From 61c52075d891a5942a802196b197a1f6988ab9af Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 3 Dec 2021 14:35:09 -0800 Subject: [PATCH] Support `allocated_ip_range` in `google_sql_database_instance` (#5500) (#10687) * support allocated_ip_range in sql_database_instance * support allocated_ip_range * clean up * remove unused variable * separate tests * increase size of allogcated ip range Signed-off-by: Modular Magician --- .changelog/5500.txt | 3 + google/resource_sql_database_instance.go | 16 ++- google/resource_sql_database_instance_test.go | 125 ++++++++++++++++++ ..._config_os_policy_assignment.html.markdown | 80 +++++------ .../r/sql_database_instance.html.markdown | 2 + 5 files changed, 183 insertions(+), 43 deletions(-) create mode 100644 .changelog/5500.txt diff --git a/.changelog/5500.txt b/.changelog/5500.txt new file mode 100644 index 00000000000..5c7633b2ba8 --- /dev/null +++ b/.changelog/5500.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +sql: added field `allocated_ip_range` to resource `google_sql_database_instance` +``` diff --git a/google/resource_sql_database_instance.go b/google/resource_sql_database_instance.go index d3d36898ba0..b660ee6e113 100644 --- a/google/resource_sql_database_instance.go +++ b/google/resource_sql_database_instance.go @@ -52,6 +52,7 @@ var ( "settings.0.ip_configuration.0.ipv4_enabled", "settings.0.ip_configuration.0.require_ssl", "settings.0.ip_configuration.0.private_network", + "settings.0.ip_configuration.0.allocated_ip_range", } maintenanceWindowKeys = []string{ @@ -306,6 +307,13 @@ settings.backup_configuration.binary_log_enabled are both set to true.`, AtLeastOneOf: ipConfigurationKeys, Description: `The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.`, }, + "allocated_ip_range": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + AtLeastOneOf: ipConfigurationKeys, + Description: `The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.`, + }, }, }, }, @@ -1021,6 +1029,7 @@ func expandIpConfiguration(configured []interface{}) *sqladmin.IpConfiguration { Ipv4Enabled: _ipConfiguration["ipv4_enabled"].(bool), RequireSsl: _ipConfiguration["require_ssl"].(bool), PrivateNetwork: _ipConfiguration["private_network"].(string), + AllocatedIpRange: _ipConfiguration["allocated_ip_range"].(string), AuthorizedNetworks: expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()), ForceSendFields: []string{"Ipv4Enabled", "RequireSsl"}, } @@ -1395,9 +1404,10 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string] func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration) interface{} { data := map[string]interface{}{ - "ipv4_enabled": ipConfiguration.Ipv4Enabled, - "private_network": ipConfiguration.PrivateNetwork, - "require_ssl": ipConfiguration.RequireSsl, + "ipv4_enabled": ipConfiguration.Ipv4Enabled, + "private_network": ipConfiguration.PrivateNetwork, + "allocated_ip_range": ipConfiguration.AllocatedIpRange, + "require_ssl": ipConfiguration.RequireSsl, } if ipConfiguration.AuthorizedNetworks != nil { diff --git a/google/resource_sql_database_instance_test.go b/google/resource_sql_database_instance_test.go index ca1eb934bc6..1a58a2f22e3 100644 --- a/google/resource_sql_database_instance_test.go +++ b/google/resource_sql_database_instance_test.go @@ -665,6 +665,56 @@ func TestAccSqlDatabaseInstance_basic_with_user_labels(t *testing.T) { }) } +func TestAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(t *testing.T) { + t.Parallel() + + databaseName := "tf-test-" + randString(t, 10) + addressName := "tf-test-" + randString(t, 10) + networkName := BootstrapSharedTestNetwork(t, "sql-instance-private") + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(databaseName, networkName, addressName), + }, + { + ResourceName: "google_sql_database_instance.instance", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + }, + }) +} + +func TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(t *testing.T) { + t.Parallel() + + databaseName := "tf-test-" + randString(t, 10) + addressName := "tf-test-" + randString(t, 10) + networkName := BootstrapSharedTestNetwork(t, "sql-instance-private-allocated-ip-range") + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(databaseName, networkName, addressName), + }, + { + ResourceName: "google_sql_database_instance.instance", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + }, + }) +} + func TestAccSqlDatabaseInstance_createFromBackup(t *testing.T) { // Sqladmin client skipIfVcr(t) @@ -998,6 +1048,81 @@ resource "google_sql_database_instance" "instance-failover" { `, instanceName, failoverName) } +func testAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(databaseName, networkName, addressRangeName string) string { + return fmt.Sprintf(` +data "google_compute_network" "servicenet" { + name = "%s" +} + +resource "google_compute_global_address" "foobar" { + name = "%s" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = data.google_compute_network.servicenet.self_link +} + +resource "google_service_networking_connection" "foobar" { + network = data.google_compute_network.servicenet.self_link + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.foobar.name] +} + +resource "google_sql_database_instance" "instance" { + depends_on = [google_service_networking_connection.foobar] + name = "%s" + region = "us-central1" + database_version = "MYSQL_5_7" + deletion_protection = false + settings { + tier = "db-f1-micro" + ip_configuration { + ipv4_enabled = "false" + private_network = data.google_compute_network.servicenet.self_link + } + } +} +`, networkName, addressRangeName, databaseName) +} + +func testAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(databaseName, networkName, addressRangeName string) string { + return fmt.Sprintf(` +data "google_compute_network" "servicenet" { + name = "%s" +} + +resource "google_compute_global_address" "foobar" { + name = "%s" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 24 + network = data.google_compute_network.servicenet.self_link +} + +resource "google_service_networking_connection" "foobar" { + network = data.google_compute_network.servicenet.self_link + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.foobar.name] +} + +resource "google_sql_database_instance" "instance" { + depends_on = [google_service_networking_connection.foobar] + name = "%s" + region = "us-central1" + database_version = "MYSQL_5_7" + deletion_protection = false + settings { + tier = "db-f1-micro" + ip_configuration { + ipv4_enabled = "false" + private_network = data.google_compute_network.servicenet.self_link + allocated_ip_range = google_compute_global_address.foobar.name + } + } +} +`, networkName, addressRangeName, databaseName) +} + var testGoogleSqlDatabaseInstance_settings = ` resource "google_sql_database_instance" "instance" { name = "%s" diff --git a/website/docs/r/os_config_os_policy_assignment.html.markdown b/website/docs/r/os_config_os_policy_assignment.html.markdown index 7ecb8a64c23..5356e3bdf7e 100644 --- a/website/docs/r/os_config_os_policy_assignment.html.markdown +++ b/website/docs/r/os_config_os_policy_assignment.html.markdown @@ -703,6 +703,46 @@ The `disruption_budget` block supports: (Optional) Specifies the relative value defined as a percentage, which will be multiplied by a reference value. +The `source` block supports: + +* `allow_insecure` - + (Optional) + Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified. + +* `gcs` - + (Optional) + A Cloud Storage object. + +* `local_path` - + (Optional) + A local path within the VM to use. + +* `remote` - + (Optional) + A generic remote file. + +The `validate` block supports: + +* `interpreter` - + (Required) + Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL + +* `args` - + (Optional) + Optional arguments to pass to the source during execution. + +* `file` - + (Optional) + Required. A deb package. + +* `output_file_path` - + (Optional) + Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes. + +* `script` - + (Optional) + An inline script. The size of the script is limited to 1024 characters. + - - - * `description` - @@ -952,24 +992,6 @@ The `zypper` block supports: (Required) Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts. -The `file` block supports: - -* `allow_insecure` - - (Optional) - Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified. - -* `gcs` - - (Optional) - A Cloud Storage object. - -* `local_path` - - (Optional) - A local path within the VM to use. - -* `remote` - - (Optional) - A generic remote file. - The `gcs` block supports: * `bucket` - @@ -994,28 +1016,6 @@ The `remote` block supports: (Optional) SHA256 checksum of the remote file. -The `enforce` block supports: - -* `interpreter` - - (Required) - Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL - -* `args` - - (Optional) - Optional arguments to pass to the source during execution. - -* `file` - - (Optional) - Required. A deb package. - -* `output_file_path` - - (Optional) - Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes. - -* `script` - - (Optional) - An inline script. The size of the script is limited to 1024 characters. - ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown index 89c0feb4ea5..6b1dab914f1 100644 --- a/website/docs/r/sql_database_instance.html.markdown +++ b/website/docs/r/sql_database_instance.html.markdown @@ -295,6 +295,8 @@ This setting can be updated, but it cannot be removed after it is set. * `require_ssl` - (Optional) Whether SSL connections over IP are enforced or not. +* `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. + The optional `settings.ip_configuration.authorized_networks[]` sublist supports: * `expiration_time` - (Optional) The [RFC 3339](https://tools.ietf.org/html/rfc3339)