feat: major inplace upgrade, deletion protection

[shemau]

Description

Add support for two ICD features:

Deletion protection

This is feature flag, that when set to true provides protection from accidentally deleting the ICD instance.

Conceptually the instance is created with this flag set to true and if/when a destroy is attempted the request fails. In addition to requesting a destroy the flag must be set to false.

Note: This does not prevent the resource being destroyed outside of terraform.

In place major version upgrade

This feature allows the major version, eg. 6.0 to upgraded to 7.0 by an in-place upgrade, retaining the original instance connection endpoints. During a major version upgrade, the instance is set to read-only (setUserWriteBlock mode), upgraded and set to accept writes again. There is a service outage during this time, since the service will not accept database updates.

There is an feature flag, version_upgrade_skip_backup. It is NOT recommended to use this feature, since an upgrade failure may result in data loss. This flag avoids taking a backup whilst in read-only mode to speed the process up.

Full documentation at: https://cloud.ibm.com/docs/databases-for-mongodb?topic=databases-for-mongodb-upgrading&interface=ui

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[shemau]

deletion protection is set to false for all examples and pipeline testing, but true by default. This allows the pipelines to destroy any instances that they create without encountering an error. Since the feature MUST be overridden in order to perform a terraform destroy, it is exposed as a variable in all situations, module, sub-module and DAs.

The feature was manually tested, without setting the flag to false and results in

TestRunfullyConfigurableSolutionIBMKeys 2025-07-08T11:17:13+01:00 retry.go:99: Returning due to fatal error: FatalError
{
Underlying: error while running command: exit status 1; 
Error: Deletion protection is enabled for resource mongo-key-botkfq-mongodb to prevent accidential deletion

Set deletion_protection to false, apply and then destroy if deletion should
proceed
}  

[shemau]

/run pipeline

[shemau]

Note: There is no major version upgrade test included in the pipeline tests. The main reason for mongodb is that 6.0 is EOL this month and work is already started on removing support. At this point, the feature will be untestable.

Version upgrade testing has been completed manually.

[shemau]

Following the deep dive:

destroy process

Confirmed this is a two step process, 'apply' deletion protection = false, 'destroy'.

A single step update and destroy is not supported. Terraform uses the state file for a destroy, so it is necessary to apply the change first.

upgrade process

The upgrade process across all plans (validated on Postgres version 15, plan standard, deletion protection true. Attempted upgrade to version 16 and 17 (unlikely to be supported) and got

│ Error: ---
│ id: terraform-23dab597
│ summary: No available upgrade versions for version 15
│ severity: error
│ resource: ibm_database
│ operation: CustomizeDiff
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.79.2
│ ---
│ 
│ 
│   with module.database.ibm_database.postgresql_db,
│   on ../../main.tf line 165, in resource "ibm_database" "postgresql_db":
│  165: resource "ibm_database" "postgresql_db" {
│ 

So it appears to be impossible to launch a destroy and recreate accidental update if the plan does not support an in-place upgrade.

Read only replicas

Delete protection applies to read only replicas independently of the main instance. Delete protection must be removed from a replica before it can be destroyed.

[shemau]

/run pipeline

[akocbek]

could we sync the order between all ICD repos? it will be easier for maintenance when doing diff

for example postgresql, redis has different as well:

resource_group_id   
  name              
  postgresql_version 
  region         
  tags             
  access_tags    
  deletion_protection
  member_host_flavor 

[shemau]

This is feeling like to much change for this cycle. The backup-restore folders do not even have the same names. I agree, the backup/restore and pitr/restore examples should be closer to identical, but can this wait for a less time sensitive PR?

[akocbek]

ok, we can address that in different PR

[akocbek]

redis and postgresql doesn't have deletion_protection inside catalogvalidation, is this okey? fully-configurable also doesn't have it. is ok?

[shemau]

Changes committed to all repos and both files.

[akocbek]

thanks

[shemau]

/run pipeline

[shemau]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 3.1.0 🎉

The release is available on:

• GitHub release
• v3.1.0

Your semantic-release bot 📦🚀