diff --git a/blueprints/apigee/hybrid-gke/README.md b/blueprints/apigee/hybrid-gke/README.md
index 5d79f1f814..3d50f27af3 100644
--- a/blueprints/apigee/hybrid-gke/README.md
+++ b/blueprints/apigee/hybrid-gke/README.md
@@ -45,29 +45,27 @@ The diagram below depicts the architecture.
curl -v https://HOSTNAME/httpbin/headers
```
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [hostname](variables.tf#L43) | Host name. | string | ✓ | |
-| [project_id](variables.tf#L79) | Project ID. | string | ✓ | |
+| [hostname](variables.tf#L50) | Host name. | string | ✓ | |
+| [project_id](variables.tf#L86) | Project ID. | string | ✓ | |
| [cluster_machine_type](variables.tf#L17) | Cluster nachine type. | string | | "e2-standard-4" |
| [cluster_network_config](variables.tf#L23) | Cluster network configuration. | object({…}) | | {…} |
-| [mgmt_server_config](variables.tf#L48) | Mgmt server configuration. | object({…}) | | {…} |
-| [mgmt_subnet_cidr_block](variables.tf#L64) | Management subnet CIDR block. | string | | "10.0.2.0/28" |
-| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null |
-| [region](variables.tf#L84) | Region. | string | | "europe-west1" |
-| [zone](variables.tf#L90) | Zone. | string | | "europe-west1-c" |
+| [deletion_protection](variables.tf#L43) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [mgmt_server_config](variables.tf#L55) | Mgmt server configuration. | object({…}) | | {…} |
+| [mgmt_subnet_cidr_block](variables.tf#L71) | Management subnet CIDR block. | string | | "10.0.2.0/28" |
+| [project_create](variables.tf#L77) | Parameters for the creation of the new project. | object({…}) | | null |
+| [region](variables.tf#L91) | Region. | string | | "europe-west1" |
+| [zone](variables.tf#L97) | Zone. | string | | "europe-west1-c" |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [ip_address](outputs.tf#L17) | GLB IP address. | |
-
-
## Test
```hcl
diff --git a/blueprints/apigee/hybrid-gke/gke.tf b/blueprints/apigee/hybrid-gke/gke.tf
index 701384b941..1baa7b4a44 100644
--- a/blueprints/apigee/hybrid-gke/gke.tf
+++ b/blueprints/apigee/hybrid-gke/gke.tf
@@ -34,6 +34,7 @@ module "cluster" {
enable_features = {
workload_identity = true
}
+ deletion_protection = var.deletion_protection
}
module "apigee-data-nodepool" {
diff --git a/blueprints/apigee/hybrid-gke/variables.tf b/blueprints/apigee/hybrid-gke/variables.tf
index a5a8e8f343..649085e1a4 100644
--- a/blueprints/apigee/hybrid-gke/variables.tf
+++ b/blueprints/apigee/hybrid-gke/variables.tf
@@ -40,6 +40,13 @@ variable "cluster_network_config" {
}
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "hostname" {
description = "Host name."
type = string
diff --git a/blueprints/data-solutions/bq-ml/README.md b/blueprints/data-solutions/bq-ml/README.md
index 4211b6f063..bb20ddfa3d 100644
--- a/blueprints/data-solutions/bq-ml/README.md
+++ b/blueprints/data-solutions/bq-ml/README.md
@@ -57,20 +57,19 @@ To run the demo:
| [versions.tf](./versions.tf) | Version pins. | | |
| [vertex.tf](./vertex.tf) | Vertex resources. | iam-service-account | google_notebooks_instance · google_vertex_ai_metadata_store |
| [vpc.tf](./vpc.tf) | VPC resources. | net-cloudnat · net-vpc · net-vpc-firewall | google_project_iam_member |
-
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L23) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L41) | Project id references existing project if `project_create` is null. | string | ✓ | |
-| [location](variables.tf#L17) | The location where resources will be deployed. | string | | "US" |
-| [project_create](variables.tf#L32) | Provide values if project creation is needed, use existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…}) | | null |
-| [region](variables.tf#L46) | The region where resources will be deployed. | string | | "us-central1" |
-| [service_encryption_keys](variables.tf#L52) | Cloud KMS to use to encrypt different services. The key location should match the service region. | object({…}) | | null |
-| [vpc_config](variables.tf#L63) | Shared VPC network configurations to use. If null networks will be created in projects with pre-configured values. | object({…}) | | null |
+| [prefix](variables.tf#L30) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L48) | Project id references existing project if `project_create` is null. | string | ✓ | |
+| [deletion_protection](variables.tf#L17) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [location](variables.tf#L24) | The location where resources will be deployed. | string | | "US" |
+| [project_create](variables.tf#L39) | Provide values if project creation is needed, use existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…}) | | null |
+| [region](variables.tf#L53) | The region where resources will be deployed. | string | | "us-central1" |
+| [service_encryption_keys](variables.tf#L59) | Cloud KMS to use to encrypt different services. The key location should match the service region. | object({…}) | | null |
+| [vpc_config](variables.tf#L70) | Shared VPC network configurations to use. If null networks will be created in projects with pre-configured values. | object({…}) | | null |
## Outputs
@@ -83,7 +82,6 @@ To run the demo:
| [service-account-vertex](outputs.tf#L40) | Service account to be used for Vertex AI pipelines. | |
| [vertex-ai-metadata-store](outputs.tf#L45) | Vertex AI Metadata Store ID. | |
| [vpc](outputs.tf#L50) | VPC Network. | |
-
## Test
diff --git a/blueprints/data-solutions/bq-ml/datastorage.tf b/blueprints/data-solutions/bq-ml/datastorage.tf
index dcbcbd24cb..de26af8cb1 100644
--- a/blueprints/data-solutions/bq-ml/datastorage.tf
+++ b/blueprints/data-solutions/bq-ml/datastorage.tf
@@ -21,6 +21,7 @@ module "bucket" {
location = var.location
name = "data"
encryption_key = try(local.service_encryption_keys.storage, null) # Example assignment of an encryption key
+ force_destroy = !var.deletion_protection
}
module "dataset" {
diff --git a/blueprints/data-solutions/bq-ml/variables.tf b/blueprints/data-solutions/bq-ml/variables.tf
index d1baa6465f..8ec36062eb 100644
--- a/blueprints/data-solutions/bq-ml/variables.tf
+++ b/blueprints/data-solutions/bq-ml/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,6 +14,13 @@
# tfdoc:file:description Terraform variables.
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "location" {
description = "The location where resources will be deployed."
type = string
diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md
index def4d3f1d6..90f58d79d5 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/README.md
+++ b/blueprints/data-solutions/cloudsql-multiregion/README.md
@@ -142,17 +142,18 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [postgres_user_password](variables.tf#L40) | `postgres` user password. | string | ✓ | |
-| [prefix](variables.tf#L45) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | string | ✓ | |
+| [postgres_user_password](variables.tf#L47) | `postgres` user password. | string | ✓ | |
+| [prefix](variables.tf#L52) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L70) | Project id, references existing project if `project_create` is null. | string | ✓ | |
| [data_eng_principal](variables.tf#L17) | Group or user in IAM format (`group:foo@example.com`) with permissions to access resources and impersonate service accounts. | string | | null |
-| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
-| [postgres_database](variables.tf#L34) | `postgres` database. | string | | "guestbook" |
-| [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
-| [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} |
-| [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null |
-| [sql_configuration](variables.tf#L87) | Cloud SQL configuration. | object({…}) | | {…} |
-| [sql_users](variables.tf#L103) | Cloud SQL user emails. | list(string) | | [] |
+| [deletion_protection](variables.tf#L23) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [network_config](variables.tf#L30) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
+| [postgres_database](variables.tf#L41) | `postgres` database. | string | | "guestbook" |
+| [project_create](variables.tf#L61) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
+| [regions](variables.tf#L75) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} |
+| [service_encryption_keys](variables.tf#L88) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null |
+| [sql_configuration](variables.tf#L94) | Cloud SQL configuration. | object({…}) | | {…} |
+| [sql_users](variables.tf#L110) | Cloud SQL user emails. | list(string) | | [] |
## Outputs
diff --git a/blueprints/data-solutions/cloudsql-multiregion/main.tf b/blueprints/data-solutions/cloudsql-multiregion/main.tf
index 52f9175b36..cf6d7535a7 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/main.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -141,5 +141,5 @@ module "gcs" {
location = var.regions.primary
storage_class = "REGIONAL"
encryption_key = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
- force_destroy = true
+ force_destroy = !var.deletion_protection
}
diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf
index 6d6dfae547..3abae5efda 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +20,13 @@ variable "data_eng_principal" {
default = null
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "network_config" {
description = "Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values."
