2023-11-13 01:27:14 -08:00
|
|
|
/** TO MOD
|
2022-01-01 06:52:31 -08:00
|
|
|
* Copyright 2022 Google LLC
|
2021-10-07 09:20:07 -07:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
locals {
|
|
|
|
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
|
|
|
is_mysql = can(regex("^MYSQL", var.database_version))
|
2023-11-13 01:27:14 -08:00
|
|
|
is_postgres = can(regex("^POSTGRES", var.database_version))
|
2021-10-07 09:20:07 -07:00
|
|
|
has_replicas = try(length(var.replicas) > 0, false)
|
2022-09-21 01:14:24 -07:00
|
|
|
is_regional = var.availability_type == "REGIONAL" ? true : false
|
2021-10-07 09:20:07 -07:00
|
|
|
|
2022-04-04 08:01:24 -07:00
|
|
|
// Enable backup if the user asks for it or if the user is deploying
|
2022-09-21 01:14:24 -07:00
|
|
|
// MySQL in HA configuration (regional or with specified replicas)
|
|
|
|
enable_backup = var.backup_configuration.enabled || (local.is_mysql && local.has_replicas) || (local.is_mysql && local.is_regional)
|
2022-04-04 08:01:24 -07:00
|
|
|
|
2021-10-07 09:20:07 -07:00
|
|
|
users = {
|
2023-11-13 01:27:14 -08:00
|
|
|
for k, v in coalesce(var.users, {}) :
|
|
|
|
k =>
|
|
|
|
local.is_mysql ?
|
|
|
|
{
|
|
|
|
name = try(v.type, "BUILT_IN") == "BUILT_IN" ? split("@", k)[0] : k
|
|
|
|
host = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(split("@", k)[1], null) : null
|
|
|
|
password = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(random_password.passwords[k].result, v.password) : null
|
|
|
|
type = try(v.type, "BUILT_IN")
|
|
|
|
} : {
|
|
|
|
name = local.is_postgres ? try(trimsuffix(k, ".gserviceaccount.com"), k) : k
|
|
|
|
host = null
|
|
|
|
password = try(v.type, "BUILT_IN") == "BUILT_IN" ? try(random_password.passwords[k].result, v.password) : null
|
|
|
|
type = try(v.type, "BUILT_IN")
|
|
|
|
}
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_sql_database_instance" "primary" {
|
2022-04-12 10:01:34 -07:00
|
|
|
provider = google-beta
|
|
|
|
project = var.project_id
|
|
|
|
name = "${local.prefix}${var.name}"
|
|
|
|
region = var.region
|
|
|
|
database_version = var.database_version
|
|
|
|
encryption_key_name = var.encryption_key_name
|
2022-09-29 03:57:19 -07:00
|
|
|
root_password = var.root_password
|
2021-10-07 09:20:07 -07:00
|
|
|
|
|
|
|
settings {
|
2023-09-20 06:09:38 -07:00
|
|
|
tier = var.tier
|
2023-11-20 13:27:59 -08:00
|
|
|
edition = var.edition
|
2023-09-20 06:09:38 -07:00
|
|
|
deletion_protection_enabled = var.deletion_protection_enabled
|
|
|
|
disk_autoresize = var.disk_size == null
|
2023-11-20 13:27:59 -08:00
|
|
|
disk_autoresize_limit = var.disk_autoresize_limit
|
2023-09-20 06:09:38 -07:00
|
|
|
disk_size = var.disk_size
|
|
|
|
disk_type = var.disk_type
|
|
|
|
availability_type = var.availability_type
|
|
|
|
user_labels = var.labels
|
|
|
|
activation_policy = var.activation_policy
|
2023-11-20 13:27:59 -08:00
|
|
|
collation = var.collation
|
|
|
|
connector_enforcement = var.connector_enforcement
|
2021-10-07 09:20:07 -07:00
|
|
|
|
|
|
|
ip_configuration {
|
2023-11-24 06:47:45 -08:00
|
|
|
ipv4_enabled = var.network_config.connectivity.public_ipv4
|
|
|
|
private_network = try(var.network_config.connectivity.psa_config.private_network, null)
|
|
|
|
allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.primary, null)
|
|
|
|
require_ssl = var.network_config.require_ssl
|
2021-10-07 09:20:07 -07:00
|
|
|
dynamic "authorized_networks" {
|
2023-11-24 06:47:45 -08:00
|
|
|
for_each = var.network_config.authorized_networks != null ? var.network_config.authorized_networks : {}
|
2021-10-07 09:20:07 -07:00
|
|
|
iterator = network
|
|
|
|
content {
|
