Skip to content

Commit 9c59232

Browse files
mckhamckha
authored
feat: add support for ssl_mode to postgresql module (#547)
1 parent 87d639f commit 9c59232

File tree

6 files changed

+9
-2
lines changed

6 files changed

+9
-2
lines changed

examples/postgresql-ha/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ locals {
1919
read_replica_ip_configuration = {
2020
ipv4_enabled = true
2121
require_ssl = false
22+
ssl_mode = "ENCRYPTED_ONLY"
2223
private_network = null
2324
allocated_ip_range = null
2425
authorized_networks = [

examples/postgresql-psc/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ locals {
1919
read_replica_ip_configuration = {
2020
ipv4_enabled = false
2121
require_ssl = false
22+
ssl_mode = "ENCRYPTED_ONLY"
2223
psc_enabled = true
2324
psc_allowed_consumer_projects = [var.project_id]
2425
}

modules/postgresql/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
3737
| follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
3838
| iam\_users | A list of IAM users to be created in your CloudSQL instance | <pre>list(object({<br> id = string,<br> email = string<br> }))</pre> | `[]` | no |
3939
| insights\_config | The insights\_config settings for the database. | <pre>object({<br> query_plans_per_minute = optional(number, 5)<br> query_string_length = optional(number, 1024)<br> record_application_tags = optional(bool, false)<br> record_client_address = optional(bool, false)<br> })</pre> | `null` | no |
40-
| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br> authorized_networks = optional(list(map(string)), [])<br> ipv4_enabled = optional(bool, true)<br> private_network = optional(string)<br> require_ssl = optional(bool)<br> allocated_ip_range = optional(string)<br> enable_private_path_for_google_cloud_services = optional(bool, false)<br> psc_enabled = optional(bool, false)<br> psc_allowed_consumer_projects = optional(list(string), [])<br> })</pre> | `{}` | no |
40+
| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br> authorized_networks = optional(list(map(string)), [])<br> ipv4_enabled = optional(bool, true)<br> private_network = optional(string)<br> require_ssl = optional(bool)<br> ssl_mode = optional(string)<br> allocated_ip_range = optional(string)<br> enable_private_path_for_google_cloud_services = optional(bool, false)<br> psc_enabled = optional(bool, false)<br> psc_allowed_consumer_projects = optional(list(string), [])<br> })</pre> | `{}` | no |
4141
| maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no |
4242
| maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no |
4343
| maintenance\_window\_update\_track | The update track of maintenance window for the master instance maintenance.Can be either `canary` or `stable`. | `string` | `"canary"` | no |
@@ -50,7 +50,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
5050
| read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
5151
| read\_replica\_deletion\_protection\_enabled | Enables protection of replica instance from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
5252
| read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
53-
| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br> name = string<br> name_override = optional(string)<br> tier = optional(string)<br> edition = optional(string)<br> availability_type = optional(string)<br> zone = optional(string)<br> disk_type = optional(string)<br> disk_autoresize = optional(bool)<br> disk_autoresize_limit = optional(number)<br> disk_size = optional(string)<br> user_labels = map(string)<br> database_flags = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> insights_config = optional(object({<br> query_plans_per_minute = optional(number, 5)<br> query_string_length = optional(number, 1024)<br> record_application_tags = optional(bool, false)<br> record_client_address = optional(bool, false)<br> }), null)<br> ip_configuration = object({<br> authorized_networks = optional(list(map(string)), [])<br> ipv4_enabled = optional(bool)<br> private_network = optional(string, )<br> require_ssl = optional(bool)<br> allocated_ip_range = optional(string)<br> enable_private_path_for_google_cloud_services = optional(bool, false)<br> psc_enabled = optional(bool, false)<br> psc_allowed_consumer_projects = optional(list(string), [])<br> })<br> encryption_key_name = optional(string)<br> }))</pre> | `[]` | no |
53+
| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br> name = string<br> name_override = optional(string)<br> tier = optional(string)<br> edition = optional(string)<br> availability_type = optional(string)<br> zone = optional(string)<br> disk_type = optional(string)<br> disk_autoresize = optional(bool)<br> disk_autoresize_limit = optional(number)<br> disk_size = optional(string)<br> user_labels = map(string)<br> database_flags = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> insights_config = optional(object({<br> query_plans_per_minute = optional(number, 5)<br> query_string_length = optional(number, 1024)<br> record_application_tags = optional(bool, false)<br> record_client_address = optional(bool, false)<br> }), null)<br> ip_configuration = object({<br> authorized_networks = optional(list(map(string)), [])<br> ipv4_enabled = optional(bool)<br> private_network = optional(string, )<br> require_ssl = optional(bool)<br> ssl_mode = optional(string)<br> allocated_ip_range = optional(string)<br> enable_private_path_for_google_cloud_services = optional(bool, false)<br> psc_enabled = optional(bool, false)<br> psc_allowed_consumer_projects = optional(list(string), [])<br> })<br> encryption_key_name = optional(string)<br> }))</pre> | `[]` | no |
5454
| region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
5555
| secondary\_zone | The preferred zone for the secondary/failover instance, it should be something like: `us-central1-a`, `us-east1-c`. | `string` | `null` | no |
5656
| tier | The tier for the master instance. | `string` | `"db-f1-micro"` | no |

modules/postgresql/main.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ resource "google_sql_database_instance" "default" {
105105
ipv4_enabled = lookup(ip_configuration.value, "ipv4_enabled", null)
106106
private_network = lookup(ip_configuration.value, "private_network", null)
107107
require_ssl = lookup(ip_configuration.value, "require_ssl", null)
108+
ssl_mode = lookup(ip_configuration.value, "ssl_mode", null)
108109
allocated_ip_range = lookup(ip_configuration.value, "allocated_ip_range", null)
109110
enable_private_path_for_google_cloud_services = lookup(ip_configuration.value, "enable_private_path_for_google_cloud_services", false)
110111

@@ -241,6 +242,7 @@ resource "random_password" "user-password" {
241242

242243
resource "random_password" "additional_passwords" {
243244
for_each = local.users
245+
244246
keepers = {
245247
name = google_sql_database_instance.default.name
246248
}

modules/postgresql/read_replica.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ resource "google_sql_database_instance" "replicas" {
5656
ipv4_enabled = lookup(ip_configuration.value, "ipv4_enabled", null)
5757
private_network = lookup(ip_configuration.value, "private_network", null)
5858
require_ssl = lookup(ip_configuration.value, "require_ssl", null)
59+
ssl_mode = lookup(ip_configuration.value, "ssl_mode", null)
5960
allocated_ip_range = lookup(ip_configuration.value, "allocated_ip_range", null)
6061
enable_private_path_for_google_cloud_services = lookup(ip_configuration.value, "enable_private_path_for_google_cloud_services", false)
6162

modules/postgresql/variables.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,7 @@ variable "ip_configuration" {
219219
ipv4_enabled = optional(bool, true)
220220
private_network = optional(string)
221221
require_ssl = optional(bool)
222+
ssl_mode = optional(string)
222223
allocated_ip_range = optional(string)
223224
enable_private_path_for_google_cloud_services = optional(bool, false)
224225
psc_enabled = optional(bool, false)
@@ -257,6 +258,7 @@ variable "read_replicas" {
257258
ipv4_enabled = optional(bool)
258259
private_network = optional(string, )
259260
require_ssl = optional(bool)
261+
ssl_mode = optional(string)
260262
allocated_ip_range = optional(string)
261263
enable_private_path_for_google_cloud_services = optional(bool, false)
262264
psc_enabled = optional(bool, false)

0 commit comments

Comments
 (0)