passwords: either specified or random

blueprints/third-party-solutions/wordpress/cloudrun/main.tf

@@ -17,12 +17,12 @@
 
 locals {
   all_principals_iam = [for k in var.principals : "user:${k}"]
-  cloud_sql_conf = {
+  cloudsql_conf = {
     database_version = "MYSQL_8_0"
     tier             = "db-g1-small"
     db               = "wp-mysql"
     user             = "admin"
-    pass             = "password"
+    pass             = var.cloudsql_password == null ? random_password.cloudsql_password.result : var.cloudsql_password
   }
   iam = {
     # CloudSQL
@@ -36,9 +36,9 @@ locals {
   }
   prefix  = var.prefix == null ? "" : "${var.prefix}-"
   wp_user = "user"
+  wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password
 }
 
-
 # either create a project or set up the given one
 module "project" {
   source          = "../../../../modules/project"
@@ -60,11 +60,13 @@ module "project" {
   ]
 }
 
-
 resource "random_password" "wp_password" {
   length = 8
 }
 
+resource "random_password" "cloudsql_password" {
+  length = 8
+}
 
 # create the Cloud Run service
 module "cloud_run" {
@@ -88,11 +90,11 @@ module "cloud_run" {
       env = {
         "APACHE_HTTP_PORT_NUMBER" : var.wordpress_port
         "WORDPRESS_DATABASE_HOST" : module.cloudsql.ip
-        "WORDPRESS_DATABASE_NAME" : local.cloud_sql_conf.db
-        "WORDPRESS_DATABASE_USER" : local.cloud_sql_conf.user
-        "WORDPRESS_DATABASE_PASSWORD" : local.cloud_sql_conf.pass
+        "WORDPRESS_DATABASE_NAME" : local.cloudsql_conf.db
+        "WORDPRESS_DATABASE_USER" : local.cloudsql_conf.user
+        "WORDPRESS_DATABASE_PASSWORD" : local.cloudsql_conf.pass
         "WORDPRESS_USERNAME" : local.wp_user
-        "WORDPRESS_PASSWORD" : random_password.wp_password.result
+        "WORDPRESS_PASSWORD" : local.wp_pass
       }
     }
     resources     = null
@@ -165,10 +167,10 @@ module "cloudsql" {
   network          = module.vpc.self_link
   name             = "${local.prefix}mysql"
   region           = var.region
-  database_version = local.cloud_sql_conf.database_version
-  tier             = local.cloud_sql_conf.tier
-  databases        = [local.cloud_sql_conf.db]
+  database_version = local.cloudsql_conf.database_version
+  tier             = local.cloudsql_conf.tier
+  databases        = [local.cloudsql_conf.db]
   users = {
-    "${local.cloud_sql_conf.user}" = "${local.cloud_sql_conf.pass}"
+    "${local.cloudsql_conf.user}" = "${local.cloudsql_conf.pass}"
   }
 }

blueprints/third-party-solutions/wordpress/cloudrun/outputs.tf

@@ -20,6 +20,12 @@ output "cloud_run_service" {
   sensitive   = true
 }
 
+output "cloudsql_password" {
+  description = "CloudSQL password"
+  value       = local.cloudsql_conf.pass
+  sensitive   = true
+}
+
 output "wp_user" {
   description = "Wordpress username"
   value       = local.wp_user
@@ -27,6 +33,6 @@ output "wp_user" {
 
 output "wp_password" {
   description = "Wordpress user password"
-  value       = random_password.wp_password.result
+  value       = local.wp_pass
   sensitive   = true
 }

blueprints/third-party-solutions/wordpress/cloudrun/variables.tf

@@ -21,6 +21,12 @@ variable "cloud_run_invoker" {
   default     = "allUsers"
 }
 
+variable "cloudsql_password" {
+  type        = string
+  description = "CloudSQL password (will be randomly generated by default)"
+  default     = null
+}
+
 variable "connector_cidr" {
   type        = string
   description = "CIDR block for the VPC serverless connector (10.8.0.0/28 by default)"
@@ -81,4 +87,10 @@ variable "wordpress_port" {
   type        = number
   description = "Port for the Wordpress image (8080 by default)"
   default     = 8080
+}
+
+variable "wordpress_password" {
+  type        = string
+  description = "Password for the Wordpress user (will be randomly generated by default)"
+  default     = null
 }