|
|
|
name = network.key
|
|
|
|
value = network.value
|
|
|
|
}
|
|
|
|
}
|
2023-11-24 06:47:45 -08:00
|
|
|
dynamic "psc_config" {
|
|
|
|
for_each = var.network_config.connectivity.psc_allowed_consumer_projects != null ? [""] : []
|
|
|
|
content {
|
|
|
|
psc_enabled = true
|
|
|
|
allowed_consumer_projects = var.network_config.connectivity.psc_allowed_consumer_projects
|
|
|
|
}
|
|
|
|
}
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
|
|
|
|
2022-04-04 08:01:24 -07:00
|
|
|
dynamic "backup_configuration" {
|
|
|
|
for_each = local.enable_backup ? { 1 = 1 } : {}
|
|
|
|
content {
|
|
|
|
enabled = true
|
2021-10-07 09:20:07 -07:00
|
|
|
|
2022-09-21 01:14:24 -07:00
|
|
|
// enable binary log if the user asks for it or we have replicas (default in regional),
|
2022-04-04 08:01:24 -07:00
|
|
|
// but only for MySQL
|
|
|
|
binary_log_enabled = (
|
|
|
|
local.is_mysql
|
2022-09-21 01:14:24 -07:00
|
|
|
? var.backup_configuration.binary_log_enabled || local.has_replicas || local.is_regional
|
2022-04-04 08:01:24 -07:00
|
|
|
: null
|
|
|
|
)
|
|
|
|
start_time = var.backup_configuration.start_time
|
|
|
|
location = var.backup_configuration.location
|
2023-02-07 04:52:44 -08:00
|
|
|
point_in_time_recovery_enabled = var.backup_configuration.point_in_time_recovery_enabled
|
2022-04-04 08:01:24 -07:00
|
|
|
transaction_log_retention_days = var.backup_configuration.log_retention_days
|
|
|
|
backup_retention_settings {
|
|
|
|
retained_backups = var.backup_configuration.retention_count
|
|
|
|
retention_unit = "COUNT"
|
|
|
|
}
|
2021-10-18 05:33:19 -07:00
|
|
|
}
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
dynamic "database_flags" {
|
|
|
|
for_each = var.flags != null ? var.flags : {}
|
|
|
|
iterator = flag
|
|
|
|
content {
|
|
|
|
name = flag.key
|
|
|
|
value = flag.value
|
|
|
|
}
|
|
|
|
}
|
2023-07-21 11:14:34 -07:00
|
|
|
|
2023-12-11 08:59:00 -08:00
|
|
|
dynamic "deny_maintenance_period" {
|
|
|
|
for_each = var.maintenance_config.deny_maintenance_period != null ? [1] : []
|
|
|
|
content {
|
|
|
|
start_date = var.maintenance_config.deny_maintenance_period.start_date
|
|
|
|
end_date = var.maintenance_config.deny_maintenance_period.end_date
|
|
|
|
time = var.maintenance_config.deny_maintenance_period.start_time
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-07-21 11:14:34 -07:00
|
|
|
dynamic "insights_config" {
|
|
|
|
for_each = var.insights_config != null ? [1] : []
|
|
|
|
content {
|
|
|
|
query_insights_enabled = true
|
|
|
|
query_string_length = var.insights_config.query_string_length
|
|
|
|
record_application_tags = var.insights_config.record_application_tags
|
|
|
|
record_client_address = var.insights_config.record_client_address
|
|
|
|
query_plans_per_minute = var.insights_config.query_plans_per_minute
|
|
|
|
}
|
|
|
|
}
|
2023-12-11 08:59:00 -08:00
|
|
|
|
|
|
|
dynamic "maintenance_window" {
|
|
|
|
for_each = var.maintenance_config.maintenance_window != null ? [""] : []
|
|
|
|
content {
|
|
|
|
day = var.maintenance_config.maintenance_window.day
|
|
|
|
hour = var.maintenance_config.maintenance_window.hour
|
|
|
|
update_track = var.maintenance_config.maintenance_window.update_track
|
|
|
|
}
|
|
|
|
}
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
|
|
|
deletion_protection = var.deletion_protection
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_sql_database_instance" "replicas" {
|
2022-04-12 10:01:34 -07:00
|
|
|
provider = google-beta
|
2022-04-12 15:22:54 -07:00
|
|
|
for_each = local.has_replicas ? var.replicas : {}
|
2021-10-07 09:20:07 -07:00
|
|
|
project = var.project_id
|
|
|
|
