From 2a1a630e9dd89f190958b23029bb16bac5c25ea3 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 11 Jul 2025 18:47:25 +0200 Subject: [PATCH] allow setting defaults/overrides for buckets force destroy in project factory (#3233) --- modules/project-factory/README.md | 10 +++++----- modules/project-factory/automation.tf | 6 +++++- modules/project-factory/factory-projects.tf | 16 ++++++++++------ modules/project-factory/variables.tf | 8 ++++++++ 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md index f3e79a188..3b74b2992 100644 --- a/modules/project-factory/README.md +++ b/modules/project-factory/README.md @@ -526,11 +526,11 @@ service_accounts: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [factories_config](variables.tf#L140) | Path to folder with YAML resource description data files. | object({…}) | ✓ | | -| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | -| [data_merges](variables.tf#L82) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | -| [data_overrides](variables.tf#L101) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | -| [factories_data](variables.tf#L168) | Alternate factory data input allowing to use this module as a library. Merged with local YAML data. | object({…}) | | {} | +| [factories_config](variables.tf#L146) | Path to folder with YAML resource description data files. | object({…}) | ✓ | | +| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | +| [data_merges](variables.tf#L85) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | +| [data_overrides](variables.tf#L104) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | +| [factories_data](variables.tf#L174) | Alternate factory data input allowing to use this module as a library. Merged with local YAML data. | object({…}) | | {} | ## Outputs diff --git a/modules/project-factory/automation.tf b/modules/project-factory/automation.tf index e03d850ac..856587cfe 100644 --- a/modules/project-factory/automation.tf +++ b/modules/project-factory/automation.tf @@ -53,7 +53,11 @@ module "automation-bucket" { prefix = each.value.prefix name = "tf-state" encryption_key = lookup(each.value, "encryption_key", null) - force_destroy = lookup(each.value, "force_destroy", null) + force_destroy = try(coalesce( + var.data_overrides.bucket.force_destroy, + each.value.force_destroy, + var.data_defaults.bucket.force_destroy, + ), null) iam = { for k, v in lookup(each.value, "iam", {}) : k => [ for vv in v : try( diff --git a/modules/project-factory/factory-projects.tf b/modules/project-factory/factory-projects.tf index 0df5b260a..b6ca278ba 100644 --- a/modules/project-factory/factory-projects.tf +++ b/modules/project-factory/factory-projects.tf @@ -68,12 +68,16 @@ locals { buckets = flatten([ for k, v in local.projects : [ for name, opts in v.buckets : { - project_key = k - project_name = v.name - name = name - description = lookup(opts, "description", "Terraform-managed.") - encryption_key = lookup(opts, "encryption_key", null) - force_destroy = lookup(opts, "force_destroy", null) + project_key = k + project_name = v.name + name = name + description = lookup(opts, "description", "Terraform-managed.") + encryption_key = lookup(opts, "encryption_key", null) + force_destroy = try(coalesce( + var.data_overrides.bucket.force_destroy, + opts.force_destroy, + var.data_defaults.bucket.force_destroy, + ), null) iam = lookup(opts, "iam", {}) iam_bindings = lookup(opts, "iam_bindings", {}) iam_bindings_additive = lookup(opts, "iam_bindings_additive", {}) diff --git a/modules/project-factory/variables.tf b/modules/project-factory/variables.tf index dd54c24f2..de8db5ec2 100644 --- a/modules/project-factory/variables.tf +++ b/modules/project-factory/variables.tf @@ -18,6 +18,9 @@ variable "data_defaults" { description = "Optional default values used when corresponding project data from files are missing." type = object({ billing_account = optional(string) + bucket = optional(object({ + force_destroy = optional(bool) + }), {}) contacts = optional(map(list(string)), {}) deletion_policy = optional(string) factories_config = optional(object({ @@ -103,6 +106,9 @@ variable "data_overrides" { type = object({ # data overrides default to null to mark that they should not override billing_account = optional(string) + bucket = optional(object({ + force_destroy = optional(bool) + }), {}) contacts = optional(map(list(string))) deletion_policy = optional(string) factories_config = optional(object({ @@ -246,6 +252,7 @@ variable "factories_data" { bucket = optional(object({ location = string description = optional(string) + force_destroy = optional(bool) prefix = optional(string) storage_class = optional(string, "STANDARD") uniform_bucket_level_access = optional(bool, true) @@ -305,6 +312,7 @@ variable "factories_data" { buckets = optional(map(object({ location = string description = optional(string) + force_destroy = optional(bool) prefix = optional(string) storage_class = optional(string, "STANDARD") uniform_bucket_level_access = optional(bool, true)