feat!: Aligned the behaviour of additional_users resource in all 3 Cloud SQL instance modules. (#398)

Co-authored-by: Bharath KKB <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: g-awmalik <[email protected]>
Co-authored-by: Awais Malik <[email protected]>
Co-authored-by: CFT Bot <[email protected]>

Author: 5 people

docs/upgrading_to_sql_db_14.0.0.md

@@ -1,6 +1,6 @@
 # Upgrading to SQL DB 14.0.0
 
-The 14.0.0 release of SQL DB is a backward incompatible release. This incompatibility affects `postgresql` submodule that uses IAM authentication.
+The 14.0.0 release of SQL DB is a backward incompatible release. This incompatibility affects `postgresql` submodule that uses IAM authentication. It also affects `additional_users` variable in all 3 modules.
 
 ## Migration Instructions
 
@@ -113,3 +113,111 @@ done
 ```
 
 After IAM bindings are moved, **terraform apply should be without any changes**.
+
+### Added `random_password` field in `additional_users` variable in postgresql module
+This change is in effort to align the behavior of `additional_users` variable in all the modules. Setting `random_password` field generates a random password for the user. Exactly one of `password` or `random_password` should be set.
+
+```diff
+module "pg" {
+  source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
+- version = "~> 13.0"
++ version = "~> 14.0"
+
+  name                 = "test"
+  database_version     = "POSTGRES_14"
+  project_id           = var.project_id
+  zone                 = "europe-west1-b"
+  region               = "europe-west1"
+  tier                 = "db-custom-1-3840"
+
+  additional_users = [
+    {
+      name            = "john"
+      password        = "password"
++     random_password = false
+    }
+  ]
+}
+```
+
+### Added `random_password` field in `additional_users` variable in mssql module
+This change is in effort to align the behavior of `additional_users` variable in all the modules. Setting `random_password` field generates a random password for the user. At most one of `password` or `random_password` should be set.
+
+```diff
+module "mssql" {
+  source  = "GoogleCloudPlatform/sql-db/google//modules/mssql"
+- version = "~> 13.0"
++ version = "~> 14.0"
+
+  name                 = "test"
+  database_version     = "SQLSERVER_2017_STANDARD"
+  project_id           = var.project_id
+  zone                 = "europe-west1-b"
+  region               = "europe-west1"
+  tier                 = "db-custom-1-3840"
+
+  additional_users = [
+    {
+      name            = "john"
+      password        = "password"
++     random_password = false
+    }
+  ]
+}
+```
+
+### Changed the variable type of `additional_users` in mysql module
+This change is in effort to align the behavior of `additional_users` variable in all the modules. Setting `random_password` field generates a random password for the user. At most one of `password` or `random_password` should be set. `user_host` would be the host value for the additional users if the `host` field is set as `null`. You can use `type` to create IAM users.
+
+```diff
+module "mysql" {
+  source  = "GoogleCloudPlatform/sql-db/google//modules/mysql"
+- version = "~> 13.0"
++ version = "~> 14.0"
+
+  name                 = "test"
+  database_version     = "MYSQL_8_0"
+  project_id           = var.project_id
+  zone                 = "europe-west1-b"
+  region               = "europe-west1"
+  tier                 = "db-custom-1-3840"
+
+  additional_users = [
+    {
+      name            = "john"
+      password        = "password"
++     random_password = false
++     host            = null
++     type            = null
+    }
+  ]
+}
+```
+
+### Added `random_password` field in `additional_users` variable in safer_mysql module
+This change is in effort to align the behavior of `additional_users` variable in all the modules. Setting `random_password` field generates a random password for the user. At most one of `password` or `random_password` should be set.
+
+```diff
+module "smysql" {
+  source  = "GoogleCloudPlatform/sql-db/google//modules/safer_mysql"
+- version = "~> 13.0"
++ version = "~> 14.0"
+
+  name                 = "test"
+  database_version     = "MYSQL_8_0"
+  project_id           = var.project_id
+  zone                 = "europe-west1-b"
+  region               = "europe-west1"
+  tier                 = "db-custom-1-3840"
+
+  additional_users = [
+    {
+      name            = "john"
+      password        = "password"
+      type            = "BUILT_IN"
+      host            = "%"
++     random_password = false
+    }
+  ]
+}
+```

examples/mysql-ha/main.tf

@@ -143,16 +143,18 @@ module "mysql" {
 
   additional_users = [
     {
-      name     = "tftest2"
-      password = "abcdefg"
-      host     = "localhost"
-      type     = "BUILT_IN"
+      name            = "tftest2"
+      password        = "abcdefg"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
     },
     {
-      name     = "tftest3"
-      password = "abcdefg"
-      host     = "localhost"
-      type     = "BUILT_IN"
+      name            = "tftest3"
+      password        = "abcdefg"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
     },
   ]
 }

examples/mysql-private/main.tf

