Skip to content

Commit

Permalink
fix!: add deletion_protection to backup module and set it to false in…
Browse files Browse the repository at this point in the history
… … (#670)
  • Loading branch information
q2w authored Nov 26, 2024
1 parent 8cb3a03 commit 5e39538
Show file tree
Hide file tree
Showing 8 changed files with 26 additions and 4 deletions.
1 change: 1 addition & 0 deletions examples/mysql-backup-create-service-account/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,4 +56,5 @@ module "backup" {
backup_schedule = "5 * * * *"
export_schedule = "10 * * * *"
compress_export = false
deletion_protection = false
}
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ module "backup" {
service_account = "${data.google_project.test_project.number}[email protected]"
create_notification_channel = false
notification_channels = [google_monitoring_notification_channel.email.id]
deletion_protection = false
}

data "google_project" "test_project" {
Expand Down
11 changes: 9 additions & 2 deletions examples/postgresql-with-cross-region-failover/kms.tf
Original file line number Diff line number Diff line change
Expand Up @@ -60,15 +60,22 @@ resource "google_project_service_identity" "cloudsql_sa" {
service = "sqladmin.googleapis.com"
}

resource "time_sleep" "wait_10m" {
depends_on = [google_project_service_identity.cloudsql_sa]
create_duration = "10m"
}

resource "google_kms_crypto_key_iam_member" "crypto_key_region1" {
crypto_key_id = google_kms_crypto_key.cloudsql_region1_key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:${google_project_service_identity.cloudsql_sa.email}"
member = google_project_service_identity.cloudsql_sa.member
depends_on = [time_sleep.wait_10m]
}

resource "google_kms_crypto_key_iam_member" "crypto_key_region2" {
crypto_key_id = google_kms_crypto_key.cloudsql_region2_key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:${google_project_service_identity.cloudsql_sa.email}"
member = google_project_service_identity.cloudsql_sa.member
depends_on = [time_sleep.wait_10m]
}

1 change: 1 addition & 0 deletions modules/backup/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ fetch workflows.googleapis.com/Workflow
| compress\_export | Whether or not to compress the export when storing in the bucket; Only valid for MySQL and PostgreSQL | `bool` | `true` | no |
| connector\_params\_timeout | The end-to-end duration the connector call is allowed to run for before throwing a timeout exception. The default value is 1800 and this should be the maximum for connector methods that are not long-running operations. Otherwise, for long-running operations, the maximum timeout for a connector call is 31536000 seconds (one year). | `number` | `1800` | no |
| create\_notification\_channel | If set to true it will create email notification channel | `bool` | `false` | no |
| deletion\_protection | Whether Terraform will be prevented from destroying the workflow. | `bool` | `true` | no |
| enable\_backup\_monitoring | Whether to monitor backup workflows or not | `bool` | `false` | no |
| enable\_connector\_params | Whether to enable connector-specific parameters for Google Workflow SQL Export. | `bool` | `false` | no |
| enable\_export\_backup | Weather to create exports to GCS Buckets with this module | `bool` | `true` | no |
Expand Down
2 changes: 2 additions & 0 deletions modules/backup/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ resource "google_workflows_workflow" "sql_backup" {
backupRetentionTime = var.backup_retention_time
backupRunsListMaxResults = var.backup_runs_list_max_results
})
deletion_protection = var.deletion_protection
}

resource "google_cloud_scheduler_job" "sql_backup" {
Expand Down Expand Up @@ -171,6 +172,7 @@ resource "google_workflows_workflow" "sql_export" {
logDbName = var.log_db_name_to_export
serverlessExport = var.use_serverless_export
})
deletion_protection = var.deletion_protection
}

resource "google_cloud_scheduler_job" "sql_export" {
Expand Down
6 changes: 5 additions & 1 deletion modules/backup/metadata.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
dir: /modules/backup
actuationTool:
flavor: Terraform
version: ">= 0.13"
version: ">= 1.3"
description: {}
content:
examples:
Expand Down Expand Up @@ -89,6 +89,10 @@ spec:
description: If set to true it will create email notification channel
varType: bool
defaultValue: false
- name: deletion_protection
description: Whether Terraform will be prevented from destroying the workflow.
varType: bool
defaultValue: true
- name: enable_backup_monitoring
description: Whether to monitor backup workflows or not
varType: bool
Expand Down
6 changes: 6 additions & 0 deletions modules/backup/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -192,3 +192,9 @@ variable "notification_channels" {
type = list(string)
default = []
}

variable "deletion_protection" {
description = "Whether Terraform will be prevented from destroying the workflow."
type = bool
default = true
}
2 changes: 1 addition & 1 deletion modules/backup/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.0, < 7"
version = ">= 6.11.0, < 7"
}
}
}

0 comments on commit 5e39538

Please sign in to comment.