diff --git a/modules/mssql/README.md b/modules/mssql/README.md
index dae123d2..f4601dac 100644
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
@@ -59,6 +59,7 @@ module "mssql" {
| enable\_default\_db | Enable or disable the creation of the default database | `bool` | `true` | no |
| enable\_default\_user | Enable or disable the creation of the default user | `bool` | `true` | no |
| encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
+| final\_backup\_config | The final\_backup\_config settings for the database. | object({
enabled = optional(bool, false)
retention_days = optional(number, 0)
}) | `null` | no |
| follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
| insights\_config | The insights\_config settings for the database. | object({
query_plans_per_minute = optional(number, 5)
query_string_length = optional(number, 1024)
record_application_tags = optional(bool, false)
record_client_address = optional(bool, false)
}) | `null` | no |
| instance\_type | The type of the instance. The supported values are SQL\_INSTANCE\_TYPE\_UNSPECIFIED, CLOUD\_SQL\_INSTANCE, ON\_PREMISES\_INSTANCE and READ\_REPLICA\_INSTANCE. Set to READ\_REPLICA\_INSTANCE when primary\_instance\_name is provided | `string` | `"CLOUD_SQL_INSTANCE"` | no |
diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf
index 002fea13..c4b70bc3 100644
--- a/modules/mssql/main.tf
+++ b/modules/mssql/main.tf
@@ -128,6 +128,14 @@ resource "google_sql_database_instance" "default" {
record_client_address = lookup(insights_config.value, "record_client_address", false)
}
}
+ dynamic "final_backup_config" {
+ for_each = var.final_backup_config != null ? [var.final_backup_config] : []
+
+ content {
+ enabled = lookup(final_backup_config.value, "enabled", false)
+ retention_days = lookup(final_backup_config.value, "retention_days", 0)
+ }
+ }
disk_autoresize = var.disk_autoresize
disk_autoresize_limit = var.disk_autoresize_limit
diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf
index 7254e458..3dc78a91 100644
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
@@ -385,3 +385,12 @@ variable "insights_config" {
})
default = null
}
+
+variable "final_backup_config" {
+ description = "The final_backup_config settings for the database."
+ type = object({
+ enabled = optional(bool, false)
+ retention_days = optional(number, 0)
+ })
+ default = null
+}
diff --git a/modules/mysql/README.md b/modules/mysql/README.md
index e6f4e5d2..65e878f2 100644
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
@@ -75,6 +75,7 @@ module "mysql-db" {
| enable\_random\_password\_special | Enable special characters in generated random passwords. | `bool` | `false` | no |
| encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
| failover\_dr\_replica\_name | If the instance is a primary instance, then this field identifies the disaster recovery (DR) replica. The standard format of this field is "your-project:your-instance". You can also set this field to "your-instance", but cloud SQL backend will convert it to the aforementioned standard format. | `string` | `null` | no |
+| final\_backup\_config | The final\_backup\_config settings for the database. | object({
enabled = optional(bool, false)
retention_days = optional(number, 0)
}) | `null` | no |
| follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
| iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | list(object({
id = string,
email = string,
type = optional(string)
})) | `[]` | no |
| insights\_config | The insights\_config settings for the database. | object({
query_plans_per_minute = number
query_string_length = number
record_application_tags = bool
record_client_address = bool
}) | `null` | no |
@@ -94,7 +95,7 @@ module "mysql-db" {
| read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
| read\_replica\_deletion\_protection\_enabled | Enables protection of a read replica from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
| read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
-| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | list(object({
name = string
name_override = optional(string)
tier = optional(string)
edition = optional(string)
availability_type = optional(string)
zone = optional(string)
disk_type = optional(string)
disk_autoresize = optional(bool)
disk_autoresize_limit = optional(number)
disk_size = optional(string)
user_labels = map(string)
database_flags = list(object({
