From 1c7f5312e675a5ce51bdcb2df1187176bf95277e Mon Sep 17 00:00:00 2001
From: Francesco Spinelli <francesco.spinelli@nttdata.com>
Date: Fri, 10 Nov 2023 15:59:38 +0100
Subject: [PATCH] fix blueprint cloudsql users value + minor fix

---
 .../cloudsql-multiregion/cloudsql.tf          |  4 ++-
 .../third-party-solutions/phpipam/cloudsql.tf |  4 ++-
 .../wordpress/cloudrun/cloudsql.tf            |  4 ++-
 modules/cloudsql-instance/main.tf             | 25 ++++++++++---------
 modules/cloudsql-instance/variables.tf        |  2 +-
 5 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf b/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
index e25812df5b..89ee29e3bf 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
@@ -34,7 +34,9 @@ module "db" {
   }
   databases = [var.postgres_database]
   users = {
-    postgres = var.postgres_user_password
+    "postgres" = {
+      password = var.postgres_user_password
+    }
   }
 }
 
diff --git a/blueprints/third-party-solutions/phpipam/cloudsql.tf b/blueprints/third-party-solutions/phpipam/cloudsql.tf
index 24a47b661c..f3b7a78665 100644
--- a/blueprints/third-party-solutions/phpipam/cloudsql.tf
+++ b/blueprints/third-party-solutions/phpipam/cloudsql.tf
@@ -27,6 +27,8 @@ module "cloudsql" {
   region              = var.region
   tier                = local.cloudsql_conf.tier
   users = {
-    "${local.cloudsql_conf.user}" = var.cloudsql_password
+    "${local.cloudsql_conf.user}" = {
+      password = var.cloudsql_password
+    }
   }
 }
diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
index 4ed2ed1992..2ebe9e1436 100644
--- a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
+++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf
@@ -61,7 +61,9 @@ module "cloudsql" {
   tier             = local.cloudsql_conf.tier
   databases        = [local.cloudsql_conf.db]
   users = {
-    "${local.cloudsql_conf.user}" = var.cloudsql_password
+    "${local.cloudsql_conf.user}" = {
+      password = var.cloudsql_password
+    }
   }
   deletion_protection = false
 }
diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf
index 435ec27673..812b0f41bd 100644
--- a/modules/cloudsql-instance/main.tf
+++ b/modules/cloudsql-instance/main.tf
@@ -1,4 +1,4 @@
-/**
+/** TO MOD
  * Copyright 2022 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,18 +27,18 @@ locals {
 
   users = {
     for k, v in var.users :
-    (k) =>
+    k =>
     local.is_mysql ?
     {
-      name     = v.type == "BUILT_IN" ? split("@", v.name)[0] : v.name
-      host     = v.type == "BUILT_IN" ? try(split("@", v.name)[1], null) : null
-      password = v.type == "BUILT_IN" ? try(random_password.passwords[v.name].result, v.password) : null
-      type     = v.type
+      name     = try(v.type, "BUILT_IN") == "BUILT_IN" ? split("@", k)[0] : k
+      host     = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(split("@", k)[1], null) : null
+      password = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(random_password.passwords[v.name].result, v.password) : null
+      type     = try(v.type, "BUILT_IN")
       } : {
-      name     = local.is_postgres ? try(trimsuffix(v.name, ".gserviceaccount.com"), v.name) : v.name
+      name     = local.is_postgres ? try(trimsuffix(v.name, ".gserviceaccount.com"), k) : k
       host     = null
-      password = v.type == "BUILT_IN" ? try(random_password.passwords[v.name].result, v.password) : null
-      type     = v.type
+      password = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(random_password.passwords[k].result, v.password) : null
+      type     = try(v.type, "BUILT_IN")
     }
   }
 
@@ -179,14 +179,15 @@ resource "google_sql_database" "databases" {
 
 resource "random_password" "passwords" {
   for_each = toset([
-    for user in coalesce(var.users, []) :
-    user.name
-    if user.password == null
+    for k, v in coalesce(var.users, {}) :
+    k
+    if v.password == null
   ])
   length  = 16
   special = true
 }
 
+
 resource "google_sql_user" "users" {
   for_each = local.users
   project  = var.project_id
diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
index 2293d82eb0..af3d49a423 100644
--- a/modules/cloudsql-instance/variables.tf
+++ b/modules/cloudsql-instance/variables.tf
@@ -203,7 +203,7 @@ variable "tier" {
 }
 
 variable "users" {
-  description = "list of users to create in the primary instance (and replicated to other replicas). For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'"
+  description = "list of users to create in the primary instance (and replicated to other replicas). For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'."
   type = list(object({
     name     = string
     password = optional(string)