feat!: Allow passing ssl_mode for MySQL Module (#575)

terraform-google-modules · Feb 7, 2024 · c7ab6ec · c7ab6ec
1 parent bd18ee6
commit c7ab6ec
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 4 deletions.
diff --git a/modules/mysql/README.md b/modules/mysql/README.md
@@ -37,7 +37,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | iam\_users | A list of IAM users to be created in your CloudSQL instance | <pre>list(object({<br>    id    = string,<br>    email = string<br>  }))</pre> | `[]` | no |
 | insights\_config | The insights\_config settings for the database. | <pre>object({<br>    query_plans_per_minute  = number<br>    query_string_length     = number<br>    record_application_tags = bool<br>    record_client_address   = bool<br>  })</pre> | `null` | no |
 | instance\_type | Users can upgrade a read replica instance to a stand-alone Cloud SQL instance with the help of instance\_type. To promote, users have to set the instance\_type property as CLOUD\_SQL\_INSTANCE and remove/unset master\_instance\_name and replica\_configuration from instance configuration. This operation might cause your instance to restart. | `string` | `null` | no |
-| ip\_configuration | The ip\_configuration settings subblock | <pre>object({<br>    authorized_networks                           = optional(list(map(string)), [])<br>    ipv4_enabled                                  = optional(bool, true)<br>    private_network                               = optional(string)<br>    require_ssl                                   = optional(bool)<br>    allocated_ip_range                            = optional(string)<br>    enable_private_path_for_google_cloud_services = optional(bool, false)<br>    psc_enabled                                   = optional(bool, false)<br>    psc_allowed_consumer_projects                 = optional(list(string), [])<br>  })</pre> | `{}` | no |
+| ip\_configuration | The ip\_configuration settings subblock | <pre>object({<br>    authorized_networks                           = optional(list(map(string)), [])<br>    ipv4_enabled                                  = optional(bool, true)<br>    private_network                               = optional(string)<br>    require_ssl                                   = optional(bool)<br>    ssl_mode                                      = optional(string)<br>    allocated_ip_range                            = optional(string)<br>    enable_private_path_for_google_cloud_services = optional(bool, false)<br>    psc_enabled                                   = optional(bool, false)<br>    psc_allowed_consumer_projects                 = optional(list(string), [])<br>  })</pre> | `{}` | no |
 | maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no |
 | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no |
 | maintenance\_window\_update\_track | The update track of maintenance window for the master instance maintenance. Can be either `canary` or `stable`. | `string` | `"canary"` | no |

diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -128,6 +128,7 @@ resource "google_sql_database_instance" "default" {
         ipv4_enabled                                  = lookup(ip_configuration.value, "ipv4_enabled", null)
         private_network                               = lookup(ip_configuration.value, "private_network", null)
         require_ssl                                   = lookup(ip_configuration.value, "require_ssl", null)
+        ssl_mode                                      = lookup(ip_configuration.value, "ssl_mode", null)
         allocated_ip_range                            = lookup(ip_configuration.value, "allocated_ip_range", null)
         enable_private_path_for_google_cloud_services = lookup(ip_configuration.value, "enable_private_path_for_google_cloud_services", false)
 

diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
@@ -230,6 +230,7 @@ variable "ip_configuration" {
     ipv4_enabled                                  = optional(bool, true)
     private_network                               = optional(string)
     require_ssl                                   = optional(bool)
+    ssl_mode                                      = optional(string)
     allocated_ip_range                            = optional(string)
     enable_private_path_for_google_cloud_services = optional(bool, false)
     psc_enabled                                   = optional(bool, false)

diff --git a/modules/mysql/versions.tf b/modules/mysql/versions.tf
@@ -27,11 +27,11 @@ terraform {
     }
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.80.0, < 6"
+      version = ">= 5.7, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.80.0, < 6"
+      version = ">= 5.7, < 6"
     }
   }
 

diff --git a/modules/safer_mysql/main.tf b/modules/safer_mysql/main.tf
@@ -56,6 +56,7 @@ module "safer_mysql" {
     # public IP to be mediated by Cloud SQL.
     authorized_networks = []
     require_ssl         = true
+    ssl_mode            = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     private_network     = var.vpc_network
     allocated_ip_range  = var.allocated_ip_range
   }

diff --git a/modules/safer_mysql/versions.tf b/modules/safer_mysql/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.74.0, < 6"
+      version = ">= 5.7, < 6"
     }
   }