diff --git a/cloud_sql/mysql_instance_psa_psc/main.tf b/cloud_sql/mysql_instance_psa_psc/main.tf new file mode 100644 index 000000000..524d8aaa2 --- /dev/null +++ b/cloud_sql/mysql_instance_psa_psc/main.tf @@ -0,0 +1,93 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Create a Cloud SQL MySQL instance with both Private IP and Private Service Connect enabled. +# [START cloud_sql_mysql_instance_psa_psc_parent_tag] + +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" +} + +resource "google_compute_global_address" "private_ip_address" { + name = "private-ip-address" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.peering_network.id +} + +resource "google_service_networking_connection" "default" { + network = google_compute_network.peering_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.private_ip_address.name] +} + +# [START cloud_sql_mysql_instance_psa_psc_instance] +resource "google_sql_database_instance" "default" { + name = "mysql-instance" + region = "us-central1" + database_version = "MYSQL_8_0" + + depends_on = [google_service_networking_connection.default] + + settings { + tier = "db-f1-micro" + ip_configuration { + psc_config { + psc_enabled = true + allowed_consumer_projects = [] # Add consumer project IDs here. + } + ipv4_enabled = false + private_network = google_compute_network.peering_network.id + } + } + # set `deletion_protection` to true, will ensure that one cannot accidentally delete this instance by + # use of Terraform whereas `deletion_protection_enabled` flag protects this instance at the GCP level. + deletion_protection = false +} +# [END cloud_sql_mysql_instance_psa_psc_instance] + +resource "google_compute_network_peering_routes_config" "peering_routes" { + peering = google_service_networking_connection.default.peering + network = google_compute_network.peering_network.name + import_custom_routes = true + export_custom_routes = true +} + +resource "google_compute_address" "default" { + name = "psc-compute-address-${google_sql_database_instance.default.name}" + region = "us-central1" + address_type = "INTERNAL" + subnetwork = "default" # Replace value with the name of the subnet here. + address = "192.168.0.43" # Replace value with the IP address to reserve. +} + +data "google_sql_database_instance" "default" { + name = resource.google_sql_database_instance.default.name +} + +resource "google_compute_forwarding_rule" "default" { + name = "psc-forwarding-rule-${google_sql_database_instance.default.name}" + region = "us-central1" + network = "default" + ip_address = google_compute_address.default.self_link + load_balancing_scheme = "" + target = data.google_sql_database_instance.default.psc_service_attachment_link +} + +# [END cloud_sql_mysql_instance_psa_psc_parent_tag] + diff --git a/cloud_sql/mysql_instance_psa_psc/test.yaml b/cloud_sql/mysql_instance_psa_psc/test.yaml new file mode 100644 index 000000000..89c4c30bc --- /dev/null +++ b/cloud_sql/mysql_instance_psa_psc/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: sql_mysql_instance_psa_psc +spec: + skip: true diff --git a/cloud_sql/mysql_instance_psc/main.tf b/cloud_sql/mysql_instance_psc/main.tf index 6e186af2a..4c1e21ffa 100644 --- a/cloud_sql/mysql_instance_psc/main.tf +++ b/cloud_sql/mysql_instance_psc/main.tf @@ -29,7 +29,7 @@ resource "google_sql_database_instance" "default" { ip_configuration { psc_config { psc_enabled = true - allowed_consumer_projects = [] + allowed_consumer_projects = [] # Add consumer project IDs here. } ipv4_enabled = false } diff --git a/cloud_sql/mysql_instance_psc/test.yaml b/cloud_sql/mysql_instance_psc/test.yaml new file mode 100644 index 000000000..8fa796b49 --- /dev/null +++ b/cloud_sql/mysql_instance_psc/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: sql_mysql_instance_psc +spec: + skip: true diff --git a/cloud_sql/postgres_instance_psa_psc/main.tf b/cloud_sql/postgres_instance_psa_psc/main.tf new file mode 100644 index 000000000..272b47496 --- /dev/null +++ b/cloud_sql/postgres_instance_psa_psc/main.tf @@ -0,0 +1,96 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Create a Cloud SQL Postgres instance with both Private IP and Private Service Connect enabled. +# [START cloud_sql_postgres_instance_psa_psc_parent_tag] + +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" +} + +resource "google_compute_global_address" "private_ip_address" { + name = "private-ip-address" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.peering_network.id +} + +resource "google_service_networking_connection" "default" { + network = google_compute_network.peering_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.private_ip_address.name] +} + +# [START cloud_sql_postgres_instance_psa_psc_instance] +resource "google_sql_database_instance" "default" { + name = "postgres-instance" + region = "us-central1" + database_version = "POSTGRES_17" + + depends_on = [google_service_networking_connection.default] + + settings { + tier = "db-custom-2-7680" + availability_type = "REGIONAL" + backup_configuration { + enabled = true + } + ip_configuration { + psc_config { + psc_enabled = true + allowed_consumer_projects = [] # Add consumer project IDs here. + } + ipv4_enabled = false + private_network = google_compute_network.peering_network.id + } + } + # set `deletion_protection` to true, will ensure that one cannot accidentally delete this instance by + # use of Terraform whereas `deletion_protection_enabled` flag protects this instance at the GCP level. + deletion_protection = false # Set to "true" to prevent destruction of the resource +} +# [END cloud_sql_postgres_instance_psa_psc_instance] + +resource "google_compute_network_peering_routes_config" "peering_routes" { + peering = google_service_networking_connection.default.peering + network = google_compute_network.peering_network.name + import_custom_routes = true + export_custom_routes = true +} + +resource "google_compute_address" "default" { + name = "psc-compute-address" + region = "us-central1" + address_type = "INTERNAL" + subnetwork = "default" # Replace value with the name of the subnet here. + address = "192.168.0.42" # Replace value with the IP address to reserve. +} + +data "google_sql_database_instance" "default" { + name = resource.google_sql_database_instance.default.name +} + +resource "google_compute_forwarding_rule" "default" { + name = "psc-forwarding-rule-${google_sql_database_instance.default.name}" + region = "us-central1" + network = "default" + ip_address = google_compute_address.default.self_link + load_balancing_scheme = "" + target = data.google_sql_database_instance.default.psc_service_attachment_link +} + +# [END cloud_sql_postgres_instance_psa_psc_parent_tag] diff --git a/cloud_sql/postgres_instance_psa_psc/test.yaml b/cloud_sql/postgres_instance_psa_psc/test.yaml new file mode 100644 index 000000000..1ef9e871c --- /dev/null +++ b/cloud_sql/postgres_instance_psa_psc/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: sql_postgres_instance_psa_psc +spec: + skip: true diff --git a/cloud_sql/postgres_instance_psc/test.yaml b/cloud_sql/postgres_instance_psc/test.yaml new file mode 100644 index 000000000..8325ecfa7 --- /dev/null +++ b/cloud_sql/postgres_instance_psc/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: sql_postgres_instance_psc +spec: + skip: true diff --git a/cloud_sql/sqlserver_instance_psa_psc/main.tf b/cloud_sql/sqlserver_instance_psa_psc/main.tf new file mode 100644 index 000000000..18985f342 --- /dev/null +++ b/cloud_sql/sqlserver_instance_psa_psc/main.tf @@ -0,0 +1,94 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Create a Cloud SQL SQL server instance with both Private IP and Private Service Connect enabled. +# [START cloud_sql_sqlserver_instance_psa_psc_parent_tag] + +resource "google_compute_network" "peering_network" { + name = "private-network" + auto_create_subnetworks = "false" +} + +resource "google_compute_global_address" "private_ip_address" { + name = "private-ip-address" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.peering_network.id +} + +resource "google_service_networking_connection" "default" { + network = google_compute_network.peering_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.private_ip_address.name] +} + +# [START cloud_sql_sqlserver_instance_psa_psc_instance] +resource "google_sql_database_instance" "default" { + name = "sqlserver-instance" + region = "us-central1" + database_version = "SQLSERVER_2019_STANDARD" + root_password = "INSERT-PASSWORD-HERE" + + depends_on = [google_service_networking_connection.default] + + settings { + tier = "db-custom-2-7680" + ip_configuration { + psc_config { + psc_enabled = true + allowed_consumer_projects = [] # Add consumer project IDs here. + } + ipv4_enabled = false + private_network = google_compute_network.peering_network.id + } + } + # set `deletion_protection` to true, will ensure that one cannot accidentally delete this instance by + # use of Terraform whereas `deletion_protection_enabled` flag protects this instance at the GCP level. + deletion_protection = false +} +# [END cloud_sql_sqlserver_instance_psa_psc_instance] + +resource "google_compute_network_peering_routes_config" "peering_routes" { + peering = google_service_networking_connection.default.peering + network = google_compute_network.peering_network.name + import_custom_routes = true + export_custom_routes = true +} + +resource "google_compute_address" "default" { + name = "psc-compute-address-${google_sql_database_instance.default.name}" + region = "us-central1" + address_type = "INTERNAL" + subnetwork = "default" # Replace value with the name of the subnet here. + address = "192.168.0.44" # Replace value with the IP address to reserve. +} + +data "google_sql_database_instance" "default" { + name = resource.google_sql_database_instance.default.name +} + +resource "google_compute_forwarding_rule" "default" { + name = "psc-forwarding-rule-${google_sql_database_instance.default.name}" + region = "us-central1" + network = "default" + ip_address = google_compute_address.default.self_link + load_balancing_scheme = "" + target = data.google_sql_database_instance.default.psc_service_attachment_link +} + +# [END cloud_sql_sqlserver_instance_psa_psc_parent_tag] + diff --git a/cloud_sql/sqlserver_instance_psa_psc/test.yaml b/cloud_sql/sqlserver_instance_psa_psc/test.yaml new file mode 100644 index 000000000..6417bea4c --- /dev/null +++ b/cloud_sql/sqlserver_instance_psa_psc/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: sqlserver_instance_psa_psc +spec: + skip: true