type = object({
diff --git a/blueprints/data-solutions/cmek-via-centralized-kms/README.md b/blueprints/data-solutions/cmek-via-centralized-kms/README.md
index 74d98e3a49..88fb92e3c0 100644
--- a/blueprints/data-solutions/cmek-via-centralized-kms/README.md
+++ b/blueprints/data-solutions/cmek-via-centralized-kms/README.md
@@ -30,18 +30,18 @@ This sample creates several distinct groups of resources:
- GCS
- One bucket encrypted with a CMEK Cryptokey hosted in Cloud KMS
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L21) | Optional prefix used to generate resources names. | string | ✓ | |
-| [project_config](variables.tf#L27) | Provide 'billing_account_id' and 'parent' values if project creation is needed, uses existing 'projects_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
-| [location](variables.tf#L15) | The location where resources will be deployed. | string | | "europe" |
-| [region](variables.tf#L44) | The region where resources will be deployed. | string | | "europe-west1" |
-| [vpc_ip_cidr_range](variables.tf#L50) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" |
-| [vpc_name](variables.tf#L56) | Name of the VPC created in the Service Project. | string | | "local" |
-| [vpc_subnet_name](variables.tf#L62) | Name of the subnet created in the Service Project. | string | | "subnet" |
+| [prefix](variables.tf#L28) | Optional prefix used to generate resources names. | string | ✓ | |
+| [project_config](variables.tf#L34) | Provide 'billing_account_id' and 'parent' values if project creation is needed, uses existing 'projects_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
+| [deletion_protection](variables.tf#L15) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [location](variables.tf#L22) | The location where resources will be deployed. | string | | "europe" |
+| [region](variables.tf#L51) | The region where resources will be deployed. | string | | "europe-west1" |
+| [vpc_ip_cidr_range](variables.tf#L57) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" |
+| [vpc_name](variables.tf#L63) | Name of the VPC created in the Service Project. | string | | "local" |
+| [vpc_subnet_name](variables.tf#L69) | Name of the subnet created in the Service Project. | string | | "subnet" |
## Outputs
@@ -52,9 +52,7 @@ This sample creates several distinct groups of resources:
| [projects](outputs.tf#L25) | Project ids. | |
| [vm](outputs.tf#L33) | GCE VM. | |
| [vm_keys](outputs.tf#L41) | GCE VM Cloud KMS crypto keys. | |
-
-
## Test
```hcl
diff --git a/blueprints/data-solutions/cmek-via-centralized-kms/main.tf b/blueprints/data-solutions/cmek-via-centralized-kms/main.tf
index fb446e718a..54f3a5758c 100644
--- a/blueprints/data-solutions/cmek-via-centralized-kms/main.tf
+++ b/blueprints/data-solutions/cmek-via-centralized-kms/main.tf
@@ -163,4 +163,5 @@ module "kms-gcs" {
location = var.region
storage_class = "REGIONAL"
encryption_key = local.kms_keys.gcs
+ force_destroy = !var.deletion_protection
}
diff --git a/blueprints/data-solutions/cmek-via-centralized-kms/variables.tf b/blueprints/data-solutions/cmek-via-centralized-kms/variables.tf
index 5d35351c9f..e5d69a8d7f 100644
--- a/blueprints/data-solutions/cmek-via-centralized-kms/variables.tf
+++ b/blueprints/data-solutions/cmek-via-centralized-kms/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,6 +12,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "location" {
description = "The location where resources will be deployed."
type = string
diff --git a/blueprints/data-solutions/data-platform-foundations/01-dropoff.tf b/blueprints/data-solutions/data-platform-foundations/01-dropoff.tf
index 3638dc089d..3dc5541737 100644
--- a/blueprints/data-solutions/data-platform-foundations/01-dropoff.tf
+++ b/blueprints/data-solutions/data-platform-foundations/01-dropoff.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -91,7 +91,7 @@ module "drop-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
# retention_policy = {
# retention_period = 7776000 # 90 * 24 * 60 * 60
# is_locked = false
diff --git a/blueprints/data-solutions/data-platform-foundations/02-load.tf b/blueprints/data-solutions/data-platform-foundations/02-load.tf
index 2810a38f8c..e262e960f5 100644
--- a/blueprints/data-solutions/data-platform-foundations/02-load.tf
+++ b/blueprints/data-solutions/data-platform-foundations/02-load.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -98,6 +98,7 @@ module "load-cs-df-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
+ force_destroy = !var.deletion_protection
}
module "load-vpc" {
diff --git a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
index c97721a47a..3412ab6bcd 100644
--- a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
+++ b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -109,6 +109,7 @@ module "orch-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
+ force_destroy = !var.deletion_protection
}
module "orch-vpc" {
@@ -164,6 +165,7 @@ module "orch-cs-df-template" {
location = var.region
storage_class = "REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
+ force_destroy = !var.deletion_protection
}
module "orch-cs-build-staging" {
@@ -174,6 +176,7 @@ module "orch-cs-build-staging" {
location = var.region
storage_class = "REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
+ force_destroy = !var.deletion_protection
}
module "orch-sa-df-build" {
diff --git a/blueprints/data-solutions/data-platform-foundations/04-transformation.tf b/blueprints/data-solutions/data-platform-foundations/04-transformation.tf
index 70c534b3ee..164bc8630c 100644
--- a/blueprints/data-solutions/data-platform-foundations/04-transformation.tf
+++ b/blueprints/data-solutions/data-platform-foundations/04-transformation.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -97,6 +97,7 @@ module "transf-cs-df-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
+ force_destroy = !var.deletion_protection
}
module "transf-sa-bq-0" {
diff --git a/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf b/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
index 7cbd4bfae4..1765adec99 100644
--- a/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
+++ b/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -156,7 +156,7 @@ module "dwh-lnd-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
}
module "dwh-cur-cs-0" {
@@ -167,7 +167,7 @@ module "dwh-cur-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
}
module "dwh-conf-cs-0" {
@@ -178,5 +178,5 @@ module "dwh-conf-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = try(local.service_encryption_keys.storage, null)
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
}
diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md
index f313614b92..6cdfdec915 100644
--- a/blueprints/data-solutions/data-platform-foundations/README.md
+++ b/blueprints/data-solutions/data-platform-foundations/README.md
@@ -279,19 +279,19 @@ terraform destroy
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [organization_domain](variables.tf#L165) | Organization domain. | string | ✓ | |
-| [prefix](variables.tf#L170) | Prefix used for resource names. | string | ✓ | |
-| [project_config](variables.tf#L179) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
+| [organization_domain](variables.tf#L166) | Organization domain. | string | ✓ | |
+| [prefix](variables.tf#L171) | Prefix used for resource names. | string | ✓ | |
+| [project_config](variables.tf#L180) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {…} |
| [data_catalog_tags](variables.tf#L106) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} |
-| [data_force_destroy](variables.tf#L120) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false |
-| [groups](variables.tf#L126) | User groups. | map(string) | | {…} |
-| [location](variables.tf#L136) | Location used for multi-regional resources. | string | | "eu" |
-| [network_config](variables.tf#L142) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
-| [project_services](variables.tf#L213) | List of core services enabled on all projects. | list(string) | | […] |
-| [project_suffix](variables.tf#L224) | Suffix used only for project ids. | string | | null |
-| [region](variables.tf#L230) | Region used for regional resources. | string | | "europe-west1" |
-| [service_encryption_keys](variables.tf#L236) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null |
+| [deletion_protection](variables.tf#L120) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [groups](variables.tf#L127) | User groups. | map(string) | | {…} |
+| [location](variables.tf#L137) | Location used for multi-regional resources. | string | | "eu" |
+| [network_config](variables.tf#L143) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
+| [project_services](variables.tf#L214) | List of core services enabled on all projects. | list(string) | | […] |
+| [project_suffix](variables.tf#L225) | Suffix used only for project ids. | string | | null |
+| [region](variables.tf#L231) | Region used for regional resources. | string | | "europe-west1" |
+| [service_encryption_keys](variables.tf#L237) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null |
## Outputs
diff --git a/blueprints/data-solutions/data-platform-foundations/variables.tf b/blueprints/data-solutions/data-platform-foundations/variables.tf
index 335eede86f..e3e72950cb 100644
--- a/blueprints/data-solutions/data-platform-foundations/variables.tf
+++ b/blueprints/data-solutions/data-platform-foundations/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -117,10 +117,11 @@ variable "data_catalog_tags" {
}
}
-variable "data_force_destroy" {
- description = "Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage."
