├── .github ├── conventional-commit-lint.yaml ├── release-please.yml ├── renovate.json ├── trusted-contribution.yml └── workflows │ ├── lint.yaml │ └── stale.yml ├── .gitignore ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── build ├── int.cloudbuild.yaml └── lint.cloudbuild.yaml ├── docs ├── upgrading_to_sql_db_11.0.0.md ├── upgrading_to_sql_db_12.0.0.md ├── upgrading_to_sql_db_14.0.0.md ├── upgrading_to_sql_db_15.0.0.md ├── upgrading_to_sql_db_17.0.0.md ├── upgrading_to_sql_db_2.0.0.md ├── upgrading_to_sql_db_20.0.0.md ├── upgrading_to_sql_db_21.0.md ├── upgrading_to_sql_db_22.0.md ├── upgrading_to_sql_db_23.0.md ├── upgrading_to_sql_db_24.0.md ├── upgrading_to_sql_db_26.0.md ├── upgrading_to_sql_db_3.0.0.md └── upgrading_to_sql_db_4.0.0.md ├── examples ├── mssql-failover-replica │ ├── README.md │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ └── variables.tf ├── mssql-public │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mysql-backup-create-service-account │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mysql-ha │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mysql-private │ ├── .gitignore │ ├── README.md │ ├── diagram.png │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mysql-psc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mysql-public │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-backup-provided-service-account │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-ha │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-psc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-public-iam │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-public │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgresql-with-cross-region-failover │ ├── README.md │ ├── kms.tf │ ├── main.tf │ ├── network.tf │ ├── outputs.tf │ └── variables.tf └── private_service_access │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── helpers └── migrate4.py ├── metadata.display.yaml ├── metadata.yaml ├── modules ├── backup │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── templates │ │ ├── backup.yaml.tftpl │ │ └── export.yaml.tftpl │ ├── variables.tf │ └── versions.tf ├── mssql │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mysql │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── read_replica.tf │ ├── variables.tf │ └── versions.tf ├── postgresql │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── read_replica.tf │ ├── variables.tf │ └── versions.tf ├── private_service_access │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── restore │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── templates │ │ └── import.yaml.tftpl │ ├── variables.tf │ └── versions.tf └── safer_mysql │ ├── README.md │ ├── main.tf │ ├── metadata.display.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── test ├── .gitignore ├── fixtures ├── mssql-ha │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mssql-public │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mysql-ha │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mysql-private │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mysql-public │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── postgresql-ha │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── postgresql-public-iam │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── postgresql-public │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── integration ├── discover_test.go ├── go.mod ├── go.sum ├── mssql-failover-replica │ └── mssql_failover_replica_test.go ├── mssql-ha │ └── mssql_ha_test.go ├── mssql-public │ └── mssql_public_test.go ├── mysql-backup-create-service-account │ └── mysql_backup_create_service_account_test.go ├── mysql-ha │ └── mysql_ha_test.go ├── mysql-private │ └── mysql_private_test.go ├── mysql-psc │ └── mysql_psc_test.go ├── mysql-public │ └── mysql_public_test.go ├── postgresql-backup-provided-service-account │ └── postgresql_backup_provided_service_account_test.go ├── postgresql-ha │ └── postgresql_ha_test.go ├── postgresql-psc │ └── postgresql_psc_test.go ├── postgresql-public-iam │ └── postgresql_public_iam_test.go ├── postgresql-public │ └── postgresql_public_test.go └── postgresql-with-cross-region-failover │ └── postgresql_cross_region_failover_test.go └── setup ├── .gitignore ├── iam.tf ├── main.tf ├── outputs.tf └── variables.tf /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"] 4 | } 5 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from values at: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 17 | 18 | name: 'lint' 19 | 20 | on: 21 | workflow_dispatch: 22 | pull_request: 23 | branches: 24 | - main 25 | 26 | concurrency: 27 | group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' 28 | cancel-in-progress: true 29 | 30 | jobs: 31 | lint: 32 | name: 'lint' 33 | runs-on: 'ubuntu-latest' 34 | steps: 35 | - uses: 'actions/checkout@v4' 36 | - id: variables 37 | run: | 38 | MAKEFILE=$(find . -name Makefile -print -quit) 39 | if [ -z "$MAKEFILE" ]; then 40 | echo dev-tools=gcr.io/cloud-foundation-cicd/cft/developer-tools:1 >> "$GITHUB_OUTPUT" 41 | else 42 | VERSION=$(grep "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 43 | IMAGE=$(grep "DOCKER_IMAGE_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 44 | REGISTRY=$(grep "REGISTRY_URL := " $MAKEFILE | cut -d\ -f3) 45 | echo dev-tools=${REGISTRY}/${IMAGE}:${VERSION} >> "$GITHUB_OUTPUT" 46 | fi 47 | - run: docker run --rm -e ENABLE_BPMETADATA -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} module-swapper 48 | env: 49 | ENABLE_BPMETADATA: 1 50 | 51 | - run: docker run --rm -e ENABLE_BPMETADATA -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh 52 | env: 53 | ENABLE_BPMETADATA: 1 54 | 55 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | name: "Close stale issues" 19 | on: 20 | schedule: 21 | - cron: "0 23 * * *" 22 | 23 | jobs: 24 | stale: 25 | if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules' 26 | runs-on: ubuntu-latest 27 | steps: 28 | - uses: actions/stale@v9 29 | with: 30 | repo-token: ${{ secrets.GITHUB_TOKEN }} 31 | stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 32 | stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 33 | exempt-issue-labels: 'triaged' 34 | exempt-pr-labels: 'dependencies,autorelease: pending' 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/terraform.tfstate* 2 | **/.terraform* 3 | **/backend.tf 4 | **/terraform.tfplan 5 | **/values-*.yaml 6 | 7 | .idea 8 | .kitchen 9 | credentials.json 10 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 3 | 4 | * @terraform-google-modules/cft-admins @ayushmjain @imrannayer @isaurabhuttam @q2w 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @terraform-google-modules/cft-admins 10 | .github/CODEOWNERS @terraform-google-modules/cft-admins 11 | docs/CODEOWNERS @terraform-google-modules/cft-admins 12 | 13 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This document provides guidelines for contributing to the module. 4 | 5 | ## Dependencies 6 | 7 | The following dependencies must be installed on the development system: 8 | 9 | - [Docker Engine][docker-engine] 10 | - [Google Cloud SDK][google-cloud-sdk] 11 | - [make] 12 | 13 | ## Generating Documentation for Inputs and Outputs 14 | 15 | The Inputs and Outputs tables in the READMEs of the root module, 16 | submodules, and example modules are automatically generated based on 17 | the `variables` and `outputs` of the respective modules. These tables 18 | must be refreshed if the module interfaces are changed. 19 | 20 | ### Execution 21 | 22 | Run `make generate_docs` to generate new Inputs and Outputs tables. 23 | 24 | ## Integration Testing 25 | 26 | Integration tests are used to verify the behaviour of the root module, 27 | submodules, and example modules. Additions, changes, and fixes should 28 | be accompanied with tests. 29 | 30 | The integration tests are run using [Kitchen][kitchen], 31 | [Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These 32 | tools are packaged within a Docker image for convenience. 33 | 34 | The general strategy for these tests is to verify the behaviour of the 35 | [example modules](./examples/), thus ensuring that the root module, 36 | submodules, and example modules are all functionally correct. 37 | 38 | ### Test Environment 39 | The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. 40 | 41 | To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: 42 | 43 | ``` 44 | export SERVICE_ACCOUNT_JSON=$(< credentials.json) 45 | ``` 46 | 47 | You will also need to set a few environment variables: 48 | ``` 49 | export TF_VAR_org_id="your_org_id" 50 | export TF_VAR_folder_id="your_folder_id" 51 | export TF_VAR_billing_account="your_billing_account_id" 52 | ``` 53 | 54 | With these settings in place, you can prepare a test project using Docker: 55 | ``` 56 | make docker_test_prepare 57 | ``` 58 | 59 | ### Noninteractive Execution 60 | 61 | Run `make docker_test_integration` to test all of the example modules 62 | noninteractively, using the prepared test project. 63 | 64 | ### Interactive Execution 65 | 66 | 1. Run `make docker_run` to start the testing Docker container in 67 | interactive mode. 68 | 69 | 1. Run `kitchen_do create ` to initialize the working 70 | directory for an example module. 71 | 72 | 1. Run `kitchen_do converge ` to apply the example module. 73 | 74 | 1. Run `kitchen_do verify ` to test the example module. 75 | 76 | 1. Run `kitchen_do destroy ` to destroy the example module 77 | state. 78 | 79 | ## Linting and Formatting 80 | 81 | Many of the files in the repository can be linted or formatted to 82 | maintain a standard of quality. 83 | 84 | ### Execution 85 | 86 | Run `make docker_test_lint`. 