add support for universal deletion_policy (GoogleCloudPlatform#17380)

Author: NickElliot

mmv1/api/metadata/metadata.go

@@ -35,6 +35,12 @@ func FromResource(r api.Resource) Metadata {
 			ApiField: "selfLink",
 		})
 	}
+	if !r.DeletionPolicyExclude && !r.ExcludeDelete {
+		m.Fields = append(m.Fields, Field{
+			Field:        "deletion_policy",
+			ProviderOnly: true,
+		})
+	}
 	return m
 }
 

mmv1/api/metadata/metadata_test.go

@@ -21,8 +21,10 @@ func TestFromResource(t *testing.T) {
 		wantMetadata Metadata
 	}{
 		{
-			name:     "empty resource",
-			resource: api.Resource{},
+			name: "empty resource",
+			resource: api.Resource{
+				DeletionPolicyExclude: true,
+			},
 			wantMetadata: Metadata{
 				Resource:       "google_product_",
 				GenerationType: "mmv1",
@@ -55,6 +57,10 @@ func TestFromResource(t *testing.T) {
 					{
 						ApiField: "field",
 					},
+					{
+						Field:        "deletion_policy",
+						ProviderOnly: true,
+					},
 				},
 			},
 		},
@@ -87,6 +93,10 @@ func TestFromResource(t *testing.T) {
 					{
 						ApiField: "selfLink",
 					},
+					{
+						Field:        "deletion_policy",
+						ProviderOnly: true,
+					},
 				},
 			},
 		},

mmv1/api/resource.go

@@ -298,6 +298,19 @@ type Resource struct {
 	// public ca external account keys
 	ExcludeRead bool `yaml:"exclude_read,omitempty"`
 
+	// Set to true for resources that are excluded from universal deletion policy due to differing
+	// behavior on a universal option or use a different data type
+	DeletionPolicyExclude bool `yaml:"deletion_policy_exclude,omitempty"`
+
+	// Set to true for resources that have deletion policy fields with custom options that are
+	// compatible with the universal deletion policy
+	// if set to true, use implement `deletion_policy` within the yaml of the resource
+	DeletionPolicyCustomDocs bool `yaml:"deletion_policy_custom_docs,omitempty"`
+
+	// Set to the default deletion policy value for the resource.
+	// By default this will be "DELETE".
+	DeletionPolicyDefault string `yaml:"deletion_policy_default,omitempty"`
+
 	// Set to true for resources that wish to disable automatic generation of default provider
 	// value customdiff functions
 	// TODO rewrite: 1 instance used
@@ -492,6 +505,11 @@ func (r *Resource) setShallowDefaults() {
 	if r.Timeouts == nil {
 		r.Timeouts = NewTimeouts() // This only sets defaults if Timeouts is nil
 	}
+	if !r.DeletionPolicyExclude {
+		if r.DeletionPolicyDefault == "" {
+			r.DeletionPolicyDefault = "DELETE"
+		}
+	}
 }
 
 // SetDefault sets default values for this Resource and all its properties.

mmv1/products/alloydb/Cluster.yaml

@@ -60,6 +60,8 @@ custom_code:
   pre_update: 'templates/terraform/pre_update/alloydb_cluster.go.tmpl'
   pre_delete: 'templates/terraform/pre_delete/alloydb_cluster.go.tmpl'
   test_constants: 'templates/terraform/test_constants/import_tpgcompute.go.tmpl'
+deletion_policy_default: "DEFAULT"
+deletion_policy_custom_docs: true
 # Skipping the sweeper because we need to force-delete clusters.
 exclude_sweeper: true
 include_in_tgc_next: true
@@ -139,9 +141,17 @@ virtual_fields:
       Policy to determine if the cluster should be deleted forcefully.
       Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.
       Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.
-      Possible values: DEFAULT, FORCE
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+      When set to "DELETE", the command will behave as if set to "DEFAULT".
+
+      Possible values: DEFAULT, FORCE, PREVENT, ABANDON, DELETE
     type: String
-    default_value: "DEFAULT"
+    #excluded from generation due to Universal Deletion Policy
+    exclude: true
   - name: 'deletion_protection'
     description: |
       Whether Terraform will be prevented from destroying the cluster.

mmv1/products/chronicle/DataTable.yaml

@@ -23,6 +23,8 @@ import_format:
 
 update_verb: PATCH
 update_mask: true
+deletion_policy_default: "DEFAULT"
+deletion_policy_custom_docs: true
 references:
   guides:
     'Google SecOps Guides': 'https://cloud.google.com/chronicle/docs/secops/secops-overview'
@@ -52,9 +54,17 @@ virtual_fields:
       The policy governing the deletion of the data table.
       If set to `FORCE`, allows the deletion of the data table even if it contains rows.
       If set to `DEFAULT`,or if the field is omitted, the data table must be empty before it can be deleted.
-      Possible values: DEFAULT, FORCE
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+      When set to "DELETE", the command will behave as if set to "DEFAULT".
+
+      Possible values: DEFAULT, FORCE, PREVENT, ABANDON, DELETE
     type: String
-    default_value: "DEFAULT"
+    #excluded from generation due to Universal Deletion Policy
+    exclude: true
 
