diff --git a/vault/resource_database_secret_backend_connection.go b/vault/resource_database_secret_backend_connection.go index 48680e0b6..44d9ba91e 100644 --- a/vault/resource_database_secret_backend_connection.go +++ b/vault/resource_database_secret_backend_connection.go @@ -767,6 +767,12 @@ func connectionStringResource(config *connectionStringConfig) *schema.Resource { Description: "A JSON encoded credential for use with IAM authorization", Sensitive: true, } + res.Schema["use_private_ip"] = &schema.Schema{ + Type: schema.TypeBool, + Default: false, + Optional: true, + Description: "Specify if need to connect with a PrivateIP for CloudSQL", + } } if !config.excludeUsernameTemplate { @@ -1132,6 +1138,9 @@ func getPostgresConnectionDetailsFromResponse(d *schema.ResourceData, prefix str result["service_account_json"] = v.(string) } } + if v, ok := d.GetOk(prefix + "use_private_ip"); ok { + result["use_private_ip"] = v.(bool) + } } if provider.IsAPISupported(meta, provider.VaultVersion118) { @@ -1510,6 +1519,9 @@ func setCloudDatabaseConnectionData(d *schema.ResourceData, prefix string, data if v, ok := d.GetOk(prefix + "service_account_json"); ok { data["service_account_json"] = v.(string) } + if v, ok := d.GetOk(prefix + "use_private_ip"); ok { + data["use_private_ip"] = v.(bool) + } } func setMSSQLDatabaseConnectionData(d *schema.ResourceData, prefix string, data map[string]interface{}) { diff --git a/vault/resource_database_secret_backend_connection_test.go b/vault/resource_database_secret_backend_connection_test.go index c487f8aa3..0e0e4b039 100644 --- a/vault/resource_database_secret_backend_connection_test.go +++ b/vault/resource_database_secret_backend_connection_test.go @@ -890,6 +890,7 @@ func TestAccDatabaseSecretBackendConnection_postgresql_cloud(t *testing.T) { resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "postgresql.0.connection_url", connURL), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "postgresql.0.disable_escaping", "true"), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "postgresql.0.auth_type", "gcp_iam"), + resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "postgresql.0.use_private_ip", "true"), ), }, { @@ -1785,6 +1786,7 @@ resource "vault_database_secret_backend_connection" "test" { connection_url = "%s" auth_type = "%s" service_account_json = "%s" + use_private_ip = "true" } } `, path, name, connURL, authType, serviceAccountJSON) @@ -1803,7 +1805,7 @@ resource "vault_database_secret_backend_connection" "test" { allowed_roles = ["dev", "prod"] root_rotation_statements = ["FOOBAR"] - snowflake { + snowflake { connection_url = "%s" username = "%s" password = "%s"