diff --git a/mmv1/products/firestore/Database.yaml b/mmv1/products/firestore/Database.yaml index 26f8371bdf8f..0a34b7b7e051 100644 --- a/mmv1/products/firestore/Database.yaml +++ b/mmv1/products/firestore/Database.yaml @@ -47,7 +47,6 @@ async: !ruby/object:Api::OpAsync error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' -skip_delete: true autogen_async: true id_format: 'projects/{{project}}/databases/{{name}}' import_format: @@ -59,52 +58,73 @@ examples: name: 'firestore_default_database' primary_resource_id: 'database' pull_external: true + vars: + delete_protection_state: "DELETE_PROTECTION_ENABLED" test_env_vars: - org_id: :ORG_ID + project_id: :PROJECT_NAME + test_vars_overrides: + delete_protection_state: '"DELETE_PROTECTION_DISABLED"' ignore_read_extra: - project - etag - vars: - project_id: 'my-project' + - deletion_policy - !ruby/object:Provider::Terraform::Examples name: 'firestore_database' primary_resource_id: 'database' vars: name: "example-database-id" + delete_protection_state: "DELETE_PROTECTION_ENABLED" test_env_vars: project_id: :PROJECT_NAME + test_vars_overrides: + delete_protection_state: '"DELETE_PROTECTION_DISABLED"' ignore_read_extra: - project - etag + - deletion_policy - !ruby/object:Provider::Terraform::Examples name: 'firestore_default_database_in_datastore_mode' primary_resource_id: 'datastore_mode_database' - pull_external: true + vars: + delete_protection_state: "DELETE_PROTECTION_ENABLED" test_env_vars: - org_id: :ORG_ID + project_id: :PROJECT_NAME + test_vars_overrides: + delete_protection_state: '"DELETE_PROTECTION_DISABLED"' ignore_read_extra: - project - etag - vars: - project_id: 'my-project' + - deletion_policy + skip_test: true - !ruby/object:Provider::Terraform::Examples name: 'firestore_database_in_datastore_mode' primary_resource_id: 'datastore_mode_database' vars: name: "example-database-id" + delete_protection_state: "DELETE_PROTECTION_ENABLED" test_env_vars: project_id: :PROJECT_NAME + test_vars_overrides: + delete_protection_state: '"DELETE_PROTECTION_DISABLED"' ignore_read_extra: - project - etag - - !ruby/object:Provider::Terraform::Examples - name: 'firestore_database_with_delete_protection' - primary_resource_id: 'database' - vars: - name: "example-database-id" - test_env_vars: - project_id: :PROJECT_NAME - skip_test: true + - deletion_policy +virtual_fields: + - !ruby/object:Api::Type::Enum + name: 'deletion_policy' + description: | + Deletion behavior for this database. + If the deletion policy is `ABANDON`, the database will be removed from Terraform state but not deleted from Google Cloud upon destruction. + If the deletion policy is `DELETE`, the database will both be removed from Terraform state and deleted from Google Cloud upon destruction. + The default value is `ABANDON`. + See also `delete_protection`. + values: + - :ABANDON + - :DELETE + default_value: :ABANDON +custom_code: !ruby/object:Provider::Terraform::CustomCode + pre_delete: templates/terraform/pre_delete/firestore_database.go.erb properties: - !ruby/object:Api::Type::String name: name @@ -177,6 +197,9 @@ properties: name: deleteProtectionState description: | State of delete protection for the database. + When delete protection is enabled, this database cannot be deleted. + The default value is `DELETE_PROTECTION_STATE_UNSPECIFIED`, which is currently equivalent to `DELETE_PROTECTION_DISABLED`. + **Note:** Additionally, to delete this database using `terraform destroy`, `deletion_policy` must be set to `DELETE`. values: - :DELETE_PROTECTION_STATE_UNSPECIFIED - :DELETE_PROTECTION_ENABLED diff --git a/mmv1/templates/terraform/examples/firestore_database.tf.erb b/mmv1/templates/terraform/examples/firestore_database.tf.erb index 771b58393b1c..28e699531919 100644 --- a/mmv1/templates/terraform/examples/firestore_database.tf.erb +++ b/mmv1/templates/terraform/examples/firestore_database.tf.erb @@ -6,4 +6,6 @@ resource "google_firestore_database" "<%= ctx[:primary_resource_id] %>" { concurrency_mode = "OPTIMISTIC" app_engine_integration_mode = "DISABLED" point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED" + delete_protection_state = "<%= ctx[:vars]['delete_protection_state'] %>" + deletion_policy = "DELETE" } diff --git a/mmv1/templates/terraform/examples/firestore_database_in_datastore_mode.tf.erb b/mmv1/templates/terraform/examples/firestore_database_in_datastore_mode.tf.erb index 1f5233c2e884..7604cb2e31f8 100644 --- a/mmv1/templates/terraform/examples/firestore_database_in_datastore_mode.tf.erb +++ b/mmv1/templates/terraform/examples/firestore_database_in_datastore_mode.tf.erb @@ -6,4 +6,6 @@ resource "google_firestore_database" "<%= ctx[:primary_resource_id] %>" { concurrency_mode = "OPTIMISTIC" app_engine_integration_mode = "DISABLED" point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED" + delete_protection_state = "<%= ctx[:vars]['delete_protection_state'] %>" + deletion_policy = "DELETE" } diff --git a/mmv1/templates/terraform/examples/firestore_database_with_delete_protection.tf.erb b/mmv1/templates/terraform/examples/firestore_database_with_delete_protection.tf.erb deleted file mode 100644 index 126899e3a47b..000000000000 --- a/mmv1/templates/terraform/examples/firestore_database_with_delete_protection.tf.erb +++ /dev/null @@ -1,11 +0,0 @@ -resource "google_firestore_database" "<%= ctx[:primary_resource_id] %>" { - project = "<%= ctx[:test_env_vars]['project_id'] %>" - name = "<%= ctx[:vars]['name']%>" - location_id = "nam5" - type = "FIRESTORE_NATIVE" - - # Prevents accidental deletion of the database. - # To delete the database, first set this field to `DELETE_PROTECTION_DISABLED`, apply the changes. - # Then delete the database resource and apply the changes again. - delete_protection_state = "DELETE_PROTECTION_ENABLED" -} diff --git a/mmv1/templates/terraform/examples/firestore_default_database.tf.erb b/mmv1/templates/terraform/examples/firestore_default_database.tf.erb index 36bc28e2c752..ab0574cf0b45 100644 --- a/mmv1/templates/terraform/examples/firestore_default_database.tf.erb +++ b/mmv1/templates/terraform/examples/firestore_default_database.tf.erb @@ -1,27 +1,8 @@ -resource "google_project" "project" { - project_id = "<%= ctx[:vars]['project_id'] %>" - name = "<%= ctx[:vars]['project_id'] %>" - org_id = "<%= ctx[:test_env_vars]['org_id'] %>" -} - -resource "time_sleep" "wait_60_seconds" { - depends_on = [google_project.project] - - create_duration = "60s" -} - -resource "google_project_service" "firestore" { - project = google_project.project.project_id - service = "firestore.googleapis.com" - # Needed for CI tests for permissions to propagate, should not be needed for actual usage - depends_on = [time_sleep.wait_60_seconds] -} - resource "google_firestore_database" "<%= ctx[:primary_resource_id] %>" { - project = google_project.project.project_id - name = "(default)" - location_id = "nam5" - type = "FIRESTORE_NATIVE" - - depends_on = [google_project_service.firestore] + project = "<%= ctx[:test_env_vars]['project_id'] %>" + name = "(default)" + location_id = "nam5" + type = "FIRESTORE_NATIVE" + delete_protection_state = "<%= ctx[:vars]['delete_protection_state'] %>" + deletion_policy = "DELETE" } diff --git a/mmv1/templates/terraform/examples/firestore_default_database_in_datastore_mode.tf.erb b/mmv1/templates/terraform/examples/firestore_default_database_in_datastore_mode.tf.erb index afdd7aa4146e..d87c069932bb 100644 --- a/mmv1/templates/terraform/examples/firestore_default_database_in_datastore_mode.tf.erb +++ b/mmv1/templates/terraform/examples/firestore_default_database_in_datastore_mode.tf.erb @@ -1,28 +1,8 @@ -resource "google_project" "project" { - project_id = "tf-test%{random_suffix}" - name = "tf-test%{random_suffix}" - org_id = "<%= ctx[:test_env_vars]['org_id'] %>" -} - -resource "time_sleep" "wait_60_seconds" { - depends_on = [google_project.project] - create_duration = "60s" -} - -resource "google_project_service" "firestore" { - project = google_project.project.project_id - service = "firestore.googleapis.com" - # Needed for CI tests for permissions to propagate, should not be needed for actual usage - depends_on = [time_sleep.wait_60_seconds] -} - resource "google_firestore_database" "<%= ctx[:primary_resource_id] %>" { - project = google_project.project.project_id - - name = "(default)" - - location_id = "nam5" - type = "DATASTORE_MODE" - - depends_on = [google_project_service.firestore] + project = "<%= ctx[:test_env_vars]['project_id'] %>" + name = "(default)" + location_id = "nam5" + type = "DATASTORE_MODE" + delete_protection_state = "<%= ctx[:vars]['delete_protection_state'] %>" + deletion_policy = "DELETE" } diff --git a/mmv1/templates/terraform/pre_delete/firestore_database.go.erb b/mmv1/templates/terraform/pre_delete/firestore_database.go.erb new file mode 100644 index 000000000000..2f396d07df3d --- /dev/null +++ b/mmv1/templates/terraform/pre_delete/firestore_database.go.erb @@ -0,0 +1,7 @@ +if deletionPolicy := d.Get("deletion_policy"); deletionPolicy != "DELETE" { + log.Printf("[WARN] Firestore database %q deletion_policy is not set to 'DELETE', skipping deletion", d.Get("name").(string)) + return nil +} +if deleteProtection := d.Get("delete_protection_state"); deleteProtection == "DELETE_PROTECTION_ENABLED" { + return fmt.Errorf("Cannot delete Firestore database %s: Delete Protection is enabled. Set delete_protection_state to DELETE_PROTECTION_DISABLED for this resource and run \"terraform apply\" before attempting to delete it.", d.Get("name").(string)) +}