feat: project-factory folders support deletion_protection (#3595)

* feat: project-factory buckets support deletion_protection * chore: Update all folder.schema.json --------- Co-authored-by: Julio Castillo <jccb@google.com>
2025-12-18 14:25:05 +00:00
parent 0ac51b6050
commit 1eb93db427
13 changed files with 31 additions and 6 deletions
--- a/fast/stages/0-org-setup/schemas/folder.schema.json
+++ b/fast/stages/0-org-setup/schemas/folder.schema.json
@@ -149,6 +149,9 @@
        }
      }
    },
+    "deletion_protection": {
+      "type": "boolean"
+    },
    "factories_config": {
      "type": "object",
      "additionalProperties": false,
--- a/fast/stages/0-org-setup/schemas/folder.schema.md
+++ b/fast/stages/0-org-setup/schemas/folder.schema.md
@@ -52,6 +52,7 @@
      <br>*additional properties: false*
      - **exempted_members**: *array*
        - items: *string*
+- **deletion_protection**: *boolean*
 - **factories_config**: *object*
  <br>*additional properties: false*
  - **org_policies**: *string*
--- a/fast/stages/2-networking/schemas/folder.schema.json
+++ b/fast/stages/2-networking/schemas/folder.schema.json
@@ -149,6 +149,9 @@
        }
      }
    },
+    "deletion_protection": {
+      "type": "boolean"
+    },
    "factories_config": {
      "type": "object",
      "additionalProperties": false,
--- a/fast/stages/2-networking/schemas/folder.schema.md
+++ b/fast/stages/2-networking/schemas/folder.schema.md
@@ -52,6 +52,7 @@
      <br>*additional properties: false*
      - **exempted_members**: *array*
        - items: *string*
+- **deletion_protection**: *boolean*
 - **factories_config**: *object*
  <br>*additional properties: false*
  - **org_policies**: *string*
--- a/fast/stages/2-project-factory/schemas/folder.schema.json
+++ b/fast/stages/2-project-factory/schemas/folder.schema.json
@@ -149,6 +149,9 @@
        }
      }
    },
+    "deletion_protection": {
+      "type": "boolean"
+    },
    "factories_config": {
      "type": "object",
      "additionalProperties": false,
--- a/fast/stages/2-project-factory/schemas/folder.schema.md
+++ b/fast/stages/2-project-factory/schemas/folder.schema.md
@@ -52,6 +52,7 @@
      <br>*additional properties: false*
      - **exempted_members**: *array*
        - items: *string*
+- **deletion_protection**: *boolean*
 - **factories_config**: *object*
  <br>*additional properties: false*
  - **org_policies**: *string*
--- a/fast/stages/2-security/schemas/folder.schema.json
+++ b/fast/stages/2-security/schemas/folder.schema.json
@@ -149,6 +149,9 @@
        }
      }
    },
+    "deletion_protection": {
+      "type": "boolean"
+    },
    "factories_config": {
      "type": "object",
      "additionalProperties": false,
--- a/fast/stages/2-security/schemas/folder.schema.md
+++ b/fast/stages/2-security/schemas/folder.schema.md
@@ -52,6 +52,7 @@
      <br>*additional properties: false*
      - **exempted_members**: *array*
        - items: *string*
+- **deletion_protection**: *boolean*
 - **factories_config**: *object*
  <br>*additional properties: false*
  - **org_policies**: *string*
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/folders.tf
+++ b/modules/project-factory/folders.tf
@@ -57,8 +57,9 @@ module "folder-1" {
  for_each = {
    for k, v in local.folders_input : k => v if v.level == 1
  }
-  parent = coalesce(each.value.parent, "$folder_ids:default")
-  name   = each.value.name
+  deletion_protection = lookup(each.value, "deletion_protection", false)
+  parent              = coalesce(each.value.parent, "$folder_ids:default")
+  name                = each.value.name
  factories_config = {
    org_policies           = try(each.value.factories_config.org_policies, null)
    scc_sha_custom_modules = try(each.value.factories_config.scc_sha_custom_modules, null)
@@ -99,6 +100,7 @@ module "folder-2" {
  for_each = {
    for k, v in local.folders_input : k => v if v.level == 2
  }
+  deletion_protection = lookup(each.value, "deletion_protection", false)
  parent = coalesce(
    each.value.parent, "$folder_ids:${each.value.parent_key}"
  )
@@ -151,6 +153,7 @@ module "folder-3" {
  for_each = {
    for k, v in local.folders_input : k => v if v.level == 3
  }
+  deletion_protection = lookup(each.value, "deletion_protection", false)
  parent = coalesce(
    each.value.parent, "$folder_ids:${each.value.parent_key}"
  )
@@ -203,6 +206,7 @@ module "folder-4" {
  for_each = {
    for k, v in local.folders_input : k => v if v.level == 4
  }
+  deletion_protection = lookup(each.value, "deletion_protection", false)
  parent = coalesce(
    each.value.parent, "$folder_ids:${each.value.parent_key}"
  )
--- a/modules/project-factory/schemas/folder.schema.json
+++ b/modules/project-factory/schemas/folder.schema.json
@@ -149,6 +149,9 @@
        }
      }
    },
+    "deletion_protection": {
+      "type": "boolean"
+    },
    "factories_config": {
      "type": "object",
      "additionalProperties": false,
--- a/modules/project-factory/schemas/folder.schema.md
+++ b/modules/project-factory/schemas/folder.schema.md
@@ -52,6 +52,7 @@
      <br>*additional properties: false*
      - **exempted_members**: *array*
        - items: *string*
+- **deletion_protection**: *boolean*
 - **factories_config**: *object*
  <br>*additional properties: false*
  - **org_policies**: *string*
--- a/modules/project-factory/variables-folders.tf
+++ b/modules/project-factory/variables-folders.tf
@@ -17,9 +17,10 @@
 variable "folders" {
  description = "Folders data merged with factory data."
  type = map(object({
-    name   = optional(string)
-    parent = optional(string)
-    iam    = optional(map(list(string)), {})
+    name                = optional(string)
+    parent              = optional(string)
+    deletion_protection = optional(bool)
+    iam                 = optional(map(list(string)), {})
    iam_bindings = optional(map(object({
      members = list(string)
      role    = string