Merge pull request #27 from sparkfabrik/3259_disable_soft_delete_dr

3259 disable soft delete dr

CHANGELOG.md

@@ -11,6 +11,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 [Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-application-bucket-creation-helper/compare/0.9.0...0.10.0)
 
 - Add lifecycle policy rules to dr buckets (default retention: 60 days after becoming non current).
+- Add disable soft delete as default behaviour.
 - Add label `scope = dr` to dr buckets.
 
 # [0.9.0] - 2024-11-26

README.md

@@ -85,12 +85,12 @@ want to import existing buckets with a known name.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_buckets_list"></a> [buckets\_list](#input\_buckets\_list) | The list of buckets to create. For each bucket you can specify the name, when deleting a bucket the force\_destroy option will delete the contents of the bucket (if you try to delete a bucket that contains objects, Terraform will fail that run), the location (default to project region), the storage class (default to STANDARD), if you want enable the object versioning (default to true), if you want to plan a disaster recovery with the creation of a mirroring bucket with a scheduled transfer job and if you want to append a random suffix to the bucket name (default true). The property set\_all\_users\_as\_viewer controls if the bucket will be readable by all users (default false). The property labels set labels to organize buckets. The property tag\_list set google tags to bind with the bucket for fine grained access control. Properties bucket\_obj\_vwr and bucket\_obj\_adm set a list of specific IAM members as objectViewers and objectAdmin | <pre>list(object({<br>    name                          = string<br>    force_destroy                 = optional(bool, false)<br>    append_random_suffix          = optional(bool, true)<br>    location                      = optional(string, null)<br>    storage_class                 = optional(string, "STANDARD")<br>    enable_versioning             = optional(bool, true)<br>    enable_disaster_recovery      = optional(bool, true)<br>    set_all_users_as_viewer       = optional(bool, false)<br>    labels                        = optional(map(string), {})<br>    tag_list                      = optional(list(string), [])<br>    bucket_obj_adm                = optional(list(string), [])<br>    bucket_obj_vwr                = optional(list(string), [])<br>    soft_delete_retention_seconds = optional(number, 0)<br>    lifecycle_policy_retention    = optional(number, 30)<br>  }))</pre> | n/a | yes |
+| <a name="input_buckets_list"></a> [buckets\_list](#input\_buckets\_list) | The list of buckets to create. For each bucket you can specify the name, when deleting a bucket the force\_destroy option will delete the contents of the bucket (if you try to delete a bucket that contains objects, Terraform will fail that run), the location (default to project region), the storage class (default to STANDARD), if you want enable the object versioning (default to true), if you want to plan a disaster recovery with the creation of a mirroring bucket with a scheduled transfer job and if you want to append a random suffix to the bucket name (default true). The property set\_all\_users\_as\_viewer controls if the bucket will be readable by all users (default false). The property labels set labels to organize buckets. The property tag\_list set google tags to bind with the bucket for fine grained access control. Properties bucket\_obj\_vwr and bucket\_obj\_adm set a list of specific IAM members as objectViewers and objectAdmin | <pre>list(object({<br/>    name                             = string<br/>    force_destroy                    = optional(bool, false)<br/>    append_random_suffix             = optional(bool, true)<br/>    location                         = optional(string, null)<br/>    storage_class                    = optional(string, "STANDARD")<br/>    enable_versioning                = optional(bool, true)<br/>    enable_disaster_recovery         = optional(bool, true)<br/>    set_all_users_as_viewer          = optional(bool, false)<br/>    labels                           = optional(map(string), {})<br/>    tag_list                         = optional(list(string), [])<br/>    bucket_obj_adm                   = optional(list(string), [])<br/>    bucket_obj_vwr                   = optional(list(string), [])<br/>    soft_delete_retention_seconds    = optional(number, 0)<br/>    lifecycle_policy_retention       = optional(number, 30)<br/>    dr_soft_delete_retention_seconds = optional(number, 0)<br/>    dr_lifecycle_policy_retention    = optional(number, 60)<br/>  }))</pre> | n/a | yes |
 | <a name="input_disaster_recovery_bucket_location"></a> [disaster\_recovery\_bucket\_location](#input\_disaster\_recovery\_bucket\_location) | The location in which the disaster recovery bucket will be created. For a list of available regions, see https://cloud.google.com/storage/docs/locations. By default, the disaster recovery bucket will be created in the same location as the primary bucket. | `string` | `""` | no |
 | <a name="input_global_tags"></a> [global\_tags](#input\_global\_tags) | A list of tags to be applied to all the resources, in the form <TAG\_KEY\_SHORTNAME>/<TAG\_VALUE\_SHORTNAME>. If a resource specify a list of tags, the global tags will be overridden and replaced by those specified in the resource. | `list(string)` | `[]` | no |
 | <a name="input_logging_bucket_name"></a> [logging\_bucket\_name](#input\_logging\_bucket\_name) | The name of the logging bucket. If not set, no logging bucket will be added and bucket logs will be disabled. | `string` | `""` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The Google Cloud project ID to deploy to. | `string` | n/a | yes |
-| <a name="input_transfer_job_excluded_prefixes"></a> [transfer\_job\_excluded\_prefixes](#input\_transfer\_job\_excluded\_prefixes) | A list of object file and folder prefixes that will be excluded from the transfer job. The default is designed for a typical Drupal application. | `list(string)` | <pre>[<br>  "public/css/css_",<br>  "public/js/js_",<br>  "public/google_tag/",<br>  "public/languages/",<br>  "public/styles/"<br>]</pre> | no |
+| <a name="input_transfer_job_excluded_prefixes"></a> [transfer\_job\_excluded\_prefixes](#input\_transfer\_job\_excluded\_prefixes) | A list of object file and folder prefixes that will be excluded from the transfer job. The default is designed for a typical Drupal application. | `list(string)` | <pre>[<br/>  "public/css/css_",<br/>  "public/js/js_",<br/>  "public/google_tag/",<br/>  "public/languages/",<br/>  "public/styles/"<br/>]</pre> | no |
 ## Outputs
 
