terraform-google-modules · apeabody · Jun 5, 2024 · Jun 5, 2024 · Jul 3, 2024 · Jul 31, 2024
diff --git a/README.md b/README.md
@@ -158,6 +158,7 @@ determining that location is as follows:
 | random\_project\_id\_length | Sets the length of `random_project_id` to the provided length, and uses a `random_string` for a larger collusion domain.  Recommended for use with CI. | `number` | `null` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |
+| svpc\_deletion\_policy | The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, "ABANDON". | `string` | `null` | no |
 | svpc\_host\_project\_id | The ID of the host project which hosts the shared VPC | `string` | `""` | no |
 | tag\_binding\_values | Tag values to bind the project to. | `list(string)` | `[]` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |

diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
@@ -186,6 +186,29 @@ module "service-project-c" {
   grant_network_role          = false
 }
 
+/******************************************
+  Fourth Service Project Creation
+  To test shared_vpc_deletion_policy
+ *****************************************/
+module "service-project-d" {
+  source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
+  version = "~> 15.0"
+
+  name              = "d-${var.service_project_name}"
+  random_project_id = false
+
+  org_id          = var.organization_id
+  folder_id       = var.folder_id
+  billing_account = var.billing_account
+
+  shared_vpc         = module.host-project.project_id
+  shared_vpc_subnets = module.vpc.subnets_self_links
+
+  svpc_deletion_policy = "ABANDON"
+
+  disable_services_on_destroy = false
+}
+
 /******************************************
   Example dependency on service-project
  *****************************************/

diff --git a/main.tf b/main.tf
@@ -39,6 +39,7 @@ module "project-factory" {
   project_id                         = var.project_id
   shared_vpc                         = var.svpc_host_project_id
   enable_shared_vpc_service_project  = var.svpc_host_project_id != ""
+  shared_vpc_deletion_policy         = var.svpc_deletion_policy
   enable_shared_vpc_host_project     = var.enable_shared_vpc_host_project
   grant_network_role                 = var.grant_network_role
   billing_account                    = var.billing_account

diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
@@ -121,6 +121,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
   host_project    = var.shared_vpc
   service_project = google_project.main.project_id
   depends_on      = [time_sleep.wait_5_seconds[0], module.project_services]
+  deletion_policy = var.shared_vpc_deletion_policy
 }
 
 resource "google_compute_shared_vpc_host_project" "shared_vpc_host" {

diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
@@ -223,6 +223,17 @@ variable "enable_shared_vpc_service_project" {
   type        = bool
 }
 
+variable "shared_vpc_deletion_policy" {
+  description = "The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, \"ABANDON\"."
+  type        = string
+  default     = null
+
+  validation {
+    condition     = (var.shared_vpc_deletion_policy == null || var.shared_vpc_deletion_policy == "ABANDON")
+    error_message = "The shared_vpc_deletion_policy value must be null or \"ABANDON\"."
+  }
+}
+
 variable "enable_shared_vpc_host_project" {
   description = "If this project is a shared VPC host project. If true, you must *not* set shared_vpc variable. Default is false."
   type        = bool

diff --git a/modules/svpc_service_project/README.md b/modules/svpc_service_project/README.md
@@ -64,6 +64,7 @@ module "service-project" {
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc | The ID of the host project which hosts the shared VPC | `string` | `""` | no |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |
+| svpc\_deletion\_policy | The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, "ABANDON". | `string` | `null` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |
 | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |
 

diff --git a/modules/svpc_service_project/main.tf b/modules/svpc_service_project/main.tf
@@ -38,6 +38,7 @@ module "project-factory" {
   project_id                        = var.project_id
   shared_vpc                        = var.shared_vpc
   enable_shared_vpc_service_project = true
+  shared_vpc_deletion_policy        = var.svpc_deletion_policy
   grant_network_role                = var.grant_network_role
   billing_account                   = var.billing_account
   folder_id                         = var.folder_id

diff --git a/modules/svpc_service_project/variables.tf b/modules/svpc_service_project/variables.tf
@@ -228,3 +228,9 @@ variable "default_network_tier" {
   type        = string
   default     = ""
 }
+
+variable "svpc_deletion_policy" {
+  description = "The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, \"ABANDON\"."
+  type        = string
+  default     = null
+}
diff --git a/variables.tf b/variables.tf
@@ -55,6 +55,12 @@ variable "svpc_host_project_id" {
   default     = ""
 }
 
+variable "svpc_deletion_policy" {
+  description = "The deletion policy for the service project shared VPC. Setting ABANDON allows the resource to be abandoned rather than deleted. Possible values are: null, \"ABANDON\"."
+  type        = string
+  default     = null
+}
+
 variable "enable_shared_vpc_host_project" {
   description = "If this project is a shared VPC host project. If true, you must *not* set svpc_host_project_id variable. Default is false."
   type        = bool