diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
index ad9ec395..ecd26017 100644
--- a/modules/cloudsql-instance/README.md
+++ b/modules/cloudsql-instance/README.md
@@ -161,6 +161,27 @@ module "db" {
}
# tftest modules=1 resources=2 inventory=public-ip.yaml
```
+
+### Query Insights
+
+Provide `insights_config` (can be just empty `{}`) to enable [Query Insights](https://cloud.google.com/sql/docs/postgres/using-query-insights)
+
+```hcl
+module "db" {
+ source = "./fabric/modules/cloudsql-instance"
+ project_id = var.project_id
+ network = var.vpc.self_link
+ name = "db"
+ region = "europe-west1"
+ database_version = "POSTGRES_13"
+ tier = "db-g1-small"
+
+ insights_config = {
+ query_string_length = 2048
+ }
+}
+# tftest modules=1 resources=1 inventory=insights.yaml
+```
## Variables
@@ -168,11 +189,11 @@ module "db" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [database_version](variables.tf#L61) | Database type and version to create. | string | ✓ | |
-| [name](variables.tf#L114) | Name of primary instance. | string | ✓ | |
-| [network](variables.tf#L119) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | |
-| [project_id](variables.tf#L140) | The ID of the project where this instances will be created. | string | ✓ | |
-| [region](variables.tf#L145) | Region of the primary instance. | string | ✓ | |
-| [tier](variables.tf#L165) | The machine type to use for the instances. | string | ✓ | |
+| [name](variables.tf#L125) | Name of primary instance. | string | ✓ | |
+| [network](variables.tf#L130) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | |
+| [project_id](variables.tf#L151) | The ID of the project where this instances will be created. | string | ✓ | |
+| [region](variables.tf#L156) | Region of the primary instance. | string | ✓ | |
+| [tier](variables.tf#L176) | The machine type to use for the instances. | string | ✓ | |
| [allocated_ip_ranges](variables.tf#L17) | (Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?. | object({…}) | | {} |
| [authorized_networks](variables.tf#L26) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null |
| [availability_type](variables.tf#L32) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" |
@@ -183,13 +204,14 @@ module "db" {
| [disk_type](variables.tf#L84) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" |
| [encryption_key_name](variables.tf#L90) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null |
| [flags](variables.tf#L96) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null |
-| [ipv4_enabled](variables.tf#L102) | Add a public IP address to database instance. | bool | | false |
-| [labels](variables.tf#L108) | Labels to be attached to all instances. | map(string) | | null |
-| [postgres_client_certificates](variables.tf#L124) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null |
-| [prefix](variables.tf#L130) | Optional prefix used to generate instance names. | string | | null |
-| [replicas](variables.tf#L150) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} |
-| [root_password](variables.tf#L159) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null |
-| [users](variables.tf#L170) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null |
+| [insights_config](variables.tf#L102) | Query Insights configuration. Defaults to null which disables Query Insights. | object({…}) | | null |
+| [ipv4_enabled](variables.tf#L113) | Add a public IP address to database instance. | bool | | false |
+| [labels](variables.tf#L119) | Labels to be attached to all instances. | map(string) | | null |
+| [postgres_client_certificates](variables.tf#L135) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null |
+| [prefix](variables.tf#L141) | Optional prefix used to generate instance names. | string | | null |
+| [replicas](variables.tf#L161) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} |
+| [root_password](variables.tf#L170) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null |
+| [users](variables.tf#L181) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null |
## Outputs
diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf
index 2419dc0d..67111a7b 100644
--- a/modules/cloudsql-instance/main.tf
+++ b/modules/cloudsql-instance/main.tf
@@ -105,6 +105,17 @@ resource "google_sql_database_instance" "primary" {
value = flag.value
}
}
+
+ dynamic "insights_config" {
+ for_each = var.insights_config != null ? [1] : []
+ content {
+ query_insights_enabled = true
+ query_string_length = var.insights_config.query_string_length
+ record_application_tags = var.insights_config.record_application_tags
+ record_client_address = var.insights_config.record_client_address
+ query_plans_per_minute = var.insights_config.query_plans_per_minute
+ }
+ }
}
deletion_protection = var.deletion_protection
}
diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
index c7c4ef8d..8b3e0fff 100644
--- a/modules/cloudsql-instance/variables.tf
+++ b/modules/cloudsql-instance/variables.tf
@@ -99,6 +99,17 @@ variable "flags" {
default = null
}
+variable "insights_config" {
+ description = "Query Insights configuration. Defaults to null which disables Query Insights."
+ type = object({
+ query_string_length = optional(number, 1024)
+ record_application_tags = optional(bool, false)
+ record_client_address = optional(bool, false)
+ query_plans_per_minute = optional(number, 5)
+ })
+ default = null
+}
+
variable "ipv4_enabled" {
description = "Add a public IP address to database instance."
type = bool
diff --git a/tests/modules/cloudsql_instance/examples/insights.yaml b/tests/modules/cloudsql_instance/examples/insights.yaml
new file mode 100644
index 00000000..b861c3ea
--- /dev/null
+++ b/tests/modules/cloudsql_instance/examples/insights.yaml
@@ -0,0 +1,54 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.db.google_sql_database_instance.primary:
+ database_version: POSTGRES_13
+ name: db
+ project: project-id
+ region: europe-west1
+ settings:
+ - activation_policy: ALWAYS
+ active_directory_config: []
+ advanced_machine_features: []
+ availability_type: ZONAL
+ collation: null
+ database_flags: []
+ deletion_protection_enabled: null
+ deny_maintenance_period: []
+ disk_autoresize: true
+ disk_autoresize_limit: 0
+ disk_type: PD_SSD
+ insights_config:
+ - query_insights_enabled: true
+ query_plans_per_minute: 5
+ query_string_length: 2048
+ record_application_tags: false
+ record_client_address: false
+ ip_configuration:
+ - allocated_ip_range: null
+ authorized_networks: []
+ enable_private_path_for_google_cloud_services: null
+ ipv4_enabled: false
+ private_network: projects/xxx/global/networks/aaa
+ require_ssl: null
+ maintenance_window: []
+ password_validation_policy: []
+ pricing_plan: PER_USE
+ sql_server_audit_config: []
+ tier: db-g1-small
+ time_zone: null
+
+counts:
+ google_sql_database_instance: 1