Support instance deletion protection (#56)

also bump google provider version to 3.57.0

.circleci/config.yml

@@ -91,15 +91,15 @@ workflows:
   version: 2
   test:
     jobs:
-      # We have to explicitly tell CircleCI to run on all tags and branches, or tag commits/pushes will not trigger
-      # builds: https://circleci.com/docs/2.0/workflows/#git-tag-job-execution.
       - precommit:
+          context:
+            - Gruntwork GCP
           filters:
-            branches:
-              only: /.*/
             tags:
-              only: /.*/
+              only: /^v.*/
       - test:
+          context:
+            - Gruntwork GCP
           requires:
             - precommit
           filters:

examples/client-certificate/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }

examples/mysql-private-ip/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -80,6 +80,11 @@ module "mysql" {
   engine       = var.mysql_version
   machine_type = var.machine_type
 
+  # To make it easier to test this example, we are disabling deletion protection so we can destroy the databases
+  # during the tests. By default, we recommend setting deletion_protection to true, to ensure database instances are
+  # not inadvertently destroyed.
+  deletion_protection = false
+
   # These together will construct the master_user privileges, i.e.
   # 'master_user_name'@'master_user_host' IDENTIFIED BY 'master_user_password'.
   # These should typically be set as the environment variable TF_VAR_master_user_password, etc.

examples/mysql-public-ip/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -59,10 +59,13 @@ module "mysql" {
   master_user_name = var.master_user_name
   master_user_host = "%"
 
-  # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
-  # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
-  # addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
+  # To make it easier to test this example, we are giving the instances public IP addresses and allowing inbound
+  # connections from anywhere. We also disable deletion protection so we can destroy the databases during the tests.
+  # In real-world usage, your instances should live in private subnets, only have private IP addresses, and only allow
+  # access from specific trusted networks, servers or applications in your VPC. By default, we recommend setting
+  # deletion_protection to true, to ensure database instances are not inadvertently destroyed.
   enable_public_internet_access = true
+  deletion_protection           = false
 
   # Default setting for this is 'false' in 'variables.tf'
   # In the test cases, we're setting this to true, to test forced SSL.

examples/mysql-replicas/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -54,10 +54,13 @@ module "mysql" {
 
   master_zone = var.master_zone
 
-  # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
-  # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
-  # addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
+  # To make it easier to test this example, we are giving the instances public IP addresses and allowing inbound
+  # connections from anywhere. We also disable deletion protection so we can destroy the databases during the tests.
+  # In real-world usage, your instances should live in private subnets, only have private IP addresses, and only allow
+  # access from specific trusted networks, servers or applications in your VPC. By default, we recommend setting
+  # deletion_protection to true, to ensure database instances are not inadvertently destroyed.
   enable_public_internet_access = true
+  deletion_protection           = false
 
   authorized_networks = [
     {

examples/postgres-private-ip/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -80,6 +80,11 @@ module "postgres" {
   engine       = var.postgres_version
   machine_type = var.machine_type
 
+  # To make it easier to test this example, we are disabling deletion protection so we can destroy the databases
+  # during the tests. By default, we recommend setting deletion_protection to true, to ensure database instances are
+  # not inadvertently destroyed.
+  deletion_protection = false
+
   # These together will construct the master_user privileges, i.e.
   # 'master_user_name'@'master_user_host' IDENTIFIED BY 'master_user_password'.
   # These should typically be set as the environment variable TF_VAR_master_user_password, etc.

examples/postgres-public-ip/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -57,10 +57,13 @@ module "postgres" {
   master_user_password = var.master_user_password
   master_user_name     = var.master_user_name
 
-  # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
-  # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
-  # addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
+  # To make it easier to test this example, we are giving the instances public IP addresses and allowing inbound
+  # connections from anywhere. We also disable deletion protection so we can destroy the databases during the tests.
+  # In real-world usage, your instances should live in private subnets, only have private IP addresses, and only allow
+  # access from specific trusted networks, servers or applications in your VPC. By default, we recommend setting
+  # deletion_protection to true, to ensure database instances are not inadvertently destroyed.
   enable_public_internet_access = true
+  deletion_protection           = false
 
