add deletion_protection field for bigtable instance (#3450) (#2061)

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/3450.txt

@@ -0,0 +1,6 @@
+```release-note:enhancement
+* bigtable: added `deletion_protection` field to `google_bigtable_instance` to make deleting them require an explicit intent.
+```
+```release-note:note
+* `google_bigtable_instance` resources now cannot be destroyed unless `deletion_protection = false` is set in state for the resource.
+```

google-beta/resource_bigtable_app_profile_generated_test.go

@@ -27,7 +27,8 @@ func TestAccBigtableAppProfile_bigtableAppProfileMulticlusterExample(t *testing.
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"random_suffix": randString(t, 10),
+		"deletion_protection": false,
+		"random_suffix":       randString(t, 10),
 	}
 
 	vcrTest(t, resource.TestCase{
@@ -58,6 +59,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = 3
     storage_type = "HDD"
   }
+
+  deletion_protection  = "%{deletion_protection}"
 }
 
 resource "google_bigtable_app_profile" "ap" {
@@ -74,7 +77,8 @@ func TestAccBigtableAppProfile_bigtableAppProfileSingleclusterExample(t *testing
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"random_suffix": randString(t, 10),
+		"deletion_protection": false,
+		"random_suffix":       randString(t, 10),
 	}
 
 	vcrTest(t, resource.TestCase{
@@ -105,6 +109,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = 3
     storage_type = "HDD"
   }
+
+  deletion_protection  = "%{deletion_protection}"
 }
 
 resource "google_bigtable_app_profile" "ap" {

google-beta/resource_bigtable_app_profile_test.go

@@ -49,6 +49,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = 3
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 
 resource "google_bigtable_app_profile" "ap" {
@@ -71,6 +73,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = 3
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 
 resource "google_bigtable_app_profile" "ap" {

google-beta/resource_bigtable_gc_policy_test.go

@@ -136,6 +136,7 @@ resource "google_bigtable_instance" "instance" {
   }
 
   instance_type = "DEVELOPMENT"
+  deletion_protection = false
 }
 
 resource "google_bigtable_table" "table" {
@@ -170,6 +171,7 @@ resource "google_bigtable_instance" "instance" {
   }
 
   instance_type = "DEVELOPMENT"
+  deletion_protection = false
 }
 
 resource "google_bigtable_table" "table" {

google-beta/resource_bigtable_instance.go

@@ -27,6 +27,15 @@ func resourceBigtableInstance() *schema.Resource {
 			resourceBigtableInstanceClusterReorderTypeList,
 		),
 
+		SchemaVersion: 1,
+		StateUpgraders: []schema.StateUpgrader{
+			{
+				Type:    resourceBigtableInstanceResourceV0().CoreConfigSchema().ImpliedType(),
+				Upgrade: resourceBigtableInstanceUpgradeV0,
+				Version: 0,
+			},
+		},
+
 		// ----------------------------------------------------------------------
 		// IMPORTANT: Do not add any additional ForceNew fields to this resource.
 		// Destroying/recreating instances can lead to data loss for users.
@@ -82,6 +91,12 @@ func resourceBigtableInstance() *schema.Resource {
 				ValidateFunc: validation.StringInSlice([]string{"DEVELOPMENT", "PRODUCTION"}, false),
 			},
 
+			"deletion_protection": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -235,6 +250,9 @@ func resourceBigtableInstanceUpdate(d *schema.ResourceData, meta interface{}) er
 }
 
 func resourceBigtableInstanceDestroy(d *schema.ResourceData, meta interface{}) error {
+	if d.Get("deletion_protection").(bool) {
+		return fmt.Errorf("cannot destroy instance without setting deletion_protection=false and running `terraform apply`")
+	}
 	config := meta.(*Config)
 	ctx := context.Background()
 

google-beta/resource_bigtable_instance_iam_test.go

@@ -209,5 +209,7 @@ resource "google_bigtable_instance" "instance" {
       zone         = "us-central1-b"
       storage_type = "HDD"
     }
+
+    deletion_protection = false
 }
 `