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
type = bool
default = false
+ nullable = false
}
variable "groups" {
diff --git a/blueprints/data-solutions/data-platform-minimal/01-landing.tf b/blueprints/data-solutions/data-platform-minimal/01-landing.tf
index 52bf6e8af3..2b4d5165fa 100644
--- a/blueprints/data-solutions/data-platform-minimal/01-landing.tf
+++ b/blueprints/data-solutions/data-platform-minimal/01-landing.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -100,7 +100,7 @@ module "land-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
}
module "land-bq-0" {
diff --git a/blueprints/data-solutions/data-platform-minimal/02-dataproc.tf b/blueprints/data-solutions/data-platform-minimal/02-dataproc.tf
index 3a68a7a8f4..9490b76a27 100644
--- a/blueprints/data-solutions/data-platform-minimal/02-dataproc.tf
+++ b/blueprints/data-solutions/data-platform-minimal/02-dataproc.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ module "processing-dp-history" {
location = var.region
storage_class = "REGIONAL"
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
module "processing-sa-0" {
@@ -50,6 +51,7 @@ module "processing-staging-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
module "processing-temp-0" {
@@ -60,6 +62,7 @@ module "processing-temp-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
module "processing-log-0" {
@@ -70,6 +73,7 @@ module "processing-log-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
module "processing-dp-historyserver" {
diff --git a/blueprints/data-solutions/data-platform-minimal/02-processing.tf b/blueprints/data-solutions/data-platform-minimal/02-processing.tf
index b00e250d54..86d02a612d 100644
--- a/blueprints/data-solutions/data-platform-minimal/02-processing.tf
+++ b/blueprints/data-solutions/data-platform-minimal/02-processing.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -157,6 +157,7 @@ module "processing-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
# internal VPC resources
diff --git a/blueprints/data-solutions/data-platform-minimal/03-curated.tf b/blueprints/data-solutions/data-platform-minimal/03-curated.tf
index 53a6e7b22a..81112c9b88 100644
--- a/blueprints/data-solutions/data-platform-minimal/03-curated.tf
+++ b/blueprints/data-solutions/data-platform-minimal/03-curated.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -139,5 +139,5 @@ module "cur-cs-0" {
location = var.location
storage_class = "MULTI_REGIONAL"
encryption_key = var.service_encryption_keys.storage
- force_destroy = var.data_force_destroy
+ force_destroy = !var.deletion_protection
}
diff --git a/blueprints/data-solutions/data-platform-minimal/README.md b/blueprints/data-solutions/data-platform-minimal/README.md
index 42d746e51f..5559d98605 100644
--- a/blueprints/data-solutions/data-platform-minimal/README.md
+++ b/blueprints/data-solutions/data-platform-minimal/README.md
@@ -302,19 +302,19 @@ The application layer is out of scope of this script. As a demo purpuse only, on
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [organization_domain](variables.tf#L123) | Organization domain. | string | ✓ | |
-| [prefix](variables.tf#L128) | Prefix used for resource names. | string | ✓ | |
-| [project_config](variables.tf#L137) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
+| [organization_domain](variables.tf#L124) | Organization domain. | string | ✓ | |
+| [prefix](variables.tf#L129) | Prefix used for resource names. | string | ✓ | |
+| [project_config](variables.tf#L138) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {} |
| [data_catalog_tags](variables.tf#L56) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} |
-| [data_force_destroy](variables.tf#L70) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false |
-| [enable_services](variables.tf#L76) | Flag to enable or disable services in the Data Platform. | object({…}) | | {} |
-| [groups](variables.tf#L85) | User groups. | map(string) | | {…} |
-| [location](variables.tf#L95) | Location used for multi-regional resources. | string | | "eu" |
-| [network_config](variables.tf#L101) | Shared VPC network configurations to use. If null networks will be created in projects. | object({…}) | | {} |
-| [project_suffix](variables.tf#L161) | Suffix used only for project ids. | string | | null |
-| [region](variables.tf#L167) | Region used for regional resources. | string | | "europe-west1" |
-| [service_encryption_keys](variables.tf#L173) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | {} |
+| [deletion_protection](variables.tf#L70) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [enable_services](variables.tf#L77) | Flag to enable or disable services in the Data Platform. | object({…}) | | {} |
+| [groups](variables.tf#L86) | User groups. | map(string) | | {…} |
+| [location](variables.tf#L96) | Location used for multi-regional resources. | string | | "eu" |
+| [network_config](variables.tf#L102) | Shared VPC network configurations to use. If null networks will be created in projects. | object({…}) | | {} |
+| [project_suffix](variables.tf#L162) | Suffix used only for project ids. | string | | null |
+| [region](variables.tf#L168) | Region used for regional resources. | string | | "europe-west1" |
+| [service_encryption_keys](variables.tf#L174) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | {} |
## Outputs
diff --git a/blueprints/data-solutions/data-platform-minimal/variables.tf b/blueprints/data-solutions/data-platform-minimal/variables.tf
index 0bd1deedfa..b8248273df 100644
--- a/blueprints/data-solutions/data-platform-minimal/variables.tf
+++ b/blueprints/data-solutions/data-platform-minimal/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -67,10 +67,11 @@ variable "data_catalog_tags" {
}
}
-variable "data_force_destroy" {
- description = "Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage."
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
type = bool
default = false
+ nullable = false
}
variable "enable_services" {
diff --git a/blueprints/data-solutions/data-playground/README.md b/blueprints/data-solutions/data-playground/README.md
index 413445d452..a2eceeba91 100644
--- a/blueprints/data-solutions/data-playground/README.md
+++ b/blueprints/data-solutions/data-playground/README.md
@@ -50,17 +50,17 @@ terraform apply
You can now connect to the Vertex AI notbook to perform your data analysis.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L32) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | string | ✓ | |
-| [location](variables.tf#L16) | The location where resources will be deployed. | string | | "EU" |
-| [network_config](variables.tf#L22) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
-| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…}) | | null |
-| [region](variables.tf#L55) | The region where resources will be deployed. | string | | "europe-west1" |
+| [prefix](variables.tf#L39) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L57) | Project id, references existing project if `project_create` is null. | string | ✓ | |
+| [deletion_protection](variables.tf#L16) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [location](variables.tf#L23) | The location where resources will be deployed. | string | | "EU" |
+| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
+| [project_create](variables.tf#L48) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | object({…}) | | null |
+| [region](variables.tf#L62) | The region where resources will be deployed. | string | | "europe-west1" |
## Outputs
@@ -71,9 +71,7 @@ You can now connect to the Vertex AI notbook to perform your data analysis.
| [notebook](outputs.tf#L25) | Vertex AI notebook details. | |
| [project](outputs.tf#L33) | Project id. | |
| [vpc](outputs.tf#L38) | VPC Network. | |
-
-
## Test
```hcl
diff --git a/blueprints/data-solutions/data-playground/main.tf b/blueprints/data-solutions/data-playground/main.tf
index a3cfd54eb6..a0f7e43593 100644
--- a/blueprints/data-solutions/data-playground/main.tf
+++ b/blueprints/data-solutions/data-playground/main.tf
@@ -163,6 +163,7 @@ module "bucket" {
location = var.location
name = "data"
encryption_key = try(local.service_encryption_keys.storage, null) # Example assignment of an encryption key
+ force_destroy = !var.deletion_protection
}
module "dataset" {
diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf
index 682e1a6d61..c9fd793735 100644
--- a/blueprints/data-solutions/data-playground/variables.tf
+++ b/blueprints/data-solutions/data-playground/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,6 +13,13 @@
# limitations under the License.
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "location" {
description = "The location where resources will be deployed."
type = string
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
index 37ab10f81f..229099f1b2 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
@@ -188,18 +188,18 @@ The easiest way to remove all the deployed resources is to run the following com
The above command will delete the associated resources so there will be no billable charges made afterwards.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L37) | Prefix used for resource names. | string | ✓ | |
-| [project_config](variables.tf#L46) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. If project is created, `var.prefix` will be used. | object({…}) | ✓ | |
+| [prefix](variables.tf#L44) | Prefix used for resource names. | string | ✓ | |
+| [project_config](variables.tf#L53) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. If project is created, `var.prefix` will be used. | object({…}) | ✓ | |
| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | bool | | false |
| [data_eng_principals](variables.tf#L21) | Groups with admin/developer role on enabled services and Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string) | | [] |
-| [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | {} |
-| [region](variables.tf#L60) | The region where resources will be deployed. | string | | "europe-west1" |
-| [vpc_subnet_range](variables.tf#L66) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" |
+| [deletion_protection](variables.tf#L27) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | true |
+| [network_config](variables.tf#L34) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | {} |
+| [region](variables.tf#L67) | The region where resources will be deployed. | string | | "europe-west1" |
+| [vpc_subnet_range](variables.tf#L73) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" |
## Outputs
@@ -212,7 +212,6 @@ The above command will delete the associated resources so there will be no billa
| [command_03_bq](outputs.tf#L54) | BigQuery command to query imported data. | |
| [project_id](outputs.tf#L64) | Project id. | |
| [service_accounts](outputs.tf#L69) | Service account. | |
-
## Test
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
index 98b15bb20d..d2dcfee902 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,7 +20,7 @@ module "gcs-data" {
location = var.region
storage_class = "REGIONAL"
encryption_key = var.cmek_encryption ? module.kms[0].keys.key-gcs.id : null
- force_destroy = true
+ force_destroy = !var.deletion_protection
}
module "gcs-df-tmp" {
@@ -31,7 +31,7 @@ module "gcs-df-tmp" {
location = var.region
storage_class = "REGIONAL"
encryption_key = var.cmek_encryption ? module.kms[0].keys.key-gcs.id : null
- force_destroy = true
+ force_destroy = !var.deletion_protection
}
module "bigquery-dataset" {
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
index 7fbca36911..72f060de37 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,6 +24,13 @@ variable "data_eng_principals" {
default = []
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = true
+ nullable = false
+}
+
variable "network_config" {
description = "Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values."