   # Default setting for this is 'false' in 'variables.tf'
   # In the test cases, we're setting this to true, to test forced SSL.

examples/postgres-replicas/main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }
@@ -54,10 +54,13 @@ module "postgres" {
 
   master_zone = var.master_zone
 
-  # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
-  # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
-  # addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
+  # To make it easier to test this example, we are giving the instances public IP addresses and allowing inbound
+  # connections from anywhere. We also disable deletion protection so we can destroy the databases during the tests.
+  # In real-world usage, your instances should live in private subnets, only have private IP addresses, and only allow
+  # access from specific trusted networks, servers or applications in your VPC. By default, we recommend setting
+  # deletion_protection to true, to ensure database instances are not inadvertently destroyed.
   enable_public_internet_access = true
+  deletion_protection           = false
 
   authorized_networks = [
     {

main.tf

@@ -7,7 +7,7 @@
 # ------------------------------------------------------------------------------
 
 provider "google-beta" {
-  version = "~> 3.43.0"
+  version = "~> 3.57.0"
   project = var.project
   region  = var.region
 }

modules/cloud-sql/main.tf

@@ -45,6 +45,9 @@ resource "google_sql_database_instance" "master" {
   region           = var.region
   database_version = var.engine
 
+  # Whether or not to allow Terraform to destroy the instance.
+  deletion_protection = var.deletion_protection
+
   settings {
     tier              = var.machine_type
     activation_policy = var.activation_policy
@@ -73,9 +76,10 @@ resource "google_sql_database_instance" "master" {
     }
 
     backup_configuration {
-      binary_log_enabled = local.actual_binary_log_enabled
-      enabled            = var.backup_enabled
-      start_time         = var.backup_start_time
+      binary_log_enabled             = local.actual_binary_log_enabled
+      enabled                        = var.backup_enabled
+      start_time                     = var.backup_start_time
+      point_in_time_recovery_enabled = local.is_postgres ? var.postgres_point_in_time_recovery_enabled : null
     }
 
     maintenance_window {
@@ -172,6 +176,9 @@ resource "google_sql_database_instance" "failover_replica" {
   # The name of the instance that will act as the master in the replication setup.
   master_instance_name = google_sql_database_instance.master.name
 
+  # Whether or not to allow Terraform to destroy the instance.
+  deletion_protection = var.deletion_protection
+
   replica_configuration {
     # Specifies that the replica is the failover target.
     failover_target = true
@@ -252,6 +259,9 @@ resource "google_sql_database_instance" "read_replica" {
   # The name of the instance that will act as the master in the replication setup.
   master_instance_name = google_sql_database_instance.master.name
 
+  # Whether or not to allow Terraform to destroy the instance.
+  deletion_protection = var.deletion_protection
+
   replica_configuration {
     # Specifies that the replica is not the failover target.
     failover_target = false

modules/cloud-sql/variables.tf

@@ -81,6 +81,12 @@ variable "backup_start_time" {
   default     = "04:00"
 }
 
+variable "postgres_point_in_time_recovery_enabled" {
+  description = "Will restart database if enabled after instance creation - only applicable to PostgreSQL"
+  type        = bool
+  default     = false
+}
+
 variable "mysql_binary_log_enabled" {
   description = "Set to false if you want to disable binary logs - only applicable to MySQL. Note, when using failover or read replicas, master and existing backups need to have binary_log_enabled=true set."
   type        = bool
@@ -226,6 +232,13 @@ variable "resource_timeout" {
   default     = "60m"
 }
 
+# Whether or not to allow Terraform to destroy the instance.
+variable "deletion_protection" {
+  description = "Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply command that deletes the instance will fail."
+  type        = bool
+  default     = "true"
+}
+
 # ---------------------------------------------------------------------------------------------------------------------
 # MODULE DEPENDENCIES
 # Workaround Terraform limitation where there is no module depends_on.