Merge pull request #43 from g5search/postgres-private-networking

namusyaka · web-flow · commit 4ef304222948 · 2019-08-16T19:56:57.000+09:00
Postgres support for private_service_access
diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -21,6 +21,13 @@ locals {
     enabled  = "${var.ip_configuration}"
     disabled = "${map()}"
   }
+
+  peering_completed_enabled = "${var.peering_completed != "" ? true : false}"
+
+  user_labels_including_tf_dependency = {
+    enabled  = "${merge(map("tf_dependency", var.peering_completed), var.user_labels)}"
+    disabled = "${var.user_labels}"
+  }
 }
 
 resource "google_sql_database_instance" "default" {
@@ -41,9 +48,13 @@ resource "google_sql_database_instance" "default" {
     disk_size       = "${var.disk_size}"
     disk_type       = "${var.disk_type}"
     pricing_plan    = "${var.pricing_plan}"
-    user_labels     = "${var.user_labels}"
     database_flags  = ["${var.database_flags}"]
 
+    // Define a label to force a dependency to the creation of the network peering.
+    // Substitute this with a module dependency once the module is migrated to
+    // Terraform 0.12
+    user_labels = "${local.user_labels_including_tf_dependency["${local.peering_completed_enabled ? "enabled" : "disabled"}"]}"
+
     location_preference {
       zone = "${var.region}-${var.zone}"
     }
diff --git a/modules/postgresql/outputs.tf b/modules/postgresql/outputs.tf
@@ -25,6 +25,11 @@ output "instance_address" {
   description = "The IPv4 addesses assigned for the master instance"
 }
 
+output private_address {
+  value       = "${google_sql_database_instance.default.private_ip_address}"
+  description = "The private IP address assigned for the master instance"
+}
+
 output "instance_first_ip_address" {
   value       = "${google_sql_database_instance.default.first_ip_address}"
   description = "The first IPv4 address of the addresses assigned."
diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
@@ -42,6 +42,11 @@ variable "zone" {
   description = "The zone for the master instance, it should be something like: `a`, `c`."
 }
 
+variable "peering_completed" {
+  description = "Optional. This is used to ensure that resources are created in the proper order when using private IPs and service network peering."
+  default     = ""
+}
+
 variable "activation_policy" {
   description = "The activation policy for the master instance.Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`."
   default     = "ALWAYS"
