enable DB deletion protection across all GCP API surfaces (#1150)

* enable DB deletion protection across all GCP API surfaces

Signed-off-by: Bob Callaway <[email protected]>

* move into settings block

Signed-off-by: Bob Callaway <[email protected]>

---------

Signed-off-by: Bob Callaway <[email protected]>

terraform/gcp/modules/mysql-shard/mysql.tf

@@ -25,14 +25,17 @@ resource "google_sql_database_instance" "trillian" {
   database_version = var.database_version
   region           = var.region
 
-  # Set to false to delete this database
+  # Set to false to delete this database using terraform
   deletion_protection = var.deletion_protection
 
   settings {
     tier              = var.tier
     activation_policy = "ALWAYS"
     availability_type = var.availability_type
 
+    # this sets the flag on the GCP platform to prevent deletion across all API surfaces
+    deletion_protection_enabled = var.deletion_protection
+
     ip_configuration {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network

terraform/gcp/modules/mysql/mysql.tf

@@ -109,7 +109,7 @@ resource "google_sql_database_instance" "sigstore" {
   database_version = var.database_version
   region           = var.region
 
-  # Set to false to delete this database
+  # Set to false to delete this database using terraform
   deletion_protection = var.deletion_protection
 
   depends_on = [google_service_networking_connection.private_vpc_connection]
@@ -119,6 +119,9 @@ resource "google_sql_database_instance" "sigstore" {
     activation_policy = "ALWAYS"
     availability_type = var.availability_type
 
+    # this sets the flag on the GCP platform to prevent deletion across all API surfaces
+    deletion_protection_enabled = var.deletion_protection
+
     ip_configuration {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network