fix!: add deletion_protection to backup module and set it to false in … (#670)

q2w · web-flow · commit 5e3953877fa8 · 2024-11-26T12:59:19.000+05:30
diff --git a/examples/mysql-backup-create-service-account/main.tf b/examples/mysql-backup-create-service-account/main.tf
@@ -56,4 +56,5 @@ module "backup" {
   backup_schedule       = "5 * * * *"
   export_schedule       = "10 * * * *"
   compress_export       = false
+  deletion_protection   = false
 }
diff --git a/examples/postgresql-backup-provided-service-account/main.tf b/examples/postgresql-backup-provided-service-account/main.tf
@@ -70,6 +70,7 @@ module "backup" {
   service_account             = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com"
   create_notification_channel = false
   notification_channels       = [google_monitoring_notification_channel.email.id]
+  deletion_protection         = false
 }
 
 data "google_project" "test_project" {
diff --git a/examples/postgresql-with-cross-region-failover/kms.tf b/examples/postgresql-with-cross-region-failover/kms.tf
@@ -60,15 +60,22 @@ resource "google_project_service_identity" "cloudsql_sa" {
   service = "sqladmin.googleapis.com"
 }
 
+resource "time_sleep" "wait_10m" {
+  depends_on      = [google_project_service_identity.cloudsql_sa]
+  create_duration = "10m"
+}
+
 resource "google_kms_crypto_key_iam_member" "crypto_key_region1" {
   crypto_key_id = google_kms_crypto_key.cloudsql_region1_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
-  member        = "serviceAccount:${google_project_service_identity.cloudsql_sa.email}"
+  member        = google_project_service_identity.cloudsql_sa.member
+  depends_on    = [time_sleep.wait_10m]
 }
 
 resource "google_kms_crypto_key_iam_member" "crypto_key_region2" {
   crypto_key_id = google_kms_crypto_key.cloudsql_region2_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
-  member        = "serviceAccount:${google_project_service_identity.cloudsql_sa.email}"
+  member        = google_project_service_identity.cloudsql_sa.member
+  depends_on    = [time_sleep.wait_10m]
 }
 
diff --git a/modules/backup/README.md b/modules/backup/README.md
@@ -60,6 +60,7 @@ fetch workflows.googleapis.com/Workflow
 | compress\_export | Whether or not to compress the export when storing in the bucket; Only valid for MySQL and PostgreSQL | `bool` | `true` | no |
 | connector\_params\_timeout | The end-to-end duration the connector call is allowed to run for before throwing a timeout exception. The default value is 1800 and this should be the maximum for connector methods that are not long-running operations. Otherwise, for long-running operations, the maximum timeout for a connector call is 31536000 seconds (one year). | `number` | `1800` | no |
 | create\_notification\_channel | If set to true it will create email notification channel | `bool` | `false` | no |
+| deletion\_protection | Whether Terraform will be prevented from destroying the workflow. | `bool` | `true` | no |
 | enable\_backup\_monitoring | Whether to monitor backup workflows or not | `bool` | `false` | no |
 | enable\_connector\_params | Whether to enable connector-specific parameters for Google Workflow SQL Export. | `bool` | `false` | no |
 | enable\_export\_backup | Weather to create exports to GCS Buckets with this module | `bool` | `true` | no |
diff --git a/modules/backup/main.tf b/modules/backup/main.tf
@@ -99,6 +99,7 @@ resource "google_workflows_workflow" "sql_backup" {
     backupRetentionTime      = var.backup_retention_time
     backupRunsListMaxResults = var.backup_runs_list_max_results
   })
+  deletion_protection = var.deletion_protection
 }
 
 resource "google_cloud_scheduler_job" "sql_backup" {
@@ -171,6 +172,7 @@ resource "google_workflows_workflow" "sql_export" {
     logDbName              = var.log_db_name_to_export
     serverlessExport       = var.use_serverless_export
   })
+  deletion_protection = var.deletion_protection
 }
 
 resource "google_cloud_scheduler_job" "sql_export" {
diff --git a/modules/backup/metadata.yaml b/modules/backup/metadata.yaml
@@ -27,7 +27,7 @@ spec:
       dir: /modules/backup
     actuationTool:
       flavor: Terraform
-      version: ">= 0.13"
+      version: ">= 1.3"
     description: {}
   content:
     examples:
@@ -89,6 +89,10 @@ spec:
         description: If set to true it will create email notification channel
         varType: bool
         defaultValue: false
+      - name: deletion_protection
+        description: Whether Terraform will be prevented from destroying the workflow.
+        varType: bool
+        defaultValue: true
       - name: enable_backup_monitoring
         description: Whether to monitor backup workflows or not
         varType: bool
diff --git a/modules/backup/variables.tf b/modules/backup/variables.tf
@@ -192,3 +192,9 @@ variable "notification_channels" {
   type        = list(string)
   default     = []
 }
+
+variable "deletion_protection" {
+  description = "Whether Terraform will be prevented from destroying the workflow."
+  type        = bool
+  default     = true
+}
diff --git a/modules/backup/versions.tf b/modules/backup/versions.tf
@@ -19,7 +19,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.0, < 7"
+      version = ">= 6.11.0, < 7"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -56,4 +56,5 @@ module "backup" {`
`56`	`56`	`backup_schedule = "5 * * * *"`
`57`	`57`	`export_schedule = "10 * * * *"`
`58`	`58`	`compress_export = false`
	`59`	`+ deletion_protection = false`
`59`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ module "backup" {`
`70`	`70`	`service_account = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com"`
`71`	`71`	`create_notification_channel = false`
`72`	`72`	`notification_channels = [google_monitoring_notification_channel.email.id]`
	`73`	`+ deletion_protection = false`
`73`	`74`	`}`
`74`	`75`
`75`	`76`	`data "google_project" "test_project" {`
Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ resource "google_workflows_workflow" "sql_backup" {`
`99`	`99`	`backupRetentionTime = var.backup_retention_time`
`100`	`100`	`backupRunsListMaxResults = var.backup_runs_list_max_results`
`101`	`101`	`})`
	`102`	`+ deletion_protection = var.deletion_protection`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`resource "google_cloud_scheduler_job" "sql_backup" {`
`@@ -171,6 +172,7 @@ resource "google_workflows_workflow" "sql_export" {`
`171`	`172`	`logDbName = var.log_db_name_to_export`
`172`	`173`	`serverlessExport = var.use_serverless_export`
`173`	`174`	`})`
	`175`	`+ deletion_protection = var.deletion_protection`
`174`	`176`	`}`
`175`	`177`
`176`	`178`	`resource "google_cloud_scheduler_job" "sql_export" {`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ terraform {`
`19`	`19`	`required_providers {`
`20`	`20`	`google = {`
`21`	`21`	`source = "hashicorp/google"`
`22`		`- version = ">= 4.0, < 7"`
	`22`	`+ version = ">= 6.11.0, < 7"`
`23`	`23`	`}`
`24`	`24`	`}`
`25`	`25`	`}`