type = object({
diff --git a/blueprints/data-solutions/vertex-mlops/README.md b/blueprints/data-solutions/vertex-mlops/README.md
index 974ec3354d..21685136b9 100644
--- a/blueprints/data-solutions/vertex-mlops/README.md
+++ b/blueprints/data-solutions/vertex-mlops/README.md
@@ -75,24 +75,24 @@ module "test" {
# tftest modules=11 resources=62
```
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [notebooks](variables.tf#L69) | Vertex AI workbenches to be deployed. Service Account runtime/instances deployed. | map(object({…})) | ✓ | |
-| [project_config](variables.tf#L96) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
+| [notebooks](variables.tf#L76) | Vertex AI workbenches to be deployed. Service Account runtime/instances deployed. | map(object({…})) | ✓ | |
+| [project_config](variables.tf#L103) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_id' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
| [bucket_name](variables.tf#L18) | GCS bucket name to store the Vertex AI artifacts. | string | | null |
| [dataset_name](variables.tf#L24) | BigQuery Dataset to store the training data. | string | | null |
-| [groups](variables.tf#L30) | Name of the groups (name@domain.org) to apply opinionated IAM permissions. | object({…}) | | {} |
-| [identity_pool_claims](variables.tf#L41) | Claims to be used by Workload Identity Federation (i.e.: attribute.repository/ORGANIZATION/REPO). If a not null value is provided, then google_iam_workload_identity_pool resource will be created. | string | | null |
-| [labels](variables.tf#L47) | Labels to be assigned at project level. | map(string) | | {} |
-| [location](variables.tf#L53) | Location used for multi-regional resources. | string | | "eu" |
-| [network_config](variables.tf#L59) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
-| [prefix](variables.tf#L90) | Prefix used for the project id. | string | | null |
-| [region](variables.tf#L110) | Region used for regional resources. | string | | "europe-west4" |
-| [repo_name](variables.tf#L116) | Cloud Source Repository name. null to avoid to create it. | string | | null |
-| [service_encryption_keys](variables.tf#L122) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | {} |
+| [deletion_protection](variables.tf#L30) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [groups](variables.tf#L37) | Name of the groups (name@domain.org) to apply opinionated IAM permissions. | object({…}) | | {} |
+| [identity_pool_claims](variables.tf#L48) | Claims to be used by Workload Identity Federation (i.e.: attribute.repository/ORGANIZATION/REPO). If a not null value is provided, then google_iam_workload_identity_pool resource will be created. | string | | null |
+| [labels](variables.tf#L54) | Labels to be assigned at project level. | map(string) | | {} |
+| [location](variables.tf#L60) | Location used for multi-regional resources. | string | | "eu" |
+| [network_config](variables.tf#L66) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
+| [prefix](variables.tf#L97) | Prefix used for the project id. | string | | null |
+| [region](variables.tf#L117) | Region used for regional resources. | string | | "europe-west4" |
+| [repo_name](variables.tf#L123) | Cloud Source Repository name. null to avoid to create it. | string | | null |
+| [service_encryption_keys](variables.tf#L129) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | {} |
## Outputs
@@ -101,7 +101,6 @@ module "test" {
| [github](outputs.tf#L30) | Github Configuration. | |
| [notebook](outputs.tf#L35) | Vertex AI notebooks ids. | |
| [project_id](outputs.tf#L43) | Project ID. | |
-
## Test
diff --git a/blueprints/data-solutions/vertex-mlops/main.tf b/blueprints/data-solutions/vertex-mlops/main.tf
index 6879955d61..83ec5072f5 100644
--- a/blueprints/data-solutions/vertex-mlops/main.tf
+++ b/blueprints/data-solutions/vertex-mlops/main.tf
@@ -109,6 +109,7 @@ module "gcs-bucket" {
storage_class = "REGIONAL"
versioning = false
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
# Default bucket for Cloud Build to prevent error: "'us' violates constraint ‘gcp.resourceLocations’"
@@ -121,6 +122,7 @@ module "gcs-bucket-cloudbuild" {
storage_class = "REGIONAL"
versioning = false
encryption_key = var.service_encryption_keys.storage
+ force_destroy = !var.deletion_protection
}
module "bq-dataset" {
diff --git a/blueprints/data-solutions/vertex-mlops/variables.tf b/blueprints/data-solutions/vertex-mlops/variables.tf
index d9e375dfb7..f27318751a 100644
--- a/blueprints/data-solutions/vertex-mlops/variables.tf
+++ b/blueprints/data-solutions/vertex-mlops/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,6 +27,13 @@ variable "dataset_name" {
default = null
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "groups" {
description = "Name of the groups (name@domain.org) to apply opinionated IAM permissions."
type = object({
diff --git a/blueprints/gke/autopilot/README.md b/blueprints/gke/autopilot/README.md
index b31b087904..a0ab3a8414 100644
--- a/blueprints/gke/autopilot/README.md
+++ b/blueprints/gke/autopilot/README.md
@@ -59,26 +59,25 @@ The diagram below depicts the architecture.
Alternatively you can also check all the above using the dashboards available in grafana.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L68) | Project ID. | string | ✓ | |
+| [project_id](variables.tf#L75) | Project ID. | string | ✓ | |
| [cluster_network_config](variables.tf#L17) | Cluster network configuration. | object({…}) | | {…} |
-| [mgmt_server_config](variables.tf#L37) | Management server configuration. | object({…}) | | {…} |
-| [mgmt_subnet_cidr_block](variables.tf#L53) | Management subnet IP CIDR range. | string | | "10.0.2.0/24" |
-| [project_create](variables.tf#L59) | Parameters for the creation of the new project. | object({…}) | | null |
-| [region](variables.tf#L73) | Region. | string | | "europe-west1" |
-| [vpc_create](variables.tf#L79) | Flag indicating whether the VPC should be created or not. | bool | | true |
-| [vpc_name](variables.tf#L85) | VPC name. | string | | "vpc" |
+| [deletion_protection](variables.tf#L37) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [mgmt_server_config](variables.tf#L44) | Management server configuration. | object({…}) | | {…} |
+| [mgmt_subnet_cidr_block](variables.tf#L60) | Management subnet IP CIDR range. | string | | "10.0.2.0/24" |
+| [project_create](variables.tf#L66) | Parameters for the creation of the new project. | object({…}) | | null |
+| [region](variables.tf#L80) | Region. | string | | "europe-west1" |
+| [vpc_create](variables.tf#L86) | Flag indicating whether the VPC should be created or not. | bool | | true |
+| [vpc_name](variables.tf#L92) | VPC name. | string | | "vpc" |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [urls](outputs.tf#L17) | Grafanam, locust and application URLs. | |
-
## Test
diff --git a/blueprints/gke/autopilot/cluster.tf b/blueprints/gke/autopilot/cluster.tf
index 49409c448f..d18de5f4f9 100644
--- a/blueprints/gke/autopilot/cluster.tf
+++ b/blueprints/gke/autopilot/cluster.tf
@@ -47,7 +47,8 @@ module "cluster" {
# service_account = module.node_sa.email
# }
# }
- release_channel = "RAPID"
+ release_channel = "RAPID"
+ deletion_protection = var.deletion_protection
depends_on = [
module.project
]
diff --git a/blueprints/gke/autopilot/variables.tf b/blueprints/gke/autopilot/variables.tf
index dcd40c8d83..65d6c3463c 100644
--- a/blueprints/gke/autopilot/variables.tf
+++ b/blueprints/gke/autopilot/variables.tf
@@ -34,6 +34,13 @@ variable "cluster_network_config" {
}
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "mgmt_server_config" {
description = "Management server configuration."
type = object({
@@ -87,4 +94,4 @@ variable "vpc_name" {
type = string
nullable = false
default = "vpc"
-}
\ No newline at end of file
+}
diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md
index d4aa5f495e..2a6a47805f 100644
--- a/blueprints/gke/binauthz/README.md
+++ b/blueprints/gke/binauthz/README.md
@@ -102,20 +102,20 @@ The application deployed to the cluster is an RESTful API that enables managing
Once done testing, you can clean up resources by running `terraform destroy`.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L47) | Project ID. | string | ✓ | |
-| [master_cidr_block](variables.tf#L17) | Master CIDR block. | string | | "10.0.0.0/28" |
-| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string | | "172.16.0.0/20" |
-| [project_create](variables.tf#L38) | Parameters for the creation of the new project. | object({…}) | | null |
-| [region](variables.tf#L52) | Region. | string | | "europe-west1" |
-| [services_cidr_block](variables.tf#L58) | Services CIDR block. | string | | "192.168.0.0/24" |
-| [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | string | | "10.0.1.0/24" |
-| [zone](variables.tf#L70) | Zone. | string | | "europe-west1-c" |
+| [prefix](variables.tf#L36) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L54) | Project ID. | string | ✓ | |
+| [deletion_protection](variables.tf#L17) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [master_cidr_block](variables.tf#L24) | Master CIDR block. | string | | "10.0.0.0/28" |
+| [pods_cidr_block](variables.tf#L30) | Pods CIDR block. | string | | "172.16.0.0/20" |
+| [project_create](variables.tf#L45) | Parameters for the creation of the new project. | object({…}) | | null |
+| [region](variables.tf#L59) | Region. | string | | "europe-west1" |
+| [services_cidr_block](variables.tf#L65) | Services CIDR block. | string | | "192.168.0.0/24" |
+| [subnet_cidr_block](variables.tf#L71) | Subnet CIDR block. | string | | "10.0.1.0/24" |
+| [zone](variables.tf#L77) | Zone. | string | | "europe-west1-c" |
## Outputs
@@ -123,9 +123,7 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|---|---|:---:|
| [app_repo_url](outputs.tf#L17) | App source repository url. | |
| [image_repo_url](outputs.tf#L22) | Image source repository url. | |
-
-
## Test
```hcl
diff --git a/blueprints/gke/binauthz/main.tf b/blueprints/gke/binauthz/main.tf
index 8cff68a020..09e502d793 100644
--- a/blueprints/gke/binauthz/main.tf
+++ b/blueprints/gke/binauthz/main.tf
@@ -96,6 +96,7 @@ module "cluster" {
enable_private_endpoint = false
master_global_access = false
}
+ deletion_protection = var.deletion_protection
}
module "cluster_nodepool" {
diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf
index 7f1804260a..fce41641a4 100644
--- a/blueprints/gke/binauthz/variables.tf
+++ b/blueprints/gke/binauthz/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,6 +14,13 @@
* limitations under the License.
*/
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "master_cidr_block" {
description = "Master CIDR block."
type = string
diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
index 4efbaf4f0b..e66a2faf1e 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
@@ -47,7 +47,6 @@ Once done testing, you can clean up resources by running `terraform destroy`.
