feat!: soft-delete configuration (#309)

terraform-google-modules · Apr 10, 2024 · 1be844a · 1be844a
1 parent d024007
commit 1be844a
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -81,6 +81,7 @@ Functional examples are included in the
 | set\_hmac\_key\_admin\_roles | Grant roles/storage.hmacKeyAdmin role to hmac\_key\_admins and bucket\_hmac\_key\_admins. | `bool` | `false` | no |
 | set\_storage\_admin\_roles | Grant roles/storage.admin role to storage\_admins and bucket\_storage\_admins. | `bool` | `false` | no |
 | set\_viewer\_roles | Grant roles/storage.objectViewer role to viewers and bucket\_viewers. | `bool` | `false` | no |
+| soft\_delete\_policy | Soft delete policies to apply. Map of lowercase unprefixed name => soft delete policy. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#nested_soft_delete_policy | `map(any)` | `{}` | no |
 | storage\_admins | IAM-style members who will be granted roles/storage.admin on all buckets. | `list(string)` | `[]` | no |
 | storage\_class | Bucket storage class. | `string` | `"STANDARD"` | no |
 | versioning | Optional map of lowercase unprefixed name => boolean, defaults to false. | `map(bool)` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -155,6 +155,13 @@ resource "google_storage_bucket" "buckets" {
       log_object_prefix = lookup(logging.value, "log_object_prefix", null)
     }
   }
+
+  dynamic "soft_delete_policy" {
+    for_each = [lookup(var.soft_delete_policy, each.value, {})]
+    content {
+      retention_duration_seconds = lookup(soft_delete_policy.value, "retention_duration_seconds", null)
+    }
+  }
 }
 
 resource "google_storage_bucket_iam_binding" "admins" {

diff --git a/modules/simple_bucket/README.md b/modules/simple_bucket/README.md
@@ -54,6 +54,7 @@ Functional examples are included in the
 | project\_id | The ID of the project to create the bucket in. | `string` | n/a | yes |
 | public\_access\_prevention | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `"inherited"` | no |
 | retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked        = bool<br>    retention_period = number<br>  })</pre> | `null` | no |
+| soft\_delete\_policy | Soft delete policies to apply. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#nested_soft_delete_policy | <pre>object({<br>    retention_duration_seconds = optional(number)<br>  })</pre> | `{}` | no |
 | storage\_class | The Storage Class of the new bucket. | `string` | `null` | no |
 | versioning | While set to true, versioning is fully enabled for this bucket. | `bool` | `true` | no |
 | website | Map of website values. Supported attributes: main\_page\_suffix, not\_found\_page | `map(any)` | `{}` | no |

diff --git a/modules/simple_bucket/main.tf b/modules/simple_bucket/main.tf
@@ -102,6 +102,13 @@ resource "google_storage_bucket" "bucket" {
       log_object_prefix = var.log_object_prefix
     }
   }
+
+  dynamic "soft_delete_policy" {
+    for_each = var.soft_delete_policy == {} ? [] : [var.soft_delete_policy]
+    content {
+      retention_duration_seconds = lookup(soft_delete_policy.value, "retention_duration_seconds", null)
+    }
+  }
 }
 
 resource "google_storage_bucket_iam_member" "members" {

diff --git a/modules/simple_bucket/variables.tf b/modules/simple_bucket/variables.tf
@@ -150,3 +150,11 @@ variable "public_access_prevention" {
   type        = string
   default     = "inherited"
 }
+
+variable "soft_delete_policy" {
+  description = "Soft delete policies to apply. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#nested_soft_delete_policy"
+  type = object({
+    retention_duration_seconds = optional(number)
+  })
+  default = {}
+}
diff --git a/modules/simple_bucket/versions.tf b/modules/simple_bucket/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.46, < 6"
+      version = ">= 5.22, < 6"
     }
   }
 

diff --git a/variables.tf b/variables.tf
@@ -283,3 +283,9 @@ variable "public_access_prevention" {
   type        = string
   default     = "inherited"
 }
+
+variable "soft_delete_policy" {
+  description = "Soft delete policies to apply. Map of lowercase unprefixed name => soft delete policy. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#nested_soft_delete_policy"
+  type        = map(any)
+  default     = {}
+}
diff --git a/versions.tf b/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.46, < 6"
+      version = ">= 5.22, < 6"
     }
 
     random = {