feat: support for configuration

README.md

@@ -119,6 +119,7 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_backup_crn"></a> [backup\_crn](#input\_backup\_crn) | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | `string` | `null` | no |
 | <a name="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. Applies only if `use_ibm_owned_encryption_key` is false and `use_same_kms_key_for_backups` is false. If no value is passed, and `use_same_kms_key_for_backups` is true, the value of `kms_key_crn` is used. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_configuration"></a> [configuration](#input\_configuration) | Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-changing-configuration&interface=api for more details. | <pre>object({<br/>    default_authentication_plugin      = optional(string) # sha256_password,caching_sha2_password,mysql_native_password<br/>    innodb_buffer_pool_size_percentage = optional(number) # 10 ≤ value ≤ 100<br/>    innodb_flush_log_at_trx_commit     = optional(number) # 0 ≤ value ≤ 2<br/>    innodb_log_buffer_size             = optional(number) # 1048576 ≤ value ≤ 4294967295<br/>    innodb_log_file_size               = optional(number) # 4194304 ≤ value ≤ 274877906900<br/>    innodb_lru_scan_depth              = optional(number) # 128 ≤ value ≤ 2048<br/>    innodb_read_io_threads             = optional(number) # 1 ≤ value ≤ 64<br/>    innodb_write_io_threads            = optional(number) # 1 ≤ value ≤ 64<br/>    max_allowed_packet                 = optional(number) # 1024 ≤ value ≤ 1073741824<br/>    max_connections                    = optional(number) # 100 ≤ value ≤ 200000<br/>    max_prepared_stmt_count            = optional(number) # 0 ≤ value ≤ 4194304<br/>    mysql_max_binlog_age_sec           = optional(number) # 300 ≤ value ≤ 1073741823 Default: 1800<br/>    net_read_timeout                   = optional(number) # 1 ≤ value ≤ 7200<br/>    net_write_timeout                  = optional(number) # 1 ≤ value ≤ 7200<br/>    sql_mode                           = optional(string) # The comma-separated list of SQL modes applied on this server globally<br/>    wait_timeout                       = optional(number) # 1 ≤ value ≤ 31536000<br/>  })</pre> | `null` | no |
 | <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key to encrypt your data. Applies only if `use_ibm_owned_encryption_key` is false. By default this key is used for both deployment data and backups, but this behaviour can be altered using the `use_same_kms_key_for_backups` and `backup_encryption_key_crn` inputs. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
 | <a name="input_member_cpu_count"></a> [member\_cpu\_count](#input\_member\_cpu\_count) | Allocated dedicated CPU per member. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-resources-scaling) | `number` | `0` | no |
 | <a name="input_member_disk_mb"></a> [member\_disk\_mb](#input\_member\_disk\_mb) | Allocated disk per member. [Learn more](https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-resources-scaling) | `number` | `10240` | no |

main.tf

@@ -173,18 +173,20 @@ resource "time_sleep" "wait_for_backup_kms_authorization_policy" {
 
 # Create MySQL database
 resource "ibm_database" "mysql_db" {
-  depends_on                           = [time_sleep.wait_for_authorization_policy]
-  resource_group_id                    = var.resource_group_id
-  name                                 = var.name
-  service                              = "databases-for-mysql"
-  location                             = var.region
-  plan                                 = "standard" # Only standard plan is available for mysql
-  backup_id                            = var.backup_crn
-  remote_leader_id                     = var.remote_leader_crn
-  version                              = var.mysql_version
-  tags                                 = var.resource_tags
-  adminpassword                        = var.admin_pass
-  service_endpoints                    = var.service_endpoints
+  depends_on        = [time_sleep.wait_for_authorization_policy]
+  resource_group_id = var.resource_group_id
+  name              = var.name
+  service           = "databases-for-mysql"
+  location          = var.region
+  plan              = "standard" # Only standard plan is available for mysql
+  backup_id         = var.backup_crn
+  remote_leader_id  = var.remote_leader_crn
+  version           = var.mysql_version
+  tags              = var.resource_tags
+  adminpassword     = var.admin_pass
+  service_endpoints = var.service_endpoints
+  # remove elements with null values: see https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/issues/273
+  configuration                        = var.configuration != null ? jsonencode({ for k, v in var.configuration : k => v if v != null }) : null
   key_protect_key                      = var.kms_key_crn
   backup_encryption_key_crn            = local.backup_encryption_key_crn
   point_in_time_recovery_deployment_id = var.pitr_id