-
## Files
| name | description | modules | resources |
@@ -64,16 +63,16 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | |
-| [fleet_project_id](variables.tf#L46) | Management Project ID. | string | ✓ | |
-| [host_project_id](variables.tf#L51) | Project ID. | string | ✓ | |
-| [mgmt_project_id](variables.tf#L63) | Management Project ID. | string | ✓ | |
-| [parent](variables.tf#L94) | Parent. | string | ✓ | |
+| [fleet_project_id](variables.tf#L53) | Management Project ID. | string | ✓ | |
+| [host_project_id](variables.tf#L58) | Project ID. | string | ✓ | |
+| [mgmt_project_id](variables.tf#L70) | Management Project ID. | string | ✓ | |
+| [parent](variables.tf#L101) | Parent. | string | ✓ | |
| [clusters_config](variables.tf#L22) | Clusters configuration. | map(object({…})) | | {…} |
-| [istio_version](variables.tf#L57) | ASM version. | string | | "1.14.1-asm.3" |
-| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration. | object({…}) | | {…} |
-| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | string | | "10.0.0.0/28" |
-| [region](variables.tf#L99) | Region. | string | | "europe-west1" |
-
+| [deletion_protection](variables.tf#L46) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [istio_version](variables.tf#L64) | ASM version. | string | | "1.14.1-asm.3" |
+| [mgmt_server_config](variables.tf#L75) | Mgmt server configuration. | object({…}) | | {…} |
+| [mgmt_subnet_cidr_block](variables.tf#L95) | Management subnet CIDR block. | string | | "10.0.0.0/28" |
+| [region](variables.tf#L106) | Region. | string | | "europe-west1" |
## Test
diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/gke.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/gke.tf
index d17ae31229..019f6a4655 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/gke.tf
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/gke.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@ module "clusters" {
labels = {
mesh_id = "proj-${module.fleet_project.number}"
}
+ deletion_protection = var.deletion_protection
}
module "cluster_nodepools" {
diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
index 428778f264..8e5fdbe425 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -43,6 +43,13 @@ variable "clusters_config" {
}
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "fleet_project_id" {
description = "Management Project ID."
type = string
diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md
index 0763c62311..6c5faf7adc 100644
--- a/blueprints/gke/multitenant-fleet/README.md
+++ b/blueprints/gke/multitenant-fleet/README.md
@@ -245,20 +245,21 @@ module "gke" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account ID. | string | ✓ | |
-| [folder_id](variables.tf#L154) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | |
-| [prefix](variables.tf#L204) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L213) | ID of the project that will contain all the clusters. | string | ✓ | |
-| [vpc_config](variables.tf#L225) | Shared VPC project and VPC details. | object({…}) | ✓ | |
+| [folder_id](variables.tf#L161) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | |
+| [prefix](variables.tf#L211) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L220) | ID of the project that will contain all the clusters. | string | ✓ | |
+| [vpc_config](variables.tf#L232) | Shared VPC project and VPC details. | object({…}) | ✓ | |
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} |
-| [fleet_configmanagement_clusters](variables.tf#L92) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} |
-| [fleet_configmanagement_templates](variables.tf#L99) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} |
-| [fleet_features](variables.tf#L134) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null |
-| [fleet_workload_identity](variables.tf#L147) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | bool | | false |
-| [group_iam](variables.tf#L159) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | map(list(string)) | | {} |
-| [iam](variables.tf#L166) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [labels](variables.tf#L173) | Project-level labels. | map(string) | | {} |
-| [nodepools](variables.tf#L179) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} |
-| [project_services](variables.tf#L218) | Additional project services to enable. | list(string) | | [] |
+| [deletion_protection](variables.tf#L92) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [fleet_configmanagement_clusters](variables.tf#L99) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} |
+| [fleet_configmanagement_templates](variables.tf#L106) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} |
+| [fleet_features](variables.tf#L141) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null |
+| [fleet_workload_identity](variables.tf#L154) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | bool | | false |
+| [group_iam](variables.tf#L166) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | map(list(string)) | | {} |
+| [iam](variables.tf#L173) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [labels](variables.tf#L180) | Project-level labels. | map(string) | | {} |
+| [nodepools](variables.tf#L186) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} |
+| [project_services](variables.tf#L225) | Additional project services to enable. | list(string) | | [] |
## Outputs
diff --git a/blueprints/gke/multitenant-fleet/gke-clusters.tf b/blueprints/gke/multitenant-fleet/gke-clusters.tf
index a487f36740..8a6fa3211d 100644
--- a/blueprints/gke/multitenant-fleet/gke-clusters.tf
+++ b/blueprints/gke/multitenant-fleet/gke-clusters.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -41,4 +41,5 @@ module "gke-cluster" {
each.value.vpc_config.network, var.vpc_config.vpc_self_link
)
})
+ deletion_protection = var.deletion_protection
}
diff --git a/blueprints/gke/multitenant-fleet/variables.tf b/blueprints/gke/multitenant-fleet/variables.tf
index 7117d45650..a5a16485e0 100644
--- a/blueprints/gke/multitenant-fleet/variables.tf
+++ b/blueprints/gke/multitenant-fleet/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -89,6 +89,13 @@ variable "clusters" {
nullable = false
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "fleet_configmanagement_clusters" {
description = "Config management features enabled on specific sets of member clusters, in config name => [cluster name] format."
type = map(list(string))
diff --git a/blueprints/networking/hub-and-spoke-peering/README.md b/blueprints/networking/hub-and-spoke-peering/README.md
index 7e708832f4..af07525201 100644
--- a/blueprints/networking/hub-and-spoke-peering/README.md
+++ b/blueprints/networking/hub-and-spoke-peering/README.md
@@ -88,18 +88,18 @@ You can connect your hub to on-premises using Cloud Interconnect or HA VPN. On-p
You can add additional spoke to the architecture. All of these spokes have networking similar to spoke-1: They will have connectivity to the hub and to spoke-2, but not to each other unless you also create VPN tunnels for the new spokes.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L34) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L69) | Project id used for all resources. | string | ✓ | |
-| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | map(string) | | {…} |
-| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | map(string) | | {…} |
-| [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | map(string) | | {…} |
-| [project_create](variables.tf#L51) | Set to non null if project needs to be created. | object({…}) | | null |
-| [region](variables.tf#L74) | VPC region. | string | | "europe-west1" |
+| [prefix](variables.tf#L41) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L76) | Project id used for all resources. | string | ✓ | |
+| [deletion_protection](variables.tf#L15) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [ip_ranges](variables.tf#L22) | IP CIDR ranges. | map(string) | | {…} |
+| [ip_secondary_ranges](variables.tf#L32) | Secondary IP CIDR ranges. | map(string) | | {…} |
+| [private_service_ranges](variables.tf#L50) | Private service IP CIDR ranges. | map(string) | | {…} |
+| [project_create](variables.tf#L58) | Set to non null if project needs to be created. | object({…}) | | null |
+| [region](variables.tf#L81) | VPC region. | string | | "europe-west1" |
## Outputs
@@ -107,7 +107,6 @@ You can add additional spoke to the architecture. All of these spokes have netwo
|---|---|:---:|
| [project](outputs.tf#L15) | Project id. | |
| [vms](outputs.tf#L20) | GCE VMs. | |
-
## Test
diff --git a/blueprints/networking/hub-and-spoke-peering/main.tf b/blueprints/networking/hub-and-spoke-peering/main.tf
index 0a5be1195e..d81b67ac43 100644
--- a/blueprints/networking/hub-and-spoke-peering/main.tf
+++ b/blueprints/networking/hub-and-spoke-peering/main.tf
@@ -274,6 +274,7 @@ module "cluster-1" {
import_routes = false
}
}
+ deletion_protection = var.deletion_protection
}
module "cluster-1-nodepool-1" {
diff --git a/blueprints/networking/hub-and-spoke-peering/variables.tf b/blueprints/networking/hub-and-spoke-peering/variables.tf
index 803b739642..2a5f9cb6cf 100644
--- a/blueprints/networking/hub-and-spoke-peering/variables.tf
+++ b/blueprints/networking/hub-and-spoke-peering/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,6 +12,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "ip_ranges" {
description = "IP CIDR ranges."
type = map(string)
diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md
index a60dea0c9e..edd5b44782 100644
--- a/blueprints/networking/shared-vpc-gke/README.md
+++ b/blueprints/networking/shared-vpc-gke/README.md
@@ -42,23 +42,23 @@ alias k='HTTPS_PROXY=localhost:8888 kubectl $@'
There's a minor glitch that can surface running `terraform destroy`, where the service project attachments to the Shared VPC will not get destroyed even with the relevant API call succeeding. We are investigating the issue, in the meantime just manually remove the attachment in the Cloud console or via the `gcloud beta compute shared-vpc associated-projects remove` command when `terraform destroy` fails, and then relaunch the command.
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | |
-| [prefix](variables.tf#L62) | Prefix used for resource names. | string | ✓ | |
-| [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | |
+| [prefix](variables.tf#L69) | Prefix used for resource names. | string | ✓ | |
+| [root_node](variables.tf#L101) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | |
| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | bool | | true |
-| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | map(string) | | {…} |
-| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | map(string) | | {…} |
-| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | list(string) | | [] |
-| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | list(string) | | [] |
-| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | list(string) | | [] |
-| [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | map(string) | | {…} |
-| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | list(string) | | […] |
-| [region](variables.tf#L88) | Region used. | string | | "europe-west1" |
+| [deletion_protection](variables.tf#L26) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [ip_ranges](variables.tf#L33) | Subnet IP CIDR ranges. | map(string) | | {…} |
+| [ip_secondary_ranges](variables.tf#L42) | Secondary IP CIDR ranges. | map(string) | | {…} |
+| [owners_gce](variables.tf#L51) | GCE project owners, in IAM format. | list(string) | | [] |
+| [owners_gke](variables.tf#L57) | GKE project owners, in IAM format. | list(string) | | [] |
+| [owners_host](variables.tf#L63) | Host project owners, in IAM format. | list(string) | | [] |
+| [private_service_ranges](variables.tf#L78) | Private service IP CIDR ranges. | map(string) | | {…} |
+| [project_services](variables.tf#L86) | Service APIs enabled by default in new projects. | list(string) | | […] |
+| [region](variables.tf#L95) | Region used. | string | | "europe-west1" |
## Outputs
@@ -68,9 +68,7 @@ There's a minor glitch that can surface running `terraform destroy`, where the s
| [projects](outputs.tf#L24) | Project ids. | |
| [vms](outputs.tf#L33) | GCE VMs. | |
| [vpc](outputs.tf#L40) | Shared VPC. | |
-
-
## Test
```hcl
diff --git a/blueprints/networking/shared-vpc-gke/main.tf b/blueprints/networking/shared-vpc-gke/main.tf
index 3e13f28b24..197b53cac8 100644
--- a/blueprints/networking/shared-vpc-gke/main.tf
+++ b/blueprints/networking/shared-vpc-gke/main.tf
@@ -223,6 +223,7 @@ module "cluster-1" {
labels = {
environment = "test"
}
+ deletion_protection = var.deletion_protection
}
module "cluster-1-nodepool-1" {
diff --git a/blueprints/networking/shared-vpc-gke/variables.tf b/blueprints/networking/shared-vpc-gke/variables.tf
index 96ccfb0c27..77dfa02494 100644
--- a/blueprints/networking/shared-vpc-gke/variables.tf
+++ b/blueprints/networking/shared-vpc-gke/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,6 +23,13 @@ variable "cluster_create" {
default = true
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "ip_ranges" {
description = "Subnet IP CIDR ranges."
type = map(string)
diff --git a/blueprints/third-party-solutions/phpipam/README.md b/blueprints/third-party-solutions/phpipam/README.md
index 1450230684..6cffcb9241 100644
--- a/blueprints/third-party-solutions/phpipam/README.md
+++ b/blueprints/third-party-solutions/phpipam/README.md
@@ -193,23 +193,24 @@ billable charges made afterwards.
