Implement Cloud SQL deletion protection

[ShubhamAvasthi]

I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note for Downstream PRs

sql_database_instance: added [new deletion protection](https://cloud.google.com/sql/docs/mysql/deletion-protection) feature `deletion_protection_enabled` to guard against deletion from all surfaces.

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I've detected that you're a community contributor. @c2thorn, a repository maintainer, has been assigned to assist you and help review your changes.

❓ First time contributing? Click here for more details

---

Your assigned reviewer will help review your code by:

• Ensuring it's backwards compatible, covers common error cases, etc.
• Summarizing the change into a user-facing changelog note.
• Passes tests, either our "VCR" suite, a set of presubmit tests, or with manual test runs.

You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails.

If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox.

---

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 1 file changed, 6 insertions(+))
Terraform Beta: Diff ( 1 file changed, 6 insertions(+))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

The provider crashed while running the VCR tests in REPLAYING mode
Please fix it to complete your PR
View the build log

[ShubhamAvasthi]

@c2thorn
The test failure looks like a flakiness issue. Can we rerun the tests?
Also, where can I document the change we are doing?
Basically, this change will protect instances from deletion not just in Terraform, but across other surfaces like gcloud and API as well.

[ShubhamAvasthi]

@c2thorn, just to add, I looked at the testing documentation here, but it does not explain where can I add details about the change. I want to document that we are using Cloud SQL's new accidental deletion protection feature not Terraform's local deletion protection.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 1 file changed, 6 insertions(+))
Terraform Beta: Diff ( 1 file changed, 6 insertions(+))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 1 file changed, 119 insertions(+), 109 deletions(-))
Terraform Beta: Diff ( 1 file changed, 119 insertions(+), 109 deletions(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 0
Passed tests 0
Skipped tests: 0
Failed tests: 0

Errors occurred during REPLAYING mode. Please fix them to complete your PR
View the build log

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 1 file changed, 9 insertions(+))
Terraform Beta: Diff ( 1 file changed, 9 insertions(+))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[multani]

@ShubhamAvasthi ShubhamAvasthi requested review from multani and removed request for c2thorn 4 minutes ago

You can keep @c2thorn as the main reviewer, I don't have any power here :)

[ShubhamAvasthi]

I removed @c2thorn by mistake and it looks like I cannot add him back.
I have contacted him internally so that he adds himself back as a reviewer.

[modular-magician]

The provider crashed while running the VCR tests in REPLAYING mode
Please fix it to complete your PR
View the build log

[c2thorn]

Hey @ShubhamAvasthi,
I discussed with my team, and we are not sure merging the TF-only deletion_protection_enabled field with settings.deletion_protection is the right approach.

While similar to the user, they have different behaviors behind the scenes. Also, merging would introduce immediate drift since the API default is false correct?

[ShubhamAvasthi]

@c2thorn, I will send you an email internally, which will address your concerns and explain our idea behind this change.

[ShubhamAvasthi]

@c2thorn, can you also please help me understand why the provider is crashing while running VCR tests? It does not look like it's caused by my changes.

[multani]

Any progress on this change? Can I help in any ways?

[ShubhamAvasthi]

@multani, there are a few different ways of implementing the feature in Terraform, each with its pros and cons.
We have not been able to have consensus on it, but will hopefully close this soon.

Thanks for offering to help but we will handle it!

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 94 insertions(+), 31 deletions(-))
Terraform Beta: Diff ( 3 files changed, 94 insertions(+), 31 deletions(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2172
Passed tests 1931
Skipped tests: 237
Failed tests: 4

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeInstance_soleTenantNodeAffinities|TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled|TestAccFirebaserulesRelease_BasicRelease|TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]
TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample[Debug log]

Tests failed during RECORDING mode:
TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]
TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[c2thorn]

Wanted to double-check the status of the PR here. I've been holding further review under the assumption that the failed TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled test was still being worked on.

All that should be left is to modify the destroy producer to accept the

 Error 400: The instance is protected. Please disable the deletion protection and try again. To disable deletion protection, update the instance settings with deletionProtectionEnabled set to false

error, or turn off the deletion protection at the end of the test so it can be deleted.

[ShubhamAvasthi]

@c2thorn, we found a minor issue in the backend, which is currently blocking this PR.

I have implemented a fix for that, but we will have to wait for it to roll out before submitting this PR.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 100 insertions(+), 34 deletions(-))
Terraform Beta: Diff ( 3 files changed, 100 insertions(+), 34 deletions(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2347
Passed tests 2097
Skipped tests: 246
Failed tests: 4

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccLoggingBucketConfigProject_cmekSettings|TestAccContainerCluster_withInvalidGatewayApiConfigChannel|TestAccIapWebIamPolicyGenerated|TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled

[modular-magician]

Tests passed during RECORDING mode:
TestAccLoggingBucketConfigProject_cmekSettings[Debug log]
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]
TestAccIapWebIamPolicyGenerated[Debug log]

Tests failed during RECORDING mode:
TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 100 insertions(+), 34 deletions(-))
Terraform Beta: Diff ( 3 files changed, 100 insertions(+), 34 deletions(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2347
Passed tests 2098
Skipped tests: 246
Failed tests: 3

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccContainerCluster_withInvalidGatewayApiConfigChannel|TestAccLoggingBucketConfigProject_cmekSettings|TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled

[modular-magician]

Tests passed during RECORDING mode:
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]
TestAccLoggingBucketConfigProject_cmekSettings[Debug log]

Tests failed during RECORDING mode:
TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 99 insertions(+), 34 deletions(-))
Terraform Beta: Diff ( 3 files changed, 99 insertions(+), 34 deletions(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2349
Passed tests 2095
Skipped tests: 246
Failed tests: 8

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccLoggingBucketConfigProject_cmekSettings|TestAccComputeRouterNat_withNatRules|TestAccComputeRouterNat_withPortAllocationMethods|TestAccComputeRouterNat_withNatIpsAndDrainNatIps|TestAccComputeRouterNat_removeLogConfig|TestAccComputeRouterNat_update|TestAccContainerCluster_withInvalidGatewayApiConfigChannel|TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled

[modular-magician]

Tests passed during RECORDING mode:
TestAccLoggingBucketConfigProject_cmekSettings[Debug log]
TestAccComputeRouterNat_withNatRules[Debug log]
TestAccComputeRouterNat_withPortAllocationMethods[Debug log]
TestAccComputeRouterNat_withNatIpsAndDrainNatIps[Debug log]
TestAccComputeRouterNat_removeLogConfig[Debug log]
TestAccComputeRouterNat_update[Debug log]
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]
TestAccSqlDatabaseInstance_settings_deletionProtectionEnabled[Debug log]

All tests passed
View the build log or the debug log for each test

[ShubhamAvasthi]

@c2thorn, I believe this PR is ready to submit after your review.

The API fix has been rolled-out, so we are good to go now.

[c2thorn]

LGTM. I've updated the release note as well. Thanks for your effort and patience with this feature