87 | 88 | [docker-engine]: https://www.docker.com/products/docker-engine 89 | [flake8]: http://flake8.pycqa.org/en/latest/ 90 | [gofmt]: https://golang.org/cmd/gofmt/ 91 | [google-cloud-sdk]: https://cloud.google.com/sdk/install 92 | [hadolint]: https://github.com/hadolint/hadolint 93 | [inspec]: https://inspec.io/ 94 | [kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform 95 | [kitchen]: https://kitchen.ci/ 96 | [make]: https://en.wikipedia.org/wiki/Make_(software) 97 | [shellcheck]: https://www.shellcheck.net/ 98 | [terraform-docs]: https://github.com/segmentio/terraform-docs 99 | [terraform]: https://terraform.io/ 100 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). 16 | # Please make sure to contribute relevant changes upstream! 17 | 18 | # Make will use bash instead of sh 19 | SHELL := /usr/bin/env bash 20 | 21 | DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22 22 | DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools 23 | REGISTRY_URL := gcr.io/cloud-foundation-cicd 24 | 25 | # Enter docker container for local development 26 | .PHONY: docker_run 27 | docker_run: 28 | docker run --rm -it \ 29 | -e SERVICE_ACCOUNT_JSON \ 30 | -v "$(CURDIR)":/workspace \ 31 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 32 | /bin/bash 33 | 34 | # Execute prepare tests within the docker container 35 | .PHONY: docker_test_prepare 36 | docker_test_prepare: 37 | docker run --rm -it \ 38 | -e SERVICE_ACCOUNT_JSON \ 39 | -e TF_VAR_org_id \ 40 | -e TF_VAR_folder_id \ 41 | -e TF_VAR_billing_account \ 42 | -v "$(CURDIR)":/workspace \ 43 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 44 | /usr/local/bin/execute_with_credentials.sh prepare_environment 45 | 46 | # Clean up test environment within the docker container 47 | .PHONY: docker_test_cleanup 48 | docker_test_cleanup: 49 | docker run --rm -it \ 50 | -e SERVICE_ACCOUNT_JSON \ 51 | -e TF_VAR_org_id \ 52 | -e TF_VAR_folder_id \ 53 | -e TF_VAR_billing_account \ 54 | -v "$(CURDIR)":/workspace \ 55 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 56 | /usr/local/bin/execute_with_credentials.sh cleanup_environment 57 | 58 | # Execute integration tests within the docker container 59 | .PHONY: docker_test_integration 60 | docker_test_integration: 61 | docker run --rm -it \ 62 | -e SERVICE_ACCOUNT_JSON \ 63 | -v "$(CURDIR)":/workspace \ 64 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 65 | /usr/local/bin/test_integration.sh 66 | 67 | # Execute lint tests within the docker container 68 | .PHONY: docker_test_lint 69 | docker_test_lint: 70 | docker run --rm -it \ 71 | -e ENABLE_BPMETADATA \ 72 | -v "$(CURDIR)":/workspace \ 73 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 74 | /usr/local/bin/test_lint.sh 75 | 76 | # Generate documentation 77 | .PHONY: docker_generate_docs 78 | docker_generate_docs: 79 | docker run --rm -it \ 80 | -e ENABLE_BPMETADATA \ 81 | -v "$(CURDIR)":/workspace \ 82 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 83 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' 84 | 85 | # Alias for backwards compatibility 86 | .PHONY: generate_docs 87 | generate_docs: docker_generate_docs 88 | -------------------------------------------------------------------------------- /build/lint.cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | steps: 16 | - name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 17 | id: 'lint' 18 | args: ['/usr/local/bin/test_lint.sh'] 19 | tags: 20 | - 'ci' 21 | - 'lint' 22 | substitutions: 23 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' 24 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' 25 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_15.0.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 15.0.0 2 | 3 | The 15.0.0 release of SQL DB is a backward incompatible release. 4 | This incompatibility affects `postgresql` submodule that uses IAM authentication. 5 | 6 | ## Migration Instructions 7 | 8 | ### `iam_user_emails` moved to `iam_users` and changed to be an list(object) 9 | 10 | Prior to the `15.0.0` release, the `postgresql` submodule took a `list(string)` for `iam_user_emails`. 11 | 12 | This meant that it was not possible to create a `google_service_account` and corresponding `google_sql_user` 13 | in a single `terraform apply` because the `email` is `(known after apply)` and was used in the resource address. 14 | See [issue 413](https://github.com/terraform-google-modules/terraform-google-sql-db/issues/413) for more details. 15 | 16 | In the `15.0.0` release, the input/output variable has been renamed from `iam_user_emails` to `iam_users`, and 17 | now accepts a `list(object({id=string, email=string}))`, where `id` is used in the resource address. 18 | 19 | This allows a value that is known at `plan` time to be passed, for example `google_service_account.my_service_account.account_id` 20 | would be a good candidate for this. 21 | 22 | ```diff 23 | module "pg" { 24 | source = "GoogleCloudPlatform/sql-db/google//modules/postgresql" 25 | - version = "~> 14.0" 26 | + version = "~> 15.0" 27 | 28 | name = "test" 29 | database_version = "POSTGRES_14" 30 | project_id = var.project_id 31 | zone = "europe-west1-b" 32 | region = "europe-west1" 33 | tier = "db-custom-1-3840" 34 | 35 | database_flags = [ 36 | { 37 | name = "cloudsql.iam_authentication" 38 | value = "on" 39 | } 40 | ] 41 | 42 | - iam_user_emails = [ 43 | - "test-sa@${var.project_id}.iam.gserviceaccount.com", 44 | - "john.doe@gmail.com" 45 | - ] 46 | + iam_users = [ 47 | + { 48 | + id = "test-sa", 49 | + email = "test-sa@${var.project_id}.iam.gserviceaccount.com", 50 | + }, 51 | + { 52 | + id = "john.doe", 53 | + email = "john.doe@gmail.com", 54 | + }, 55 | + ] 56 | } 57 | 58 | + moved { 59 | + from = module.pg.google_sql_user.iam_account["test-sa@${var.project_id}.iam.gserviceaccount.com true"] 60 | + to = module.pg.google_sql_user.iam_account["test-sa"] 61 | + } 62 | 63 | + moved { 64 | + from = module.pg.google_sql_user.iam_account["john.doe@gmail.com false"] 65 | + to = module.pg.google_sql_user.iam_account["john.doe"] 66 | + } 67 | 68 | ``` 69 | 70 | We recommend using `moved` blocks as [documented here](https://developer.hashicorp.com/terraform/language/modules/develop/refactoring) 71 | to explicitly migrate your state. You can find the list of state addresses to move using: 72 | 73 | ```shell 74 | terraform state list | grep google_sql_user.iam_account 75 | ``` 76 | 77 | If you do not wish to use `moved` blocks, you can instead migrate your state using `terraform state mv`: 78 | ```shell 79 | terraform state mv \ 80 | 'module.pg.google_sql_user.iam_account["test-sa@$my-project-id.iam.gserviceaccount.com true"]' \ 81 | 'module.pg.google_sql_user.iam_account["test-sa"]' 82 | ``` 83 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_17.0.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 17.0.0 2 | 3 | The 16.0.0 release of SQL DB is a backward incompatible release. 4 | 5 | This update requires upgrading the minimum provider version from `4.74` to `4.80`. 6 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_2.0.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 2.0.0 2 | 3 | The 2.0.0 release of SQL DB is a backward incompatible release. This 4 | incompatibility affects any configuration which uses the root module. 5 | 6 | ## Instructions 7 | 8 | Prior to the 1.1.0 release, the root module was the only mechanism to 9 | configure databases: 10 | 11 | ```hcl 12 | module "sql_db_mysql" { 13 | source = "GoogleCloudPlatform/sql-db/google" 14 | version = "1.0.0" 15 | 16 | database_version = "MYSQL_5_6" 17 | name = "mysql-example" 18 | project = "example-project" 19 | region = "us-central1" 20 | } 21 | 22 | module "sql_db_postgresql" { 23 | source = "GoogleCloudPlatform/sql-db/google" 24 | version = "1.0.0" 25 | 26 | database_version = "POSTGRES_9_6" 27 | name = "postgresql-examlpe" 28 | project = "example-project" 29 | region = "us-central1" 30 | } 31 | ``` 32 | 33 | With the 1.1.0 release, submodules were added for each type of 34 | database. As of the 2.0.0 release, the root module has been removed so 35 | the submodules must be used: 36 | 37 | ```diff 38 | module "sql_db_mysql" { 39 | - source = "GoogleCloudPlatform/sql-db/google" 40 | + source = "GoogleCloudPlatform/sql-db/google//modules/mysql" 41 | - version = "1.0.0" 42 | + version = "~> 2.0" 43 | 44 | database_version = "MYSQL_5_6" 45 | name = "mysql-example" 46 | - project = "example-project" 47 | + project_id = "example-project" 48 | region = "us-central1" 49 | + zone = "us-central1-a" 50 | } 51 | 52 | module "sql_db_postgresql" { 53 | - source = "GoogleCloudPlatform/sql-db/google" 54 | + source = "GoogleCloudPlatform/sql-db/google//modules/postgresql" 55 | - version = "1.0.0" 56 | + version = "~> 2.0" 57 | 58 | database_version = "POSTGRES_9_6" 59 | name = "postgresql-example" 60 | - project = "example-project" 61 | + project_id = "example-project" 62 | region = "us-central1" 63 | + zone = "us-central1-a" 64 | } 65 | ``` 66 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_20.0.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 20.0.0 2 | 3 | The 20.0.0 release of SQL DB is a backward incompatible release. 4 | 5 | This update requires upgrading the minimum provider version `5.12` and minimum Terraform version `1.3` 6 | 7 | 8 | In `mysql` and `postgresql` sub-module output `instance_server_ca_cert` and `replicas_instance_server_ca_certs` are also marked as `sensitive` 9 | 10 | In `mysql` and `postgresql` sub-module default value for `zone` is changed from `"us-central1-a"` to `null` 11 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_21.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 21.0 2 | 3 | The 21.0 release of SQL DB is a backward incompatible release. 4 | 5 | # Maximum provider version 6 | This update requires upgrading the minimum Terraform version `1.3`. Minimum provider version for `private_service_access` sub-module is `5.38` 7 | 8 | # Removed settings.ip_configuration.require_ssl 9 | Removed `settings.ip_configuration.require_ssl` from all the modules (`google_sql_database_instance`) in favor of `settings.ip_configuration.ssl_mode`. This field is not available in [provider version 6+](https://github.com/hashicorp/terraform-provider-google/pull/19263) 10 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_22.