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L109) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L128) | Project id, references existing project if `project_create` is null. | string | ✓ | |
+| [prefix](variables.tf#L116) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L135) | Project id, references existing project if `project_create` is null. | string | ✓ | |
| [admin_principals](variables.tf#L19) | Users, groups and/or service accounts that are assigned roles, in IAM format (`group:foo@example.com`). | list(string) | | [] |
| [cloud_run_invoker](variables.tf#L25) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone). | string | | "allUsers" |
| [cloudsql_password](variables.tf#L31) | CloudSQL password (will be randomly generated by default). | string | | null |
| [connector](variables.tf#L37) | Existing VPC serverless connector to use if not creating a new one. | string | | null |
| [create_connector](variables.tf#L43) | Should a VPC serverless connector be created or not. | bool | | true |
| [custom_domain](variables.tf#L49) | Cloud Run service custom domain for GLB. | string | | null |
-| [iap](variables.tf#L55) | Identity-Aware Proxy for Cloud Run in the LB. | object({…}) | | {} |
-| [ip_ranges](variables.tf#L67) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…}) | | {…} |
-| [phpipam_config](variables.tf#L81) | PHPIpam configuration. | object({…}) | | {…} |
-| [phpipam_exposure](variables.tf#L93) | Whether to expose the application publicly via GLB or internally via ILB, default GLB. | string | | "EXTERNAL" |
-| [phpipam_password](variables.tf#L103) | Password for the phpipam user (will be randomly generated by default). | string | | null |
-| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
-| [region](variables.tf#L133) | Region for the created resources. | string | | "europe-west4" |
-| [security_policy](variables.tf#L139) | Security policy (Cloud Armor) to enforce in the LB. | object({…}) | | {} |
-| [vpc_config](variables.tf#L149) | VPC Network and subnetwork self links for internal LB setup. | object({…}) | | null |
+| [deletion_protection](variables.tf#L55) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [iap](variables.tf#L62) | Identity-Aware Proxy for Cloud Run in the LB. | object({…}) | | {} |
+| [ip_ranges](variables.tf#L74) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…}) | | {…} |
+| [phpipam_config](variables.tf#L88) | PHPIpam configuration. | object({…}) | | {…} |
+| [phpipam_exposure](variables.tf#L100) | Whether to expose the application publicly via GLB or internally via ILB, default GLB. | string | | "EXTERNAL" |
+| [phpipam_password](variables.tf#L110) | Password for the phpipam user (will be randomly generated by default). | string | | null |
+| [project_create](variables.tf#L126) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
+| [region](variables.tf#L140) | Region for the created resources. | string | | "europe-west4" |
+| [security_policy](variables.tf#L146) | Security policy (Cloud Armor) to enforce in the LB. | object({…}) | | {} |
+| [vpc_config](variables.tf#L156) | VPC Network and subnetwork self links for internal LB setup. | object({…}) | | null |
## Outputs
diff --git a/blueprints/third-party-solutions/phpipam/cloudsql.tf b/blueprints/third-party-solutions/phpipam/cloudsql.tf
index 0dc89b9ac1..24a47b661c 100644
--- a/blueprints/third-party-solutions/phpipam/cloudsql.tf
+++ b/blueprints/third-party-solutions/phpipam/cloudsql.tf
@@ -16,15 +16,16 @@
# Set up CloudSQL
module "cloudsql" {
- source = "../../../modules/cloudsql-instance"
- project_id = module.project.project_id
- name = "${var.prefix}-mysql"
- database_version = local.cloudsql_conf.database_version
- databases = [local.cloudsql_conf.db]
- network = local.network
- prefix = var.prefix
- region = var.region
- tier = local.cloudsql_conf.tier
+ source = "../../../modules/cloudsql-instance"
+ project_id = module.project.project_id
+ name = "${var.prefix}-mysql"
+ database_version = local.cloudsql_conf.database_version
+ deletion_protection = var.deletion_protection
+ databases = [local.cloudsql_conf.db]
+ network = local.network
+ prefix = var.prefix
+ region = var.region
+ tier = local.cloudsql_conf.tier
users = {
"${local.cloudsql_conf.user}" = var.cloudsql_password
}
diff --git a/blueprints/third-party-solutions/phpipam/variables.tf b/blueprints/third-party-solutions/phpipam/variables.tf
index 75d3d2c6eb..0e68ca184e 100644
--- a/blueprints/third-party-solutions/phpipam/variables.tf
+++ b/blueprints/third-party-solutions/phpipam/variables.tf
@@ -52,6 +52,13 @@ variable "custom_domain" {
default = null
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
variable "iap" {
description = "Identity-Aware Proxy for Cloud Run in the LB."
type = object({
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/README.md b/blueprints/third-party-solutions/wordpress/cloudrun/README.md
index 60754e4bd6..a0875e89cf 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/README.md
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/README.md
@@ -122,19 +122,20 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L63) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L81) | Project id, references existing project if `project_create` is null. | string | ✓ | |
-| [wordpress_image](variables.tf#L92) | Image to run with Cloud Run, starts with \"gcr.io\". | string | ✓ | |
+| [prefix](variables.tf#L70) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L88) | Project id, references existing project if `project_create` is null. | string | ✓ | |
+| [wordpress_image](variables.tf#L99) | Image to run with Cloud Run, starts with \"gcr.io\". | string | ✓ | |
| [admin_principal](variables.tf#L17) | User or group that is assigned roles, in IAM format (`group:foo@example.com`). | string | | null |
| [cloud_run_invoker](variables.tf#L24) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone). | string | | "allUsers" |
| [cloudsql_password](variables.tf#L30) | CloudSQL password (will be randomly generated by default). | string | | null |
| [connector](variables.tf#L36) | Existing VPC serverless connector to use if not creating a new one. | string | | null |
| [create_connector](variables.tf#L42) | Should a VPC serverless connector be created or not. | bool | | true |
-| [ip_ranges](variables.tf#L49) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…}) | | {…} |
-| [project_create](variables.tf#L72) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
-| [region](variables.tf#L86) | Region for the created resources. | string | | "europe-west4" |
-| [wordpress_password](variables.tf#L97) | Password for the Wordpress user (will be randomly generated by default). | string | | null |
-| [wordpress_port](variables.tf#L103) | Port for the Wordpress image. | number | | 8080 |
+| [deletion_protection](variables.tf#L48) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | false |
+| [ip_ranges](variables.tf#L56) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | object({…}) | | {…} |
+| [project_create](variables.tf#L79) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
+| [region](variables.tf#L93) | Region for the created resources. | string | | "europe-west4" |
+| [wordpress_password](variables.tf#L104) | Password for the Wordpress user (will be randomly generated by default). | string | | null |
+| [wordpress_port](variables.tf#L110) | Port for the Wordpress image. | number | | 8080 |
## Outputs
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
index 39f40286ca..4ed2ed1992 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -63,4 +63,5 @@ module "cloudsql" {
users = {
"${local.cloudsql_conf.user}" = var.cloudsql_password
}
+ deletion_protection = false
}
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
index 4956f2f477..66e8751e36 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -45,6 +45,13 @@ variable "create_connector" {
default = true
}
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+ type = bool
+ default = false
+ nullable = false
+}
+
# PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
variable "ip_ranges" {
description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC."
