Implement schedule_deletion_days field for KMS vaults and keys

examples/kms/key.tf

@@ -3,9 +3,10 @@
 
 resource "oci_kms_key" "test_key" {
   #Required
-  compartment_id      = var.compartment_id
-  display_name        = var.key_display_name
-  management_endpoint = data.oci_kms_vault.test_vault.management_endpoint
+  compartment_id         = var.compartment_id
+  display_name           = var.key_display_name
+  management_endpoint    = data.oci_kms_vault.test_vault.management_endpoint
+  schedule_deletion_days = var.schedule_deletion_days
 
   key_shape {
     #Required

examples/kms/keyVersion.tf

@@ -2,4 +2,5 @@ resource "oci_kms_key_version" "test_key_version" {
   #Required
   key_id = oci_kms_key.test_key.id
   management_endpoint = data.oci_kms_vault.test_vault.management_endpoint
+  schedule_deletion_days = var.schedule_deletion_days
 }

examples/kms/variables.tf

@@ -107,3 +107,8 @@ variable "key_restore_trigger" {
 variable "vault_restore_trigger" {
   default = false
 }
+
+variable "schedule_deletion_days" {
+  type    = number
+  default = 30
+}

examples/kms/vault.tf

@@ -4,6 +4,6 @@ resource "oci_kms_vault" "private-vault-kms" {
 
   display_name = var.vault_display_name
   vault_type   = var.vault_type[0]
-}
-
 
+  schedule_deletion_days = var.schedule_deletion_days
+}

examples/vault_secret/main.tf

@@ -52,6 +52,7 @@ resource "oci_vault_secret" "test_secret" {
   key_id = var.kms_key_ocid
   secret_name = "TFsample1"
   vault_id    = var.kms_vault_ocid
+  schedule_deletion_days = 30
 }
 
 

go.mod

@@ -5,7 +5,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/hashicorp/hcl2 v0.0.0-20190618163856-0b64543c968c
-	github.com/hashicorp/terraform-exec v0.14.0
+	github.com/hashicorp/terraform-exec v0.15.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0
 	github.com/stretchr/testify v1.8.4
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
@@ -38,7 +38,7 @@ require (
 	github.com/hashicorp/go-version v1.3.0
 	github.com/hashicorp/hcl/v2 v2.8.2 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-json v0.12.0 // indirect
+	github.com/hashicorp/terraform-json v0.13.0 // indirect
 	github.com/hashicorp/terraform-plugin-go v0.3.0 // indirect
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -58,7 +58,7 @@ require (
 	github.com/sony/gobreaker v0.5.0 // indirect
 	github.com/ulikunitz/xz v0.5.8 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/zclconf/go-cty v1.8.4 // indirect
+	github.com/zclconf/go-cty v1.9.1 // indirect
 	go.opencensus.io v0.22.4 // indirect
 	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect

go.sum

@@ -206,8 +206,14 @@ github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/terraform-exec v0.14.0 h1:UQoUcxKTZZXhyyK68Cwn4mApT4mnFPmEXPiqaHL9r+w=
 github.com/hashicorp/terraform-exec v0.14.0/go.mod h1:qrAASDq28KZiMPDnQ02sFS9udcqEkRly002EA2izXTA=
+github.com/hashicorp/terraform-exec v0.15.0 h1:cqjh4d8HYNQrDoEmlSGelHmg2DYDh5yayckvJ5bV18E=
+github.com/hashicorp/terraform-exec v0.15.0/go.mod h1:H4IG8ZxanU+NW0ZpDRNsvh9f0ul7C0nHP+rUR/CHs7I=
+github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM=
+github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg=
 github.com/hashicorp/terraform-json v0.12.0 h1:8czPgEEWWPROStjkWPUnTQDXmpmZPlkQAwYYLETaTvw=
 github.com/hashicorp/terraform-json v0.12.0/go.mod h1:pmbq9o4EuL43db5+0ogX10Yofv1nozM+wskr/bGFJpI=
+github.com/hashicorp/terraform-json v0.13.0 h1:Li9L+lKD1FO5RVFRM1mMMIBDoUHslOniyEi5CM+FWGY=
+github.com/hashicorp/terraform-json v0.13.0/go.mod h1:y5OdLBCT+rxbwnpxZs9kGL7R9ExU76+cpdY8zHwoazk=
 github.com/hashicorp/terraform-plugin-go v0.3.0 h1:AJqYzP52JFYl9NABRI7smXI1pNjgR5Q/y2WyVJ/BOZA=
 github.com/hashicorp/terraform-plugin-go v0.3.0/go.mod h1:dFHsQMaTLpON2gWhVWT96fvtlc/MF1vSy3OdMhWBzdM=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0 h1:SuI59MqNjYDrL7EfqHX9V6P/24isgqYx/FdglwVs9bg=
@@ -340,6 +346,8 @@ github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q
 github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
 github.com/zclconf/go-cty v1.8.4 h1:pwhhz5P+Fjxse7S7UriBrMu6AUJSZM5pKqGem1PjGAs=
 github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty v1.9.1 h1:viqrgQwFl5UpSxc046qblj78wZXVDFnSOufaOTER+cc=
+github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=