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 22.0 2 | 3 | The 22.0 release of SQL DB is a backward incompatible release. 4 | 5 | # Maximum provider version 6 | This update requires upgrading the minimum Terraform version `1.3`. Maximum provider version is relaxed to use provider version 6.X+ 7 | 8 | # Removed settings.ip_configuration.require_ssl 9 | Removed `settings.ip_configuration.require_ssl` from all the modules (`google_sql_database_instance`) in favor of `settings.ip_configuration.ssl_mode`. This field is not available in [provider version 6+](https://registry.terraform.io/providers/hashicorp/google/5.43.0/docs/guides/version_6_upgrade#resource-google_sql_database_instance) 10 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_23.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 23.0 2 | 3 | The 23.0 release of SQL DB is a backward incompatible release. 4 | 5 | # Cloud SQL Service Account role update in backup module 6 | 7 | Changed `storage.objectCreator` role to `storage.objectAdmin` for Cloud SQL Service Account on the bucket used for exporting the database, due to GCP internal changes in the export process. 8 | 9 | # Minimum provider version 10 | Minimum provider version for `mysql`, `safer_mysql` and `postgresql sub-module` is `6.1` 11 | 12 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_24.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v24.0 2 | 3 | The v24.0 release contains backwards-incompatible changes. 4 | 5 | ## Replace uses of apphub_service_uri 6 | 7 | This release removes apphub_service_uri output. You can replace use of `apphub_service_uri` by forming the desired output as below, 8 | 9 | ``` 10 | { 11 | service_uri = "//cloudsql.googleapis.com/projects${element(split("/projects", module.mysql.instance_self_link), 1)}" 12 | service_id = substr(format("%s-%s", , md5(module.mysql.instance_self_link)), 0, 63) 13 | } 14 | ``` 15 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_26.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to v26.0 2 | 3 | The v26.0 release contains backwards-incompatible changes. 4 | 5 | This update requires upgrading the minimum provider version from `6.1` to `6.17` 6 | -------------------------------------------------------------------------------- /docs/upgrading_to_sql_db_3.0.0.md: -------------------------------------------------------------------------------- 1 | # Upgrading to SQL DB 3.0.0 2 | 3 | The 3.0.0 release of SQL DB is a backward incompatible release. The `peering_completed` string variable along with hardcoded "tf_dependency" label in `user_labels` variable used to ensure that resources are created in a proper order when using private IPs and service network peering were dropped from `postgresql` and `safer_mysql` submodules. Instead the `module_depends_on` variable was added to the `postgresql`, `safer_mysql` and `mysql` submodules, which is a list of modules/resources a submodule depends on. 4 | 5 | ## Migration Instructions 6 | 7 | Prior to the 3.0.0 release, you needed to set the optional `peering_completed` input with a string id of a resource that should have been created before the target sql module (e.g. safer_mysql). 8 | 9 | ```hcl 10 | // We define a connection with the VPC of the Cloud SQL instance. 11 | module "private-service-access" { 12 | source = "GoogleCloudPlatform/sql-db/google//modules/private_service_access" 13 | project_id = var.project_id 14 | vpc_network = google_compute_network.default.name 15 | } 16 | 17 | module "safer-mysql-db" { 18 | source = "GoogleCloudPlatform/sql-db/google//modules/safer_mysql" 19 | version = "2.0.0" 20 | 21 | name = "example-safer-mysql-${random_id.name.hex}" 22 | database_version = var.mysql_version 23 | project_id = var.project_id 24 | region = var.region 25 | zone = "c" 26 | 27 | ... 28 | 29 | assign_public_ip = true 30 | vpc_network = google_compute_network.default.self_link 31 | 32 | // Used to enforce ordering in the creation of resources. 33 | peering_completed = module.private-service-access.complete 34 | } 35 | 36 | ``` 37 | 38 | With the 3.0.0 release, the `module_depends_on` variable is presented which contains a list of modules/resources that should be created before the target sql module. 39 | 40 | ```diff 41 | // We define a connection with the VPC of the Cloud SQL instance. 42 | module "private-service-access" { 43 | source = "GoogleCloudPlatform/sql-db/google//modules/private_service_access" 44 | project_id = var.project_id 45 | vpc_network = google_compute_network.default.name 46 | } 47 | 48 | module "safer-mysql-db" { 49 | source = "GoogleCloudPlatform/sql-db/google//modules/safer_mysql" 50 | - version = "2.0.0" 51 | + version = "3.0.0" 52 | 53 | name = "example-safer-mysql-${random_id.name.hex}" 54 | database_version = var.mysql_version 55 | project_id = var.project_id 56 | region = var.region 57 | zone = "c" 58 | 59 | ... 60 | 61 | assign_public_ip = true 62 | vpc_network = google_compute_network.default.self_link 63 | 64 | // Used to enforce ordering in the creation of resources. 65 | - peering_completed = module.private-service-access.complete 66 | + module_depends_on = [module.private-service-access.complete] 67 | } 68 | 69 | ``` 70 | -------------------------------------------------------------------------------- /examples/mssql-failover-replica/README.md: -------------------------------------------------------------------------------- 1 | # CloudSql MS SQL Server database Example with failover replication 2 | 3 | This example shows how create private MS SQL Server database with cross region failover replica using the Terraform module. You can promote failover replica without losing state file sync. 4 | 5 | - Set `enable_default_db` and `enable_default_user` to `null` 6 | - Dont set `additional_databases`, `user_name`, `user_password` and `additional_users` 7 | - `availability_type` in all replica should be set to `ZONAL` 8 | 9 | ## Run Terraform 10 | 11 | ``` 12 | terraform init 13 | terraform plan 14 | terraform apply 15 | ``` 16 | 17 | ## Failover to Instance 2 18 | 19 | Promote instance 2 as primary and change instance 1 as failover replica 20 | 21 | 1) remove `master_instance_name` from instance 2 and Execute `terraform apply` 22 | 23 | ```diff 24 | module "mssql2" { 25 | source = "terraform-google-modules/sql-db/google//modules/mssql" 26 | version = "~> 25.2" 27 | 28 | - master_instance_name = module.mssql1.instance_name 29 | 30 | ... 31 | } 32 | ``` 33 | 34 | 2) Remove instance 1 by removing instance 1 code and Execute `terraform apply` 35 | 36 | ```diff 37 | - module "mssql1" { 38 | - source = "terraform-google-modules/sql-db/google//modules/mssql" 39 | - version = "~> 22.0" 40 | - region = local.region_1 41 | - name = "tf-mssql-public-1" 42 | - random_instance_name = true 43 | - project_id = var.project_id 44 | - ... 45 | - } 46 | - output "instance_name1" { 47 | - description = "The name for Cloud SQL instance" 48 | - value = module.mssql1.instance_name 49 | - } 50 | - output "mssql_connection" { 51 | - value = module.mssql1.instance_connection_name 52 | - description = "The connection name of the master instance to be used in connection strings" 53 | - } 54 | - output "public_ip_address" { 55 | - value = module.mssql1.instance_first_ip_address 56 | - description = "Public ip address" 57 | - } 58 | ``` 59 | 60 | 3) Create instance 1 as failover replica by adding instance 1 code with following additional line and Execute `terraform apply` 61 | 62 | ```diff 63 | module "mssql1" { 64 | source = "terraform-google-modules/sql-db/google//modules/mssql" 65 | version = "~> 20.0" 66 | 67 | + master_instance_name = module.mssql2.instance_name 68 | 69 | ... 70 | 71 | } 72 | ``` 73 | 74 | 75 | ## Cleanup 76 | 77 | To remove all resources created by terraform: 78 | 79 | ```bash 80 | terraform destroy 81 | ``` 82 | 83 | 84 | ## Inputs 85 | 86 | | Name | Description | Type | Default | Required | 87 | |------|-------------|------|---------|:--------:| 88 | | network\_name | The ID of the network in which to provision resources. | `string` | `"test-mssql-failover"` | no | 89 | | project\_id | The project to run tests against | `string` | n/a | yes | 90 | | sql\_server\_audit\_config | SQL server audit config settings. | `map(string)` | `{}` | no | 91 | 92 | ## Outputs 93 | 94 | | Name | Description | 95 | |------|-------------| 96 | | instance\_name1 | The name for Cloud SQL instance | 97 | | instance\_name2 | The name for Cloud SQL instance 2 | 98 | | master\_instance\_name2 | n/a | 99 | | mssql\_connection | The connection name of the master instance to be used in connection strings | 100 | | project\_id | n/a | 101 | | public\_ip\_address | Public ip address | 102 | 103 | 104 | 105 | -------------------------------------------------------------------------------- /examples/mssql-failover-replica/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | locals { 19 | region_1 = "us-central1" 20 | region_2 = "us-east1" 21 | } 22 | 23 | # Instance 1 24 | 25 | module "mssql1" { 26 | source = "terraform-google-modules/sql-db/google//modules/mssql" 27 | version = "~> 25.0" 28 | 29 | region = local.region_1 30 | 31 | name = "tf-mssql-public-1" 32 | random_instance_name = true 33 | project_id = var.project_id 34 | 35 | database_version = "SQLSERVER_2022_ENTERPRISE" 36 | 37 | deletion_protection = false 38 | 39 | tier = "db-custom-4-15360" 40 | 41 | ip_configuration = { 42 | ipv4_enabled = false 43 | private_network = google_compute_network.default.self_link 44 | } 45 | 46 | sql_server_audit_config = var.sql_server_audit_config 47 | enable_default_db = false 48 | enable_default_user = false 49 | 50 | depends_on = [ 51 | google_service_networking_connection.vpc_connection, 52 | ] 53 | } 54 | 55 | # instance 2 56 | 57 | module "mssql2" { 58 | source = "terraform-google-modules/sql-db/google//modules/mssql" 59 | version = "~> 25.0" 60 | 61 | master_instance_name = module.mssql1.instance_name 62 | 63 | region = local.region_2 64 | 65 | name = "tf-mssql-public-2" 66 | random_instance_name = true 67 | project_id = var.project_id 68 | 69 | database_version = "SQLSERVER_2022_ENTERPRISE" 70 | 71 | deletion_protection = false 72 | 73 | tier = "db-custom-4-15360" 74 | 75 | ip_configuration = { 76 | ipv4_enabled = false 77 | private_network = google_compute_network.default.self_link 78 | } 79 | 80 | sql_server_audit_config = var.sql_server_audit_config 81 | enable_default_db = false 82 | enable_default_user = false 83 | 84 | depends_on = [ 85 | google_service_networking_connection.vpc_connection, 86 | ] 87 | } 88 | -------------------------------------------------------------------------------- /examples/mssql-failover-replica/network.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | # Create Network with a subnetwork and private service access for both netapp.servicenetworking.goog and servicenetworking.googleapis.com 19 | 20 | resource "google_compute_network" "default" { 21 | name = var.network_name 22 | project = var.project_id 23 | auto_create_subnetworks = false 24 | description = "test network" 25 | } 26 | 27 | resource "google_compute_subnetwork" "subnetwork1" { 28 | name = "subnet-${local.region_1}-mssql" 29 | ip_cidr_range = "10.0.0.0/24" 30 | region = local.region_1 31 | project = var.project_id 32 | network = google_compute_network.default.self_link 33 | private_ip_google_access = true 34 | } 35 | 36 | resource "google_compute_subnetwork" "subnetwork_2" { 37 | name = "subnet-${local.region_2}-mssql" 38 | ip_cidr_range = "10.0.1.0/24" 39 | region = local.region_2 40 | project = var.project_id 41 | network = google_compute_network.default.self_link 42 | private_ip_google_access = true 43 | } 44 | 45 | 46 | resource "google_compute_global_address" "private_ip_alloc" { 47 | project = var.project_id 48 | name = "psa-mssql" 49 | address_type = "INTERNAL" 50 | purpose = "VPC_PEERING" 51 | address = "10.10.0.0" 52 | prefix_length = 16 53 | network = google_compute_network.default.id 54 | } 55 | 56 | resource "google_service_networking_connection" "vpc_connection" { 57 | network = google_compute_network.default.id 58 | service = "servicenetworking.googleapis.com" 59 | reserved_peering_ranges = [ 60 | google_compute_global_address.private_ip_alloc.name, 61 | ] 62 | deletion_policy = "ABANDON" 63 | 64 | depends_on = [ 65 | google_compute_subnetwork.subnetwork1, 66 | google_compute_subnetwork.subnetwork_2 67 | ] 68 | } 69 | -------------------------------------------------------------------------------- /examples/mssql-failover-replica/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | # instance 1 22 | 23 | output "instance_name1" { 24 | description = "The name for Cloud SQL instance" 25 | value = module.mssql1.instance_name 26 | } 27 | 28 | output "mssql_connection" { 29 | value = module.mssql1.instance_connection_name 30 | description = "The connection name of the master instance to be used in connection strings" 31 | } 32 | 33 | output "public_ip_address" { 34 | value = module.mssql1.instance_first_ip_address 35 | description = "Public ip address" 36 | } 37 | 38 | # instance 2 39 | 40 | output "instance_name2" { 41 | description = "The name for Cloud SQL instance 2" 42 | value = module.mssql2.instance_name 43 | } 44 | 45 | output "master_instance_name2" { 46 | value = module.mssql2.primary.master_instance_name 47 | sensitive = true 48 | } 49 | -------------------------------------------------------------------------------- /examples/mssql-failover-replica/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "sql_server_audit_config" { 23 | description = "SQL server audit config settings." 24 | type = map(string) 25 | default = {} 26 | } 27 | 28 | variable "network_name" { 29 | description = "The ID of the network in which to provision resources." 30 | type = string 31 | default = "test-mssql-failover" 32 | } 33 | -------------------------------------------------------------------------------- /examples/mssql-public/README.md: -------------------------------------------------------------------------------- 1 | # Cloud MS SQL Server database Example 2 | 3 | This example shows how create MS SQL Server database using the Terraform module. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | name | The name for Cloud SQL instance | `string` | `"tf-mssql-public"` | no | 11 | | project\_id | The project to run tests against | `string` | n/a | yes | 12 | | sql\_server\_audit\_config | SQL server audit config settings. | `map(string)` | `{}` | no | 13 | 14 | ## Outputs 15 | 16 | | Name | Description | 17 | |------|-------------| 18 | | instance\_name | The name for Cloud SQL instance | 19 | | mssql\_connection | The connection name of the master instance to be used in connection strings | 20 | | project\_id | n/a | 21 | | public\_ip\_address | Public ip address | 22 | 23 | 24 | 25 | ## Run Terraform 26 | 27 | ``` 28 | terraform init 29 | terraform plan 30 | terraform apply 31 | ``` 32 | 33 | ## Test connection to database 34 | 35 | ```bash 36 | gcloud sql connect $(terraform output instance_name) --user=simpleuser 37 | ``` 38 | ## Cleanup 39 | 40 | Remove all resources created by terraform: 41 | 42 | ```bash 43 | terraform destroy 44 | ``` 45 | -------------------------------------------------------------------------------- /examples/mssql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "mssql" { 18 | source = "terraform-google-modules/sql-db/google//modules/mssql" 19 | version = "~> 25.0" 20 | 21 | name = var.name 22 | random_instance_name = true 23 | project_id = var.project_id 24 | user_name = "simpleuser" 25 | user_password = "foobar" 26 | 27 | deletion_protection = false 28 | 29 | sql_server_audit_config = var.sql_server_audit_config 30 | } 31 | -------------------------------------------------------------------------------- /examples/mssql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "instance_name" { 22 | description = "The name for Cloud SQL instance" 23 | value = module.mssql.instance_name 24 | } 25 | 26 | output "mssql_connection" { 27 | value = module.mssql.instance_connection_name 28 | description = "The connection name of the master instance to be used in connection strings" 29 | } 30 | 31 | output "public_ip_address" { 32 | value = module.mssql.instance_first_ip_address 33 | description = "Public ip address" 34 | } 35 | -------------------------------------------------------------------------------- /examples/mssql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mssql-public" 26 | } 27 | 28 | variable "sql_server_audit_config" { 29 | description = "SQL server audit config settings." 30 | type = map(string) 31 | default = {} 32 | } 33 | -------------------------------------------------------------------------------- /examples/mysql-backup-create-service-account/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Backup Example 2 | 3 | This example shows how to create: 4 | 5 | - a MySQL CloudSQL Instance 6 | - A GCS Bucket for storing the Backup 7 | - The Workflows for exports (external backups) and (internal) backups 8 | 9 | ## Run Terraform 10 | 11 | Create resources with terraform: 12 | 13 | ```bash 14 | terraform init 15 | terraform plan 16 | terraform apply 17 | ``` 18 | 19 | To remove all resources created by terraform: 20 | 21 | ```bash 22 | terraform destroy 23 | ``` 24 | 25 | 26 | ## Inputs 27 | 28 | | Name | Description | Type | Default | Required | 29 | |------|-------------|------|---------|:--------:| 30 | | project\_id | The ID of the project in which resources will be provisioned. | `string` | n/a | yes | 31 | 32 | ## Outputs 33 | 34 | | Name | Description | 35 | |------|-------------| 36 | | backup\_workflow\_name | The name for internal backup workflow | 37 | | export\_workflow\_name | The name for export workflow | 38 | | instance\_name | The name of the SQL instance | 39 | | mysql-password | n/a | 40 | | project\_id | The project ID used | 41 | | service\_account | The service account email running the scheduler and workflow | 42 | | workflow\_location | The location where the workflows run | 43 | 44 | 45 | -------------------------------------------------------------------------------- /examples/mysql-backup-create-service-account/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "mysql" { 18 | source = "terraform-google-modules/sql-db/google//modules/mysql" 19 | version = "~> 25.0" 20 | 21 | name = "example-mysql-public" 22 | database_version = "MYSQL_8_0" 23 | random_instance_name = true 24 | project_id = var.project_id 25 | zone = "us-central1-a" 26 | region = "us-central1" 27 | deletion_protection = false 28 | 29 | ip_configuration = { 30 | ipv4_enabled = true 31 | private_network = null 32 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 33 | allocated_ip_range = null 34 | authorized_networks = [] 35 | } 36 | } 37 | 38 | resource "google_storage_bucket" "backup" { 39 | name = "${module.mysql.instance_name}-backup" 40 | location = "us-central1" 41 | # TODO: don't use force_destroy for production this is just required for testing 42 | force_destroy = true 43 | project = var.project_id 44 | } 45 | 46 | module "backup" { 47 | source = "terraform-google-modules/sql-db/google//modules/backup" 48 | version = "~> 25.0" 49 | 50 | region = "us-central1" 51 | project_id = var.project_id 52 | sql_instance = module.mysql.instance_name 53 | export_databases = [] 54 | export_uri = google_storage_bucket.backup.url 55 | backup_retention_time = 1 56 | backup_schedule = "5 * * * *" 57 | export_schedule = "10 * * * *" 58 | compress_export = false 59 | deletion_protection = false 60 | } 61 | -------------------------------------------------------------------------------- /examples/mysql-backup-create-service-account/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "backup_workflow_name" { 