IBM-Cloud · hkantare · Sep 26, 2024 · Sep 8, 2024 · obai-1 · Sep 9, 2024
diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go
@@ -65,6 +65,8 @@ const (
 	ResourceStatus = "resource_status"
 	//ResourceGroupName ...
 	ResourceGroupName = "resource_group_name"
+	//DeletionProtection ...
+	DeletionProtection = "deletion_protection"
 	//RelatedCRN ...
 	RelatedCRN                                = "related_crn"
 	SystemIBMLabelPrefix                      = "ibm-cloud.kubernetes.io/"

diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go
@@ -1635,6 +1635,26 @@ func wrapFunction(
 ) func(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
 	if function != nil {
 		return func(context context.Context, schema *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+			// only allow deletion if the resource is not marked as protected
+			if operationName == "delete" && schema.Get("deletion_protection") != nil {
+				// we check the value in state, not current config. Current config will always be null for a delete
+
+				if schema.Get("deletion_protection") == true {
+					log.Printf("[DEBUG] Resource has deletion protection turned on %s", resourceName)
+					var diags diag.Diagnostics
+					summary := fmt.Sprintf("Deletion protection is enabled for resource %s to prevent accidential deletion", schema.Get("name"))
+					return append(
+						diags,
+						diag.Diagnostic{
+							Severity: diag.Error,
+							Summary:  summary,
+							Detail:   "Set deletion_protection to false, apply and then destroy if deletion should proceed",
+						},
+					)
+				}
+			}
+
 			return function(context, schema, meta)
 		}
 	} else if fallback != nil {

diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go
@@ -808,6 +808,13 @@ func ResourceIBMDatabaseInstance() *schema.Resource {
 					},
 				},
 			},
+			flex.DeletionProtection: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Whether Terraform will be prevented from destroying the instance",
+			},
+
 			flex.ResourceName: {
 				Type:        schema.TypeString,
 				Computed:    true,

diff --git a/website/docs/r/database.html.markdown b/website/docs/r/database.html.markdown
@@ -686,6 +686,7 @@ Review the argument reference that you can specify for your resource.
 - `service_endpoints` - (Optional, String) Specify whether you want to enable the public, private, or both service endpoints. Supported values are `public`, `private`, or `public-and-private`. If you leave `service_endpoints` empty, the default value will be set based on the compliance standard in the region where the instance is being created. Generally, if the region is enabled with FS Cloud/ENS High compliance, then the default would be `private`. Otherwise, the default would be `public`. During any update, if you leave `service_endpoints` empty, it will maintain the previously selected value.
 - `tags` (Optional, Array of Strings) A list of tags that you want to add to your instance.
 - `version` - (Optional, Forces new resource, String) The version of the database to be provisioned. If omitted, the database is created with the most recent major and minor version.
+- `deletion_protection` - (Optional, Boolean) If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`. 
 - `users` - (Optional, List of Objects) A list of users that you want to create on the database. Multiple blocks are allowed.
 
   Nested scheme for `users`: