Added the possibility to configure maintenance window and deny mainte…

…nance period in Cloud SQL module module (#1917) * added maintenance window configuration to cloud sql * Formatted code + generated readme * Fixed readme errors (missing dots at the end of variables' description) * Fixed typos + regenerated docs * Added correct readme * Collapsed "deny_maintenance_period" and "maintenance_window" variables into a single variable called "maintenance_config" * Added input validation + some minor fixes * Add trigger configuration for Composer (#1916) * Added update_track variable validation * Formatted variables + regenerated readme --------- Co-authored-by: Wiktor Niesiobędzki <[email protected]> Co-authored-by: Ludovico Magnocavallo <[email protected]>
GoogleCloudPlatform · Dec 11, 2023 · d2d62b7 · d2d62b7
1 parent bba814c
commit d2d62b7
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 11 deletions.
diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
@@ -248,11 +248,11 @@ module "db" {
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [database_version](variables.tf#L68) | Database type and version to create. | <code>string</code> | ✓ |  |
-| [name](variables.tf#L146) | Name of primary instance. | <code>string</code> | ✓ |  |
-| [network_config](variables.tf#L151) | Network configuration for the instance. Only one between private_network and psc_config can be used. | <code title="object&#40;&#123;&#10;  authorized_networks &#61; optional&#40;map&#40;string&#41;&#41;&#10;  require_ssl         &#61; optional&#40;bool&#41;&#10;  connectivity &#61; object&#40;&#123;&#10;    public_ipv4 &#61; optional&#40;bool, false&#41;&#10;    psa_config &#61; optional&#40;object&#40;&#123;&#10;      private_network &#61; string&#10;      allocated_ip_ranges &#61; optional&#40;object&#40;&#123;&#10;        primary &#61; optional&#40;string&#41;&#10;        replica &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    psc_allowed_consumer_projects &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
-| [project_id](variables.tf#L190) | The ID of the project where this instances will be created. | <code>string</code> | ✓ |  |
-| [region](variables.tf#L195) | Region of the primary instance. | <code>string</code> | ✓ |  |
-| [tier](variables.tf#L215) | The machine type to use for the instances. | <code>string</code> | ✓ |  |
+| [name](variables.tf#L179) | Name of primary instance. | <code>string</code> | ✓ |  |
+| [network_config](variables.tf#L184) | Network configuration for the instance. Only one between private_network and psc_config can be used. | <code title="object&#40;&#123;&#10;  authorized_networks &#61; optional&#40;map&#40;string&#41;&#41;&#10;  require_ssl         &#61; optional&#40;bool&#41;&#10;  connectivity &#61; object&#40;&#123;&#10;    public_ipv4 &#61; optional&#40;bool, false&#41;&#10;    psa_config &#61; optional&#40;object&#40;&#123;&#10;      private_network &#61; string&#10;      allocated_ip_ranges &#61; optional&#40;object&#40;&#123;&#10;        primary &#61; optional&#40;string&#41;&#10;        replica &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    psc_allowed_consumer_projects &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [project_id](variables.tf#L223) | The ID of the project where this instances will be created. | <code>string</code> | ✓ |  |
+| [region](variables.tf#L228) | Region of the primary instance. | <code>string</code> | ✓ |  |
+| [tier](variables.tf#L248) | The machine type to use for the instances. | <code>string</code> | ✓ |  |
 | [activation_policy](variables.tf#L16) | This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. | <code>string</code> |  | <code>&#34;ALWAYS&#34;</code> |
 | [availability_type](variables.tf#L27) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | <code>string</code> |  | <code>&#34;ZONAL&#34;</code> |
 | [backup_configuration](variables.tf#L33) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | <code title="object&#40;&#123;&#10;  enabled                        &#61; optional&#40;bool, false&#41;&#10;  binary_log_enabled             &#61; optional&#40;bool, false&#41;&#10;  start_time                     &#61; optional&#40;string, &#34;23:00&#34;&#41;&#10;  location                       &#61; optional&#40;string&#41;&#10;  log_retention_days             &#61; optional&#40;number, 7&#41;&#10;  point_in_time_recovery_enabled &#61; optional&#40;bool&#41;&#10;  retention_count                &#61; optional&#40;number, 7&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  enabled                        &#61; false&#10;  binary_log_enabled             &#61; false&#10;  start_time                     &#61; &#34;23:00&#34;&#10;  location                       &#61; null&#10;  log_retention_days             &#61; 7&#10;  point_in_time_recovery_enabled &#61; null&#10;  retention_count                &#61; 7&#10;&#125;">&#123;&#8230;&#125;</code> |
@@ -269,11 +269,12 @@ module "db" {
 | [flags](variables.tf#L123) | Map FLAG_NAME=>VALUE for database-specific tuning. | <code>map&#40;string&#41;</code> |  | <code>null</code> |
 | [insights_config](variables.tf#L129) | Query Insights configuration. Defaults to null which disables Query Insights. | <code title="object&#40;&#123;&#10;  query_string_length     &#61; optional&#40;number, 1024&#41;&#10;  record_application_tags &#61; optional&#40;bool, false&#41;&#10;  record_client_address   &#61; optional&#40;bool, false&#41;&#10;  query_plans_per_minute  &#61; optional&#40;number, 5&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 | [labels](variables.tf#L140) | Labels to be attached to all instances. | <code>map&#40;string&#41;</code> |  | <code>null</code> |
-| [postgres_client_certificates](variables.tf#L174) | Map of cert keys connect to the application(s) using public IP. | <code>list&#40;string&#41;</code> |  | <code>null</code> |
-| [prefix](variables.tf#L180) | Optional prefix used to generate instance names. | <code>string</code> |  | <code>null</code> |
-| [replicas](variables.tf#L200) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | <code title="map&#40;object&#40;&#123;&#10;  region              &#61; string&#10;  encryption_key_name &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [root_password](variables.tf#L209) | Root password of the Cloud SQL instance. Required for MS SQL Server. | <code>string</code> |  | <code>null</code> |
-| [users](variables.tf#L220) | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. | <code title="map&#40;object&#40;&#123;&#10;  password &#61; optional&#40;string&#41;&#10;  type     &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
+| [maintenance_config](variables.tf#L146) | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | <code title="object&#40;&#123;&#10;  maintenance_window &#61; optional&#40;object&#40;&#123;&#10;    day          &#61; number&#10;    hour         &#61; number&#10;    update_track &#61; optional&#40;string, null&#41;&#10;  &#125;&#41;, null&#41;&#10;  deny_maintenance_period &#61; optional&#40;object&#40;&#123;&#10;    start_date &#61; string&#10;    end_date   &#61; string&#10;    start_time &#61; optional&#40;string, &#34;00:00:00&#34;&#41;&#10;  &#125;&#41;, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [postgres_client_certificates](variables.tf#L207) | Map of cert keys connect to the application(s) using public IP. | <code>list&#40;string&#41;</code> |  | <code>null</code> |
+| [prefix](variables.tf#L213) | Optional prefix used to generate instance names. | <code>string</code> |  | <code>null</code> |
+| [replicas](variables.tf#L233) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | <code title="map&#40;object&#40;&#123;&#10;  region              &#61; string&#10;  encryption_key_name &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [root_password](variables.tf#L242) | Root password of the Cloud SQL instance. Required for MS SQL Server. | <code>string</code> |  | <code>null</code> |
+| [users](variables.tf#L253) | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first `@` (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. | <code title="map&#40;object&#40;&#123;&#10;  password &#61; optional&#40;string&#41;&#10;  type     &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>null</code> |
 
