feat: add svpc deletion policy

Author: apeabody

README.md

@@ -157,6 +157,7 @@ determining that location is as follows:
 | random\_project\_id\_length | Sets the length of `random_project_id` to the provided length, and uses a `random_string` for a larger collusion domain.  Recommended for use with CI. | `number` | `null` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |
+| svpc\_deletion\_policy | The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, "ABANDON". | `string` | `null` | no |
 | svpc\_host\_project\_id | The ID of the host project which hosts the shared VPC | `string` | `""` | no |
 | tag\_binding\_values | Tag values to bind the project to. | `list(string)` | `[]` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |

main.tf

@@ -39,6 +39,7 @@ module "project-factory" {
   project_id                         = var.project_id
   shared_vpc                         = var.svpc_host_project_id
   enable_shared_vpc_service_project  = var.svpc_host_project_id != ""
+  shared_vpc_deletion_policy         = var.svpc_deletion_policy
   enable_shared_vpc_host_project     = var.enable_shared_vpc_host_project
   grant_network_role                 = var.grant_network_role
   billing_account                    = var.billing_account

modules/core_project_factory/main.tf

@@ -121,6 +121,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
   host_project    = var.shared_vpc
   service_project = google_project.main.project_id
   depends_on      = [time_sleep.wait_5_seconds[0], module.project_services]
+  deletion_policy = var.shared_vpc_deletion_policy
 }
 
 resource "google_compute_shared_vpc_host_project" "shared_vpc_host" {

modules/core_project_factory/variables.tf

@@ -223,6 +223,17 @@ variable "enable_shared_vpc_service_project" {
   type        = bool
 }
 
+variable "shared_vpc_deletion_policy" {
+  description = "The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, \"ABANDON\"."
+  type        = string
+  default     = null
+
+  validation {
+    condition     = (var.shared_vpc_deletion_policy == null || var.shared_vpc_deletion_policy == "ABANDON")
+    error_message = "The shared_vpc_deletion_policy value must be null or \"ABANDON\"."
+  }
+}
+
 variable "enable_shared_vpc_host_project" {
   description = "If this project is a shared VPC host project. If true, you must *not* set shared_vpc variable. Default is false."
   type        = bool

variables.tf

@@ -55,6 +55,12 @@ variable "svpc_host_project_id" {
   default     = ""
 }
 
+variable "svpc_deletion_policy" {
+  description = "The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, \"ABANDON\"."
+  type        = string
+  default     = null
+}
+
 variable "enable_shared_vpc_host_project" {
   description = "If this project is a shared VPC host project. If true, you must *not* set svpc_host_project_id variable. Default is false."
   type        = bool