diff --git a/fast/stages/3-data-platform/dev/README.md b/fast/stages/3-data-platform/dev/README.md
index 397f2d20ff..38bf2f773a 100644
--- a/fast/stages/3-data-platform/dev/README.md
+++ b/fast/stages/3-data-platform/dev/README.md
@@ -185,23 +185,23 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|---|---|:---:|:---:|:---:|:---:|
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap |
| [billing_account](variables.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
-| [folder_ids](variables.tf#L107) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 1-resman |
-| [host_project_ids](variables.tf#L125) | Shared VPC project ids. | object({…}) | ✓ | | 2-networking |
-| [organization](variables.tf#L155) | Organization details. | object({…}) | ✓ | | 00-globals |
-| [prefix](variables.tf#L171) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals |
+| [folder_ids](variables.tf#L108) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 1-resman |
+| [host_project_ids](variables.tf#L126) | Shared VPC project ids. | object({…}) | ✓ | | 2-networking |
+| [organization](variables.tf#L156) | Organization details. | object({…}) | ✓ | | 00-globals |
+| [prefix](variables.tf#L172) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals |
| [composer_config](variables.tf#L38) | Cloud Composer configuration options. | object({…}) | | {…} | |
| [data_catalog_tags](variables.tf#L87) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} | |
-| [data_force_destroy](variables.tf#L101) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool | | false | |
-| [groups-dp](variables.tf#L115) | Data Platform groups. | map(string) | | {…} | |
-| [location](variables.tf#L133) | Location used for multi-regional resources. | string | | "eu" | |
-| [network_config_composer](variables.tf#L139) | Network configurations to use for Composer. | object({…}) | | {…} | |
-| [outputs_location](variables.tf#L165) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
-| [project_services](variables.tf#L181) | List of core services enabled on all projects. | list(string) | | […] | |
-| [project_suffix](variables.tf#L192) | Suffix used only for project ids. | string | | null | |
-| [region](variables.tf#L198) | Region used for regional resources. | string | | "europe-west1" | |
-| [service_encryption_keys](variables.tf#L204) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | |
-| [subnet_self_links](variables.tf#L216) | Shared VPC subnet self links. | object({…}) | | null | 2-networking |
-| [vpc_self_links](variables.tf#L225) | Shared VPC self links. | object({…}) | | null | 2-networking |
+| [deletion_protection](variables.tf#L101) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | bool | | true | |
+| [groups-dp](variables.tf#L116) | Data Platform groups. | map(string) | | {…} | |
+| [location](variables.tf#L134) | Location used for multi-regional resources. | string | | "eu" | |
+| [network_config_composer](variables.tf#L140) | Network configurations to use for Composer. | object({…}) | | {…} | |
+| [outputs_location](variables.tf#L166) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
+| [project_services](variables.tf#L182) | List of core services enabled on all projects. | list(string) | | […] | |
+| [project_suffix](variables.tf#L193) | Suffix used only for project ids. | string | | null | |
+| [region](variables.tf#L199) | Region used for regional resources. | string | | "europe-west1" | |
+| [service_encryption_keys](variables.tf#L205) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | |
+| [subnet_self_links](variables.tf#L217) | Shared VPC subnet self links. | object({…}) | | null | 2-networking |
+| [vpc_self_links](variables.tf#L226) | Shared VPC self links. | object({…}) | | null | 2-networking |
## Outputs
diff --git a/fast/stages/3-data-platform/dev/main.tf b/fast/stages/3-data-platform/dev/main.tf
index 25dfe24aa2..f536070ed1 100644
--- a/fast/stages/3-data-platform/dev/main.tf
+++ b/fast/stages/3-data-platform/dev/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,10 +17,10 @@
# tfdoc:file:description Data Platform.
module "data-platform" {
- source = "../../../../blueprints/data-solutions/data-platform-foundations"
- composer_config = var.composer_config
- data_force_destroy = var.data_force_destroy
- data_catalog_tags = var.data_catalog_tags
+ source = "../../../../blueprints/data-solutions/data-platform-foundations"
+ composer_config = var.composer_config
+ deletion_protection = var.deletion_protection
+ data_catalog_tags = var.data_catalog_tags
project_config = {
billing_account_id = var.billing_account.id
parent = var.folder_ids.data-platform-dev
diff --git a/fast/stages/3-data-platform/dev/variables.tf b/fast/stages/3-data-platform/dev/variables.tf
index ef28fb27fc..ac5ee4b356 100644
--- a/fast/stages/3-data-platform/dev/variables.tf
+++ b/fast/stages/3-data-platform/dev/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -98,10 +98,11 @@ variable "data_catalog_tags" {
}
}
-variable "data_force_destroy" {
- description = "Flag to set 'force_destroy' on data services like BigQery or Cloud Storage."
+variable "deletion_protection" {
+ description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
type = bool
- default = false
+ default = true
+ nullable = false
}
variable "folder_ids" {
diff --git a/modules/bigtable-instance/README.md b/modules/bigtable-instance/README.md
index afe1ec42df..3328b37a6b 100644
--- a/modules/bigtable-instance/README.md
+++ b/modules/bigtable-instance/README.md
@@ -225,21 +225,20 @@ module "bigtable-instance" {
# tftest modules=1 resources=1 inventory=autoscaling2.yaml
```
-
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [clusters](variables.tf#L17) | Clusters to be created in the BigTable instance. Set more than one cluster to enable replication. If you set autoscaling, num_nodes will be ignored. | map(object({…})) | ✓ | |
-| [name](variables.tf#L78) | The name of the Cloud Bigtable instance. | string | ✓ | |
-| [project_id](variables.tf#L83) | Id of the project where datasets will be created. | string | ✓ | |
+| [name](variables.tf#L80) | The name of the Cloud Bigtable instance. | string | ✓ | |
+| [project_id](variables.tf#L85) | Id of the project where datasets will be created. | string | ✓ | |
| [default_autoscaling](variables.tf#L33) | Default settings for autoscaling of clusters. This will be the default autoscaling for any cluster not specifying any autoscaling details. | object({…}) | | null |
| [default_gc_policy](variables.tf#L44) | Default garbage collection policy, to be applied to all column families and all tables. Can be override in the tables variable for specific column families. | object({…}) | | null |
-| [deletion_protection](variables.tf#L56) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | true |
-| [display_name](variables.tf#L61) | The human-readable display name of the Bigtable instance. | null |
-| [iam](variables.tf#L66) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [instance_type](variables.tf#L72) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null |
-| [tables](variables.tf#L88) | Tables to be created in the BigTable instance. | map(object({…})) | | {} |
+| [deletion_protection](variables.tf#L56) | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | bool | | true |
+| [display_name](variables.tf#L63) | The human-readable display name of the Bigtable instance. | null |
+| [iam](variables.tf#L68) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [instance_type](variables.tf#L74) | (deprecated) The instance type to create. One of 'DEVELOPMENT' or 'PRODUCTION'. | string | | null |
+| [tables](variables.tf#L90) | Tables to be created in the BigTable instance. | map(object({…})) | | {} |
## Outputs
@@ -249,5 +248,4 @@ module "bigtable-instance" {
| [instance](outputs.tf#L26) | BigTable instance. | |
| [table_ids](outputs.tf#L35) | Map of fully qualified table ids keyed by table name. | |
| [tables](outputs.tf#L40) | Table resources. | |
-
diff --git a/modules/bigtable-instance/variables.tf b/modules/bigtable-instance/variables.tf
index f7b75c1359..52cf380dfa 100644
--- a/modules/bigtable-instance/variables.tf
+++ b/modules/bigtable-instance/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -55,7 +55,9 @@ variable "default_gc_policy" {
variable "deletion_protection" {
description = "Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail."
+ type = bool
default = true
+ nullable = false
}
variable "display_name" {
diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
index 67b7675aed..c0f72cae08 100644
--- a/modules/cloudsql-instance/README.md
+++ b/modules/cloudsql-instance/README.md
@@ -187,32 +187,32 @@ module "db" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [database_version](variables.tf#L71) | Database type and version to create. | string | ✓ | |
-| [name](variables.tf#L141) | Name of primary instance. | string | ✓ | |
-| [network](variables.tf#L146) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | |
-| [project_id](variables.tf#L167) | The ID of the project where this instances will be created. | string | ✓ | |
-| [region](variables.tf#L172) | Region of the primary instance. | string | ✓ | |
-| [tier](variables.tf#L198) | The machine type to use for the instances. | string | ✓ | |
+| [name](variables.tf#L143) | Name of primary instance. | string | ✓ | |
+| [network](variables.tf#L148) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | |
+| [project_id](variables.tf#L169) | The ID of the project where this instances will be created. | string | ✓ | |
+| [region](variables.tf#L174) | Region of the primary instance. | string | ✓ | |
+| [tier](variables.tf#L200) | The machine type to use for the instances. | string | ✓ | |
| [activation_policy](variables.tf#L16) | This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. | string | | "ALWAYS" |
| [allocated_ip_ranges](variables.tf#L27) | (Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?. | object({…}) | | {} |
| [authorized_networks](variables.tf#L36) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null |
| [availability_type](variables.tf#L42) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" |
| [backup_configuration](variables.tf#L48) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) | | {…} |
| [databases](variables.tf#L76) | Databases to create once the primary instance is created. | list(string) | | null |
-| [deletion_protection](variables.tf#L82) | Allow terraform to delete instances. | bool | | false |
-| [deletion_protection_enabled](variables.tf#L88) | Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform). | bool | | false |
-| [disk_size](variables.tf#L94) | Disk size in GB. Set to null to enable autoresize. | number | | null |
-| [disk_type](variables.tf#L100) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" |
-| [encryption_key_name](variables.tf#L106) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null |
-| [flags](variables.tf#L112) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null |
-| [insights_config](variables.tf#L118) | Query Insights configuration. Defaults to null which disables Query Insights. | object({…}) | | null |
-| [ipv4_enabled](variables.tf#L129) | Add a public IP address to database instance. | bool | | false |
-| [labels](variables.tf#L135) | Labels to be attached to all instances. | map(string) | | null |
-| [postgres_client_certificates](variables.tf#L151) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null |
-| [prefix](variables.tf#L157) | Optional prefix used to generate instance names. | string | | null |
-| [replicas](variables.tf#L177) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} |
-| [require_ssl](variables.tf#L186) | Enable SSL connections only. | bool | | null |
-| [root_password](variables.tf#L192) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null |
-| [users](variables.tf#L203) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null |
+| [deletion_protection](variables.tf#L82) | Prevent terraform from deleting instances. | bool | | true |
+| [deletion_protection_enabled](variables.tf#L89) | Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform). | bool | | true |
+| [disk_size](variables.tf#L96) | Disk size in GB. Set to null to enable autoresize. | number | | null |
+| [disk_type](variables.tf#L102) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" |
+| [encryption_key_name](variables.tf#L108) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null |
+| [flags](variables.tf#L114) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null |
+| [insights_config](variables.tf#L120) | Query Insights configuration. Defaults to null which disables Query Insights. | object({…}) | | null |
+| [ipv4_enabled](variables.tf#L131) | Add a public IP address to database instance. | bool | | false |
+| [labels](variables.tf#L137) | Labels to be attached to all instances. | map(string) | | null |
+| [postgres_client_certificates](variables.tf#L153) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null |
+| [prefix](variables.tf#L159) | Optional prefix used to generate instance names. | string | | null |
+| [replicas](variables.tf#L179) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} |
+| [require_ssl](variables.tf#L188) | Enable SSL connections only. | bool | | null |
+| [root_password](variables.tf#L194) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null |
+| [users](variables.tf#L205) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null |
## Outputs
diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
index e183741c70..d13889b0c4 100644
--- a/modules/cloudsql-instance/variables.tf
+++ b/modules/cloudsql-instance/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -80,15 +80,17 @@ variable "databases" {
}
variable "deletion_protection" {
- description = "Allow terraform to delete instances."
