From 8630d0daf779b62be96adc01f9c0281dda3891c4 Mon Sep 17 00:00:00 2001
From: xuchenma <67921399+xuchenma@users.noreply.github.com>
Date: Thu, 18 Aug 2022 10:59:35 -0700
Subject: [PATCH] Add support for retention when deleting ApigeeOrganization
 (#6350)

* Add support for retention when deleting ApigeeOrganization

* Skip status check for delete org call

* Add update to status check
---
 mmv1/products/apigee/api.yaml                 |  15 +++
 mmv1/products/apigee/terraform.yaml           |  12 +-
 .../apigee_organization_retention_test.tf.erb | 116 ++++++++++++++++++
 3 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 mmv1/templates/terraform/examples/apigee_organization_retention_test.tf.erb

diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml
index 8096ac90bf2d..3b3897e0eb6e 100644
--- a/mmv1/products/apigee/api.yaml
+++ b/mmv1/products/apigee/api.yaml
@@ -36,8 +36,10 @@ objects:
     name: 'Organization'
     base_url: 'organizations'
     create_url: 'organizations?parent=projects/{{project_id}}'
+    delete_url: 'organizations/{{name}}?retention={{retention}}'
     self_link: 'organizations/{{name}}'
     async: !ruby/object:Api::OpAsync
+      actions: ['create', 'update']
       operation: !ruby/object:Api::OpAsync::Operation
         path: 'name'
         base_url: '{{op_id}}'
@@ -64,6 +66,19 @@ objects:
         required: true
         input: true
         url_param_only: true
+      - !ruby/object:Api::Type::Enum
+        name: 'retention'
+        description: |
+          Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
+          is not EVALUATION). It controls how long Organization data will be retained after the initial delete
+          operation completes. During this period, the Organization may be restored to its last known state.
+          After this period, the Organization will no longer be able to be restored.
+        values:
+          - "DELETION_RETENTION_UNSPECIFIED"
+          - "MINIMUM"
+        default_value: :DELETION_RETENTION_UNSPECIFIED
+        required: false
+        url_param_only: true
     properties:
       - !ruby/object:Api::Type::String
         name: 'name'
diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml
index 36ba33ef1376..571297238f51 100644
--- a/mmv1/products/apigee/terraform.yaml
+++ b/mmv1/products/apigee/terraform.yaml
@@ -47,6 +47,16 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       min_version: beta
       # Resource creation race
       skip_vcr: true
+    - !ruby/object:Provider::Terraform::Examples
+      name: "apigee_organization_retention_test"
+      primary_resource_id: "org"
+      test_env_vars:
+        org_id: :ORG_ID
+        billing_account: :BILLING_ACCT
+      skip_docs: true
+      min_version: beta
+      # Resource creation race
+      skip_vcr: true
     properties:
       billingType: !ruby/object:Overrides::Terraform::PropertyOverride
         default_from_api: true
@@ -75,7 +85,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       skip_vcr: true
     - !ruby/object:Provider::Terraform::Examples
       name: "apigee_instance_cidr_range"
-      skip_test: true      
+      skip_test: true
     - !ruby/object:Provider::Terraform::Examples
       # This is a more verbose version of the above that creates all
       # the resources needed for the acceptance test.
diff --git a/mmv1/templates/terraform/examples/apigee_organization_retention_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_retention_test.tf.erb
new file mode 100644
index 000000000000..365ba939e5a0
--- /dev/null
+++ b/mmv1/templates/terraform/examples/apigee_organization_retention_test.tf.erb
@@ -0,0 +1,116 @@
+resource "google_project" "project" {
+  provider = google-beta
+
+  project_id      = "tf-test%{random_suffix}"
+  name            = "tf-test%{random_suffix}"
+  org_id          = "<%= ctx[:test_env_vars]['org_id'] %>"
+  billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>"
+}
+
+resource "google_project_service" "apigee" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "apigee.googleapis.com"
+}
+
+resource "google_project_service" "compute" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "compute.googleapis.com"
+}
+
+resource "google_project_service" "servicenetworking" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "servicenetworking.googleapis.com"
+}
+
+resource "google_project_service" "kms" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = "cloudkms.googleapis.com"
+}
+
+resource "google_compute_network" "apigee_network" {
+  provider = google-beta
+
+  name       = "apigee-network"
+  project    = google_project.project.project_id
+  depends_on = [google_project_service.compute]
+}
+
+resource "google_compute_global_address" "apigee_range" {
+  provider = google-beta
+
+  name          = "apigee-range"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.apigee_network.id
+  project       = google_project.project.project_id
+}
+
+resource "google_service_networking_connection" "apigee_vpc_connection" {
+  provider = google-beta
+
+  network                 = google_compute_network.apigee_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
+  depends_on              = [google_project_service.servicenetworking]
+}
+
+resource "google_kms_key_ring" "apigee_keyring" {
+  provider = google-beta
+
+  name       = "apigee-keyring"
+  location   = "us-central1"
+  project    = google_project.project.project_id
+  depends_on = [google_project_service.kms]
+}
+
+resource "google_kms_crypto_key" "apigee_key" {
+  provider = google-beta
+
+  name            = "apigee-key"
+  key_ring        = google_kms_key_ring.apigee_keyring.id
+}
+
+resource "google_project_service_identity" "apigee_sa" {
+  provider = google-beta
+
+  project = google_project.project.project_id
+  service = google_project_service.apigee.service
+}
+
+resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
+  provider = google-beta
+
+  crypto_key_id = google_kms_crypto_key.apigee_key.id
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+
+  members = [
+    "serviceAccount:${google_project_service_identity.apigee_sa.email}",
+  ]
+}
+
+resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" {
+  provider = google-beta
+
+  analytics_region                     = "us-central1"
+  project_id                           = google_project.project.project_id
+  authorized_network                   = google_compute_network.apigee_network.id
+  billing_type                         = "PAYG"
+  runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id
+  retention                            = "MINIMUM"
+
+  depends_on = [
+    google_service_networking_connection.apigee_vpc_connection,
+    google_project_service.apigee,
+    google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
+  ]
+}
+