From 229ae860e4740755534ac1bf8dcbd8efde32ec35 Mon Sep 17 00:00:00 2001
From: Filippo <filippo.merante@sparkfabrik.com>
Date: Tue, 11 Nov 2025 16:40:13 +0100
Subject: [PATCH] fix: add triggers to manage Cloud SQL proxy lifecycle

---
 CHANGELOG.md | 11 +++++++++++
 main.tf      | 10 ++++++++++
 2 files changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 758c7ec..e1954f4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,8 +8,19 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.5.1] - 2025-11-11
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-mysql-db-and-user-creation-helper/compare/0.5.0...0.5.1)
+
+### Changed
+
+- Ensure the `execute_cloud_sql_proxy` and `kill_cloud_sql_proxy` null resources pick up `permissions_refresh_id` changes so Terraform always restarts/stops the proxy when permissions are reapplied.
+- Enforce the start → grant → stop execution order by wiring the proxy/grant null resources through explicit dependencies.
+
 ## [0.5.0] - 2025-11-11
 
+[Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-mysql-db-and-user-creation-helper/compare/0.4.1...0.5.0)
+
 ### Added
 
 - Introduced the `permissions_refresh_id` input plus the `null_resource.force_permissions_refresh`/`null_resource.grant_permissions` helpers so you can rerun the proxy/grant scripts without recreating users.
diff --git a/main.tf b/main.tf
index 66df83f..a7de334 100644
--- a/main.tf
+++ b/main.tf
@@ -2,6 +2,11 @@ resource "null_resource" "execute_cloud_sql_proxy" {
   for_each = (((var.cloudsql_proxy_host == "localhost" || var.cloudsql_proxy_host == "127.0.0.1") && var.terraform_start_cloud_sql_proxy) ? {
     for u in var.database_and_user_list : u.user => u
   } : {})
+
+  triggers = {
+    refresh_id = var.permissions_refresh_id
+  }
+
   lifecycle {
     replace_triggered_by = [
       null_resource.force_permissions_refresh.id
@@ -117,6 +122,11 @@ resource "null_resource" "kill_cloud_sql_proxy" {
   for_each = (((var.cloudsql_proxy_host == "localhost" || var.cloudsql_proxy_host == "127.0.0.1") && var.terraform_start_cloud_sql_proxy) ? {
     for u in var.database_and_user_list : u.user => u
   } : {})
+
+  triggers = {
+    refresh_id = var.permissions_refresh_id
+  }
+
   lifecycle {
     replace_triggered_by = [
       null_resource.force_permissions_refresh.id