Add a functionality to create a snapshot before a disk is deleted (GoogleCloudPlatform#12947)

Co-authored-by: Cameron Thornton <[email protected]>

Author: 2 people

mmv1/products/compute/Disk.yaml

@@ -567,3 +567,15 @@ properties:
     default_from_api: true
     update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}?paths=accessMode'
     update_verb: 'PATCH'
+virtual_fields:
+  - name: 'create_snapshot_before_destroy'
+    type: Boolean
+    default_value: false
+    description: |
+      If set to true, a snapshot of the disk will be created before it is destroyed.
+      If your disk is encrypted with customer managed encryption keys these will be reused for the snapshot creation.
+      The name of the snapshot by default will be `{{disk-name}}-YYYYMMDD-HHmm`
+  - name: 'create_snapshot_before_destroy_prefix'
+    type: String
+    description: |
+      This will set a custom name prefix for the snapshot that's created when the disk is deleted.

mmv1/products/compute/RegionDisk.yaml

@@ -133,6 +133,13 @@ properties:
           Specifies a 256-bit customer-supplied encryption key, encoded in
           RFC 4648 base64 to either encrypt or decrypt this resource.
         sensitive: true
+      - name: 'rsaEncryptedKey'
+        type: String
+        description: |
+          Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+          customer-supplied encryption key to either encrypt or decrypt
+          this resource. You can provide either the rawKey or the rsaEncryptedKey.
+        sensitive: true
       - name: 'sha256'
         type: String
         description: |
@@ -363,3 +370,15 @@ properties:
       description: 'An applicable license URI'
       resource: 'License'
       imports: 'selfLink'
+virtual_fields:
+  - name: 'create_snapshot_before_destroy'
+    type: Boolean
+    default_value: false
+    description: |
+      If set to true, a snapshot of the disk will be created before it is destroyed.
+      If your disk is encrypted with customer managed encryption keys these will be reused for the snapshot creation.
+      The name of the snapshot by default will be `{{disk-name}}-YYYYMMDD-HHmm`
+  - name: 'create_snapshot_before_destroy_prefix'
+    type: String
+    description: |
+      This will set a custom name prefix for the snapshot that's created when the disk is deleted.

mmv1/templates/terraform/pre_delete/detach_disk.tmpl

@@ -15,6 +15,53 @@ if err != nil {
 	return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeDisk %q", d.Id()))
 }
 
+// if the create_snapshot_before_destroy is set to true then create a snapshot before deleting the disk
+	if d.Get("create_snapshot_before_destroy").(bool) {
+		instanceName := d.Get("name").(string)
+		nameOrigin := "disk"
+		if d.Get("create_snapshot_before_destroy_prefix").(string) != "" {
+			instanceName = d.Get("create_snapshot_before_destroy_prefix").(string)
+			nameOrigin = "create_snapshot_before_destroy_prefix"
+		}
+
+		if len(instanceName) > 48 {
+			return fmt.Errorf(`Your %s name is too long to perform this action. The max is 48 characters. Please use "create_snapshot_before_destroy_prefix" to set a custom name for the snapshot.`, nameOrigin)
+		}
+
+		snapshotObj := &compute.Snapshot{
+			Name:       fmt.Sprintf("%s-%s", instanceName, time.Now().Format("20060102-150405")),
+			SourceDisk: d.Get("self_link").(string),
+		}
+
+		//Handling encryption
+		if d.Get("disk_encryption_key.0.raw_key").(string) != "" {
+			snapshotObj.SourceDiskEncryptionKey = &compute.CustomerEncryptionKey{
+				RawKey: d.Get("disk_encryption_key.0.raw_key").(string),
+			}
+			snapshotObj.SnapshotEncryptionKey = &compute.CustomerEncryptionKey{
+				RawKey: d.Get("disk_encryption_key.0.raw_key").(string),
+			}
+		}
+
+		if d.Get("disk_encryption_key.0.rsa_encrypted_key").(string) != "" {
+			snapshotObj.SourceDiskEncryptionKey = &compute.CustomerEncryptionKey{
+				RsaEncryptedKey: d.Get("disk_encryption_key.0.rsa_encrypted_key").(string),
+			}
+			snapshotObj.SnapshotEncryptionKey = &compute.CustomerEncryptionKey{
+				RsaEncryptedKey: d.Get("disk_encryption_key.0.rsa_encrypted_key").(string),
+			}
+		}
+
+		snapshot, err := config.NewComputeClient(userAgent).Snapshots.Insert(project, snapshotObj).Do()
+		if err != nil {
+			return fmt.Errorf("Error creating snapshot: %s", err)
+		}
+		err = ComputeOperationWaitTime(config, snapshot, project, "Creating Snapshot", userAgent, d.Timeout(schema.TimeoutCreate))
+		if err != nil {
+			return err
+		}
+	}
+
 // if disks are attached to instances, they must be detached before the disk can be deleted
 if v, ok := readRes["users"].([]interface{}); ok {
 	type detachArgs struct{ project, zone, instance, deviceName string }

mmv1/third_party/terraform/services/compute/resource_compute_disk_test.go.tmpl

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
@@ -896,6 +897,26 @@ func testAccCheckEncryptionKey(t *testing.T, n string, disk *compute.Disk) resou
 	}
 }
 
