KMS Vault Schedule Deletion Days #1986
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Currently, it is very difficult to to schedule a KMS vault delete (oci_kms_vault) for less then the default 30 days in Terraform. The time_of_deletion field works great for an API, where it can get passed in the DELETE request, but less so with Terraform, where the value needs to exist in state before the resource is destroyed.
In order to delete a Vault in 7 days we currently need to update the oci_kms_vault resource and set the time_of_deletion to the appropriate 7 days from NOW value, then apply the changes. Once that is complete, you can issue a destroy.
I propose that we add a field (schedule_deletion_days) to resources that use time_of_deletion that sets the number of days to schedule a deletion when a destroy applied. When a resource is destroyed, the provider will use the schedule_deletion_days value to automatically set the time_of_deletion to the correct value during the DELETE API request. If time_of_deletion is already set, it will take precedence.
New or Affected Resource(s)
oci_kms_vaultoci_kms_keyoci_kms_key_versionoci_vault_secret
Potential Terraform Configuration
resource "oci_kms_vault" "vault" {
compartment_id = var.compartment_id
display_name = "My Vault"
vault_type = "DEFAULT"
schedule_deletion_days = 7
}