modules/fscloud/README.md

@@ -36,6 +36,7 @@ No resources.
 | <a name="input_backup_crn"></a> [backup\_crn](#input\_backup\_crn) | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | `string` | `null` | no |
 | <a name="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. Applies only if `use_ibm_owned_encryption_key` is false and `use_same_kms_key_for_backups` is false. If no value is passed, and `use_same_kms_key_for_backups` is true, the value of `kms_key_crn` is used. Alternatively set `use_default_backup_encryption_key` to true to use the IBM Cloud Databases default encryption. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
 | <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_configuration"></a> [configuration](#input\_configuration) | Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-changing-configuration&interface=api for more details. | <pre>object({<br/>    default_authentication_plugin      = optional(string) # sha256_password,caching_sha2_password,mysql_native_password<br/>    innodb_buffer_pool_size_percentage = optional(number) # 10 ≤ value ≤ 100<br/>    innodb_flush_log_at_trx_commit     = optional(number) # 0 ≤ value ≤ 2<br/>    innodb_log_buffer_size             = optional(number) # 1048576 ≤ value ≤ 4294967295<br/>    innodb_log_file_size               = optional(number) # 4194304 ≤ value ≤ 274877906900<br/>    innodb_lru_scan_depth              = optional(number) # 128 ≤ value ≤ 2048<br/>    innodb_read_io_threads             = optional(number) # 1 ≤ value ≤ 64<br/>    innodb_write_io_threads            = optional(number) # 1 ≤ value ≤ 64<br/>    max_allowed_packet                 = optional(number) # 1024 ≤ value ≤ 1073741824<br/>    max_connections                    = optional(number) # 100 ≤ value ≤ 200000<br/>    max_prepared_stmt_count            = optional(number) # 0 ≤ value ≤ 4194304<br/>    mysql_max_binlog_age_sec           = optional(number) # 300 ≤ value ≤ 1073741823 Default: 1800<br/>    net_read_timeout                   = optional(number) # 1 ≤ value ≤ 7200<br/>    net_write_timeout                  = optional(number) # 1 ≤ value ≤ 7200<br/>    sql_mode                           = optional(string) # The comma-separated list of SQL modes applied on this server globally.<br/>    wait_timeout                       = optional(number) # 1 ≤ value ≤ 31536000<br/>  })</pre> | `null` | no |
 | <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name to give the MySQL instance. | `string` | n/a | yes |
 | <a name="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn) | The CRN of a Key Protect or Hyper Protect Crypto Services encryption key to encrypt your data. Applies only if `use_ibm_owned_encryption_key` is false. By default this key is used for both deployment data and backups, but this behaviour can be altered using the `use_same_kms_key_for_backups` and `backup_encryption_key_crn` inputs. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups). | `string` | `null` | no |
 | <a name="input_member_cpu_count"></a> [member\_cpu\_count](#input\_member\_cpu\_count) | Allocated dedicated CPU per member. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-resources-scaling) | `number` | `3` | no |

modules/fscloud/main.tf

@@ -3,6 +3,7 @@ module "mysql_db" {
   resource_group_id                 = var.resource_group_id
   name                              = var.instance_name
   region                            = var.region
+  remote_leader_crn                 = var.remote_leader_crn
   skip_iam_authorization_policy     = var.skip_iam_authorization_policy
   service_endpoints                 = "private"
   mysql_version                     = var.mysql_version
@@ -15,6 +16,7 @@ module "mysql_db" {
   resource_tags                     = var.resource_tags
   access_tags                       = var.access_tags
   cbr_rules                         = var.cbr_rules
+  configuration                     = var.configuration
   member_memory_mb                  = var.member_memory_mb
   member_disk_mb                    = var.member_disk_mb
   member_cpu_count                  = var.member_cpu_count
@@ -24,5 +26,4 @@ module "mysql_db" {
   users                             = var.users
   service_credential_names          = var.service_credential_names
   auto_scaling                      = var.auto_scaling
-  remote_leader_crn                 = var.remote_leader_crn
 }

