hashicorp · modular-magician · Aug 18, 2022 · Aug 18, 2022
@@ -0,0 +1,3 @@
+```release-note:enhancement
+apigee: added support for specifying retention when deleting `google_apigee_organization`
+```
@@ -78,6 +78,16 @@ Valid only when 'RuntimeType' is set to CLOUD. The value can be updated only whe
 				Optional:    true,
 				Description: `The display name of the Apigee organization.`,
 			},
+			"retention": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateEnum([]string{"DELETION_RETENTION_UNSPECIFIED", "MINIMUM", ""}),
+				Description: `Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
+is not EVALUATION). It controls how long Organization data will be retained after the initial delete
+operation completes. During this period, the Organization may be restored to its last known state.
+After this period, the Organization will no longer be able to be restored. Default value: "DELETION_RETENTION_UNSPECIFIED" Possible values: ["DELETION_RETENTION_UNSPECIFIED", "MINIMUM"]`,
+				Default: "DELETION_RETENTION_UNSPECIFIED",
+			},
 			"runtime_database_encryption_key_name": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -382,7 +392,7 @@ func resourceApigeeOrganizationDelete(d *schema.ResourceData, meta interface{})
 
 	billingProject := ""
 
-	url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{name}}")
+	url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{name}}?retention={{retention}}")
 	if err != nil {
 		return err
 	}
@@ -400,14 +410,6 @@ func resourceApigeeOrganizationDelete(d *schema.ResourceData, meta interface{})
 		return handleNotFoundError(err, d, "Organization")
 	}
 
-	err = apigeeOperationWaitTime(
-		config, res, "Deleting Organization", userAgent,
-		d.Timeout(schema.TimeoutDelete))
-
-	if err != nil {
-		return err
-	}
-
 	log.Printf("[DEBUG] Finished deleting Organization %q: %#v", d.Id(), res)
 	return nil
 }

@@ -45,7 +45,7 @@ func TestAccApigeeOrganization_apigeeOrganizationCloudBasicTestExample(t *testin
 				ResourceName:            "google_apigee_organization.org",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"project_id"},
+				ImportStateVerifyIgnore: []string{"project_id", "retention"},
 			},
 		},
 	})
@@ -131,7 +131,7 @@ func TestAccApigeeOrganization_apigeeOrganizationCloudFullTestExample(t *testing
 				ResourceName:            "google_apigee_organization.org",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"project_id"},
+				ImportStateVerifyIgnore: []string{"project_id", "retention"},
 			},
 		},
 	})
@@ -257,6 +257,154 @@ resource "google_apigee_organization" "org" {
 `, context)
 }
 
+func TestAccApigeeOrganization_apigeeOrganizationRetentionTestExample(t *testing.T) {
+	skipIfVcr(t)
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id":          getTestOrgFromEnv(t),
+		"billing_account": getTestBillingAccountFromEnv(t),
+		"random_suffix":   randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccCheckApigeeOrganizationDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccApigeeOrganization_apigeeOrganizationRetentionTestExample(context),
+			},
+			{
+				ResourceName:            "google_apigee_organization.org",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"project_id", "retention"},
+			},
+		},
+	})
+}
+
+func testAccApigeeOrganization_apigeeOrganizationRetentionTestExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_project" "project" {
+  provider = google-beta
+
+  project_id      = "tf-test%{random_suffix}"
+  name            = "tf-test%{random_suffix}"
+  org_id          = "%{org_id}"
+  billing_account = "%{billing_account}"
+}
+
+resource "google_project_service" "apigee" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "apigee.googleapis.com"
+}
+
+resource "google_project_service" "compute" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "compute.googleapis.com"
+}
+
+resource "google_project_service" "servicenetworking" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "servicenetworking.googleapis.com"
+}
+
+resource "google_project_service" "kms" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "cloudkms.googleapis.com"
+}
+
+resource "google_compute_network" "apigee_network" {
+  provider = google-beta
+
+  name       = "apigee-network"
+  project    = google_project.project.project_id
+  depends_on = [google_project_service.compute]
+}
+
+resource "google_compute_global_address" "apigee_range" {
+  provider = google-beta
+
+  name          = "apigee-range"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.apigee_network.id
+  project       = google_project.project.project_id
+}
+
+resource "google_service_networking_connection" "apigee_vpc_connection" {
+  provider = google-beta
+
+  network                 = google_compute_network.apigee_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
+  depends_on              = [google_project_service.servicenetworking]
+}
+
+resource "google_kms_key_ring" "apigee_keyring" {
+  provider = google-beta
+
+  name       = "apigee-keyring"
+  location   = "us-central1"
+  project    = google_project.project.project_id
+  depends_on = [google_project_service.kms]
+}
+
+resource "google_kms_crypto_key" "apigee_key" {
+  provider = google-beta
+
+  name            = "apigee-key"
+  key_ring        = google_kms_key_ring.apigee_keyring.id
+}
+
+resource "google_project_service_identity" "apigee_sa" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = google_project_service.apigee.service
+}
+
+resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
+  provider = google-beta
+
+  crypto_key_id = google_kms_crypto_key.apigee_key.id
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+
+  members = [
+    "serviceAccount:${google_project_service_identity.apigee_sa.email}",
+  ]
+}
+
+resource "google_apigee_organization" "org" {
+  provider = google-beta
+
+  analytics_region                     = "us-central1"
+  project_id                           = google_project.project.project_id
+  authorized_network                   = google_compute_network.apigee_network.id
+  billing_type                         = "PAYG"
+  runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id
+  retention                            = "MINIMUM"
+
+  depends_on = [
+    google_service_networking_connection.apigee_vpc_connection,
+    google_project_service.apigee,
+    google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
+  ]
+}
+`, context)
+}
+
 func testAccCheckApigeeOrganizationDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

@@ -99,7 +99,7 @@ func testSweepApigeeOrganization(region string) error {
 			continue
 		}
 
-		deleteTemplate := "https://apigee.googleapis.com/v1/organizations/{{name}}"
+		deleteTemplate := "https://apigee.googleapis.com/v1/organizations/{{name}}?retention={{retention}}"
 		deleteUrl, err := replaceVars(d, config, deleteTemplate)
 		if err != nil {
 			log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err)

@@ -176,6 +176,15 @@ The following arguments are supported:
   If not specified, a Google-Managed encryption key will be used.
   Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`.
 
+* `retention` -
+  (Optional)
+  Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
+  is not EVALUATION). It controls how long Organization data will be retained after the initial delete
+  operation completes. During this period, the Organization may be restored to its last known state.
+  After this period, the Organization will no longer be able to be restored.
+  Default value is `DELETION_RETENTION_UNSPECIFIED`.
+  Possible values are `DELETION_RETENTION_UNSPECIFIED` and `MINIMUM`.
+
 
 ## Attributes Reference