google-beta/resource_bigtable_instance_migrate.go

@@ -0,0 +1,80 @@
+package google
+
+import (
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+)
+
+func resourceBigtableInstanceResourceV0() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"cluster": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cluster_id": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"zone": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"num_nodes": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							// DEVELOPMENT instances could get returned with either zero or one node,
+							// so mark as computed.
+							Computed:     true,
+							ValidateFunc: validation.IntAtLeast(1),
+						},
+						"storage_type": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							Default:      "SSD",
+							ValidateFunc: validation.StringInSlice([]string{"SSD", "HDD"}, false),
+						},
+					},
+				},
+			},
+			"display_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+
+			"instance_type": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "PRODUCTION",
+				ValidateFunc: validation.StringInSlice([]string{"DEVELOPMENT", "PRODUCTION"}, false),
+			},
+
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceBigtableInstanceUpgradeV0(rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+	log.Printf("[DEBUG] Attributes before migration: %#v", rawState)
+
+	rawState["deletion_protection"] = true
+
+	log.Printf("[DEBUG] Attributes after migration: %#v", rawState)
+	return rawState, nil
+}

google-beta/resource_bigtable_instance_test.go

@@ -31,7 +31,7 @@ func TestAccBigtableInstance_basic(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 			{
 				Config: testAccBigtableInstance(instanceName, 4),
@@ -40,7 +40,7 @@ func TestAccBigtableInstance_basic(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 		},
 	})
@@ -67,7 +67,7 @@ func TestAccBigtableInstance_cluster(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 			{
 				Config: testAccBigtableInstance_clusterReordered(instanceName, 5),
@@ -76,7 +76,7 @@ func TestAccBigtableInstance_cluster(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 			{
 				Config: testAccBigtableInstance_clusterModified(instanceName, 5),
@@ -85,7 +85,7 @@ func TestAccBigtableInstance_cluster(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 			{
 				Config: testAccBigtableInstance_clusterReordered(instanceName, 5),
@@ -94,7 +94,7 @@ func TestAccBigtableInstance_cluster(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
 			},
 		},
 	})
@@ -117,7 +117,38 @@ func TestAccBigtableInstance_development(t *testing.T) {
 				ResourceName:            "google_bigtable_instance.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"instance_type"}, // we don't read instance type back
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
+			},
+		},
+	})
+}
+
+func TestAccBigtableInstance_allowDestroy(t *testing.T) {
+	t.Parallel()
+
+	instanceName := fmt.Sprintf("tf-test-%s", randString(t, 10))
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckBigtableInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBigtableInstance_noAllowDestroy(instanceName, 3),
+			},
+			{
+				ResourceName:            "google_bigtable_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection", "instance_type"}, // we don't read instance type back
+			},
+			{
+				Config:      testAccBigtableInstance_noAllowDestroy(instanceName, 3),
+				Destroy:     true,
+				ExpectError: regexp.MustCompile("deletion_protection"),
+			},
+			{
+				Config: testAccBigtableInstance(instanceName, 3),
 			},
 		},
 	})
@@ -159,6 +190,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = %d
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 `, instanceName, instanceName, numNodes)
 }
@@ -199,6 +232,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = %d
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 `, instanceName, instanceName, numNodes, instanceName, numNodes, instanceName, numNodes, instanceName, numNodes)
 }
@@ -237,6 +272,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = 3
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 `, instanceName, instanceName, instanceName, instanceName, instanceName, instanceName)
 }
@@ -269,6 +306,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = %d
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 `, instanceName, instanceName, numNodes, instanceName, numNodes, instanceName, numNodes, instanceName, numNodes)
 }
@@ -295,6 +334,8 @@ resource "google_bigtable_instance" "instance" {
     num_nodes    = %d
     storage_type = "HDD"
   }
+
+  deletion_protection = false
 }
 `, instanceName, instanceName, numNodes, instanceName, numNodes, instanceName, numNodes)
 }
@@ -308,6 +349,22 @@ resource "google_bigtable_instance" "instance" {
     zone       = "us-central1-b"
   }
   instance_type = "DEVELOPMENT"
+
+  deletion_protection = false
 }
 `, instanceName, instanceName)
 }
+
+func testAccBigtableInstance_noAllowDestroy(instanceName string, numNodes int) string {
+	return fmt.Sprintf(`
+resource "google_bigtable_instance" "instance" {
+  name = "%s"
+  cluster {
+    cluster_id   = "%s"
+    zone         = "us-central1-b"
+    num_nodes    = %d
+    storage_type = "HDD"
+  }
+}
+`, instanceName, instanceName, numNodes)
+}