+func testAccCheckComputeDisk_removeBackupSnapshot(t *testing.T, parentDiskName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		config := acctest.GoogleProviderConfig(t)
+		snapshot, err := config.NewComputeClient(config.UserAgent).Snapshots.List(envvar.GetTestProjectFromEnv()).Filter(fmt.Sprintf("name eq %s.*", parentDiskName)).Do()
+		if err != nil {
+			return err
+		}
+
+		if len(snapshot.Items) == 0 {
+			return fmt.Errorf("No snapshot found")
+		}
+
+		op, err := config.NewComputeClient(config.UserAgent).Snapshots.Delete(envvar.GetTestProjectFromEnv(), snapshot.Items[0].Name).Do()
+		if err != nil {
+			return err
+		}
+		return tpgcompute.ComputeOperationWaitTime(config, op, envvar.GetTestProjectFromEnv(), "Deleting Snapshot", config.UserAgent, 10*time.Minute)
+	}
+}
+
 func TestAccComputeDisk_cloneDisk(t *testing.T) {
 	t.Parallel()
 	pid := envvar.GetTestProjectFromEnv()
@@ -1070,6 +1091,52 @@ func TestAccComputeDisk_featuresUpdated(t *testing.T) {
 	})
 }
 
+func TestAccComputeDisk_createSnapshotBeforeDestroy(t *testing.T) {
+	acctest.SkipIfVcr(t) // Disk cleanup test check 
+	t.Parallel()
+
+	var disk1 compute.Disk
+	var disk2 compute.Disk
+	var disk3 compute.Disk
+	context := map[string]interface{}{
+		"disk_name1":        fmt.Sprintf("tf-test-disk-%s", acctest.RandString(t, 10)),
+		"disk_name2":        fmt.Sprintf("test-%s", acctest.RandString(t, 44)), //this is over the snapshot character creation limit of 48
+		"disk_name3":        fmt.Sprintf("tf-test-disk-%s", acctest.RandString(t, 10)),
+		"snapshot_prefix":   fmt.Sprintf("tf-test-snapshot-%s", acctest.RandString(t, 10)),
+		"kms_key_self_link": acctest.BootstrapKMSKey(t).CryptoKey.Name,
+		"raw_key":           "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"rsa_encrypted_key": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oeQ5lAbtt7bYAAHf5l+gJWw3sUfs0/Glw5fpdjT8Uggrr+RMZezGrltJEF293rvTIjWOEB3z5OHyHwQkvdrPDFcTqsLfh+8Hr8g+mf+7zVPEC8nEbqpdl3GPv3A7AwpFp7MA==",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeDiskDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeDisk_createSnapshotBeforeDestroy_init(context),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDiskExists(
+						t, "google_compute_disk.raw-encrypted-name", envvar.GetTestProjectFromEnv(), &disk1),
+					testAccCheckComputeDiskExists(
+						t, "google_compute_disk.rsa-encrypted-prefix", envvar.GetTestProjectFromEnv(), &disk2),
+					testAccCheckComputeDiskExists(
+						t, "google_compute_disk.kms-encrypted-name", envvar.GetTestProjectFromEnv(), &disk3),
+				),
+			},
+			{
+				Config:  testAccComputeDisk_createSnapshotBeforeDestroy_init(context),
+				Destroy: true,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["disk_name1"].(string)),
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["snapshot_prefix"].(string)),
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["disk_name3"].(string)),
+				),
+			},
+		},
+	})
+}
+
 
 func testAccComputeDisk_basic(diskName string, diskType string) string {
 	return fmt.Sprintf(`
@@ -2017,6 +2084,49 @@ resource "google_compute_disk" "foobar" {
 `, diskName, accessMode)
 }
 
