Make deletion protection consistent across all modules (#1735)

* Expose deletion_protection in GKE modules

* Make deletion protection consistent across all modules

* Add deletion_protection option to blueprints

* Fix blueprints tests

* Fix types

* Update READMEs

* Fix dp readme

* Fix cmek blueprint default deletion_protection

* Fix blueprints tests

blueprints/third-party-solutions/wordpress/cloudrun/README.md

@@ -122,19 +122,20 @@ The above command will delete the associated resources so there will be no billa
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L63) | Prefix used for resource names. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L81) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ |  |
-| [wordpress_image](variables.tf#L92) | Image to run with Cloud Run, starts with \"gcr.io\". | <code>string</code> | ✓ |  |
+| [prefix](variables.tf#L70) | Prefix used for resource names. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L88) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ |  |
+| [wordpress_image](variables.tf#L99) | Image to run with Cloud Run, starts with \"gcr.io\". | <code>string</code> | ✓ |  |
 | [admin_principal](variables.tf#L17) | User or group that is assigned roles, in IAM format (`group:foo@example.com`). | <code>string</code> |  | <code>null</code> |
 | [cloud_run_invoker](variables.tf#L24) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone). | <code>string</code> |  | <code>&#34;allUsers&#34;</code> |
 | [cloudsql_password](variables.tf#L30) | CloudSQL password (will be randomly generated by default). | <code>string</code> |  | <code>null</code> |
 | [connector](variables.tf#L36) | Existing VPC serverless connector to use if not creating a new one. | <code>string</code> |  | <code>null</code> |
 | [create_connector](variables.tf#L42) | Should a VPC serverless connector be created or not. | <code>bool</code> |  | <code>true</code> |
-| [ip_ranges](variables.tf#L49) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | <code title="object&#40;&#123;&#10;  connector &#61; string&#10;  psa       &#61; string&#10;  sql_vpc   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  connector &#61; &#34;10.8.0.0&#47;28&#34;&#10;  psa       &#61; &#34;10.60.0.0&#47;24&#34;&#10;  sql_vpc   &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [project_create](variables.tf#L72) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [region](variables.tf#L86) | Region for the created resources. | <code>string</code> |  | <code>&#34;europe-west4&#34;</code> |
-| [wordpress_password](variables.tf#L97) | Password for the Wordpress user (will be randomly generated by default). | <code>string</code> |  | <code>null</code> |
-| [wordpress_port](variables.tf#L103) | Port for the Wordpress image. | <code>number</code> |  | <code>8080</code> |
+| [deletion_protection](variables.tf#L48) | Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail. | <code>bool</code> |  | <code>false</code> |
+| [ip_ranges](variables.tf#L56) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC. | <code title="object&#40;&#123;&#10;  connector &#61; string&#10;  psa       &#61; string&#10;  sql_vpc   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  connector &#61; &#34;10.8.0.0&#47;28&#34;&#10;  psa       &#61; &#34;10.60.0.0&#47;24&#34;&#10;  sql_vpc   &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [project_create](variables.tf#L79) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [region](variables.tf#L93) | Region for the created resources. | <code>string</code> |  | <code>&#34;europe-west4&#34;</code> |
+| [wordpress_password](variables.tf#L104) | Password for the Wordpress user (will be randomly generated by default). | <code>string</code> |  | <code>null</code> |
+| [wordpress_port](variables.tf#L110) | Port for the Wordpress image. | <code>number</code> |  | <code>8080</code> |
 
 ## Outputs
 

blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,4 +63,5 @@ module "cloudsql" {
   users = {
     "${local.cloudsql_conf.user}" = var.cloudsql_password
   }
+  deletion_protection = false
 }

blueprints/third-party-solutions/wordpress/cloudrun/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,6 +45,13 @@ variable "create_connector" {
   default     = true
 }
 
+variable "deletion_protection" {
+  description = "Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail."
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
 # PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
 variable "ip_ranges" {
   description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC."