feat: automated terraform remote backend template

[ferrarimarco]

Description

In this example, we show how to provision a Cloud Storage bucket and then generate a Terraform backend configuration file.

Checklist

Readiness

• [x] Yes, merge this PR after it is approved
• [ ] No, don't merge this PR after it is approved

Style

• [x] My sample follows the rules described for Terraform in the Effective Samples style guide
• [x] My sample follows the other requirements and best practices in the Contributing guide

Testing

• [x] I have performed tests described in the Contributing guide:

  • [x] Tests pass: terraform apply
  • [x] Lint pass: terraform fmt check

Intended location

• [x] Yes, this sample will be (or already is) included on cloud.google.com Location(s): we'll use the sample to update https://cloud.google.com/docs/terraform/resource-management/store-state

• [ ] No, this sample won't be included on cloud.google.com Reason:

API enablement

• [x] If the sample needs an API enabled to pass testing, I have added the service to the Test setup file

Review

• [x] If this sample adds a new directory, I have added codeowners to the CODEOWNERS file

[snippet-bot[bot]]

Here is the summary of changes.

You are about to add 3 region tags.

- [storage/remote_terraform_backend_template/main.tf:15](https://github.com/terraform-google-modules/terraform-docs-samples/blob/efce2d54ebf6b98e6e9dc8640fe6d1f13a836ad7/storage/remote_terraform_backend_template/main.tf#L15), tag `storage_remote_terraform_backend_template` - [storage/remote_terraform_backend_template/main.tf:16](https://github.com/terraform-google-modules/terraform-docs-samples/blob/efce2d54ebf6b98e6e9dc8640fe6d1f13a836ad7/storage/remote_terraform_backend_template/main.tf#L16), tag `storage_bucket_tf_with_versioning_pap_uap_no_destroy` - [storage/remote_terraform_backend_template/main.tf:35](https://github.com/terraform-google-modules/terraform-docs-samples/blob/efce2d54ebf6b98e6e9dc8640fe6d1f13a836ad7/storage/remote_terraform_backend_template/main.tf#L35), tag `storage_remote_backend_local_file`

---

This comment is generated by snippet-bot. If you find problems with this result, please file an issue at: https://github.com/googleapis/repo-automation-bots/issues. To update this comment, add snippet-bot:force-run label or use the checkbox below:

• [ ] Refresh this comment

[ferrarimarco]

The build is failing on terraform destroy because this example generates a file to configure a gcs backend after running terraform apply. Thus, it needs to run terraform init -migrate-state to make use of the gcs state after generating that file, as we'll describe in the docs.

Considering that force_destroy is set to false for the Cloud Storage bucket that we configure as a remote backend, deletion will likely fail even if we run terraform init -migrate-state after running terraform apply because that bucket is going to be non-empty, and I would like to leave forse_destroy set to false.

Given that there should be a copy of the local state in the working directory because the first terraform apply run used a local backend, I would suggest running command right after running terraform apply to delete the generated backend.tf file. Does the test framework support this scenario? I'm not familiar with blueprint-test, so I don't know the answer to this question :(

[glasnt]

If this is what a user should be doing to use this functionality, but CI can't do it, we can add a flag to validate the Terraform but not apply/destroy it in CI.

I've also made some style updates, and moved the additional instructions to a README (these would appear inline in the region tag, when they should be part of the docs around the region tag)

[ferrarimarco]

Thanks for reviewing, and for the fixes.

The lint workflow is failing and references a non-existing Make target:

Error: Documentation generation has not been run, please run the
'make docker_generate_docs' command and commit the above changes.

The Cloud Build job is failing, but I don't see details about the failure in the log, besides the check name :(

Thanks for your help here @glasnt !

[glasnt]

The README issue is from the CFT system, which expects a very specific format. Having a sample README is unusual, so I will update it just so the lint checks are ok.

The Cloud Build test failures are unrelated to this change. I'll re-run them when I update the branch

[ferrarimarco]

Thanks @glasnt !

[apeabody]

If this is what a user should be doing to use this functionality, but CI can't do it, we can add a flag to validate the Terraform but not apply/destroy it in CI.

I've also made some style updates, and moved the additional instructions to a README (these would appear inline in the region tag, when they should be part of the docs around the region tag)

@glasnt This would be a good use case for the new tf "plan" validation (no apply/destroy) option: https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/pull/2258/files

Would require updates to the local repo and sample_test.go, perhaps store the validation plan under the relevant samples? I know of several other examples which are currently skipped for which this would be useful.