terraform-google-modules · g-awmalik · Aug 12, 2022 · Aug 4, 2022 · Aug 9, 2022 · Aug 11, 2022
@@ -95,3 +95,19 @@ module "pg" {
   ]
 }
 ```
+
+Prior to the 12.0.0 `mysql` module release, additional users were created using the `default_user`'s password. In order to keep the password unchanged for additional users for release 12.0.0 and up, `additional_user`'s passwords need to be set explicitly using the `default_user`'s generated password.
+
+```diff
+module "mysql" {
+  source  = "GoogleCloudPlatform/sql-db/google//modules/mysql"
+- version = "~> 11.0"
++ version = "~> 12.0"
+
+  project_id       = var.project_id
+  additional_users = [{
+    name     = "admin"
++   password = module.mysql.generated_user_password
+  }]
+}
+```
@@ -30,6 +30,7 @@ output "mysql_conn" {
 }
 
 output "mysql_user_pass" {
+  sensitive   = true
   value       = module.safer-mysql-db.generated_user_password
   description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable."
 }

@@ -30,6 +30,7 @@ output "mysql_conn" {
 }
 
 output "mysql_user_pass" {
+  sensitive   = true
   value       = module.mysql-db.generated_user_password
   description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable."
 }

@@ -192,7 +192,7 @@ resource "google_sql_user" "additional_users" {
   for_each = local.users
   project  = var.project_id
   name     = each.value.name
-  password = lookup(each.value, "password", random_password.user-password.result)
+  password = lookup(each.value, "password", random_password.additional_passwords[each.key].result)
   host     = lookup(each.value, "host", var.user_host)
   instance = google_sql_database_instance.default.name
   type     = lookup(each.value, "type", "BUILT_IN")