 parameters:
   - name: location

mmv1/products/chronicle/Rule.yaml

@@ -27,7 +27,8 @@ import_format:
 update_verb: PATCH
 update_mask: true
 autogen_status: UnVsZQ==
-
+deletion_policy_default: "DEFAULT"
+deletion_policy_custom_docs: true
 examples:
   - name: 'chronicle_rule_basic'
     primary_resource_id: example
@@ -61,11 +62,19 @@ virtual_fields:
       If deletion_policy = "FORCE", any retrohunts and any detections associated with the rule
       will also be deleted. If deletion_policy = "DEFAULT", the call will only succeed if the
       rule has no associated retrohunts, including completed retrohunts, and no
-      associated detections. Regardless of this field's value, the rule
-      deployment associated with this rule will also be deleted.
-      Possible values: DEFAULT, FORCE
+      associated detections. Regardless of being set to "FORCE" the rule
+      deployment associated with this rule will also be deleted if deletion is successful.
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+      When set to "DELETE", the command will behave as if set to "DEFAULT".
+
+      Possible values: DEFAULT, FORCE, PREVENT, ABANDON, DELETE
     type: String
-    default_value: "DEFAULT"
+    #excluded from generation due to Universal Deletion Policy
+    exclude: true
 
 parameters:
   - name: location

mmv1/products/containerattached/Cluster.yaml

@@ -45,6 +45,7 @@ custom_code:
   constants: 'templates/terraform/constants/containerattached_cluster_diff.go.tmpl'
   pre_update: 'templates/terraform/pre_update/containerattached_update.go.tmpl'
   pre_delete: 'templates/terraform/pre_delete/container_attached_deletion_policy.go.tmpl'
+deletion_policy_custom_docs: true
 examples:
   - name: 'container_attached_cluster_basic'
     primary_resource_id: 'primary'
@@ -71,9 +72,18 @@ examples:
       - 'deletion_policy'
 virtual_fields:
   - name: 'deletion_policy'
-    description: 'Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS'
+    description: |
+      Policy to determine what flags to send on delete.
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+
+      Possible values: DELETE, DELETE_IGNORE_ERRORS, PREVENT, ABANDON'. Defaults to 'DELETE'.
     type: String
-    default_value: "DELETE"
+    #excluded from generation due to Universal Deletion Policy
+    exclude: true
 parameters:
 properties:
   - name: 'location'

mmv1/products/dataform/Repository.yaml

@@ -37,6 +37,7 @@ iam_policy:
   min_version: 'beta'
 custom_code:
   pre_delete: 'templates/terraform/pre_delete/dataform_repository.go.tmpl'
+deletion_policy_custom_docs: true
 examples:
   - name: 'dataform_repository'
     primary_resource_id: 'dataform_repository'
@@ -92,11 +93,17 @@ virtual_fields:
   - name: 'deletion_policy'
     type: Enum
     description: |
-      Policy to control how the repository and its child resources are deleted. When set to `FORCE`, any child resources of this repository will also be deleted. Possible values: `DELETE`, `FORCE`. Defaults to `DELETE`.
-    default_value: 'DELETE'
-    enum_values:
-      - 'DELETE'
-      - 'FORCE'
+      Policy to control how the repository and its child resources are deleted.
+      When set to `FORCE`, any child resources of this repository will also be deleted.
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+
+      Possible values: `DELETE`, `FORCE`, 'PREVENT', 'ABANDON'. Defaults to `DELETE`.
+    #excluded from generation due to Universal Deletion Policy
+    exclude: true
 parameters:
   - name: 'region'
     type: String

mmv1/products/datastream/PrivateConnection.yaml

@@ -27,6 +27,8 @@ create_url: 'projects/{{project}}/locations/{{location}}/privateConnections?priv
 immutable: true
 import_format:
   - 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}'
+deletion_policy_custom_docs: true
+deletion_policy_default: "FORCE"
 timeouts:
   insert_minutes: 30
   update_minutes: 30
@@ -82,9 +84,14 @@ virtual_fields:
       The deletion policy for the private connection. Setting `FORCE` will also delete any child
       routes that belong to this private connection. Setting `DEFAULT` will fail the delete if
       child routes exist. Defaults to `FORCE` for backwards compatibility.
-      Possible values: `DEFAULT`, `FORCE`.
+
+      When a 'terraform destroy' or 'terraform apply' would delete the resource,
+      the command will fail if this field is set to "PREVENT" in Terraform state.
+      When set to "ABANDON", the command will remove the resource from Terraform
+      management without updating or deleting the resource in the API.
+      When set to "DELETE", the command will behave as if set to "DEFAULT".
     type: String
-    default_value: "FORCE"
+    exclude: true
 parameters:
   - name: 'privateConnectionId'
     type: String

mmv1/products/firebase/AndroidApp.yaml

@@ -81,14 +81,6 @@ examples:
     ignore_read_extra:
       - 'project'
       - 'deletion_policy'
-virtual_fields:
-  - name: 'deletion_policy'
-    description: |
-      (Optional) Set to `ABANDON` to allow the AndroidApp to be untracked from terraform state
-      rather than deleted upon `terraform destroy`. This is useful because the AndroidApp may be
-      serving traffic. Set to `DELETE` to delete the AndroidApp. Defaults to `DELETE`.
-    type: String
-    default_value: "DELETE"
 parameters:
 properties:
   - name: 'name'