Add deletion_protection attribute to google_project resource

[linouk23]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Did we consider adding deletion_protection attribute (similar to google_bigquery_table resource to prevent users from accidentally deleting the project?

New or Affected Resource(s)

• google_project

Potential Terraform Configuration

resource "google_project" "my_project" {
  name       = "My Project"
  project_id = "your-project-id"
  org_id     = "1234567"
  # new deletion_protection attribute that defaults to true
}

b/350514911

[rileykarson]

Note: There's a built-in GCP resource to add addtl deletion protection past Terraform's plan stage / lifecycle rule, https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/resource_manager_lien.

It's still opt-in, so an opt-out deletion_protection is still valuable, but less so that for some other resources w/o addtl protections.

[haizaar]

Agree with @rileykarson that while liens are useful if deletion is attempted outside of TF, removing lien definition together with project definition from a .tf file will cause TF to happily nuke both.

Hence having opt-out deletion_protection option will be useful.