feat(TPG>=5.22)!: added support for soft delete policy in storage sub…

…-module (#224)
terraform-google-modules · Aug 15, 2024 · 05ea76f · 05ea76f
1 parent 013e331
commit 05ea76f
Show file tree

Hide file tree

Showing 10 changed files with 43 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -11,11 +11,15 @@ are:
 - A **Destination** (Cloud Storage bucket, Cloud Pub/Sub topic, BigQuery dataset)
 
 ## Compatibility
-This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
- If you haven't
-[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
-0.12.x-compatible version of this module, the last released version
-intended for Terraform 0.12.x is [v5.1.0](https://registry.terraform.io/modules/terraform-google-modules/-log-export/google/v5.1.0).
+This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=1.3, please open an issue.
+
+## Version
+
+Current version is 9.X. Upgrade guides:
+
+- [4.X -> 5.0](/docs/upgrading_to_v5.0.md)
+- [6.X -> 7.0](/docs/upgrading_to_v7.0.md)
+- [8.X -> 9.0](/docs/upgrading_to_v9.0.md)
 
 ## Usage
 
@@ -25,7 +29,7 @@ example that will configure a Cloud Storage destination and a log export at the
 ```hcl
 module "log_export" {
   source                 = "terraform-google-modules/log-export/google"
-  version                = "~> 7.0"
+  version                = "~> 9.0"
   destination_uri        = "${module.destination.destination_uri}"
   filter                 = "severity >= ERROR"
   log_sink_name          = "storage_example_logsink"
@@ -36,7 +40,7 @@ module "log_export" {
 
 module "destination" {
   source                   = "terraform-google-modules/log-export/google//modules/storage"
-  version                  = "~> 7.0"
+  version                  = "~> 9.0"
   project_id               = "sample-project"
   storage_bucket_name      = "storage_example_bucket"
   log_sink_writer_identity = "${module.log_export.writer_identity}"
@@ -78,8 +82,8 @@ so that all dependencies are met.
 
 ## Requirements
 ### Terraform plugins
-- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) plugin ~> v3.5.x
+- [Terraform](https://www.terraform.io/downloads.html) >= 1.3
+- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) plugin ~> v5.22
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the following:

diff --git a/docs/upgrading_to_v9.0.md b/docs/upgrading_to_v9.0.md
@@ -0,0 +1,3 @@
+# Upgrading to Log Export v9.0
+
+The v9.0 release of Log Export is a backwards incompatible release and features a new feature `soft_delete_policy` for storage bucket. Minimum provider version `5.22` ia required.
diff --git a/examples/storage/billing_account/main.tf b/examples/storage/billing_account/main.tf
@@ -16,7 +16,7 @@
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   destination_uri        = module.destination.destination_uri
   log_sink_name          = "storage_example_logsink"
@@ -27,7 +27,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_example_bucket"

diff --git a/examples/storage/folder/main.tf b/examples/storage/folder/main.tf
@@ -23,7 +23,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -35,7 +35,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_folder_${random_string.suffix.result}"

diff --git a/examples/storage/organization/main.tf b/examples/storage/organization/main.tf
@@ -23,7 +23,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -35,7 +35,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_org_${random_string.suffix.result}"

diff --git a/examples/storage/project/main.tf b/examples/storage/project/main.tf
@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   destination_uri        = module.destination.destination_uri
   filter                 = "resource.type = gce_instance"
@@ -34,7 +34,7 @@ module "log_export" {
 
 module "destination" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id               = var.project_id
   storage_bucket_name      = "storage_project_${random_string.suffix.result}"
@@ -49,5 +49,6 @@ module "destination" {
       with_state = "ANY"
     }
   }]
+  soft_delete_policy_retention_days = 15
 }
 
diff --git a/modules/storage/README.md b/modules/storage/README.md
@@ -11,6 +11,7 @@ example that will configure a storage bucket destination and a log export at the
 ```hcl
 module "log_export" {
   source                 = "terraform-google-modules/log-export/google"
+  version                = "~> 9.0"
   destination_uri        = "${module.destination.destination_uri}"
   filter                 = "severity >= ERROR"
   log_sink_name          = "storage_example_logsink"
@@ -21,6 +22,7 @@ module "log_export" {
 
 module "destination" {
   source                   = "terraform-google-modules/log-export/google//modules/storage"
+  version                  = "~> 9.0"
   project_id               = "sample-project"
   storage_bucket_name      = "sample_storage_bucket"
   log_sink_writer_identity = "${module.log_export.writer_identity}"
@@ -66,6 +68,7 @@ so that all dependencies are met.
 | project\_id | The ID of the project in which the storage bucket will be created. | `string` | n/a | yes |
 | public\_access\_prevention | Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses public access prevention. only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `"inherited"` | no |
 | retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
+| soft\_delete\_policy\_retention\_days | The duration in days that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 7 days. The value must be in between 7 days and 90 days. Note: To disable the soft delete policy on a bucket, This field must be set to 0. | `number` | `null` | no |
 | storage\_bucket\_labels | Labels to apply to the storage bucket. | `map(string)` | `{}` | no |
 | storage\_bucket\_name | The name of the storage bucket to be created and used for log entries matching the filter. | `string` | n/a | yes |
 | storage\_class | The storage class of the storage bucket. | `string` | `"STANDARD"` | no |

diff --git a/modules/storage/main.tf b/modules/storage/main.tf
@@ -84,6 +84,13 @@ resource "google_storage_bucket" "bucket" {
       data_locations = var.data_locations
     }
   }
+
+  dynamic "soft_delete_policy" {
+    for_each = var.soft_delete_policy_retention_days == null ? [] : ["soft_delete_policy"]
+    content {
+      retention_duration_seconds = var.soft_delete_policy_retention_days * 24 * 60 * 60 // days to seconds
+    }
+  }
 }
 
 #--------------------------------#

diff --git a/modules/storage/variables.tf b/modules/storage/variables.tf
@@ -111,3 +111,9 @@ variable "public_access_prevention" {
   type        = string
   default     = "inherited"
 }
+
+variable "soft_delete_policy_retention_days" {
+  description = "The duration in days that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 7 days. The value must be in between 7 days and 90 days. Note: To disable the soft delete policy on a bucket, This field must be set to 0."
+  type        = number
+  default     = null
+}
diff --git a/modules/storage/versions.tf b/modules/storage/versions.tf
@@ -15,12 +15,12 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.42, < 6"
+      version = ">= 5.22, < 6"
     }
   }