name = "${local.prefix}${each.key}"
|
2022-04-12 10:01:34 -07:00
|
|
|
region = each.value.region
|
2021-10-07 09:20:07 -07:00
|
|
|
database_version = var.database_version
|
2022-04-12 10:01:34 -07:00
|
|
|
encryption_key_name = each.value.encryption_key_name
|
2021-10-07 09:20:07 -07:00
|
|
|
master_instance_name = google_sql_database_instance.primary.name
|
|
|
|
|
|
|
|
settings {
|
2023-09-20 06:09:38 -07:00
|
|
|
tier = var.tier
|
|
|
|
deletion_protection_enabled = var.deletion_protection_enabled
|
|
|
|
disk_autoresize = var.disk_size == null
|
|
|
|
disk_size = var.disk_size
|
|
|
|
disk_type = var.disk_type
|
2021-10-07 09:20:07 -07:00
|
|
|
# availability_type = var.availability_type
|
2023-08-25 03:12:08 -07:00
|
|
|
user_labels = var.labels
|
|
|
|
activation_policy = var.activation_policy
|
2021-10-07 09:20:07 -07:00
|
|
|
|
|
|
|
ip_configuration {
|
2023-11-24 06:47:45 -08:00
|
|
|
ipv4_enabled = var.network_config.connectivity.public_ipv4
|
|
|
|
private_network = try(var.network_config.connectivity.psa_config.private_network, null)
|
|
|
|
allocated_ip_range = try(var.network_config.connectivity.psa_config.allocated_ip_ranges.replica, null)
|
2021-10-07 09:20:07 -07:00
|
|
|
dynamic "authorized_networks" {
|
2023-11-24 06:47:45 -08:00
|
|
|
for_each = var.network_config.authorized_networks != null ? var.network_config.authorized_networks : {}
|
2021-10-07 09:20:07 -07:00
|
|
|
iterator = network
|
|
|
|
content {
|
|
|
|
name = network.key
|
|
|
|
value = network.value
|
|
|
|
}
|
|
|
|
}
|
2023-11-24 06:47:45 -08:00
|
|
|
dynamic "psc_config" {
|
|
|
|
for_each = var.network_config.connectivity.psc_allowed_consumer_projects != null ? [""] : []
|
|
|
|
content {
|
|
|
|
psc_enabled = true
|
|
|
|
allowed_consumer_projects = var.network_config.connectivity.psc_allowed_consumer_projects
|
|
|
|
}
|
|
|
|
}
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
dynamic "database_flags" {
|
|
|
|
for_each = var.flags != null ? var.flags : {}
|
|
|
|
iterator = flag
|
|
|
|
content {
|
|
|
|
name = flag.key
|
|
|
|
value = flag.value
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
deletion_protection = var.deletion_protection
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_sql_database" "databases" {
|
|
|
|
for_each = var.databases != null ? toset(var.databases) : toset([])
|
|
|
|
project = var.project_id
|
|
|
|
instance = google_sql_database_instance.primary.name
|
|
|
|
name = each.key
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "random_password" "passwords" {
|
|
|
|
for_each = toset([
|
2023-11-13 01:27:14 -08:00
|
|
|
for k, v in coalesce(var.users, {}) :
|
|
|
|
k
|
|
|
|
if v.password == null
|
2021-10-07 09:20:07 -07:00
|
|
|
])
|
|
|
|
length = 16
|
|
|
|
special = true
|
|
|
|
}
|
|
|
|
|
2023-11-13 01:27:14 -08:00
|
|
|
|
2021-10-07 09:20:07 -07:00
|
|
|
resource "google_sql_user" "users" {
|
|
|
|
for_each = local.users
|
|
|
|
project = var.project_id
|
|
|
|
instance = google_sql_database_instance.primary.name
|
|
|
|
name = each.value.name
|
|
|
|
host = each.value.host
|
|
|
|
password = each.value.password
|
2023-11-13 01:27:14 -08:00
|
|
|
type = each.value.type
|
2021-10-07 09:20:07 -07:00
|
|
|
}
|
2022-12-12 08:14:44 -08:00
|
|
|
|
|
|
|
resource "google_sql_ssl_cert" "postgres_client_certificates" {
|
|
|
|
for_each = var.postgres_client_certificates != null ? toset(var.postgres_client_certificates) : toset([])
|
|
|
|
provider = google-beta
|
2023-08-14 03:40:25 -07:00
|
|
|
project = var.project_id
|
2022-12-12 08:14:44 -08:00
|
|
|
instance = google_sql_database_instance.primary.name
|
|
|
|
common_name = each.key
|
|
|
|
}
|