+ description = "Prevent terraform from deleting instances."
type = bool
- default = false
+ default = true
+ nullable = false
}
variable "deletion_protection_enabled" {
description = "Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform)."
type = bool
- default = false
+ default = true
+ nullable = false
}
variable "disk_size" {
diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index b54588c84e..3fa4f344dc 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -206,25 +206,26 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L110) | Autopilot clusters are always regional. | string | ✓ | |
-| [name](variables.tf#L187) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L213) | Cluster project ID. | string | ✓ | |
-| [vpc_config](variables.tf#L242) | VPC-level configuration. | object({…}) | ✓ | |
+| [location](variables.tf#L117) | Autopilot clusters are always regional. | string | ✓ | |
+| [name](variables.tf#L194) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L220) | Cluster project ID. | string | ✓ | |
+| [vpc_config](variables.tf#L249) | VPC-level configuration. | object({…}) | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} |
-| [description](variables.tf#L37) | Cluster description. | string | | null |
-| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
-| [enable_features](variables.tf#L64) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
-| [issue_client_certificate](variables.tf#L98) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L104) | Cluster resource labels. | map(string) | | null |
-| [logging_config](variables.tf#L115) | Logging configuration. | object({…}) | | {} |
-| [maintenance_config](variables.tf#L126) | Maintenance window configuration. | object({…}) | | {…} |
-| [min_master_version](variables.tf#L149) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L155) | Monitoring configuration. System metrics collection cannot be disabled. Control plane metrics are optional. Kube state metrics are optional. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
-| [node_locations](variables.tf#L192) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [private_cluster_config](variables.tf#L199) | Private cluster configuration. | object({…}) | | null |
-| [release_channel](variables.tf#L218) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | string | | "REGULAR" |
-| [service_account](variables.tf#L229) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null |
-| [tags](variables.tf#L235) | Network tags applied to nodes. | list(string) | | [] |
+| [deletion_protection](variables.tf#L37) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
+| [description](variables.tf#L44) | Cluster description. | string | | null |
+| [enable_addons](variables.tf#L50) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
+| [enable_features](variables.tf#L71) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
+| [issue_client_certificate](variables.tf#L105) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L111) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L122) | Logging configuration. | object({…}) | | {} |
+| [maintenance_config](variables.tf#L133) | Maintenance window configuration. | object({…}) | | {…} |
+| [min_master_version](variables.tf#L156) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L162) | Monitoring configuration. System metrics collection cannot be disabled. Control plane metrics are optional. Kube state metrics are optional. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
+| [node_locations](variables.tf#L199) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [private_cluster_config](variables.tf#L206) | Private cluster configuration. | object({…}) | | null |
+| [release_channel](variables.tf#L225) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | string | | "REGULAR" |
+| [service_account](variables.tf#L236) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null |
+| [tags](variables.tf#L242) | Network tags applied to nodes. | list(string) | | [] |
## Outputs
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index e116090497..b411918149 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -30,9 +30,9 @@ resource "google_container_cluster" "cluster" {
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
enable_tpu = var.enable_features.tpu
initial_node_count = 1
-
- enable_autopilot = true
- allow_net_admin = var.enable_features.allow_net_admin
+ enable_autopilot = true
+ allow_net_admin = var.enable_features.allow_net_admin
+ deletion_protection = var.deletion_protection
addons_config {
http_load_balancing {
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index 24f8cd2b3c..fe0a3a14ed 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -34,6 +34,13 @@ variable "backup_configs" {
nullable = false
}
+variable "deletion_protection" {
+ description = "Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail."
+ type = bool
+ default = true
+ nullable = false
+}
+
variable "description" {
description = "Cluster description."
type = string
diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md
index dc2b4139e3..28ca982ce7 100644
--- a/modules/gke-cluster-standard/README.md
+++ b/modules/gke-cluster-standard/README.md
@@ -306,27 +306,28 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L138) | Cluster zone or region. | string | ✓ | |
-| [name](variables.tf#L249) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L275) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L298) | VPC-level configuration. | object({…}) | ✓ | |
+| [location](variables.tf#L145) | Cluster zone or region. | string | ✓ | |
+| [name](variables.tf#L256) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L282) | Cluster project id. | string | ✓ | |
+| [vpc_config](variables.tf#L305) | VPC-level configuration. | object({…}) | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} |
| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
-| [description](variables.tf#L58) | Cluster description. | string | | null |
-| [enable_addons](variables.tf#L64) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
-| [enable_features](variables.tf#L87) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
-| [issue_client_certificate](variables.tf#L126) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L132) | Cluster resource labels. | map(string) | | null |
-| [logging_config](variables.tf#L143) | Logging configuration. | object({…}) | | {} |
-| [maintenance_config](variables.tf#L164) | Maintenance window configuration. | object({…}) | | {…} |
-| [max_pods_per_node](variables.tf#L187) | Maximum number of pods per node in this cluster. | number | | 110 |
-| [min_master_version](variables.tf#L193) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L199) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
-| [node_locations](variables.tf#L254) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [private_cluster_config](variables.tf#L261) | Private cluster configuration. | object({…}) | | null |
-| [release_channel](variables.tf#L280) | Release channel for GKE upgrades. | string | | null |
-| [service_account](variables.tf#L286) | Service account used for the default node pool, only useful if the default GCE service account has been disabled. | string | | null |
-| [tags](variables.tf#L292) | Network tags applied to nodes. | list(string) | | null |
+| [deletion_protection](variables.tf#L58) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
+| [description](variables.tf#L65) | Cluster description. | string | | null |
+| [enable_addons](variables.tf#L71) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
+| [enable_features](variables.tf#L94) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
+| [issue_client_certificate](variables.tf#L133) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L139) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L150) | Logging configuration. | object({…}) | | {} |
+| [maintenance_config](variables.tf#L171) | Maintenance window configuration. | object({…}) | | {…} |
+| [max_pods_per_node](variables.tf#L194) | Maximum number of pods per node in this cluster. | number | | 110 |
+| [min_master_version](variables.tf#L200) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L206) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
+| [node_locations](variables.tf#L261) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [private_cluster_config](variables.tf#L268) | Private cluster configuration. | object({…}) | | null |
+| [release_channel](variables.tf#L287) | Release channel for GKE upgrades. | string | | null |
+| [service_account](variables.tf#L293) | Service account used for the default node pool, only useful if the default GCE service account has been disabled. | string | | null |
+| [tags](variables.tf#L299) | Network tags applied to nodes. | list(string) | | null |
## Outputs
diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf
index 2a6a4b8f7b..afe39a434a 100644
--- a/modules/gke-cluster-standard/main.tf
+++ b/modules/gke-cluster-standard/main.tf
@@ -34,6 +34,7 @@ resource "google_container_cluster" "cluster" {
enable_tpu = var.enable_features.tpu
initial_node_count = 1
remove_default_node_pool = true
+ deletion_protection = var.deletion_protection
datapath_provider = (
var.enable_features.dataplane_v2
? "ADVANCED_DATAPATH"
diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf
index c470dcfa8b..dca709733c 100644
--- a/modules/gke-cluster-standard/variables.tf
+++ b/modules/gke-cluster-standard/variables.tf
@@ -55,6 +55,13 @@ variable "cluster_autoscaling" {
default = null
}
+variable "deletion_protection" {
+ description = "Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail."
+ type = bool
+ default = true
+ nullable = false
+}
+
variable "description" {
description = "Cluster description."
type = string
diff --git a/tests/modules/cloudsql_instance/examples/insights.yaml b/tests/modules/cloudsql_instance/examples/insights.yaml
index eecb1461a1..1c54188352 100644
--- a/tests/modules/cloudsql_instance/examples/insights.yaml
+++ b/tests/modules/cloudsql_instance/examples/insights.yaml
@@ -26,7 +26,7 @@ values:
collation: null
data_cache_config: []
database_flags: []
- deletion_protection_enabled: false
+ deletion_protection_enabled: true
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
diff --git a/tests/modules/cloudsql_instance/examples/public-ip.yaml b/tests/modules/cloudsql_instance/examples/public-ip.yaml
index 0865d44a04..9ba4622033 100644
--- a/tests/modules/cloudsql_instance/examples/public-ip.yaml
+++ b/tests/modules/cloudsql_instance/examples/public-ip.yaml
@@ -37,7 +37,7 @@ values:
collation: null
data_cache_config: []
database_flags: []
- deletion_protection_enabled: false
+ deletion_protection_enabled: true
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
@@ -72,7 +72,7 @@ values:
collation: null
data_cache_config: []
database_flags: []
- deletion_protection_enabled: false
+ deletion_protection_enabled: true
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
diff --git a/tests/modules/cloudsql_instance/examples/simple.yaml b/tests/modules/cloudsql_instance/examples/simple.yaml
index 3cedbf7833..d4c0558d9c 100644
--- a/tests/modules/cloudsql_instance/examples/simple.yaml
+++ b/tests/modules/cloudsql_instance/examples/simple.yaml
@@ -27,7 +27,7 @@ values:
collation: null
data_cache_config: []
database_flags: []
- deletion_protection_enabled: false
+ deletion_protection_enabled: true
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0