name = string
value = string
}))
backup_configuration = optional(object({
binary_log_enabled = bool
transaction_log_retention_days = string
}))
insights_config = optional(object({
query_plans_per_minute = number
query_string_length = number
record_application_tags = bool
record_client_address = bool
}))
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
private_network = optional(string)
ssl_mode = optional(string)
allocated_ip_range = optional(string)
enable_private_path_for_google_cloud_services = optional(bool, false)
psc_enabled = optional(bool, false)
psc_allowed_consumer_projects = optional(list(string), [])
})
encryption_key_name = optional(string)
data_cache_enabled = optional(bool)
})) | `[]` | no |
+| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | list(object({
name = string
name_override = optional(string)
tier = optional(string)
edition = optional(string)
availability_type = optional(string)
zone = optional(string)
disk_type = optional(string)
disk_autoresize = optional(bool)
disk_autoresize_limit = optional(number)
disk_size = optional(string)
user_labels = map(string)
database_flags = list(object({
name = string
value = string
}))
backup_configuration = optional(object({
binary_log_enabled = bool
transaction_log_retention_days = string
}))
insights_config = optional(object({
query_plans_per_minute = number
query_string_length = number
record_application_tags = bool
record_client_address = bool
}))
final_backup_config = optional(object({
enabled = optional(bool, false)
retention_days = optional(number, 1)
}), null)
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
private_network = optional(string)
ssl_mode = optional(string)
allocated_ip_range = optional(string)
enable_private_path_for_google_cloud_services = optional(bool, false)
psc_enabled = optional(bool, false)
psc_allowed_consumer_projects = optional(list(string), [])
})
encryption_key_name = optional(string)
data_cache_enabled = optional(bool)
})) | `[]` | no |
| region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
| replica\_database\_version | The read replica database version to use. This var should only be used during a database update. The update sequence 1. read-replica 2. master, setting this to an updated version will cause the replica to update, then you may update the master with the var database\_version and remove this field after update is complete | `string` | `""` | no |
| retain\_backups\_on\_delete | When this parameter is set to true, Cloud SQL retains backups of the instance even after the instance is deleted. The ON\_DEMAND backup will be retained until customer deletes the backup or the project. The AUTOMATED backup will be retained based on the backups retention setting. | `bool` | `false` | no |
diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
index 57158479..06038564 100644
--- a/modules/mysql/main.tf
+++ b/modules/mysql/main.tf
@@ -112,6 +112,14 @@ resource "google_sql_database_instance" "default" {
record_client_address = lookup(insights_config.value, "record_client_address", false)
}
}
+ dynamic "final_backup_config" {
+ for_each = var.final_backup_config != null ? [var.final_backup_config] : []
+
+ content {
+ enabled = lookup(final_backup_config.value, "enabled", false)
+ retention_days = lookup(final_backup_config.value, "retention_days", 0)
+ }
+ }
dynamic "data_cache_config" {
for_each = var.edition == "ENTERPRISE_PLUS" ? ["cache_enabled"] : []
content {
diff --git a/modules/mysql/read_replica.tf b/modules/mysql/read_replica.tf
index 01995648..664c2268 100644
--- a/modules/mysql/read_replica.tf
+++ b/modules/mysql/read_replica.tf
@@ -70,6 +70,15 @@ resource "google_sql_database_instance" "replicas" {
}
}
+ dynamic "final_backup_config" {
+ for_each = var.final_backup_config != null ? [var.final_backup_config] : []
+
+ content {
+ enabled = lookup(final_backup_config.value, "enabled", false)
+ retention_days = lookup(final_backup_config.value, "retention_days", 0)
+ }
+ }
+
dynamic "ip_configuration" {
for_each = [lookup(each.value, "ip_configuration", {})]
content {
diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
index bdb4424e..d1e8b96a 100644
--- a/modules/mysql/variables.tf
+++ b/modules/mysql/variables.tf
@@ -331,6 +331,15 @@ variable "insights_config" {
default = null
}
+variable "final_backup_config" {
+ description = "The final_backup_config settings for the database."