modules/fscloud/variables.tf

@@ -101,6 +101,29 @@ variable "access_tags" {
   default     = []
 }
 
+variable "configuration" {
+  type = object({
+    default_authentication_plugin      = optional(string) # sha256_password,caching_sha2_password,mysql_native_password
+    innodb_buffer_pool_size_percentage = optional(number) # 10 ≤ value ≤ 100
+    innodb_flush_log_at_trx_commit     = optional(number) # 0 ≤ value ≤ 2
+    innodb_log_buffer_size             = optional(number) # 1048576 ≤ value ≤ 4294967295
+    innodb_log_file_size               = optional(number) # 4194304 ≤ value ≤ 274877906900
+    innodb_lru_scan_depth              = optional(number) # 128 ≤ value ≤ 2048
+    innodb_read_io_threads             = optional(number) # 1 ≤ value ≤ 64
+    innodb_write_io_threads            = optional(number) # 1 ≤ value ≤ 64
+    max_allowed_packet                 = optional(number) # 1024 ≤ value ≤ 1073741824
+    max_connections                    = optional(number) # 100 ≤ value ≤ 200000
+    max_prepared_stmt_count            = optional(number) # 0 ≤ value ≤ 4194304
+    mysql_max_binlog_age_sec           = optional(number) # 300 ≤ value ≤ 1073741823 Default: 1800
+    net_read_timeout                   = optional(number) # 1 ≤ value ≤ 7200
+    net_write_timeout                  = optional(number) # 1 ≤ value ≤ 7200
+    sql_mode                           = optional(string) # The comma-separated list of SQL modes applied on this server globally.
+    wait_timeout                       = optional(number) # 1 ≤ value ≤ 31536000
+  })
+  description = "Database configuration parameters, see https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-changing-configuration&interface=api for more details."
+  default     = null
+}
+
 ##############################################################
 # Auto Scaling
 ##############################################################

solutions/standard/DA-types.md

@@ -157,7 +157,6 @@ The disk object in the `auto_scaling` input contains the following options. All
 - `rate_period_seconds`: How long (in seconds) the rate limit is applied for disk (default: `900` (15 minutes)).
 - `rate_units`: The units to use for the rate increase (default: `"mb"` (megabytes)).
 