internal/service/kms/kms_key_resource.go

@@ -141,6 +141,11 @@ func KmsKeyResource() *schema.Resource {
 				Computed: true,
 				Optional: true,
 			},
+			"schedule_deletion_days": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validation.IntBetween(7, 30),
+			},
 			"restore_from_object_store": {
 				Type:          schema.TypeList,
 				Optional:      true,
@@ -622,6 +627,14 @@ func (s *KmsKeyResourceCrud) Delete() error {
 			return err
 		}
 		request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+	} else {
+		if scheduleDeletionDays, ok := s.D.Get("schedule_deletion_days").(int); ok {
+			// Not setting TimeOfDeletion is the same as specifying 30 days, so skip it on 30 days
+			if scheduleDeletionDays < 30 {
+				tmpTime := time.Now().AddDate(0, 0, scheduleDeletionDays)
+				request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+			}
+		}
 	}
 
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "kms")

internal/service/kms/kms_key_version_resource.go

@@ -6,6 +6,7 @@ package kms
 import (
 	"context"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"strconv"
 	"strings"
 	"time"
@@ -59,6 +60,12 @@ func KmsKeyVersionResource() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"schedule_deletion_days": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.IntBetween(7, 30),
+			},
 
 			// Computed
 			"compartment_id": {
@@ -319,6 +326,14 @@ func (s *KmsKeyVersionResourceCrud) Delete() error {
 			return err
 		}
 		request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+	} else {
+		if scheduleDeletionDays, ok := s.D.Get("schedule_deletion_days").(int); ok {
+			// Not setting TimeOfDeletion is the same as specifying 30 days, so skip it on 30 days
+			if scheduleDeletionDays < 30 {
+				tmpTime := time.Now().AddDate(0, 0, scheduleDeletionDays)
+				request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+			}
+		}
 	}
 
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "kms")

internal/service/kms/kms_vault_resource.go

@@ -127,6 +127,11 @@ func KmsVaultResource() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"schedule_deletion_days": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validation.IntBetween(7, 30),
+			},
 			"restore_from_object_store": {
 				Type:          schema.TypeList,
 				Optional:      true,
@@ -518,6 +523,14 @@ func (s *KmsVaultResourceCrud) Delete() error {
 			return err
 		}
 		request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+	} else {
+		if scheduleDeletionDays, ok := s.D.Get("schedule_deletion_days").(int); ok {
+			// Not setting TimeOfDeletion is the same as specifying 30 days, so skip it on 30 days
+			if scheduleDeletionDays < 30 {
+				tmpTime := time.Now().AddDate(0, 0, scheduleDeletionDays)
+				request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+			}
+		}
 	}
 
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "kms")

internal/service/vault/vault_secret_resource.go

@@ -119,6 +119,11 @@ func VaultSecretResource() *schema.Resource {
 				Computed: true,
 				Elem:     schema.TypeString,
 			},
+			"schedule_deletion_days": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validation.IntBetween(1, 30),
+			},
 			"secret_rules": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -452,6 +457,14 @@ func (s *VaultSecretResourceCrud) Delete() error {
 	tmp := s.D.Id()
 	request.SecretId = &tmp
 
+	if scheduleDeletionDays, ok := s.D.Get("schedule_deletion_days").(int); ok {
+		// Not setting TimeOfDeletion is the same as specifying 30 days, so skip it on 30 days
+		if scheduleDeletionDays < 30 {
+			tmpTime := time.Now().AddDate(0, 0, scheduleDeletionDays)
+			request.TimeOfDeletion = &oci_common.SDKTime{Time: tmpTime}
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "vault")
 
 	_, err := s.Client.ScheduleSecretDeletion(context.Background(), request)