Add data retention policy block to organization resource

Author: mwudka

internal/provider/resource_tfe_organization.go

@@ -91,6 +91,21 @@ func resourceTFEOrganization() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"data_retention_policy": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MinItems: 1,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"delete_older_than_n_days": {
+							Type:     schema.TypeInt,
+							Required: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -115,6 +130,19 @@ func resourceTFEOrganizationCreate(d *schema.ResourceData, meta interface{}) err
 
 	d.SetId(org.Name)
 
+	if v, ok := d.GetOk("data_retention_policy"); ok {
+		drp := v.([]interface{})[0].(map[string]interface{})
+
+		_, err = config.Client.Organizations.SetDataRetentionPolicy(ctx, org.Name, tfe.DataRetentionPolicySetOptions{
+			DeleteOlderThanNDays: drp["delete_older_than_n_days"].(int),
+		})
+
+		if err != nil {
+			d.Partial(true)
+			return fmt.Errorf("Error setting data retention policy on organization %s: %w", org.Name, err)
+		}
+	}
+
 	return resourceTFEOrganizationUpdate(d, meta)
 }
 
@@ -150,6 +178,22 @@ func resourceTFEOrganizationRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("default_project_id", org.DefaultProject.ID)
 	}
 
+	var dataRetentionPolicy []interface{}
+	if org.DataRetentionPolicy != nil {
+		policy, err := config.Client.Organizations.ReadDataRetentionPolicy(ctx, org.Name)
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error getting data retention policy for organization %s: %w", org.Name, err)
+		}
+
+		drp := map[string]interface{}{
+			"delete_older_than_n_days": policy.DeleteOlderThanNDays,
+		}
+		dataRetentionPolicy = append(dataRetentionPolicy, drp)
+	}
+	d.Set("data_retention_policy", dataRetentionPolicy)
+
 	return nil
 }
 
@@ -210,6 +254,25 @@ func resourceTFEOrganizationUpdate(d *schema.ResourceData, meta interface{}) err
 
 	d.SetId(org.Name)
 
+	// nolint: nestif
+	if d.HasChange("data_retention_policy") {
+		v, ok := d.GetOk("data_retention_policy")
+		if ok {
+			drp := v.([]interface{})[0].(map[string]interface{})
+			_, err := config.Client.Organizations.SetDataRetentionPolicy(ctx, org.Name, tfe.DataRetentionPolicySetOptions{DeleteOlderThanNDays: drp["delete_older_than_n_days"].(int)})
+			if err != nil {
+				d.Partial(true)
+				return fmt.Errorf("Error setting data retention policy on organization %s: %w", org.Name, err)
+			}
+		} else {
+			err := config.Client.Organizations.DeleteDataRetentionPolicy(ctx, org.Name)
+			if err != nil {
+				d.Partial(true)
+				return fmt.Errorf("Error deleting data retention policy from organization %s: %w", org.Name, err)
+			}
+		}
+	}
+
 	return resourceTFEOrganizationRead(d, meta)
 }
 

internal/provider/resource_tfe_organization_test.go

@@ -251,6 +251,75 @@ func TestAccTFEOrganization_import(t *testing.T) {
 	})
 }
 
+func TestAccTFEOrganization_updateDataRetentionPolicy(t *testing.T) {
+	skipIfCloud(t)
+
+	org := &tfe.Organization{}
+	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckTFEOrganizationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEOrganization_basic(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEOrganizationExists(
+						"tfe_organization.foobar", org),
+					resource.TestCheckNoResourceAttr("tfe_organization.foobar", "data_retention_policy.0.delete_older_than_n_days"),
+				),
+			},
+			{
+				Config: testAccTFEOrganization_dataRetentionPolicy(rInt, 8),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"tfe_organization.foobar", "data_retention_policy.0.delete_older_than_n_days", "8"),
+				),
+			},
+			{
+				Config: testAccTFEOrganization_dataRetentionPolicy(rInt, 20),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"tfe_organization.foobar", "data_retention_policy.0.delete_older_than_n_days", "20"),
+				),
+			},
+			{
+				Config: testAccTFEOrganization_basic(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEOrganizationExists(
+						"tfe_organization.foobar", org),
+					resource.TestCheckNoResourceAttr("tfe_organization.foobar", "data_retention_policy.0.delete_older_than_n_days"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccTFEOrganization_importDataRetentionPolicy(t *testing.T) {
+	skipIfCloud(t)
+
+	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckTFEWorkspaceDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEOrganization_dataRetentionPolicy(rInt, 10),
+			},
+			{
+				ResourceName:      "tfe_organization.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckTFEOrganizationExists(
 	n string, org *tfe.Organization) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
@@ -434,3 +503,14 @@ resource "tfe_organization" "foobar" {
   allow_force_delete_workspaces     = %t
 }`, orgName, orgEmail, costEstimationEnabled, assessmentsEnforced, allowForceDeleteWorkspaces)
 }
+
+func testAccTFEOrganization_dataRetentionPolicy(rInt int, deleteOlderThanNDays int) string {
+	return fmt.Sprintf(`
+resource "tfe_organization" "foobar" {
+  name  = "tst-terraform-%d"
+  email = "[email protected]"
+  data_retention_policy {
+    delete_older_than_n_days = %d
+  }
+}`, rInt, deleteOlderThanNDays)
+}

website/docs/r/organization.html.markdown

@@ -24,6 +24,7 @@ resource "tfe_organization" "test" {
 
 The following arguments are supported:
 
+* `data_retention_policy` - (Optional) The organization's [data retention policy](https://developer.hashicorp.com/terraform/enterprise/workspaces/settings/deletion#data-retention-policies).
 * `name` - (Required) Name of the organization.
 * `email` - (Required) Admin email address.
 * `session_timeout_minutes` - (Optional) Session timeout after inactivity.
@@ -38,6 +39,11 @@ The following arguments are supported:
 * `assessments_enforced` - (Optional) (Available only in Terraform Cloud) Whether to force health assessments (drift detection) on all eligible workspaces or allow workspaces to set their own preferences.
 * `allow_force_delete_workspaces` - (Optional) Whether workspace administrators are permitted to delete workspaces with resources under management. If false, only organization owners may delete these workspaces. Defaults to false.
 
+The `data_retention_policy` block supports:
+
+* `delete_older_than_n_days` - (Required) Automatically delete backing data for state versions and configuration versions older than N days.
+
+
 ## Attributes Reference
 
 * `id` - The name of the organization.