-
 ### Memory options for auto_scaling
 
 The memory object within auto_scaling contains the following options. All options are optional.
@@ -198,3 +197,91 @@ The following example shows values for both disk and memory for the `auto_scalin
   }
 }
 ```
+
+## Configuration  <a name="configuration"></a>
+
+The Configuration variable tunes the MySQL database to suit different use case. For more information, see [Configuration](https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-changing-configuration&interface=cli).
+
+- Variable name: `configuration`
+- Type: An object with multiple attributes i.e.  `default_authentication_plugin`, `innodb_buffer_pool_size_percentage`, `innodb_flush_log_at_trx_commit`, `innodb_log_buffer_size` , `innodb_log_file_size` , `innodb_lru_scan_depth`, `innodb_write_io_threads`, `max_allowed_packet`, `max_connections`, `max_prepared_stmt_count`, `mysql_max_binlog_age_sec`, `net_write_timeout`, `sql_mode` and `wait_timeout`
+
+### Options for configuration
+
+The configuration object in the input contains the following options
+
+**Available Settings. [Learn more](https://cloud.ibm.com/docs/databases-for-mysql?topic=databases-for-mysql-changing-configuration&interface=cli#available-config-settings).**
+
+- `default_authentication_plugin`: Allowable values are `sha256_password`, `caching_sha2_password` and `mysql_native_password`. Note: Unless strictly necessary, don't use `mysql_native_password`. (default: `sha256_password`).
+
+- `innodb_buffer_pool_size_percentage`: The percentage of memory to use for innodb_buffer_pool_size. The default value of 50% is a conservative value and works for databases of any size. If your database requires more RAM, this value can be increased. Setting this value too high can exceed your database's memory limits, which can cause it to crash. (default: `50`).
+
+- `innodb_flush_log_at_trx_commit`: Controls the balance between strict ACID compliance for commit operations and higher performance that is possible when commit-related I/O operations are rearranged and done in batches. You can achieve better performance by changing the default value but then you can lose transactions in a crash. (default: `2`).
+
+- `innodb_log_buffer_size`: The size in bytes of the buffer that InnoDB uses to write to the log files on disk. (default: `33554432`).
+
+- `innodb_log_file_size`: The size in bytes of each log file in a log group.  Innodb_log_file_size and innodb_log_files_in_group have been superseded by innodb_redo_log_capacity. Setting innodb_log_file_size will also set innodb_redo_log_capacity. (default: `104857600`).
+
+- `innodb_lru_scan_depth`: A parameter that influences the algorithms and heuristics for the flush operation for the InnoDB buffer pool. A setting smaller than the default is generally suitable for most workloads. A value that is much higher than necessary might impact performance. Consider increasing the value only if you have spare I/O capacity under a typical workload. (default: `256`).
+
+- `innodb_write_io_threads`: The number of I/O threads for write operations in InnoDB. (default: `4`).
+
+- `max_allowed_packet`:  (default: `16777216`).
+
+- `max_connections`:  (default: `200`).
+
+- `max_prepared_stmt_count`: Specifies the total number of prepared statements on the server. (default: `16382`).
+
+- `mysql_max_binlog_age_sec`:  (default: `1800`).
+
+- `net_write_timeout`: The number of seconds to wait for a block to be written to a connection before aborting the write. (default: `60`).
+
+- `sql_mode`: Allowable values:
+  - ALLOW_INVALID_DATES
+  - ANSI_QUOTES
+  - ERROR_FOR_DIVISION_BY_ZERO
+  - HIGH_NOT_PRECEDENCE
+  - IGNORE_SPACE
+  - NO_AUTO_CREATE_USER
+  - NO_AUTO_VALUE_ON_ZERO
+  - NO_BACKSLASH_ESCAPES
+  - NO_DIR_IN_CREATE
+  - NO_ENGINE_SUBSTITUTION
+  - NO_FIELD_OPTIONS
+  - NO_KEY_OPTIONS
+  - NO_TABLE_OPTIONS
+  - NO_UNSIGNED_SUBTRACTION
+  - NO_ZERO_DATE
+  - NO_ZERO_IN_DATE
+  - ONLY_FULL_GROUP_BY
+  - PAD_CHAR_TO_FULL_LENGTH
+  - PIPES_AS_CONCAT
+  - REAL_AS_FLOAT
+  - STRICT_ALL_TABLES
+  - STRICT_TRANS_TABLES
+
+- `wait_timeout`: The number of seconds the server waits for activity on a noninteractive connection before closing it. (default: `28800`).
+
+### Example configuration
+
+The following example shows values for the `configuration` input.
+
+```hcl
+{
+    default_authentication_plugin      = "sha256_password"
+    innodb_buffer_pool_size_percentage = 50
+    innodb_flush_log_at_trx_commit     = 2
+    innodb_log_buffer_size             = 33554432
+    innodb_log_file_size               = 104857600
+    innodb_lru_scan_depth              = 256
+    innodb_read_io_threads             = 4
+    innodb_write_io_threads            = 4
+    max_allowed_packet                 = 16777216
+    max_connections                    = 200
+    max_prepared_stmt_count            = 16382
+    mysql_max_binlog_age_sec           = 1800
+    net_read_timeout                   = 60
+    net_write_timeout                  = 60
+    sql_mode                           = "NO_ZERO_IN_DATE,NO_ENGINE_SUBSTITUTION"
+    wait_timeout                       = 28800
+}
+```