+ type = object({
+ enabled = optional(bool, false)
+ retention_days = optional(number, 0)
+ })
+ default = null
+}
+
variable "ip_configuration" {
description = "The ip_configuration settings subblock"
type = object({
@@ -387,6 +396,10 @@ variable "read_replicas" {
record_application_tags = bool
record_client_address = bool
}))
+ final_backup_config = optional(object({
+ enabled = optional(bool, false)
+ retention_days = optional(number, 1)
+ }), null)
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
index cb40cb82..f2da6d7f 100644
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
@@ -148,6 +148,7 @@ module "pg" {
| enable\_random\_password\_special | Enable special characters in generated random passwords. | `bool` | `false` | no |
| encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
| failover\_dr\_replica\_name | If the instance is a primary instance, then this field identifies the disaster recovery (DR) replica. The standard format of this field is "your-project:your-instance". You can also set this field to "your-instance", but cloud SQL backend will convert it to the aforementioned standard format. | `string` | `null` | no |
+| final\_backup\_config | The final\_backup\_config settings for the database. | object({
enabled = optional(bool, false)
retention_days = optional(number, 1)
}) | `null` | no |
| follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
| iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | list(object({
id = string,
email = string,
type = optional(string)
})) | `[]` | no |
| insights\_config | The insights\_config settings for the database. | object({
query_plans_per_minute = optional(number, 5)
query_string_length = optional(number, 1024)
record_application_tags = optional(bool, false)
record_client_address = optional(bool, false)
}) | `null` | no |
@@ -168,7 +169,7 @@ module "pg" {
| read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
| read\_replica\_deletion\_protection\_enabled | Enables protection of replica instance from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
| read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
-| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | list(object({
name = string
name_override = optional(string)
tier = optional(string)
edition = optional(string)
availability_type = optional(string)
zone = optional(string)
disk_type = optional(string)
disk_autoresize = optional(bool)
disk_autoresize_limit = optional(number)
disk_size = optional(string)
user_labels = map(string)
database_flags = optional(list(object({
name = string
value = string
})), [])
insights_config = optional(object({
query_plans_per_minute = optional(number, 5)
query_string_length = optional(number, 1024)
record_application_tags = optional(bool, false)
record_client_address = optional(bool, false)
}), null)
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
private_network = optional(string)
ssl_mode = optional(string)
allocated_ip_range = optional(string)
enable_private_path_for_google_cloud_services = optional(bool, false)
psc_enabled = optional(bool, false)
psc_allowed_consumer_projects = optional(list(string), [])
})
encryption_key_name = optional(string)
data_cache_enabled = optional(bool)
})) | `[]` | no |
+| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | list(object({
name = string
name_override = optional(string)
tier = optional(string)
edition = optional(string)
availability_type = optional(string)
zone = optional(string)
disk_type = optional(string)
disk_autoresize = optional(bool)
disk_autoresize_limit = optional(number)
disk_size = optional(string)
user_labels = map(string)
database_flags = optional(list(object({
name = string
value = string
})), [])
insights_config = optional(object({
query_plans_per_minute = optional(number, 5)
query_string_length = optional(number, 1024)
record_application_tags = optional(bool, false)
record_client_address = optional(bool, false)
}), null)
final_backup_config = optional(object({
enabled = optional(bool, false)
retention_days = optional(number, 1)
}), null)
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
private_network = optional(string)
ssl_mode = optional(string)
allocated_ip_range = optional(string)
enable_private_path_for_google_cloud_services = optional(bool, false)
psc_enabled = optional(bool, false)
psc_allowed_consumer_projects = optional(list(string), [])
})
encryption_key_name = optional(string)
data_cache_enabled = optional(bool)
})) | `[]` | no |
| region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
| retain\_backups\_on\_delete | When this parameter is set to true, Cloud SQL retains backups of the instance even after the instance is deleted. The ON\_DEMAND backup will be retained until customer deletes the backup or the project. The AUTOMATED backup will be retained based on the backups retention setting. | `bool` | `false` | no |
| root\_password | Initial root password during creation | `string` | `null` | no |
diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
index 01cbcf9a..8a7eb673 100644
--- a/modules/postgresql/main.tf
+++ b/modules/postgresql/main.tf
@@ -161,6 +161,14 @@ resource "google_sql_database_instance" "default" {
record_client_address = lookup(insights_config.value, "record_client_address", false)
}
}
+ dynamic "final_backup_config" {
+ for_each = var.final_backup_config != null ? [var.final_backup_config] : []
+
+ content {
+ enabled = lookup(final_backup_config.value, "enabled", false)
+ retention_days = lookup(final_backup_config.value, "retention_days", 1)
+ }
+ }
dynamic "password_validation_policy" {
for_each = !local.is_secondary_instance && var.password_validation_policy_config != null ? [var.password_validation_policy_config] : []
diff --git a/modules/postgresql/read_replica.tf b/modules/postgresql/read_replica.tf
index f2c0bae7..a4e0439c 100644
--- a/modules/postgresql/read_replica.tf
+++ b/modules/postgresql/read_replica.tf
@@ -83,6 +83,15 @@ resource "google_sql_database_instance" "replicas" {
}
}
+ dynamic "final_backup_config" {
+ for_each = lookup(each.value, "final_backup_config") != null ? [lookup(each.value, "final_backup_config")] : []
+
+ content {
+ enabled = lookup(final_backup_config.value, "enabled", false)
+ retention_days = lookup(final_backup_config.value, "retention_days", 1)
+ }
+ }
+
disk_autoresize = lookup(each.value, "disk_autoresize", var.disk_autoresize)
disk_autoresize_limit = lookup(each.value, "disk_autoresize_limit", var.disk_autoresize_limit)
disk_size = lookup(each.value, "disk_size", var.disk_size)
diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
index e0976f8c..0d0a9ccd 100644
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
@@ -296,6 +296,15 @@ variable "backup_configuration" {
default = {}
}
+variable "final_backup_config" {
+ description = "The final_backup_config settings for the database."
+ type = object({
+ enabled = optional(bool, false)
+ retention_days = optional(number, 1)
+ })
+ default = null
+}
+
variable "insights_config" {
description = "The insights_config settings for the database."
type = object({
@@ -362,6 +371,10 @@ variable "read_replicas" {
record_application_tags = optional(bool, false)
record_client_address = optional(bool, false)
}), null)
+ final_backup_config = optional(object({
+ enabled = optional(bool, false)
+ retention_days = optional(number, 1)
+ }), null)
ip_configuration = object({
authorized_networks = optional(list(map(string)), [])
ipv4_enabled = optional(bool)
diff --git a/modules/safer_mysql/README.md b/modules/safer_mysql/README.md
index 42e80c24..9730dd69 100644
--- a/modules/safer_mysql/README.md
+++ b/modules/safer_mysql/README.md
@@ -265,6 +265,7 @@ module "safer-mysql-db" {
| enable\_default\_user | Enable or disable the creation of the default user | `bool` | `true` | no |
| encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
| failover\_dr\_replica\_name | If the instance is a primary instance, then this field identifies the disaster recovery (DR) replica. The standard format of this field is "your-project:your-instance". You can also set this field to "your-instance", but cloud SQL backend will convert it to the aforementioned standard format. | `string` | `null` | no |
+| final\_backup\_config | The final\_backup\_config settings for the database. | object({
enabled = bool
retention_days = number
}) | `null` | no |
| follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
| iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | list(object({
id = string,
email = string,
type = optional(string)
})) | `[]` | no |
| insights\_config | The insights\_config settings for the database. | object({
query_plans_per_minute = number
query_string_length = number
record_application_tags = bool
record_client_address = bool
}) | `null` | no |
diff --git a/modules/safer_mysql/main.tf b/modules/safer_mysql/main.tf
index 72398da6..933b9ae1 100644
--- a/modules/safer_mysql/main.tf
+++ b/modules/safer_mysql/main.tf
@@ -55,6 +55,8 @@ module "safer_mysql" {
insights_config = var.insights_config
+ final_backup_config = var.final_backup_config
+
ip_configuration = {
ipv4_enabled = var.assign_public_ip
# We never set authorized networks, we need all connections via the
diff --git a/modules/safer_mysql/variables.tf b/modules/safer_mysql/variables.tf
index 058a5d6e..b93f0752 100644
--- a/modules/safer_mysql/variables.tf
+++ b/modules/safer_mysql/variables.tf
@@ -417,3 +417,12 @@ variable "insights_config" {
})
default = null
}
+
+variable "final_backup_config" {
+ description = "The final_backup_config settings for the database."
+ type = object({
+ enabled = bool
+ retention_days = number
+ })
+ default = null
+}