18 | value = module.backup.backup_workflow_name 19 | description = "The name for internal backup workflow" 20 | } 21 | 22 | output "export_workflow_name" { 23 | value = module.backup.export_workflow_name 24 | description = "The name for export workflow" 25 | } 26 | 27 | output "project_id" { 28 | value = var.project_id 29 | description = "The project ID used" 30 | } 31 | 32 | output "service_account" { 33 | value = module.backup.service_account 34 | description = "The service account email running the scheduler and workflow" 35 | } 36 | 37 | output "workflow_location" { 38 | value = module.backup.region 39 | description = "The location where the workflows run" 40 | } 41 | 42 | output "instance_name" { 43 | value = module.mysql.instance_name 44 | description = "The name of the SQL instance" 45 | } 46 | 47 | output "mysql-password" { 48 | value = module.mysql.generated_user_password 49 | sensitive = true 50 | } 51 | -------------------------------------------------------------------------------- /examples/mysql-backup-create-service-account/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/mysql-ha/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public MySQL HA Cloud cluster using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | mysql\_ha\_external\_ip\_range | The ip range to allow connecting from/to Cloud SQL | `string` | `"192.10.10.10/32"` | no | 27 | | mysql\_ha\_name | The name for Cloud SQL instance | `string` | `"tf-mysql-ha"` | no | 28 | | project\_id | The project to run tests against | `string` | n/a | yes | 29 | 30 | ## Outputs 31 | 32 | | Name | Description | 33 | |------|-------------| 34 | | authorized\_network | n/a | 35 | | instances | n/a | 36 | | name | The name for Cloud SQL instance | 37 | | project\_id | n/a | 38 | | replicas | n/a | 39 | 40 | 41 | -------------------------------------------------------------------------------- /examples/mysql-ha/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | description = "The name for Cloud SQL instance" 23 | value = module.mysql.instance_name 24 | } 25 | 26 | output "authorized_network" { 27 | value = var.mysql_ha_external_ip_range 28 | } 29 | 30 | output "replicas" { 31 | value = module.mysql.replicas 32 | } 33 | 34 | output "instances" { 35 | value = module.mysql.instances 36 | } 37 | -------------------------------------------------------------------------------- /examples/mysql-ha/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "mysql_ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mysql-ha" 26 | } 27 | 28 | variable "mysql_ha_external_ip_range" { 29 | type = string 30 | description = "The ip range to allow connecting from/to Cloud SQL" 31 | default = "192.10.10.10/32" 32 | } 33 | -------------------------------------------------------------------------------- /examples/mysql-private/.gitignore: -------------------------------------------------------------------------------- 1 | cloud_sql_proxy 2 | -------------------------------------------------------------------------------- /examples/mysql-private/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the private MySQL Cloud database using the Terraform module. 4 | 5 | **Figure 1.** *diagram of Google Cloud resources* 6 | 7 | ![architecture diagram](./diagram.png) 8 | 9 | ## Run Terraform 10 | 11 | ``` 12 | terraform init 13 | terraform plan 14 | terraform apply 15 | ``` 16 | 17 | ## Test connection to database 18 | 19 | 1. Install the Cloud SQL Proxy: 20 | 21 | ```bash 22 | wget https://dl.google.com/cloudsql/cloud_sql_proxy.$(uname | tr '[:upper:]' '[:lower:]').amd64 -O cloud_sql_proxy 23 | chmod +x cloud_sql_proxy 24 | ``` 25 | 26 | 2. Run the Cloud SQL proxy in the background: 27 | 28 | ```bash 29 | MYSQL_CONN_NAME=$(terraform output mysql_conn) 30 | PSQL_CONN_NAME=$(terraform output psql_conn) 31 | SAFER_MYSQL_CONN_NAME=$(terraform output safer_mysql_conn) 32 | 33 | ./cloud_sql_proxy -instances=${MYSQL_CONN_NAME}=tcp:3306,${PSQL_CONN_NAME}=tcp:5432,${MYSQL_CONN_NAME}=tcp:6306 & 34 | ``` 35 | 36 | 3. Get the generated user passwords: 37 | 38 | ``` 39 | echo MYSQL_PASSWORD=$(terraform output mysql_user_pass) 40 | echo PSQL_PASSWORD=$(terraform output psql_user_pass) 41 | echo SAFER_MYSQL_PASSWORD=$(terraform output safer_mysql_user_pass) 42 | ``` 43 | 44 | 4. Test the MySQL connection: 45 | 46 | ``` 47 | mysql -udefault -p --host 127.0.0.1 default 48 | ``` 49 | 50 | > When prompted, enter the value of MYSQL_PASSWORD 51 | 52 | 5. Test the PostgreSQL connection: 53 | 54 | ``` 55 | psql -h 127.0.0.1 --user default 56 | ``` 57 | 58 | > When prompted, enter the value of PSQL_PASSWORD 59 | 60 | 4. Test the MySQL connection to the safer second instance: 61 | 62 | ``` 63 | mysql -udefault -p --host 127.0.0.1 --port 6306 default 64 | ``` 65 | 66 | > When prompted, enter the value of SAFER_MYSQL_PASSWORD 67 | 68 | ## Cleanup 69 | 70 | 1. Stop the Cloud SQL Proxy: 71 | 72 | ```bash 73 | killall cloud_sql_proxy 74 | ``` 75 | 76 | 2. Remove all resources created by terraform: 77 | 78 | ```bash 79 | terraform destroy 80 | ``` 81 | 82 | 83 | ## Inputs 84 | 85 | | Name | Description | Type | Default | Required | 86 | |------|-------------|------|---------|:--------:| 87 | | cloudsql\_mysql\_sa | IAM service account user created for Cloud SQL. | `string` | n/a | yes | 88 | | db\_name | The name of the SQL Database instance | `string` | `"example-mysql-private"` | no | 89 | | network\_name | n/a | `string` | `"mysql-private"` | no | 90 | | project\_id | The project to run tests against | `string` | n/a | yes | 91 | 92 | ## Outputs 93 | 94 | | Name | Description | 95 | |------|-------------| 96 | | mysql\_conn | The connection name of the master instance to be used in connection strings | 97 | | mysql\_user\_pass | The password for the default user. If not set, a random one will be generated and available in the generated\_user\_password output variable. | 98 | | name | The name for Cloud SQL instance | 99 | | private\_ip\_address | The first private (PRIVATE) IPv4 address assigned for the master instance | 100 | | project\_id | The project to run tests against | 101 | | public\_ip\_address | The first public (PRIMARY) IPv4 address assigned for the master instance | 102 | | reserved\_range\_address | The Global Address resource name | 103 | | reserved\_range\_name | The Global Address resource name | 104 | 105 | 106 | -------------------------------------------------------------------------------- /examples/mysql-private/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/terraform-google-modules/terraform-google-sql-db/edc7ee79d66658c4458a50c83e2164c0b3da0e67/examples/mysql-private/diagram.png -------------------------------------------------------------------------------- /examples/mysql-private/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "random_id" "suffix" { 18 | byte_length = 5 19 | } 20 | 21 | locals { 22 | /* 23 | Random instance name needed because: 24 | "You cannot reuse an instance name for up to a week after you have deleted an instance." 25 | See https://cloud.google.com/sql/docs/mysql/delete-instance for details. 26 | */ 27 | network_name = "${var.network_name}-safer-${random_id.suffix.hex}" 28 | } 29 | 30 | module "network-safer-mysql-simple" { 31 | source = "terraform-google-modules/network/google" 32 | version = "~> 10.0" 33 | 34 | project_id = var.project_id 35 | network_name = local.network_name 36 | 37 | subnets = [] 38 | } 39 | 40 | module "private-service-access" { 41 | source = "terraform-google-modules/sql-db/google//modules/private_service_access" 42 | version = "~> 25.0" 43 | 44 | project_id = var.project_id 45 | vpc_network = module.network-safer-mysql-simple.network_name 46 | deletion_policy = "ABANDON" 47 | } 48 | 49 | module "safer-mysql-db" { 50 | source = "terraform-google-modules/sql-db/google//modules/safer_mysql" 51 | version = "~> 25.0" 52 | 53 | 54 | name = var.db_name 55 | random_instance_name = true 56 | project_id = var.project_id 57 | 58 | deletion_protection = false 59 | 60 | database_version = "MYSQL_8_0" 61 | region = "us-central1" 62 | zone = "us-central1-c" 63 | tier = "db-n1-standard-1" 64 | 65 | database_flags = [ 66 | { 67 | name = "cloudsql_iam_authentication" 68 | value = "on" 69 | }, 70 | ] 71 | 72 | // By default, all users will be permitted to connect only via the 73 | // Cloud SQL proxy. 74 | additional_users = [ 75 | { 76 | name = "app" 77 | password = "PaSsWoRd" 78 | host = "localhost" 79 | type = "BUILT_IN" 80 | random_password = false 81 | }, 82 | { 83 | name = "readonly" 84 | password = "PaSsWoRd" 85 | host = "localhost" 86 | type = "BUILT_IN" 87 | random_password = false 88 | }, 89 | ] 90 | 91 | # Supports creation of both IAM Users and IAM Service Accounts with provided emails 92 | iam_users = [ 93 | { 94 | id = "cloudsql_mysql_sa", 95 | email = var.cloudsql_mysql_sa 96 | }, 97 | { 98 | id = "dbadmin", 99 | email = "dbadmin@develop.blueprints.joonix.net" 100 | }, 101 | { 102 | id = "subtest", 103 | email = "subtest@develop.blueprints.joonix.net" 104 | type = "CLOUD_IAM_GROUP" 105 | } 106 | ] 107 | 108 | assign_public_ip = true 109 | vpc_network = module.network-safer-mysql-simple.network_self_link 110 | allocated_ip_range = module.private-service-access.google_compute_global_address_name 111 | 112 | // Optional: used to enforce ordering in the creation of resources. 