From f44aff70166ecdc6f6e7f802aca1092b9fec9405 Mon Sep 17 00:00:00 2001 From: fulyagonultas Date: Thu, 21 Nov 2024 16:38:10 +0100 Subject: [PATCH 1/4] enable_private_path_for_google_cloud_services added to CloudSQL --- modules/cloudsql-instance/main.tf | 9 +++++---- modules/cloudsql-instance/variables.tf | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf index eeb2b40219..814e408cbe 100644 --- a/modules/cloudsql-instance/main.tf +++ b/modules/cloudsql-instance/main.tf @@ -69,10 +69,11 @@ resource "google_sql_database_instance" "primary" { time_zone = var.time_zone ip_configuration { - ipv4_enabled = var.network_config.connectivity.public_ipv4 - private_network = try(var.network_config.connectivity.psa_config.private_network, null) - allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.primary, null) - ssl_mode = var.ssl.ssl_mode + ipv4_enabled = var.network_config.connectivity.public_ipv4 + private_network = try(var.network_config.connectivity.psa_config.private_network, null) + allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.primary, null) + ssl_mode = var.ssl.ssl_mode + enable_private_path_for_google_cloud_services = var.network_config.connectivity.enable_private_path_for_google_cloud_services dynamic "authorized_networks" { for_each = var.network_config.authorized_networks != null ? var.network_config.authorized_networks : {} iterator = network diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf index b1590dc6cb..0db965c27b 100644 --- a/modules/cloudsql-instance/variables.tf +++ b/modules/cloudsql-instance/variables.tf @@ -194,7 +194,8 @@ variable "network_config" { replica = optional(string) })) })) - psc_allowed_consumer_projects = optional(list(string)) + psc_allowed_consumer_projects = optional(list(string)) + enable_private_path_for_google_cloud_services = optional(bool, false) }) }) validation { From a965439a6c82922e756b66fe4c2268df6b8491e1 Mon Sep 17 00:00:00 2001 From: fulyagonultas Date: Fri, 22 Nov 2024 10:54:47 +0100 Subject: [PATCH 2/4] name of the variable changed --- modules/cloudsql-instance/README.md | 22 +++++++++++----------- modules/cloudsql-instance/main.tf | 2 +- modules/cloudsql-instance/variables.tf | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index b4fc40cc1f..7bbf24f833 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -368,10 +368,10 @@ module "db" { |---|---|:---:|:---:|:---:| | [database_version](variables.tf#L75) | Database type and version to create. | string | ✓ | | | [name](variables.tf#L179) | Name of primary instance. | string | ✓ | | -| [network_config](variables.tf#L184) | Network configuration for the instance. Only one between private_network and psc_config can be used. | object({…}) | ✓ | | -| [project_id](variables.tf#L217) | The ID of the project where this instances will be created. | string | ✓ | | -| [region](variables.tf#L222) | Region of the primary instance. | string | ✓ | | -| [tier](variables.tf#L265) | The machine type to use for the instances. | string | ✓ | | +| [network_config](variables.tf#L184) | Network configuration for the instance. Only one between private_network and psc_config can be used. | object({…}) | ✓ | | +| [project_id](variables.tf#L218) | The ID of the project where this instances will be created. | string | ✓ | | +| [region](variables.tf#L223) | Region of the primary instance. | string | ✓ | | +| [tier](variables.tf#L266) | The machine type to use for the instances. | string | ✓ | | | [activation_policy](variables.tf#L16) | This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. | string | | "ALWAYS" | | [availability_type](variables.tf#L27) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" | | [backup_configuration](variables.tf#L33) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) | | {…} | @@ -389,13 +389,13 @@ module "db" { | [insights_config](variables.tf#L129) | Query Insights configuration. Defaults to null which disables Query Insights. | object({…}) | | null | | [labels](variables.tf#L140) | Labels to be attached to all instances. | map(string) | | null | | [maintenance_config](variables.tf#L146) | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | object({…}) | | {} | -| [prefix](variables.tf#L207) | Optional prefix used to generate instance names. | string | | null | -| [replicas](variables.tf#L227) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | -| [root_password](variables.tf#L237) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null | -| [ssl](variables.tf#L243) | Setting to enable SSL, set config and certificates. | object({…}) | | {} | -| [terraform_deletion_protection](variables.tf#L258) | Prevent terraform from