+func testAccComputeDisk_createSnapshotBeforeDestroy_init(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_disk" "raw-encrypted-name" {
+  name = "%{disk_name1}"
+  type = "pd-ssd"
+  size = 10
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+
+  create_snapshot_before_destroy = true
+}
+
+resource "google_compute_disk" "rsa-encrypted-prefix" {
+  name = "%{disk_name2}"
+  type = "pd-ssd"
+  size = 10
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+
+  create_snapshot_before_destroy = true
+  create_snapshot_before_destroy_prefix = "%{snapshot_prefix}"
+}
+
+resource "google_compute_disk" "kms-encrypted-name" {
+  name = "%{disk_name3}"
+  type = "pd-ssd"
+  size = 10
+  zone  = "us-central1-a"
+
+  disk_encryption_key {
+	kms_key_self_link = "%{kms_key_self_link}"
+  }
+
+  create_snapshot_before_destroy = true
+}`, context)
+}
+
 func testAccComputeDisk_architecture(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_compute_disk" "foobar" {

mmv1/third_party/terraform/services/compute/resource_compute_region_disk_test.go.tmpl

@@ -252,6 +252,51 @@ func TestAccComputeRegionDisk_featuresUpdated(t *testing.T) {
 	})
 }
 
+func TestAccComputeRegionDisk_createSnapshotBeforeDestroy(t *testing.T) {
+	acctest.SkipIfVcr(t) // Disk cleanup test check
+	t.Parallel()
+
+	var disk1 compute.Disk
+	var disk2 compute.Disk
+	var disk3 compute.Disk
+	context := map[string]interface{}{
+		"disk_name1":        fmt.Sprintf("tf-test-disk-%s", acctest.RandString(t, 10)),
+		"disk_name2":        fmt.Sprintf("test-%s", acctest.RandString(t, 44)), //this is over the snapshot character creation limit of 48
+		"disk_name3":        fmt.Sprintf("tf-test-disk-%s", acctest.RandString(t, 10)),
+		"snapshot_prefix":   fmt.Sprintf("tf-test-snapshot-%s", acctest.RandString(t, 10)),
+		"kms_key_self_link": acctest.BootstrapKMSKey(t).CryptoKey.Name,
+		"raw_key":           "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=",
+		"rsa_encrypted_key": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oeQ5lAbtt7bYAAHf5l+gJWw3sUfs0/Glw5fpdjT8Uggrr+RMZezGrltJEF293rvTIjWOEB3z5OHyHwQkvdrPDFcTqsLfh+8Hr8g+mf+7zVPEC8nEbqpdl3GPv3A7AwpFp7MA==",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeRegionDiskDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionDisk_createSnapshotBeforeDestroy_init(context),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionDiskExists(
+						t, "google_compute_region_disk.raw-encrypted-name", &disk1),
+					testAccCheckComputeRegionDiskExists(
+						t, "google_compute_region_disk.rsa-encrypted-prefix", &disk2),
+					testAccCheckComputeRegionDiskExists(
+						t, "google_compute_region_disk.kms-encrypted-name", &disk3),
+				),
+			},
+			{
+				Config:  testAccComputeRegionDisk_createSnapshotBeforeDestroy_init(context),
+				Destroy: true,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["disk_name1"].(string)),
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["snapshot_prefix"].(string)),
+					testAccCheckComputeDisk_removeBackupSnapshot(t, context["disk_name3"].(string)),
+				),
+			},
+		},
+	})
+}
 
 func testAccCheckComputeRegionDiskExists(t *testing.T, n string, disk *compute.Disk) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
@@ -564,3 +609,51 @@ resource "google_compute_region_disk" "regiondisk" {
 }
 `, diskName)
 }
+
+func testAccComputeRegionDisk_createSnapshotBeforeDestroy_init(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_region_disk" "raw-encrypted-name" {
+  name = "%{disk_name1}"
+  type = "pd-ssd"
+  size = 10
+  region = "us-central1"
+  replica_zones = ["us-central1-a", "us-central1-f"]
+
+  disk_encryption_key {
+	raw_key = "%{raw_key}"
+  }
+
+  create_snapshot_before_destroy = true
+}
+
+resource "google_compute_region_disk" "rsa-encrypted-prefix" {
+  name = "%{disk_name2}"
+  type = "pd-ssd"
+  size = 10
+  region = "us-central1"
+  replica_zones = ["us-central1-a", "us-central1-f"]
+
+  disk_encryption_key {
+	rsa_encrypted_key = "%{rsa_encrypted_key}"
+  }
+
+  create_snapshot_before_destroy = true
+  create_snapshot_before_destroy_prefix = "%{snapshot_prefix}"
+}
+
+resource "google_compute_region_disk" "kms-encrypted-name" {
+  name = "%{disk_name3}"
+  type = "pd-ssd"
+  size = 10
+  region = "us-central1"
+  replica_zones = ["us-central1-a", "us-central1-f"]
+
+  disk_encryption_key {
+	kms_key_name = "%{kms_key_self_link}"
+  }
+
+  create_snapshot_before_destroy = true
+}
+
+`, context)
+}