113 | module_depends_on = [module.private-service-access.peering_completed] 114 | } 115 | -------------------------------------------------------------------------------- /examples/mysql-private/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | description = "The name for Cloud SQL instance" 24 | value = module.safer-mysql-db.instance_name 25 | } 26 | 27 | output "mysql_conn" { 28 | value = module.safer-mysql-db.instance_connection_name 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "mysql_user_pass" { 33 | sensitive = true 34 | value = module.safer-mysql-db.generated_user_password 35 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 36 | } 37 | 38 | output "reserved_range_name" { 39 | description = "The Global Address resource name" 40 | value = module.private-service-access.google_compute_global_address_name 41 | } 42 | 43 | output "reserved_range_address" { 44 | description = "The Global Address resource name" 45 | value = module.private-service-access.address 46 | } 47 | 48 | 49 | output "public_ip_address" { 50 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 51 | value = module.safer-mysql-db.public_ip_address 52 | } 53 | 54 | output "private_ip_address" { 55 | description = "The first private (PRIVATE) IPv4 address assigned for the master instance" 56 | value = module.safer-mysql-db.private_ip_address 57 | } 58 | 59 | -------------------------------------------------------------------------------- /examples/mysql-private/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "network_name" { 23 | default = "mysql-private" 24 | type = string 25 | } 26 | 27 | variable "db_name" { 28 | description = "The name of the SQL Database instance" 29 | default = "example-mysql-private" 30 | } 31 | 32 | variable "cloudsql_mysql_sa" { 33 | type = string 34 | description = "IAM service account user created for Cloud SQL." 35 | } 36 | -------------------------------------------------------------------------------- /examples/mysql-psc/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public MySQL HA Cloud cluster using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | mysql\_ha\_name | The name for Cloud SQL instance | `string` | `"tf-mysql-psc"` | no | 27 | | project\_id | The project to run tests against | `string` | n/a | yes | 28 | 29 | ## Outputs 30 | 31 | | Name | Description | 32 | |------|-------------| 33 | | name | The name for Cloud SQL instance | 34 | | project\_id | n/a | 35 | 36 | 37 | -------------------------------------------------------------------------------- /examples/mysql-psc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | description = "The name for Cloud SQL instance" 23 | value = module.mysql.instance_name 24 | } 25 | -------------------------------------------------------------------------------- /examples/mysql-psc/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "mysql_ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mysql-psc" 26 | } 27 | -------------------------------------------------------------------------------- /examples/mysql-public/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public MySQL Cloud database using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | authorized\_networks | List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs | `list(map(string))` | 
[
  {
    "name": "sample-gcp-health-checkers-range",
    "value": "130.211.0.0/28"
  }
]
| no | 27 | | db\_name | The name of the SQL Database instance | `string` | `"example-mysql-public"` | no | 28 | | project\_id | The ID of the project in which resources will be provisioned. | `string` | n/a | yes | 29 | 30 | ## Outputs 31 | 32 | | Name | Description | 33 | |------|-------------| 34 | | env\_vars | Exported environment variables | 35 | | mysql\_conn | The connection name of the master instance to be used in connection strings | 36 | | mysql\_user\_pass | The password for the default user. If not set, a random one will be generated and available in the generated\_user\_password output variable. | 37 | | name | The name for Cloud SQL instance | 38 | | private\_ip\_address | The first private (PRIVATE) IPv4 address assigned for the master instance | 39 | | project\_id | The project to run tests against | 40 | | public\_ip\_address | The first public (PRIMARY) IPv4 address assigned for the master instance | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /examples/mysql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "random_id" "name" { 18 | byte_length = 2 19 | } 20 | 21 | module "mysql-db" { 22 | source = "terraform-google-modules/sql-db/google//modules/mysql" 23 | version = "~> 25.0" 24 | 25 | name = var.db_name 26 | random_instance_name = true 27 | database_version = "MYSQL_5_6" 28 | project_id = var.project_id 29 | zone = "us-central1-c" 30 | region = "us-central1" 31 | tier = "db-n1-standard-1" 32 | 33 | deletion_protection = false 34 | 35 | ip_configuration = { 36 | ipv4_enabled = true 37 | private_network = null 38 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 39 | allocated_ip_range = null 40 | authorized_networks = var.authorized_networks 41 | } 42 | 43 | 44 | database_flags = [ 45 | { 46 | name = "log_bin_trust_function_creators" 47 | value = "on" 48 | }, 49 | ] 50 | } 51 | 52 | -------------------------------------------------------------------------------- /examples/mysql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | value = module.mysql-db.instance_name 24 | description = "The name for Cloud SQL instance" 25 | } 26 | 27 | output "mysql_conn" { 28 | value = module.mysql-db.instance_connection_name 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "mysql_user_pass" { 33 | sensitive = true 34 | value = module.mysql-db.generated_user_password 35 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 36 | } 37 | 38 | output "public_ip_address" { 39 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 40 | value = module.mysql-db.public_ip_address 41 | } 42 | 43 | output "private_ip_address" { 44 | description = "The first private (PRIVATE) IPv4 address assigned for the master instance" 45 | value = module.mysql-db.private_ip_address 46 | } 47 | 48 | output "env_vars" { 49 | value = module.mysql-db.env_vars 50 | description = "Exported environment variables" 51 | } 52 | -------------------------------------------------------------------------------- /examples/mysql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "db_name" { 23 | description = "The name of the SQL Database instance" 24 | default = "example-mysql-public" 25 | } 26 | 27 | variable "authorized_networks" { 28 | default = [{ 29 | name = "sample-gcp-health-checkers-range" 30 | value = "130.211.0.0/28" 31 | }] 32 | type = list(map(string)) 33 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/postgresql-backup-provided-service-account/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Backup Example 2 | 3 | This example shows how to create: 4 | 5 | - a PostgreSQL Cloud SQL Instance 6 | - A GCS Bucket for storing the Backup 7 | - The Workflows for exports (external backups) and (internal) backups 8 | - The Workflows with serverless export 9 | 10 | ## Run Terraform 11 | 12 | Create resources with terraform: 13 | 14 | ```bash 15 | terraform init 16 | terraform plan 17 | terraform apply 18 | ``` 19 | 20 | To remove all resources created by terraform: 21 | 22 | ```bash 23 | terraform destroy 24 | ``` 25 | 26 | 27 | ## Inputs 28 | 29 | | Name | Description | Type | Default | Required | 30 | |------|-------------|------|---------|:--------:| 31 | | project\_id | The ID of the project in which resources will be provisioned. | `string` | n/a | yes | 32 | 33 | ## Outputs 34 | 35 | | Name | Description | 36 | |------|-------------| 37 | | backup\_workflow\_name | The name for internal backup workflow | 38 | | export\_workflow\_name | The name for export workflow | 39 | | instance\_name | The name of the SQL instance | 40 | | project\_id | The project ID used | 41 | | service\_account | The service account email running the scheduler and workflow | 42 | | workflow\_location | The location where the workflows run | 43 | 44 | 45 | -------------------------------------------------------------------------------- /examples/postgresql-backup-provided-service-account/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "postgresql" { 18 | source = "terraform-google-modules/sql-db/google//modules/postgresql" 19 | version = "~> 25.0" 20 | 21 | name = "example-postgres" 22 | random_instance_name = true 23 | database_version = "POSTGRES_9_6" 24 | project_id = var.project_id 25 | zone = "us-central1-a" 26 | region = "us-central1" 27 | tier = "db-custom-1-3840" 28 | 29 | deletion_protection = false 30 | 31 | ip_configuration = { 32 | ipv4_enabled = true 33 | private_network = null 34 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 35 | allocated_ip_range = null 36 | authorized_networks = [] 37 | } 38 | } 39 | 40 | resource "google_storage_bucket" "backup" { 41 | name = "${module.postgresql.instance_name}-backup" 42 | location = "us-central1" 43 | # TODO: don't use force_destroy for production this is just required for testing 44 | force_destroy = true 45 | project = var.project_id 46 | } 47 | 48 | resource "google_monitoring_notification_channel" "email" { 49 | display_name = "Test email notification channel" 50 | type = "email" 51 | project = var.project_id 52 | labels = { 53 | email_address = "test@acme.com" 54 | } 55 | } 56 | 57 | module "backup" { 58 | source = "terraform-google-modules/sql-db/google//modules/backup" 59 | version = "~> 25.0" 60 | 61 | region = "us-central1" 62 | project_id = var.project_id 63 | sql_instance = module.postgresql.instance_name 64 | export_databases = [] 65 | export_uri = google_storage_bucket.backup.url 66 | backup_retention_time = 1 67 | backup_schedule = "5 * * * *" 68 | export_schedule = "10 * * * *" 69 | use_serverless_export = true 70 | service_account = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com" 71 | create_notification_channel = false 72 | notification_channels = [google_monitoring_notification_channel.email.id] 73 | deletion_protection = false 74 | } 75 | 76 | data "google_project" "test_project" { 77 | project_id = var.project_id 78 | } 79 | -------------------------------------------------------------------------------- /examples/postgresql-backup-provided-service-account/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "backup_workflow_name" { 