feat: added enable_private_path_for_google_cloud_services field in ip…

…_configuration for google_sql_database_instance resource (#449)
terraform-google-modules · Mar 29, 2023 · 64618c4 · 64618c4
1 parent 387d266
commit 64618c4
Show file tree

Hide file tree

Showing 11 changed files with 115 additions and 63 deletions.
diff --git a/modules/mssql/metadata.yaml b/modules/mssql/metadata.yaml
@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-sql-db
     sourceType: git
-  version: 13.0.1
+  version: 14.1.0
   actuationTool:
     type: Terraform
     version: '>= 0.13'
@@ -106,7 +106,7 @@ spec:
   - name: create_timeout
     description: The optional timeout that is applied to limit long database creates.
     type: string
-    default: 15m
+    default: 30m
     required: false
   - name: database_flags
     description: The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/sqlserver/flags)
@@ -147,6 +147,21 @@ spec:
     type: bool
     default: true
     required: false
+  - name: deletion_protection_enabled
+    description: Enables protection of an instance from accidental deletion protection across all surfaces (API, gcloud, Cloud Console and Terraform).
+    type: bool
+    default: false
+    required: false
+  - name: deny_maintenance_period
+    description: The Deny Maintenance Period fields to prevent automatic maintenance from occurring during a 90-day time period. See [more details](https://cloud.google.com/sql/docs/sqlserver/maintenance)
+    type: |-
+      list(object({
+          end_date   = string
+          start_date = string
+          time       = string
+        }))
+    default: []
+    required: false
   - name: disk_autoresize
     description: Configuration to increase storage size.
     type: bool
@@ -257,7 +272,7 @@ spec:
   - name: update_timeout
     description: The optional timeout that is applied to limit long database updates.
     type: string
-    default: 15m
+    default: 30m
     required: false
   - name: user_labels
     description: The key/value labels for the master instances.

diff --git a/modules/mysql/README.md b/modules/mysql/README.md
@@ -12,7 +12,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | additional\_users | A list of users to be created in your cluster. A random password would be set for the user if the `random_password` variable is set. | <pre>list(object({<br>    name            = string<br>    password        = string<br>    random_password = bool<br>    type            = string<br>    host            = string<br>  }))</pre> | `[]` | no |
 | availability\_type | The availability type for the master instance. Can be either `REGIONAL` or `null`. | `string` | `"REGIONAL"` | no |
 | backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": false,<br>  "enabled": false,<br>  "location": null,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
-| connector\_enforcement | Force clients to use the connector. See[more details](https://cloud.google.com/sql/docs/mysql/connect-connectors). | `bool` | `false` | no |
+| connector\_enforcement | Enforce that clients use the connector library | `bool` | `false` | no |
 | create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"30m"` | no |
 | database\_flags | List of Cloud SQL flags that are applied to the database server. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use | `string` | n/a | yes |
@@ -33,7 +33,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
 | follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
 | insights\_config | The insights\_config settings for the database. | <pre>object({<br>    query_string_length     = number<br>    record_application_tags = bool<br>    record_client_address   = bool<br>  })</pre> | `null` | no |
-| ip\_configuration | The ip\_configuration settings subblock | <pre>object({<br>    authorized_networks = list(map(string))<br>    ipv4_enabled        = bool<br>    private_network     = string<br>    require_ssl         = bool<br>    allocated_ip_range  = string<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
+| ip\_configuration | The ip\_configuration settings subblock | <pre>object({<br>    authorized_networks                           = list(map(string))<br>    ipv4_enabled                                  = bool<br>    private_network                               = string<br>    require_ssl                                   = bool<br>    allocated_ip_range                            = string<br>    enable_private_path_for_google_cloud_services = optional(bool)<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "enable_private_path_for_google_cloud_services": false,<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
 | maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no |
 | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no |
 | maintenance\_window\_update\_track | The update track of maintenance window for the master instance maintenance. Can be either `canary` or `stable`. | `string` | `"canary"` | no |

diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -33,7 +33,7 @@ locals {
   retained_backups = lookup(var.backup_configuration, "retained_backups", null)
   retention_unit   = lookup(var.backup_configuration, "retention_unit", null)
 
-  // Force the usage of connector_enforcement 
+  // Force the usage of connector_enforcement
   connector_enforcement = var.connector_enforcement ? "REQUIRED" : "NOT_REQUIRED"
 }
 
