Add deletion_protection field to Memcache Instance (#15025) (#24613)

[upstream:bc77deae2dcf14fa3162402847cd058f24424975]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/15025.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+memcache: added `deletion_protection` field to `memcache_instance` to make deleting them require an explicit intent. `memcache_instance` resources now cannot be destroyed unless `deletion_protection = false` is set for the resource.
+```

google/services/memcache/resource_memcache_instance.go

@@ -369,6 +369,16 @@ resolution and up to nine fractional digits.`,
  and default labels configured on the provider.`,
 				Elem: &schema.Schema{Type: schema.TypeString},
 			},
+			"deletion_protection": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Description: `Whether Terraform will be prevented from destroying the instance.
+When a 'terraform destroy' or 'terraform apply' would delete the instance,
+the command will fail if this field is not set to false in Terraform state.
+When the field is set to true or unset in Terraform state, a 'terraform apply'
+or 'terraform destroy' that would delete the instance will fail.
+When the field is set to false, deleting the instance is allowed.`,
+			},
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -543,6 +553,7 @@ func resourceMemcacheInstanceRead(d *schema.ResourceData, meta interface{}) erro
 		return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("MemcacheInstance %q", d.Id()))
 	}
 
+	// Explicitly set virtual fields to default values if unset
 	if err := d.Set("project", project); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
@@ -784,6 +795,9 @@ func resourceMemcacheInstanceDelete(d *schema.ResourceData, meta interface{}) er
 	}
 
 	headers := make(http.Header)
+	if d.Get("deletion_protection").(bool) {
+		return fmt.Errorf("cannot destroy memcache instance without setting deletion_protection=false and running `terraform apply`")
+	}
 
 	log.Printf("[DEBUG] Deleting Instance %q", d.Id())
 	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
@@ -830,6 +844,8 @@ func resourceMemcacheInstanceImport(d *schema.ResourceData, meta interface{}) ([
 	}
 	d.SetId(id)
 
+	// Explicitly set virtual fields to default values on import
+
 	return []*schema.ResourceData{d}, nil
 }
 

google/services/memcache/resource_memcache_instance_generated_meta.yaml

@@ -7,6 +7,8 @@ api_resource_type_kind: 'Instance'
 fields:
   - field: 'authorized_network'
   - field: 'create_time'
+  - field: 'deletion_protection'
+    provider_only: true
   - field: 'discovery_endpoint'
   - field: 'display_name'
   - field: 'effective_labels'

google/services/memcache/resource_memcache_instance_sweeper.go

@@ -18,6 +18,7 @@ package memcache_test
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -113,3 +114,67 @@ data "google_compute_network" "memcache_network" {
 }
 `, name, network)
 }
+
+func TestAccMemcacheInstance_deletionprotection(t *testing.T) {
+	t.Parallel()
+
+	prefix := fmt.Sprintf("%d", acctest.RandInt(t))
+	name := fmt.Sprintf("tf-test-%s", prefix)
+	network := acctest.BootstrapSharedServiceNetworkingConnection(t, "memcache-instance-update-1")
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckMemcacheInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMemcacheInstanceConfig(prefix, name, network, "us-central1", true), // deletion_protection = true
+			},
+			{
+				ResourceName:            "google_memcache_instance.test",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"reserved_ip_range_id", "deletion_protection"},
+			},
+			{
+				Config:      testAccMemcacheInstanceConfig(prefix, name, network, "us-west2", true), // deletion_protection = true
+				ExpectError: regexp.MustCompile("deletion_protection"),
+			},
+			{
+				Config: testAccMemcacheInstanceConfig(prefix, name, network, "us-central1", false), // deletion_protection = false
+			},
+			{
+				ResourceName:            "google_memcache_instance.test",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"reserved_ip_range_id", "deletion_protection"},
+			},
+		},
+	})
+}
+
+func testAccMemcacheInstanceConfig(prefix, name, network, region string, deletionProtection bool) string {
+	return fmt.Sprintf(`
+resource "google_memcache_instance" "test" {
+  name = "%s"
+  region = "%s"
+  authorized_network = data.google_compute_network.memcache_network.id
+  deletion_protection = %t
+  node_config {
+    cpu_count      = 1
+    memory_size_mb = 1024
+  }
+  node_count = 1
+  memcache_parameters {
+    params = {
+      "listen-backlog" = "2048"
+      "max-item-size" = "8388608"
+    }
+  }
+  reserved_ip_range_id = ["tf-bootstrap-addr-memcache-instance-update-1"]
+}
+data "google_compute_network" "memcache_network" {
+  name = "%s"
+}
+`, name, region, deletionProtection, network)
+}

google/services/memcache/resource_memcache_instance_test.go

@@ -63,7 +63,8 @@ resource "google_service_networking_connection" "private_service_connection" {
 resource "google_memcache_instance" "instance" {
   name = "test-instance"
   authorized_network = google_service_networking_connection.private_service_connection.network
-
+  deletion_protection = false
+  
   labels = {
     env = "test"
   }
@@ -161,6 +162,13 @@ The following arguments are supported:
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
+* `deletion_protection` - (Optional) Whether Terraform will be prevented from destroying the instance.
+When a `terraform destroy` or `terraform apply` would delete the instance,
+the command will fail if this field is not set to false in Terraform state.
+When the field is set to true or unset in Terraform state, a `terraform apply`
+or `terraform destroy` that would delete the instance will fail.
+When the field is set to false, deleting the instance is allowed.
+
 
 
 <a name="nested_node_config"></a>The `node_config` block supports: