kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ssl_mode support to cloudsql-instance replicas (#2910)

Browse Source 
* Add ssl_mode support for cloudsql-instance replicas

* Rename var.ssl.ssl_mode to var.ssl.mode
This commit is contained in:
Simone Ruffilli
2025-02-19 10:31:35 +01:00
committed by GitHub
parent 009e03d55d
commit 942ef8fe3d
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/cloudsql-instance/README.md
View File

@@ -401,7 +401,6 @@ module "db" {
}
# tftest modules=1 resources=2 e2e
```
<!-- BEGIN TFDOC -->
## Variables
@@ -434,7 +433,7 @@ module "db" {
| [prefix](variables.tf#L221) | Optional prefix used to generate instance names. | <code>string</code> | | <code>null</code> |
| [replicas](variables.tf#L241) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | <code title="map&#40;object&#40;&#123;&#10; region &#61; string&#10; encryption_key_name &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [root_password](variables.tf#L251) | Root password of the Cloud SQL instance, or flag to create a random password. Required for MS SQL Server. | <code title="object&#40;&#123;&#10; password &#61; optional&#40;string&#41;&#10; random_password &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ssl](variables.tf#L265) | Setting to enable SSL, set config and certificates. | <code title="object&#40;&#123;&#10; client_certificates &#61; optional&#40;list&#40;string&#41;&#41;&#10; ssl_mode &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ssl](variables.tf#L265) | Setting to enable SSL, set config and certificates. | <code title="object&#40;&#123;&#10; client_certificates &#61; optional&#40;list&#40;string&#41;&#41;&#10; mode &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [terraform_deletion_protection](variables.tf#L280) | Prevent terraform from deleting instances. | <code>bool</code> | | <code>true</code> |
| [time_zone](variables.tf#L292) | The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. | <code>string</code> | | <code>null</code> |
| [users](variables.tf#L298) | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first `@` (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. | <code title="map&#40;object&#40;&#123;&#10; password &#61; optional&#40;string&#41;&#10; type &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |

3
modules/cloudsql-instance/main.tf
View File

@@ -77,7 +77,7 @@ resource "google_sql_database_instance" "primary" {
allocated_ip_range = try(
var.network_config.connectivity.psa_config.allocated_ip_ranges.primary, null
)
ssl_mode = var.ssl.ssl_mode
ssl_mode = var.ssl.mode
enable_private_path_for_google_cloud_services = (
var.network_config.connectivity.enable_private_path_for_services
)
@@ -234,6 +234,7 @@ resource "google_sql_database_instance" "replicas" {
allocated_ip_range = try(
var.network_config.connectivity.psa_config.allocated_ip_ranges.replica, null
)
ssl_mode = var.ssl.mode
enable_private_path_for_google_cloud_services = (
var.network_config.connectivity.enable_private_path_for_services
)

6
modules/cloudsql-instance/variables.tf
View File

@@ -267,13 +267,13 @@ variable "ssl" {
type = object({
client_certificates = optional(list(string))
# More details @ https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance#ssl_mode
ssl_mode = optional(string)
mode = optional(string)
})
default = {}
nullable = false
validation {
condition = var.ssl.ssl_mode == null || var.ssl.ssl_mode == "ALLOW_UNENCRYPTED_AND_ENCRYPTED" || var.ssl.ssl_mode == "ENCRYPTED_ONLY" || var.ssl.ssl_mode == "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
error_message = "The variable ssl_mode can be ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY for all, or TRUSTED_CLIENT_CERTIFICATE_REQUIRED for PostgreSQL or MySQL."
condition = var.ssl.mode == null || var.ssl.mode == "ALLOW_UNENCRYPTED_AND_ENCRYPTED" || var.ssl.mode == "ENCRYPTED_ONLY" || var.ssl.mode == "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
error_message = "The variable mode can be ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY for all, or TRUSTED_CLIENT_CERTIFICATE_REQUIRED for PostgreSQL or MySQL."
}
}