From 6b3a4bab4501c5c82262023451e9de3c4c346a0b Mon Sep 17 00:00:00 2001
From: Matt Moore <mattmoor@chainguard.dev>
Date: Mon, 30 Sep 2024 21:05:59 -0700
Subject: [PATCH] Plumb through a deletion protection option. (#544)

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
---
 modules/app/main.tf      | 2 ++
 modules/app/variables.tf | 6 ++++++
 modules/app/webhook.tf   | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/modules/app/main.tf b/modules/app/main.tf
index 76d657ed..4a17d6a8 100644
--- a/modules/app/main.tf
+++ b/modules/app/main.tf
@@ -77,6 +77,8 @@ module "this" {
   name       = var.name
   regions    = var.regions
 
+  deletion_protection = var.deletion_protection
+
   // Only accept traffic coming from GCLB.
   ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"
   // This needs to egress in order to talk to Github
diff --git a/modules/app/variables.tf b/modules/app/variables.tf
index a939e00f..6b0039cd 100644
--- a/modules/app/variables.tf
+++ b/modules/app/variables.tf
@@ -15,6 +15,12 @@ variable "regions" {
   }))
 }
 
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether to enable delete protection for the service."
+  default     = true
+}
+
 variable "private-services" {
   description = "The names of the private services this module depends on."
   type = object({
diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf
index 96f7918d..fd3f5729 100644
--- a/modules/app/webhook.tf
+++ b/modules/app/webhook.tf
@@ -26,6 +26,8 @@ module "webhook" {
   name       = "${var.name}-webhook"
   regions    = var.regions
 
+  deletion_protection = var.deletion_protection
+
   // Only accept traffic coming from GCLB.
   ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"
   // This needs to egress in order to talk to Github