deleting instances. | bool | | true | -| [time_zone](variables.tf#L270) | The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. | string | | null | -| [users](variables.tf#L276) | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first `@` (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. | map(object({…})) | | null | +| [prefix](variables.tf#L208) | Optional prefix used to generate instance names. | string | | null | +| [replicas](variables.tf#L228) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | +| [root_password](variables.tf#L238) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null | +| [ssl](variables.tf#L244) | Setting to enable SSL, set config and certificates. | object({…}) | | {} | +| [terraform_deletion_protection](variables.tf#L259) | Prevent terraform from deleting instances. | bool | | true | +| [time_zone](variables.tf#L271) | The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. | string | | null | +| [users](variables.tf#L277) | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first `@` (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. | map(object({…})) | | null | ## Outputs diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf index 814e408cbe..236b2830a3 100644 --- a/modules/cloudsql-instance/main.tf +++ b/modules/cloudsql-instance/main.tf @@ -73,7 +73,7 @@ resource "google_sql_database_instance" "primary" { private_network = try(var.network_config.connectivity.psa_config.private_network, null) allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.primary, null) ssl_mode = var.ssl.ssl_mode - enable_private_path_for_google_cloud_services = var.network_config.connectivity.enable_private_path_for_google_cloud_services + enable_private_path_for_google_cloud_services = var.network_config.connectivity.enable_private_path_for_services dynamic "authorized_networks" { for_each = var.network_config.authorized_networks != null ? var.network_config.authorized_networks : {} iterator = network diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf index 0db965c27b..2b8f6449c8 100644 --- a/modules/cloudsql-instance/variables.tf +++ b/modules/cloudsql-instance/variables.tf @@ -194,8 +194,8 @@ variable "network_config" { replica = optional(string) })) })) - psc_allowed_consumer_projects = optional(list(string)) - enable_private_path_for_google_cloud_services = optional(bool, false) + psc_allowed_consumer_projects = optional(list(string)) + enable_private_path_for_services = optional(bool, false) }) }) validation { From 494ad1ecaa0a71f6f6854c83ab4d1a26180517fc Mon Sep 17 00:00:00 2001 From: fulyagonultas Date: Fri, 22 Nov 2024 11:02:57 +0100 Subject: [PATCH 3/4] new feature added to the replica as well --- modules/cloudsql-instance/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf index 236b2830a3..98de9eb78f 100644 --- a/modules/cloudsql-instance/main.tf +++ b/modules/cloudsql-instance/main.tf @@ -183,9 +183,10 @@ resource "google_sql_database_instance" "replicas" { activation_policy = var.activation_policy ip_configuration { - ipv4_enabled = var.network_config.connectivity.public_ipv4 - private_network = try(var.network_config.connectivity.psa_config.private_network, null) - allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.replica, null) + ipv4_enabled = var.network_config.connectivity.public_ipv4 + private_network = try(var.network_config.connectivity.psa_config.private_network, null) + allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.replica, null) + enable_private_path_for_google_cloud_services = var.network_config.connectivity.enable_private_path_for_services dynamic "authorized_networks" { for_each = var.network_config.authorized_networks != null ? var.network_config.authorized_networks : {} iterator = network From 4b9196b0686a75850f6114049d5cf0f2533e0c38 Mon Sep 17 00:00:00 2001 From: fulyagonultas <44419304+fulyagonultas@users.noreply.github.com> Date: Fri, 22 Nov 2024 13:53:38 +0100 Subject: [PATCH 4/4] Update simple.yaml enable_private_path_for_google_cloud_services: false --- tests/modules/cloudsql_instance/examples/simple.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/modules/cloudsql_instance/examples/simple.yaml b/tests/modules/cloudsql_instance/examples/simple.yaml index b9e813b7f7..3504e28230 100644 --- a/tests/modules/cloudsql_instance/examples/simple.yaml +++ b/tests/modules/cloudsql_instance/examples/simple.yaml @@ -39,7 +39,7 @@ values: ip_configuration: - allocated_ip_range: null authorized_networks: [] - enable_private_path_for_google_cloud_services: null + enable_private_path_for_google_cloud_services: false ipv4_enabled: false psc_config: [] maintenance_window: []