@@ -59,6 +59,7 @@ resource "google_sql_database_instance" "default" {
     availability_type           = var.availability_type
     deletion_protection_enabled = var.deletion_protection_enabled
     connector_enforcement       = local.connector_enforcement
+
     dynamic "backup_configuration" {
       for_each = [var.backup_configuration]
       content {
@@ -108,10 +109,11 @@ resource "google_sql_database_instance" "default" {
     dynamic "ip_configuration" {
       for_each = [local.ip_configurations[local.ip_configuration_enabled ? "enabled" : "disabled"]]
       content {
-        ipv4_enabled       = lookup(ip_configuration.value, "ipv4_enabled", null)
-        private_network    = lookup(ip_configuration.value, "private_network", null)
-        require_ssl        = lookup(ip_configuration.value, "require_ssl", null)
-        allocated_ip_range = lookup(ip_configuration.value, "allocated_ip_range", null)
+        ipv4_enabled                                  = lookup(ip_configuration.value, "ipv4_enabled", null)
+        private_network                               = lookup(ip_configuration.value, "private_network", null)
+        require_ssl                                   = lookup(ip_configuration.value, "require_ssl", null)
+        allocated_ip_range                            = lookup(ip_configuration.value, "allocated_ip_range", null)
+        enable_private_path_for_google_cloud_services = lookup(ip_configuration.value, "enable_private_path_for_google_cloud_services", false)
 
         dynamic "authorized_networks" {
           for_each = lookup(ip_configuration.value, "authorized_networks", [])

diff --git a/modules/mysql/metadata.yaml b/modules/mysql/metadata.yaml
@@ -23,10 +23,10 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-sql-db
     sourceType: git
-  version: 13.0.1
+  version: 14.1.0
   actuationTool:
     type: Terraform
-    version: '>= 0.13'
+    version: '>= 1.3'
   examples:
   - name: mssql-public
     location: examples/mssql-public
@@ -101,14 +101,14 @@ spec:
       transaction_log_retention_days: null
     required: false
   - name: connector_enforcement
-    description: Force the client to use the connector. See [more details](https://cloud.google.com/sql/docs/mysql/connect-connectors)
+    description: Enforce that clients use the connector library
     type: bool
     default: false
     required: false
   - name: create_timeout
     description: The optional timout that is applied to limit long database creates.
     type: string
-    default: 10m
+    default: 30m
     required: false
   - name: database_flags
     description: List of Cloud SQL flags that are applied to the database server. See [more details](https://cloud.google.com/sql/docs/mysql/flags)
@@ -141,7 +141,7 @@ spec:
   - name: delete_timeout
     description: The optional timout that is applied to limit long database deletes.
     type: string
-    default: 10m
+    default: 30m
     required: false
   - name: deletion_protection
     description: Used to block Terraform from deleting a SQL Instance.
@@ -193,6 +193,11 @@ spec:
     type: bool
     default: true
     required: false
+  - name: enable_random_password_special
+    description: Enable special characters in generated random passwords.
+    type: bool
+    default: false
+    required: false
   - name: encryption_key_name
     description: The full path to the encryption key used for the CMEK disk encryption
     type: string
@@ -214,15 +219,17 @@ spec:
     description: The ip_configuration settings subblock
     type: |-
       object({
-          authorized_networks = list(map(string))
-          ipv4_enabled        = bool
-          private_network     = string
-          require_ssl         = bool
-          allocated_ip_range  = string
+          authorized_networks                           = list(map(string))
+          ipv4_enabled                                  = bool
+          private_network                               = string
+          require_ssl                                   = bool
+          allocated_ip_range                            = string
+          enable_private_path_for_google_cloud_services = optional(bool)
         })
     default:
       allocated_ip_range: null
       authorized_networks: []
+      enable_private_path_for_google_cloud_services: false
       ipv4_enabled: true
       private_network: null
       require_ssl: null
@@ -341,7 +348,7 @@ spec:
   - name: update_timeout
     description: The optional timout that is applied to limit long database updates.
     type: string
-    default: 10m
+    default: 30m
     required: false
   - name: user_host
     description: The host for the default user

diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
@@ -200,18 +200,20 @@ variable "insights_config" {
 variable "ip_configuration" {
   description = "The ip_configuration settings subblock"
   type = object({
-    authorized_networks = list(map(string))
-    ipv4_enabled        = bool
-    private_network     = string
-    require_ssl         = bool
-    allocated_ip_range  = string
+    authorized_networks                           = list(map(string))
+    ipv4_enabled                                  = bool
+    private_network                               = string
+    require_ssl                                   = bool
+    allocated_ip_range                            = string
+    enable_private_path_for_google_cloud_services = optional(bool)
   })
   default = {
-    authorized_networks = []
-    ipv4_enabled        = true
-    private_network     = null
-    require_ssl         = null
-    allocated_ip_range  = null
+    authorized_networks                           = []
+    ipv4_enabled                                  = true
+    private_network                               = null
+    require_ssl                                   = null
+    allocated_ip_range                            = null
+    enable_private_path_for_google_cloud_services = false
   }
 }
 

diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
@@ -34,7 +34,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
 | iam\_user\_emails | A list of IAM users to be created in your cluster | `list(string)` | `[]` | no |
 | insights\_config | The insights\_config settings for the database. | <pre>object({<br>    query_string_length     = number<br>    record_application_tags = bool<br>    record_client_address   = bool<br>  })</pre> | `null` | no |
-| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br>    authorized_networks = list(map(string))<br>    ipv4_enabled        = bool<br>    private_network     = string<br>    require_ssl         = bool<br>    allocated_ip_range  = string<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
+| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br>    authorized_networks                           = list(map(string))<br>    ipv4_enabled                                  = bool<br>    private_network                               = string<br>    require_ssl                                   = bool<br>    allocated_ip_range                            = string<br>    enable_private_path_for_google_cloud_services = optional(bool)<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "enable_private_path_for_google_cloud_services": false,<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
 | maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no |
 | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no |
 | maintenance\_window\_update\_track | The update track of maintenance window for the master instance maintenance.Can be either `canary` or `stable`. | `string` | `"canary"` | no |

diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -89,10 +89,11 @@ resource "google_sql_database_instance" "default" {
     dynamic "ip_configuration" {
       for_each = [local.ip_configurations[local.ip_configuration_enabled ? "enabled" : "disabled"]]
       content {
-        ipv4_enabled       = lookup(ip_configuration.value, "ipv4_enabled", null)
-        private_network    = lookup(ip_configuration.value, "private_network", null)
-        require_ssl        = lookup(ip_configuration.value, "require_ssl", null)
-        allocated_ip_range = lookup(ip_configuration.value, "allocated_ip_range", null)
+        ipv4_enabled                                  = lookup(ip_configuration.value, "ipv4_enabled", null)
+        private_network                               = lookup(ip_configuration.value, "private_network", null)
+        require_ssl                                   = lookup(ip_configuration.value, "require_ssl", null)
+        allocated_ip_range                            = lookup(ip_configuration.value, "allocated_ip_range", null)
+        enable_private_path_for_google_cloud_services = lookup(ip_configuration.value, "enable_private_path_for_google_cloud_services", false)
 
         dynamic "authorized_networks" {
           for_each = lookup(ip_configuration.value, "authorized_networks", [])

diff --git a/modules/postgresql/metadata.yaml b/modules/postgresql/metadata.yaml
@@ -23,10 +23,10 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-sql-db
     sourceType: git
-  version: 13.0.1
+  version: 14.1.0
   actuationTool:
     type: Terraform
-    version: '>= 0.13'
+    version: '>= 1.3'
   examples:
   - name: mssql-public
     location: examples/mssql-public
@@ -101,7 +101,7 @@ spec:
   - name: create_timeout
     description: The optional timout that is applied to limit long database creates.
     type: string
-    default: 15m
+    default: 30m
     required: false
   - name: database_deletion_policy
     description: 'The deletion policy for the database. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be deleted from the API if there are users other than cloudsqlsuperuser with access. Possible values are: "ABANDON".'
@@ -138,7 +138,7 @@ spec:
   - name: delete_timeout
     description: The optional timout that is applied to limit long database deletes.
     type: string
-    default: 15m
+    default: 30m
     required: false
   - name: deletion_protection
     description: Used to block Terraform from deleting a SQL Instance.
@@ -190,6 +190,11 @@ spec:
     type: bool
     default: true
     required: false
+  - name: enable_random_password_special
+    description: Enable special characters in generated random passwords.
+    type: bool
+    default: false
+    required: false
   - name: encryption_key_name
     description: The full path to the encryption key used for the CMEK disk encryption
     type: string
@@ -216,15 +221,17 @@ spec:
     description: The ip configuration for the master instances.
     type: |-
       object({
-          authorized_networks = list(map(string))
-          ipv4_enabled        = bool
-          private_network     = string
-          require_ssl         = bool
-          allocated_ip_range  = string
+          authorized_networks                           = list(map(string))
+          ipv4_enabled                                  = bool
+          private_network                               = string
+          require_ssl                                   = bool
+          allocated_ip_range                            = string
+          enable_private_path_for_google_cloud_services = optional(bool)
         })
     default:
       allocated_ip_range: null
       authorized_networks: []
+      enable_private_path_for_google_cloud_services: false
       ipv4_enabled: true
       private_network: null
       require_ssl: null
@@ -334,7 +341,7 @@ spec:
   - name: update_timeout
     description: The optional timout that is applied to limit long database updates.
     type: string
-    default: 15m
+    default: 30m
     required: false
   - name: user_deletion_policy
     description: 'The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. Possible values are: "ABANDON".'

diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
@@ -209,18 +209,20 @@ variable "password_validation_policy_config" {
 variable "ip_configuration" {
   description = "The ip configuration for the master instances."
   type = object({
-    authorized_networks = list(map(string))
-    ipv4_enabled        = bool
-    private_network     = string
-    require_ssl         = bool
-    allocated_ip_range  = string
+    authorized_networks                           = list(map(string))
+    ipv4_enabled                                  = bool
+    private_network                               = string
+    require_ssl                                   = bool
+    allocated_ip_range                            = string
+    enable_private_path_for_google_cloud_services = optional(bool)
   })
   default = {
-    authorized_networks = []
-    ipv4_enabled        = true
-    private_network     = null
-    require_ssl         = null
-    allocated_ip_range  = null
+    authorized_networks                           = []
+    ipv4_enabled                                  = true
+    private_network                               = null
+    require_ssl                                   = null
+    allocated_ip_range                            = null
+    enable_private_path_for_google_cloud_services = false
   }
 }
 

diff --git a/modules/private_service_access/metadata.yaml b/modules/private_service_access/metadata.yaml
@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-sql-db
     sourceType: git
-  version: 13.0.1
+  version: 14.1.0
   actuationTool:
     type: Terraform
     version: '>= 0.13'