feat: added support for ssl_config for postgresql_profile

mmv1/products/datastream/ConnectionProfile.yaml

@@ -101,6 +101,20 @@ examples:
     test_vars_overrides:
       'deletion_protection': 'false'
     exclude_test: true
+  - name: 'datastream_stream_postgresql_sslconfig_server_and_client_verification'
+    primary_resource_id: 'default'
+    vars:
+      connection_profile_id: 'profile-id'
+      deletion_protection: 'true'
+      database_instance_name: 'my-instance'
+    test_vars_overrides:
+      'deletion_protection': 'false'
+    oics_vars_overrides:
+      'deletion_protection': 'false'
+    external_providers: ["random"]
+    skip_vcr: true
+    ignore_read_extra:
+      - 'postgresql_profile.0.password'
   - name: 'datastream_connection_profile_salesforce'
     primary_resource_id: 'default'
     vars:
@@ -369,6 +383,68 @@ properties:
         description: |
           Database for the PostgreSQL connection.
         required: true
+      - name: 'sslConfig'
+        type: NestedObject
+        description: |
+          SSL configuration for the PostgreSQL connection.
+        properties:
+          - name: 'serverVerification'
+            type: NestedObject
+            description: |
+              If this field is set, the communication will be encrypted with TLS encryption
+              and the server identity will be authenticated.
+            exactly_one_of:
+              - 'ssl_config.0.server_verification'
+              - 'ssl_config.0.server_and_client_verification'
+            properties:
+              - name: 'caCertificate'
+                type: String
+                description: PEM-encoded server root CA certificate.
+                required: true
+                immutable: true
+                sensitive: true
+                ignore_read: true
+          - name: 'serverAndClientVerification'
+            type: NestedObject
+            description: |
+              If this field is set, the communication will be encrypted with TLS encryption
+              and both the server identity and the client identity will be authenticated.
+            exactly_one_of:
+              - 'ssl_config.0.server_verification'
+              - 'ssl_config.0.server_and_client_verification'
+            ignore_read: true
+            properties:
+              - name: 'clientCertificate'
+                type: String
+                description: |
+                  PEM-encoded certificate used by the source database to authenticate the
+                  client identity (i.e., the Datastream's identity). This certificate is
+                  signed by either a root certificate trusted by the server or one or more
+                  intermediate certificates (which is stored with the leaf certificate) to
+                  link to this certificate to the trusted root certificate.
+                immutable: true
+                required: true
+                sensitive: true
+                ignore_read: true
+              - name: 'clientKey'
+                type: String
+                description: |
+                  PEM-encoded private key associated with the client certificate.
+                  This value will be used during the SSL/TLS handshake, allowing
+                  the PostgreSQL server to authenticate the client's identity,
+                  i.e. identity of the stream.
+                immutable: true
+                required: true
+                sensitive: true
+                ignore_read: true
+              - name: 'caCertificate'
+                type: String
+                description: |
+                  PEM-encoded server root CA certificate.
+                immutable: true
+                required: true
+                sensitive: true
+                ignore_read: true
   - name: 'salesforceProfile'
     min_version: beta
     type: NestedObject

mmv1/templates/terraform/examples/datastream_stream_postgresql_sslconfig_server_and_client_verification.tf.tmpl

@@ -0,0 +1,69 @@
+data "google_datastream_static_ips" "datastream_ips" {
+  location           = "us-central1"
+}
+
+resource "google_sql_database_instance" "instance" {
+  name             = "{{index $.Vars "database_instance_name"}}"
+  database_version = "POSTGRES_15"
+  region           = "us-central1"
+  settings {
+    tier = "db-f1-micro"
+    ip_configuration {
+      ipv4_enabled = true
+      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
+      dynamic "authorized_networks" {
+        for_each = data.google_datastream_static_ips.datastream_ips.static_ips
+        iterator = ip
+
+        content {
+          name  = format("datastream-%d", ip.key)
+          value = ip.value
+        }
+      }
+    }
+  }
+
+  deletion_protection  = {{index $.Vars "deletion_protection"}}
+}
+
+resource "google_sql_database" "db" {
+    instance = google_sql_database_instance.instance.name
+    name     = "db"
+}
+
+resource "random_password" "pwd" {
+  length  = 16
+  special = false
+}
+
+resource "google_sql_user" "user" {
+    name = "user"
+    instance = google_sql_database_instance.instance.name
+    password = random_password.pwd.result
+}
+
+resource "google_sql_ssl_cert" "client_cert" {
+  common_name = "client-name"
+  instance    = google_sql_database_instance.instance.name
+}
+
+resource "google_datastream_connection_profile" "{{$.PrimaryResourceId}}" {
+    display_name          = "Connection Profile"
+    location              = "us-central1"
+    connection_profile_id = "{{index $.Vars "connection_profile_id"}}"
+
+    postgresql_profile {
+        hostname = google_sql_database_instance.instance.public_ip_address
+        port     = 5432
+        username = "user"
+        password = random_password.pwd.result
+        database = google_sql_database.db.name
+        ssl_config {
+            server_and_client_verification {
+              client_certificate = google_sql_ssl_cert.client_cert.cert
+              client_key = google_sql_ssl_cert.client_cert.private_key
+              ca_certificate = google_sql_ssl_cert.client_cert.server_ca_cert
+            }
+        }
+    }
+}