 | Name | Description |
@@ -123,5 +123,4 @@ want to import existing buckets with a known name.
 ## Modules
 
 No modules.
-
 <!-- END_TF_DOCS -->

main.tf

@@ -226,6 +226,11 @@ resource "google_storage_bucket" "disaster_recovery" {
   location      = var.disaster_recovery_bucket_location != "" ? var.disaster_recovery_bucket_location : each.value.location != null ? each.value.location : local.default_region
   storage_class = each.value.storage_class
   force_destroy = each.value.force_destroy
+
+  soft_delete_policy {
+    retention_duration_seconds = each.value.dr_soft_delete_retention_seconds
+  }
+
   lifecycle_rule {
     action {
       type = "Delete"

variables.tf

@@ -36,21 +36,22 @@ variable "global_tags" {
 # Optional value: refs https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes
 variable "buckets_list" {
   type = list(object({
-    name                          = string
-    force_destroy                 = optional(bool, false)
-    append_random_suffix          = optional(bool, true)
-    location                      = optional(string, null)
-    storage_class                 = optional(string, "STANDARD")
-    enable_versioning             = optional(bool, true)
-    enable_disaster_recovery      = optional(bool, true)
-    set_all_users_as_viewer       = optional(bool, false)
-    labels                        = optional(map(string), {})
-    tag_list                      = optional(list(string), [])
-    bucket_obj_adm                = optional(list(string), [])
-    bucket_obj_vwr                = optional(list(string), [])
-    soft_delete_retention_seconds = optional(number, 0)
-    lifecycle_policy_retention    = optional(number, 30)
-    dr_lifecycle_policy_retention = optional(number, 60)
+    name                             = string
+    force_destroy                    = optional(bool, false)
+    append_random_suffix             = optional(bool, true)
+    location                         = optional(string, null)
+    storage_class                    = optional(string, "STANDARD")
+    enable_versioning                = optional(bool, true)
+    enable_disaster_recovery         = optional(bool, true)
+    set_all_users_as_viewer          = optional(bool, false)
+    labels                           = optional(map(string), {})
+    tag_list                         = optional(list(string), [])
+    bucket_obj_adm                   = optional(list(string), [])
+    bucket_obj_vwr                   = optional(list(string), [])
+    soft_delete_retention_seconds    = optional(number, 0)
+    lifecycle_policy_retention       = optional(number, 30)
+    dr_soft_delete_retention_seconds = optional(number, 0)
+    dr_lifecycle_policy_retention    = optional(number, 60)
   }))
   description = "The list of buckets to create. For each bucket you can specify the name, when deleting a bucket the force_destroy option will delete the contents of the bucket (if you try to delete a bucket that contains objects, Terraform will fail that run), the location (default to project region), the storage class (default to STANDARD), if you want enable the object versioning (default to true), if you want to plan a disaster recovery with the creation of a mirroring bucket with a scheduled transfer job and if you want to append a random suffix to the bucket name (default true). The property set_all_users_as_viewer controls if the bucket will be readable by all users (default false). The property labels set labels to organize buckets. The property tag_list set google tags to bind with the bucket for fine grained access control. Properties bucket_obj_vwr and bucket_obj_adm set a list of specific IAM members as objectViewers and objectAdmin"