Adding the support for secret version delayed destroy in the terrafor…

…m provider (GoogleCloudPlatform#10441)

mmv1/products/secretmanager/Secret.yaml

@@ -38,6 +38,11 @@ examples:
     primary_resource_id: 'secret-with-annotations'
     vars:
       secret_id: 'secret'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'secret_with_version_destroy_ttl'
+    primary_resource_id: 'secret-with-version-destroy-ttl'
+    vars:
+      secret_id: 'secret'
   - !ruby/object:Provider::Terraform::Examples
     name: 'secret_with_automatic_cmek'
     primary_resource_id: 'secret-with-automatic-cmek'
@@ -115,6 +120,14 @@ properties:
 
       An object containing a list of "key": value pairs. Example:
       { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+  - !ruby/object:Api::Type::String
+    name: versionDestroyTtl
+    description: |
+      Secret Version TTL after destruction request.
+      This is a part of the delayed delete feature on Secret Version.
+      For secret with versionDestroyTtl>0, version destruction doesn't happen immediately
+      on calling destroy instead the version goes to a disabled state and
+      the actual destruction happens after this TTL expires.
   - !ruby/object:Api::Type::NestedObject
     name: replication
     required: true

mmv1/templates/terraform/examples/secret_with_version_destroy_ttl.tf.erb

@@ -0,0 +1,9 @@
+resource "google_secret_manager_secret" "<%= ctx[:primary_resource_id] %>" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+
+  version_destroy_ttl = "2592000s"
+
+  replication {
+    auto {}
+  }
+}

mmv1/third_party/terraform/services/secretmanager/resource_secret_manager_secret_test.go.erb

@@ -379,6 +379,49 @@ func TestAccSecretManagerSecret_ttlUpdate(t *testing.T) {
 	})
 }
 
+func TestAccSecretManagerSecret_versionDestroyTtlUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckSecretManagerSecretDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecretManagerSecret_withoutVersionDestroyTtl(context),
+			},
+			{
+				ResourceName:            "google_secret_manager_secret.secret-basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"ttl", "labels", "terraform_labels"},
+			},
+			{
+				Config: testAccSecretManagerSecret_versionDestroyTtlUpdate(context),
+			},
+			{
+				ResourceName:            "google_secret_manager_secret.secret-basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"ttl", "labels", "terraform_labels"},
+			},
+			{
+				Config: testAccSecretManagerSecret_withoutVersionDestroyTtl(context),
+			},
+			{
+				ResourceName:            "google_secret_manager_secret.secret-basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"ttl", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
 func TestAccSecretManagerSecret_updateBetweenTtlAndExpireTime(t *testing.T) {
 	t.Parallel()
 
@@ -1104,6 +1147,55 @@ resource "google_secret_manager_secret" "secret-basic" {
 `, context)
 }
 
+func testAccSecretManagerSecret_withoutVersionDestroyTtl(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secret_manager_secret" "secret-basic" {
+  secret_id = "tf-test-secret-%{random_suffix}"
+
+  labels = {
+    label = "my-label"
+  }
+
+  replication {
+    user_managed {
+      replicas {
+        location = "us-central1"
+      }
+      replicas {
+        location = "us-east1"
+      }
+    }
+  }
+}
+`, context)
+}
+
+func testAccSecretManagerSecret_versionDestroyTtlUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_secret_manager_secret" "secret-basic" {
+  secret_id = "tf-test-secret-%{random_suffix}"
+
+  labels = {
+    label = "my-label"
+  }
+
+  replication {
+    user_managed {
+      replicas {
+        location = "us-central1"
+      }
+      replicas {
+        location = "us-east1"
+      }
+    }
+  }
+
+  version_destroy_ttl = "86400s"
+
+}
+`, context)
+}
+
 func testAccSecretManagerSecret_expireTime(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_secret_manager_secret" "secret-basic" {