terraform provider to cleanup policies

[anmoel]

hi @SomniVertix.

This is not a bug. It's a feature request.
But unfortunately no cleanup policies can be created via the REST API yet.
I will create a feature request at sonatype

[anmoel]

please votes there: https://ideas.sonatype.com/ideas/IDEAS-I-1466

[github-actions]

This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 7 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[onedr0p]

This is the public issue that is tracking the status.
https://issues.sonatype.org/browse/NEXUS-17671

[scop]

Upstream issue moved to sonatype/nexus-public#149

[NickWemekamp]

As of Nexus 3.70 there is an API for clean up policies

[alexandrovas]

Only Nexus Pro feature 🥲

[kellervater]

Found a super hacky terraform-onlyISH way to circumvent this limitation by leveraging the scripts feature.
If it helps you, feel free to use it:

################ SCRIPTS ########################
# Unfortunately Nexus OSS doesn't provide a REST Endpoint in the free version to manage cleanup policies.
# But since they are a crucial part for a full-auto GitOps management, 
# we include the groovy script from our former Ansible solution here.
data "http" "cleanup_policy_script" {
  url = "https://raw.githubusercontent.com/ansible-ThoTeam/nexus3-oss/refs/tags/v2.5.2/files/groovy/create_cleanup_policies_from_list.groovy"
}

# upload the groovy script to Nexus
resource "nexus_script" "cleanup_policy_script" {
  name = local.script_name
  content = data.http.cleanup_policy_script.response_body
  type = "groovy"
}

# define cleanup policies
locals {
  script_name = "create_cleanup_policies_from_list"
  cleanup_policies = [{
    name = "delete_old"
    format = "maven2"
    notes = "Automatically delete old assets 30 days after downloading."
    criteria = {
      lastDownloaded = 30
    }
  }]
}

# Due to the nature of the `data` block when using the `http` provider
# the POST request would already happen during the plan phase.
# The null_resource prevents this, since it will always change
# and the http data block depends on it.
resource "null_resource" "ok_to_be_replaced" {
  triggers = {
    always_change = "${timestamp()}"
  }
}
data "http" "upload_cleanup_policy" {
  depends_on = [ nexus_script.cleanup_policy_script, local.cleanup_policies, null_resource.ok_to_be_replaced ]
  url    = "${local.nexus_url}/service/rest/v1/script/${local.script_name}/run"
  method = "POST"
  request_headers = {
    Content-Type: "text/plain"
    authorization = "Basic ${base64encode("${local.nexus_username}:${local.nexus_password}")}"
  }

  request_body = jsonencode(local.cleanup_policies)

  lifecycle {
    postcondition {
      condition = contains([200], self.status_code)
      error_message = "Something went wrong uploading cleanup policies. Response (Code ${self.status_code}): ${self.response_body}"
    }
  }
}

Important

You'll need to provide some variables like nexus_url and credentials if applicable.