From 59978e307f8d1420b70557677f86129dc02f62af Mon Sep 17 00:00:00 2001
From: Ben Naylor <nayben@gmail.com>
Date: Wed, 11 Jun 2025 12:30:39 +0200
Subject: [PATCH] Add retain backups option to postgres submodule

Adding Oscar as co-author since this is direct copy/paste from their
mysql changes

Inspiration from: Oscar van Leusen <oscar.vanleusen@pexip.com> (Could
not add as co-authored-by due to Google CLA not agreeing for some weird
reason)
---
 modules/postgresql/README.md    | 1 +
 modules/postgresql/main.tf      | 1 +
 modules/postgresql/variables.tf | 6 ++++++
 modules/postgresql/versions.tf  | 4 ++--
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
index 9b9a7859..37477adc 100644
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
@@ -168,6 +168,7 @@ module "pg" {
 | read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
 | read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = optional(string)<br>    edition               = optional(string)<br>    availability_type     = optional(string)<br>    zone                  = optional(string)<br>    disk_type             = optional(string)<br>    disk_autoresize       = optional(bool)<br>    disk_autoresize_limit = optional(number)<br>    disk_size             = optional(string)<br>    user_labels           = map(string)<br>    database_flags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    insights_config = optional(object({<br>      query_plans_per_minute  = optional(number, 5)<br>      query_string_length     = optional(number, 1024)<br>      record_application_tags = optional(bool, false)<br>      record_client_address   = optional(bool, false)<br>    }), null)<br>    ip_configuration = object({<br>      authorized_networks                           = optional(list(map(string)), [])<br>      ipv4_enabled                                  = optional(bool)<br>      private_network                               = optional(string)<br>      ssl_mode                                      = optional(string)<br>      allocated_ip_range                            = optional(string)<br>      enable_private_path_for_google_cloud_services = optional(bool, false)<br>      psc_enabled                                   = optional(bool, false)<br>      psc_allowed_consumer_projects                 = optional(list(string), [])<br>    })<br>    encryption_key_name = optional(string)<br>    data_cache_enabled  = optional(bool)<br>  }))</pre> | `[]` | no |
 | region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
+| retain\_backups\_on\_delete | When this parameter is set to true, Cloud SQL retains backups of the instance even after the instance is deleted. The ON\_DEMAND backup will be retained until customer deletes the backup or the project. The AUTOMATED backup will be retained based on the backups retention setting. | `bool` | `false` | no |
 | root\_password | Initial root password during creation | `string` | `null` | no |
 | secondary\_zone | The preferred zone for the replica instance, it should be something like: `us-central1-a`, `us-east1-c`. | `string` | `null` | no |
 | tier | The tier for the Cloud SQL instance, for ADC its defualt value will be db-perf-optimized-N-8 which is tier value for edtion ENTERPRISE\_PLUS, if user wants to change the edition, he should chose compatible tier. | `string` | `"db-f1-micro"` | no |
diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
index 4b4fd2aa..8fe72828 100644
--- a/modules/postgresql/main.tf
+++ b/modules/postgresql/main.tf
@@ -85,6 +85,7 @@ resource "google_sql_database_instance" "default" {
     connector_enforcement        = local.connector_enforcement
     enable_google_ml_integration = var.enable_google_ml_integration
     enable_dataplex_integration  = var.enable_dataplex_integration
+    retain_backups_on_delete     = var.retain_backups_on_delete
 
     dynamic "backup_configuration" {
       for_each = local.is_secondary_instance ? [] : [var.backup_configuration]
diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
index e05b5844..1192a8fe 100644
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
@@ -474,3 +474,9 @@ variable "use_autokey" {
   type        = bool
   default     = false
 }
+
+variable "retain_backups_on_delete" {
+  description = "When this parameter is set to true, Cloud SQL retains backups of the instance even after the instance is deleted. The ON_DEMAND backup will be retained until customer deletes the backup or the project. The AUTOMATED backup will be retained based on the backups retention setting."
+  type        = bool
+  default     = false
+}
diff --git a/modules/postgresql/versions.tf b/modules/postgresql/versions.tf
index 5700838a..c0e950d1 100644
--- a/modules/postgresql/versions.tf
+++ b/modules/postgresql/versions.tf
@@ -27,11 +27,11 @@ terraform {
     }
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.17, < 7"
+      version = ">= 6.31, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.17, < 7"
+      version = ">= 6.31, < 7"
     }
   }