18 | value = module.backup.backup_workflow_name 19 | description = "The name for internal backup workflow" 20 | } 21 | 22 | output "export_workflow_name" { 23 | value = module.backup.export_workflow_name 24 | description = "The name for export workflow" 25 | } 26 | 27 | output "project_id" { 28 | value = var.project_id 29 | description = "The project ID used" 30 | } 31 | 32 | output "service_account" { 33 | value = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com" 34 | description = "The service account email running the scheduler and workflow" 35 | } 36 | 37 | output "workflow_location" { 38 | value = module.backup.region 39 | description = "The location where the workflows run" 40 | } 41 | 42 | output "instance_name" { 43 | value = module.postgresql.instance_name 44 | description = "The name of the SQL instance" 45 | } 46 | -------------------------------------------------------------------------------- /examples/postgresql-backup-provided-service-account/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/postgresql-ha/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public HA Postgres Cloud SQL cluster using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | folder\_id | The folder where project is created | `string` | n/a | yes | 27 | | key\_project\_id | The project where autokey is setup | `string` | n/a | yes | 28 | | pg\_ha\_external\_ip\_range | The ip range to allow connecting from/to Cloud SQL | `string` | `"192.10.10.10/32"` | no | 29 | | pg\_ha\_name | The name for Cloud SQL instance | `string` | `"tf-pg-ha"` | no | 30 | | project\_id | The project to run tests against | `string` | n/a | yes | 31 | 32 | ## Outputs 33 | 34 | | Name | Description | 35 | |------|-------------| 36 | | authorized\_network | n/a | 37 | | instances | n/a | 38 | | name | The name for Cloud SQL instance | 39 | | project\_id | n/a | 40 | | replicas | n/a | 41 | 42 | 43 | -------------------------------------------------------------------------------- /examples/postgresql-ha/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | description = "The name for Cloud SQL instance" 23 | value = module.pg.instance_name 24 | } 25 | 26 | output "authorized_network" { 27 | value = var.pg_ha_external_ip_range 28 | } 29 | 30 | output "replicas" { 31 | value = module.pg.replicas 32 | sensitive = true 33 | } 34 | 35 | output "instances" { 36 | value = module.pg.instances 37 | sensitive = true 38 | } 39 | -------------------------------------------------------------------------------- /examples/postgresql-ha/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "pg_ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-pg-ha" 26 | } 27 | 28 | variable "pg_ha_external_ip_range" { 29 | type = string 30 | description = "The ip range to allow connecting from/to Cloud SQL" 31 | default = "192.10.10.10/32" 32 | } 33 | 34 | variable "key_project_id" { 35 | type = string 36 | description = "The project where autokey is setup" 37 | } 38 | 39 | variable "folder_id" { 40 | type = string 41 | description = "The folder where project is created" 42 | } 43 | -------------------------------------------------------------------------------- /examples/postgresql-psc/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public HA Postgres Cloud SQL cluster using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | pg\_psc\_name | The name for Cloud SQL instance | `string` | `"tf-pg-psc"` | no | 27 | | project\_id | The project to run tests against | `string` | n/a | yes | 28 | 29 | ## Outputs 30 | 31 | | Name | Description | 32 | |------|-------------| 33 | | dns\_name | n/a | 34 | | name | The name for Cloud SQL instance | 35 | | project\_id | n/a | 36 | 37 | 38 | -------------------------------------------------------------------------------- /examples/postgresql-psc/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | locals { 19 | read_replica_ip_configuration = { 20 | ipv4_enabled = false 21 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 22 | psc_enabled = true 23 | psc_allowed_consumer_projects = [var.project_id] 24 | } 25 | } 26 | 27 | module "pg" { 28 | source = "terraform-google-modules/sql-db/google//modules/postgresql" 29 | version = "~> 25.0" 30 | 31 | name = var.pg_psc_name 32 | random_instance_name = true 33 | project_id = var.project_id 34 | database_version = "POSTGRES_15" 35 | region = "us-central1" 36 | 37 | // Master configurations 38 | tier = "db-custom-2-7680" 39 | zone = "us-central1-c" 40 | availability_type = "REGIONAL" 41 | maintenance_window_day = 7 42 | maintenance_window_hour = 12 43 | maintenance_window_update_track = "stable" 44 | 45 | deletion_protection = false 46 | 47 | database_flags = [{ name = "autovacuum", value = "off" }] 48 | 49 | user_labels = { 50 | foo = "bar" 51 | } 52 | 53 | insights_config = { 54 | query_plans_per_minute = 5 55 | } 56 | 57 | ip_configuration = { 58 | ipv4_enabled = false 59 | psc_enabled = true 60 | psc_allowed_consumer_projects = [var.project_id] 61 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 62 | } 63 | 64 | backup_configuration = { 65 | enabled = true 66 | start_time = "20:55" 67 | location = null 68 | point_in_time_recovery_enabled = false 69 | transaction_log_retention_days = null 70 | retained_backups = 365 71 | retention_unit = "COUNT" 72 | } 73 | 74 | // Read replica configurations 75 | read_replica_name_suffix = "-test-psc" 76 | read_replicas = [ 77 | { 78 | name = "0" 79 | zone = "us-central1-a" 80 | availability_type = "REGIONAL" 81 | tier = "db-custom-2-7680" 82 | ip_configuration = local.read_replica_ip_configuration 83 | database_flags = [{ name = "autovacuum", value = "off" }] 84 | disk_type = "PD_SSD" 85 | user_labels = { bar = "baz" } 86 | }, 87 | ] 88 | 89 | db_name = var.pg_psc_name 90 | db_charset = "UTF8" 91 | db_collation = "en_US.UTF8" 92 | 93 | additional_databases = [ 94 | { 95 | name = "${var.pg_psc_name}-additional" 96 | charset = "UTF8" 97 | collation = "en_US.UTF8" 98 | }, 99 | ] 100 | 101 | user_name = "tftest" 102 | user_password = "foobar" 103 | 104 | additional_users = [ 105 | { 106 | name = "tftest2" 107 | password = "abcdefg" 108 | host = "localhost" 109 | random_password = false 110 | }, 111 | { 112 | name = "tftest3" 113 | password = "abcdefg" 114 | host = "localhost" 115 | random_password = false 116 | }, 117 | ] 118 | } 119 | -------------------------------------------------------------------------------- /examples/postgresql-psc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | description = "The name for Cloud SQL instance" 23 | value = module.pg.instance_name 24 | } 25 | 26 | output "dns_name" { 27 | value = module.pg.dns_name 28 | } 29 | -------------------------------------------------------------------------------- /examples/postgresql-psc/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "pg_psc_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-pg-psc" 26 | } 27 | -------------------------------------------------------------------------------- /examples/postgresql-public-iam/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public Postgres Cloud SQL database using the Terraform module with IAM accounts. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | authorized\_networks | List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs | `list(map(string))` | 
[
  {
    "name": "sample-gcp-health-checkers-range",
    "value": "130.211.0.0/28"
  }
]
| no | 27 | | cloudsql\_pg\_sa | IAM service account user created for Cloud SQL. | `string` | n/a | yes | 28 | | db\_name | The name of the SQL Database instance | `string` | `"example-postgres-public"` | no | 29 | | project\_id | The ID of the project in which resources will be provisioned. | `string` | n/a | yes | 30 | 31 | ## Outputs 32 | 33 | | Name | Description | 34 | |------|-------------| 35 | | name | The name for Cloud SQL instance | 36 | | project\_id | The project to run tests against | 37 | | psql\_conn | The connection name of the master instance to be used in connection strings | 38 | | psql\_user\_pass | The password for the default user. If not set, a random one will be generated and available in the generated\_user\_password output variable. | 39 | | public\_ip\_address | The first public (PRIMARY) IPv4 address assigned for the master instance | 40 | 41 | 42 | -------------------------------------------------------------------------------- /examples/postgresql-public-iam/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | module "postgresql-db" { 19 | source = "terraform-google-modules/sql-db/google//modules/postgresql" 20 | version = "~> 25.0" 21 | 22 | name = var.db_name 23 | random_instance_name = true 24 | database_version = "POSTGRES_9_6" 25 | project_id = var.project_id 26 | zone = "us-central1-c" 27 | region = "us-central1" 28 | tier = "db-custom-1-3840" 29 | 30 | deletion_protection = false 31 | 32 | ip_configuration = { 33 | ipv4_enabled = true 34 | private_network = null 35 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 36 | allocated_ip_range = null 37 | authorized_networks = var.authorized_networks 38 | } 39 | 40 | password_validation_policy_config = { 41 | # Complexity Default - password must contain at least one lowercase, one uppercase, one number and one non-alphanumeric characters. 42 | complexity = "COMPLEXITY_DEFAULT" 43 | disallow_username_substring = true 44 | min_length = 8 45 | # Password change interval format is in seconds. 