allow setting defaults/overrides for buckets force destroy in project factory (#3233)

2025-07-11 18:47:25 +02:00
parent 318da4c0c2
commit 2a1a630e9d
4 changed files with 28 additions and 12 deletions
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/automation.tf
+++ b/modules/project-factory/automation.tf
@@ -53,7 +53,11 @@ module "automation-bucket" {
  prefix         = each.value.prefix
  name           = "tf-state"
  encryption_key = lookup(each.value, "encryption_key", null)
-  force_destroy  = lookup(each.value, "force_destroy", null)
+  force_destroy = try(coalesce(
+    var.data_overrides.bucket.force_destroy,
+    each.value.force_destroy,
+    var.data_defaults.bucket.force_destroy,
+  ), null)
  iam = {
    for k, v in lookup(each.value, "iam", {}) : k => [
      for vv in v : try(
--- a/modules/project-factory/factory-projects.tf
+++ b/modules/project-factory/factory-projects.tf
@@ -68,12 +68,16 @@ locals {
  buckets = flatten([
    for k, v in local.projects : [
      for name, opts in v.buckets : {
-        project_key           = k
-        project_name          = v.name
-        name                  = name
-        description           = lookup(opts, "description", "Terraform-managed.")
-        encryption_key        = lookup(opts, "encryption_key", null)
-        force_destroy         = lookup(opts, "force_destroy", null)
+        project_key    = k
+        project_name   = v.name
+        name           = name
+        description    = lookup(opts, "description", "Terraform-managed.")
+        encryption_key = lookup(opts, "encryption_key", null)
+        force_destroy = try(coalesce(
+          var.data_overrides.bucket.force_destroy,
+          opts.force_destroy,
+          var.data_defaults.bucket.force_destroy,
+        ), null)
        iam                   = lookup(opts, "iam", {})
        iam_bindings          = lookup(opts, "iam_bindings", {})
        iam_bindings_additive = lookup(opts, "iam_bindings_additive", {})
--- a/modules/project-factory/variables.tf
+++ b/modules/project-factory/variables.tf
@@ -18,6 +18,9 @@ variable "data_defaults" {
  description = "Optional default values used when corresponding project data from files are missing."
  type = object({
    billing_account = optional(string)
+    bucket = optional(object({
+      force_destroy = optional(bool)
+    }), {})
    contacts        = optional(map(list(string)), {})
    deletion_policy = optional(string)
    factories_config = optional(object({
@@ -103,6 +106,9 @@ variable "data_overrides" {
  type = object({
    # data overrides default to null to mark that they should not override
    billing_account = optional(string)
+    bucket = optional(object({
+      force_destroy = optional(bool)
+    }), {})
    contacts        = optional(map(list(string)))
    deletion_policy = optional(string)
    factories_config = optional(object({
@@ -246,6 +252,7 @@ variable "factories_data" {
        bucket = optional(object({
          location                    = string
          description                 = optional(string)
+          force_destroy               = optional(bool)
          prefix                      = optional(string)
          storage_class               = optional(string, "STANDARD")
          uniform_bucket_level_access = optional(bool, true)
@@ -305,6 +312,7 @@ variable "factories_data" {
      buckets = optional(map(object({
        location                    = string
        description                 = optional(string)
+        force_destroy               = optional(bool)
        prefix                      = optional(string)
        storage_class               = optional(string, "STANDARD")
        uniform_bucket_level_access = optional(bool, true)