@@ -60,16 +60,18 @@ module "safer-mysql-db" {
   // Cloud SQL proxy.
   additional_users = [
     {
-      name     = "app"
-      password = "PaSsWoRd"
-      host     = "localhost"
-      type     = "BUILT_IN"
+      name            = "app"
+      password        = "PaSsWoRd"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
     },
     {
-      name     = "readonly"
-      password = "PaSsWoRd"
-      host     = "localhost"
-      type     = "BUILT_IN"
+      name            = "readonly"
+      password        = "PaSsWoRd"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
     },
   ]
 

examples/postgresql-ha/main.tf

@@ -141,14 +141,16 @@ module "pg" {
 
   additional_users = [
     {
-      name     = "tftest2"
-      password = "abcdefg"
-      host     = "localhost"
+      name            = "tftest2"
+      password        = "abcdefg"
+      host            = "localhost"
+      random_password = false
     },
     {
-      name     = "tftest3"
-      password = "abcdefg"
-      host     = "localhost"
+      name            = "tftest3"
+      password        = "abcdefg"
+      host            = "localhost"
+      random_password = false
     },
   ]
 }

examples/postgresql-public-iam/main.tf

@@ -54,14 +54,16 @@ module "postgresql-db" {
 
   additional_users = [
     {
-      name     = "tftest2"
-      password = "Ex@mp!e1"
-      host     = "localhost"
+      name            = "tftest2"
+      password        = "Ex@mp!e1"
+      host            = "localhost"
+      random_password = false
     },
     {
-      name     = "tftest3"
-      password = "Ex@mp!e2"
-      host     = "localhost"
+      name            = "tftest3"
+      password        = "Ex@mp!e2"
+      host            = "localhost"
+      random_password = false
     },
   ]
 

metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

modules/backup/metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

modules/mssql/README.md

@@ -12,7 +12,7 @@ The following dependency must be available for SQL Server module:
 | activation\_policy | The activation policy for the master instance.Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | `string` | `"ALWAYS"` | no |
 | active\_directory\_config | Active domain that the SQL instance will join. | `map(string)` | `{}` | no |
 | additional\_databases | A list of databases to be created in your cluster | <pre>list(object({<br>    name      = string<br>    charset   = string<br>    collation = string<br>  }))</pre> | `[]` | no |
-| additional\_users | A list of users to be created in your cluster | <pre>list(object({<br>    name     = string<br>    password = string<br>  }))</pre> | `[]` | no |
+| additional\_users | A list of users to be created in your cluster. A random password would be set for the user if the `random_password` variable is set. | <pre>list(object({<br>    name            = string<br>    password        = string<br>    random_password = bool<br>  }))</pre> | `[]` | no |
 | availability\_type | The availability type for the master instance.This is only used to set up high availability for the MSSQL instance. Can be either `ZONAL` or `REGIONAL`. | `string` | `"ZONAL"` | no |
 | backup\_configuration | The database backup configuration. | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    point_in_time_recovery_enabled = bool<br>    start_time                     = string<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": null,<br>  "enabled": false,<br>  "point_in_time_recovery_enabled": null,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
 | create\_timeout | The optional timeout that is applied to limit long database creates. | `string` | `"15m"` | no |

modules/mssql/main.tf

@@ -184,8 +184,11 @@ resource "random_password" "user-password" {
 }
 
 resource "random_password" "additional_passwords" {
-  for_each   = local.users
-  length     = 8
+  for_each = local.users
+  keepers = {
+    name = google_sql_database_instance.default.name
+  }
+  length     = 32
   special    = true
   depends_on = [null_resource.module_depends_on, google_sql_database_instance.default]
 }
@@ -202,7 +205,7 @@ resource "google_sql_user" "additional_users" {
   for_each   = local.users
   project    = var.project_id
   name       = each.value.name
-  password   = lookup(each.value, "password", random_password.additional_passwords[each.value.name].result)
+  password   = each.value.random_password ? random_password.additional_passwords[each.value.name].result : each.value.password
   instance   = google_sql_database_instance.default.name
   depends_on = [null_resource.module_depends_on, google_sql_database_instance.default]
 }

modules/mssql/metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -68,11 +68,12 @@ spec:
     default: []
     required: false
   - name: additional_users
-    description: A list of users to be created in your cluster
+    description: A list of users to be created in your cluster. A random password would be set for the user if the `random_password` variable is set.
     type: |-
       list(object({
-          name     = string
-          password = string
+          name            = string
+          password        = string
+          random_password = bool
         }))
     default: []
     required: false