 ## Outputs
 

diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf
@@ -121,6 +121,15 @@ resource "google_sql_database_instance" "primary" {
       }
     }
 
+    dynamic "deny_maintenance_period" {
+      for_each = var.maintenance_config.deny_maintenance_period != null ? [1] : []
+      content {
+        start_date = var.maintenance_config.deny_maintenance_period.start_date
+        end_date   = var.maintenance_config.deny_maintenance_period.end_date
+        time       = var.maintenance_config.deny_maintenance_period.start_time
+      }
+    }
+
     dynamic "insights_config" {
       for_each = var.insights_config != null ? [1] : []
       content {
@@ -131,6 +140,15 @@ resource "google_sql_database_instance" "primary" {
         query_plans_per_minute  = var.insights_config.query_plans_per_minute
       }
     }
+
+    dynamic "maintenance_window" {
+      for_each = var.maintenance_config.maintenance_window != null ? [""] : []
+      content {
+        day          = var.maintenance_config.maintenance_window.day
+        hour         = var.maintenance_config.maintenance_window.hour
+        update_track = var.maintenance_config.maintenance_window.update_track
+      }
+    }
   }
   deletion_protection = var.deletion_protection
 }

diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
@@ -143,6 +143,39 @@ variable "labels" {
   default     = null
 }
 
+variable "maintenance_config" {
+  description = "Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'."
+  type = object({
+    maintenance_window = optional(object({
+      day          = number
+      hour         = number
+      update_track = optional(string, null)
+    }), null)
+    deny_maintenance_period = optional(object({
+      start_date = string
+      end_date   = string
+      start_time = optional(string, "00:00:00")
+    }), null)
+  })
+  default = {}
+  validation {
+    condition = (
+      var.maintenance_config.maintenance_window == null ? true : (
+        # Maintenance window day validation below
+        var.maintenance_config.maintenance_window.day >= 1 &&
+        var.maintenance_config.maintenance_window.day <= 7 &&
+        # Maintenance window hour validation below
+        var.maintenance_config.maintenance_window.hour >= 0 &&
+        var.maintenance_config.maintenance_window.hour <= 23 &&
+        # Maintenance window update_track validation below
+        var.maintenance_config.maintenance_window.update_track == null ? true :
+        contains(["canary", "stable"], var.maintenance_config.maintenance_window.update_track)
+      )
+    )
+    error_message = "Maintenance window day must be between 1 and 7, maintenance window hour must be between 0 and 23 and maintenance window update_track must be 'stable' or 'canary'."
+  }
+}
+
 variable "name" {
   description = "Name of primary instance."
   type        = string
@@ -218,7 +251,7 @@ variable "tier" {
 }
 
 variable "users" {
-  description = "Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'."
+  description = "Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first `@` (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'."
   type = map(object({
     password = optional(string)
     type     = optional(string)