revert require ssl

[WillBeebe]

I enabled this as part of Bridgecrew but it forces use to create and expose client certificates. We could add those to the artifact but since this is a private instance, we don't need that extra layer. Inside GCP the Cloud SQL Auth proxy is used to create and manage certs so the traffic is encrypted without us shipping certs. I tested this from Cloud Run and true still forces certs even though the auth proxy is in use.

[bridgecrew]

Bridgecrew has found errors in this PR ⬇️

[bridgecrew]

Suggested change

	require_ssl = false
	require_ssl = true

  Ensure incoming connections to Cloud SQL database instances use SSL
    Resource: google_sql_database_instance.main | ID: BC_GCP_GENERAL_5

Description

Cloud SQL is a fully managed relational database service for MySQL, PostgreSQL and SQL Server. It offers data encryption at rest and in transit, Private connectivity with VPC and user-controlled network access with firewall protection. Cloud SQL creates a server certificate automatically when a new instance is created.

We recommend you enforce all connections to use SSL/TLS.

Benchmarks

• CIS GCP V1.1 6.4

[chrisghill]

Looks like this is a part of the GCP CIS benchmark, so disabling this will show as non-compliant on that benchmark.

How does the auth proxy work? Does it require special plugins to generate short lived credentials to the DB? How does a client application use this database if the auth proxy is enabled? How will it work for SaaS applications (like Retool) where we don't have access to the source code to change auth mechanisms?