3600s=1h 46 | password_change_interval = "3600s" 47 | reuse_interval = 1 48 | } 49 | enable_random_password_special = true 50 | 51 | database_flags = [ 52 | { 53 | name = "cloudsql.iam_authentication" 54 | value = "on" 55 | }, 56 | ] 57 | 58 | additional_users = [ 59 | { 60 | name = "tftest2" 61 | password = "Ex@mp!e1" 62 | host = "localhost" 63 | random_password = false 64 | }, 65 | { 66 | name = "tftest3" 67 | password = "Ex@mp!e2" 68 | host = "localhost" 69 | random_password = false 70 | }, 71 | ] 72 | 73 | # Supports creation of both IAM Users and IAM Service Accounts with provided emails 74 | iam_users = [ 75 | { 76 | id = "cloudsql_pg_sa", 77 | email = var.cloudsql_pg_sa 78 | }, 79 | { 80 | id = "dbadmin", 81 | email = "dbadmin@develop.blueprints.joonix.net" 82 | }, 83 | { 84 | id = "subtest", 85 | email = "subtest@develop.blueprints.joonix.net" 86 | type = "CLOUD_IAM_GROUP" 87 | } 88 | ] 89 | } 90 | -------------------------------------------------------------------------------- /examples/postgresql-public-iam/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | description = "The name for Cloud SQL instance" 24 | value = module.postgresql-db.instance_name 25 | } 26 | 27 | output "psql_conn" { 28 | value = module.postgresql-db.instance_connection_name 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "psql_user_pass" { 33 | value = module.postgresql-db.generated_user_password 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | } 36 | 37 | output "public_ip_address" { 38 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 39 | value = module.postgresql-db.public_ip_address 40 | } 41 | -------------------------------------------------------------------------------- /examples/postgresql-public-iam/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "authorized_networks" { 23 | default = [{ 24 | name = "sample-gcp-health-checkers-range" 25 | value = "130.211.0.0/28" 26 | }] 27 | type = list(map(string)) 28 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 29 | } 30 | 31 | variable "db_name" { 32 | description = "The name of the SQL Database instance" 33 | default = "example-postgres-public" 34 | } 35 | 36 | variable "cloudsql_pg_sa" { 37 | type = string 38 | description = "IAM service account user created for Cloud SQL." 39 | } 40 | -------------------------------------------------------------------------------- /examples/postgresql-public/README.md: -------------------------------------------------------------------------------- 1 | # Cloud SQL Database Example 2 | 3 | This example shows how to create the public Postgres Cloud SQL database using the Terraform module. 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | authorized\_networks | List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs | `list(map(string))` | 
[
  {
    "name": "sample-gcp-health-checkers-range",
    "value": "130.211.0.0/28"
  }
]
| no | 27 | | db\_name | The name of the SQL Database instance | `string` | `"example-postgres-public"` | no | 28 | | project\_id | The ID of the project in which resources will be provisioned. | `string` | n/a | yes | 29 | 30 | ## Outputs 31 | 32 | | Name | Description | 33 | |------|-------------| 34 | | env\_vars | Exported environment variables | 35 | | name | The name for Cloud SQL instance | 36 | | project\_id | The project to run tests against | 37 | | psql\_conn | The connection name of the master instance to be used in connection strings | 38 | | psql\_user\_pass | The password for the default user. If not set, a random one will be generated and available in the generated\_user\_password output variable. | 39 | | public\_ip\_address | The first public (PRIMARY) IPv4 address assigned for the master instance | 40 | 41 | 42 | -------------------------------------------------------------------------------- /examples/postgresql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | module "postgresql-db" { 19 | source = "terraform-google-modules/sql-db/google//modules/postgresql" 20 | version = "~> 25.0" 21 | 22 | name = var.db_name 23 | random_instance_name = true 24 | database_version = "POSTGRES_14" 25 | project_id = var.project_id 26 | zone = "us-central1-c" 27 | region = "us-central1" 28 | edition = "ENTERPRISE_PLUS" 29 | tier = "db-perf-optimized-N-2" 30 | data_cache_enabled = true 31 | 32 | deletion_protection = false 33 | 34 | ip_configuration = { 35 | ipv4_enabled = true 36 | private_network = null 37 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 38 | allocated_ip_range = null 39 | authorized_networks = var.authorized_networks 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /examples/postgresql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | description = "The name for Cloud SQL instance" 24 | value = module.postgresql-db.instance_name 25 | } 26 | 27 | output "psql_conn" { 28 | value = module.postgresql-db.instance_connection_name 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "psql_user_pass" { 33 | value = module.postgresql-db.generated_user_password 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | } 36 | 37 | output "public_ip_address" { 38 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 39 | value = module.postgresql-db.public_ip_address 40 | } 41 | 42 | output "env_vars" { 43 | value = module.postgresql-db.env_vars 44 | description = "Exported environment variables" 45 | } 46 | -------------------------------------------------------------------------------- /examples/postgresql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "authorized_networks" { 23 | default = [{ 24 | name = "sample-gcp-health-checkers-range" 25 | value = "130.211.0.0/28" 26 | }] 27 | type = list(map(string)) 28 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 29 | } 30 | 31 | variable "db_name" { 32 | description = "The name of the SQL Database instance" 33 | default = "example-postgres-public" 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/postgresql-with-cross-region-failover/kms.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "random_string" "db_suffix" { 18 | length = 5 19 | special = false 20 | upper = false 21 | } 22 | 23 | resource "google_kms_key_ring" "key_ring_region1" { 24 | name = "test-${random_string.db_suffix.result}-${local.region_1}" 25 | location = local.region_1 26 | project = var.project_id 27 | } 28 | 29 | resource "google_kms_crypto_key" "cloudsql_region1_key" { 30 | name = "cmek-${random_string.db_suffix.result}-${local.region_1}" 31 | key_ring = google_kms_key_ring.key_ring_region1.id 32 | purpose = "ENCRYPT_DECRYPT" 33 | 34 | lifecycle { 35 | prevent_destroy = false 36 | } 37 | } 38 | 39 | resource "google_kms_key_ring" "key_ring_region2" { 40 | name = "test-${random_string.db_suffix.result}-${local.region_2}" 41 | location = local.region_2 42 | project = var.project_id 43 | } 44 | 45 | 46 | resource "google_kms_crypto_key" "cloudsql_region2_key" { 47 | name = "cmek-${random_string.db_suffix.result}-${local.region_2}" 48 | key_ring = google_kms_key_ring.key_ring_region2.id 49 | purpose = "ENCRYPT_DECRYPT" 50 | 51 | lifecycle { 52 | prevent_destroy = false 53 | } 54 | } 55 | 56 | resource "google_project_service_identity" "cloudsql_sa" { 57 | provider = google-beta 58 | 59 | project = var.project_id 60 | service = "sqladmin.googleapis.com" 61 | } 62 | 63 | resource "time_sleep" "wait_10m" { 64 | depends_on = [google_project_service_identity.cloudsql_sa] 65 | create_duration = "10m" 66 | } 67 | 68 | resource "google_kms_crypto_key_iam_member" "crypto_key_region1" { 69 | crypto_key_id = google_kms_crypto_key.cloudsql_region1_key.id 70 | role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" 71 | member = google_project_service_identity.cloudsql_sa.member 72 | depends_on = [time_sleep.wait_10m] 73 | } 74 | 75 | resource "google_kms_crypto_key_iam_member" "crypto_key_region2" { 76 | crypto_key_id = google_kms_crypto_key.cloudsql_region2_key.id 77 | role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" 78 | member = google_project_service_identity.cloudsql_sa.member 79 | depends_on = [time_sleep.wait_10m] 80 | } 81 | 82 | -------------------------------------------------------------------------------- /examples/postgresql-with-cross-region-failover/network.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | # Create Network with a subnetwork and private service access for both netapp.servicenetworking.goog and servicenetworking.googleapis.com 19 | 20 | locals { 21 | region_1 = "us-central1" 22 | region_2 = "us-east1" 23 | } 24 | resource "google_compute_network" "default" { 25 | name = var.network_name 26 | project = var.project_id 27 | auto_create_subnetworks = false 28 | description = "test network" 29 | } 30 | 31 | resource "google_compute_subnetwork" "subnetwork1" { 32 | name = "subnet-${local.region_1}-pg" 33 | ip_cidr_range = "10.0.0.0/24" 34 | region = local.region_1 35 | project = var.project_id 36 | network = google_compute_network.default.self_link 37 | private_ip_google_access = true 38 | } 39 | 40 | resource "google_compute_subnetwork" "subnetwork_2" { 41 | name = "subnet-${local.region_2}-pg" 42 | ip_cidr_range = "10.0.1.0/24" 43 | region = local.region_2 44 | project = var.project_id 45 | network = google_compute_network.default.self_link 46 | private_ip_google_access = true 47 | } 48 | 49 | 50 | resource "google_compute_global_address" "private_ip_alloc" { 51 | project = var.project_id 52 | name = "psa-pg" 53 | address_type = "INTERNAL" 54 | purpose = "VPC_PEERING" 55 | address = "10.10.0.0" 56 | prefix_length = 16 57 | network = google_compute_network.default.id 58 | } 59 | 60 | resource "google_service_networking_connection" "vpc_connection" { 61 | network = google_compute_network.default.id 62 | service = "servicenetworking.googleapis.com" 63 | reserved_peering_ranges = [ 64 | google_compute_global_address.private_ip_alloc.name, 65 | ] 66 | deletion_policy = "ABANDON" 67 | 68 | depends_on = [ 69 | google_compute_subnetwork.subnetwork1, 70 | google_compute_subnetwork.subnetwork_2 71 | ] 72 | } 73 | -------------------------------------------------------------------------------- /examples/postgresql-with-cross-region-failover/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | // Primary instance with read replicas. 22 | 23 | output "instance1_name" { 24 | description = "The name for Cloud SQL instance" 25 | value = module.pg1.instance_name 26 | } 27 | 28 | output "instance1_replicas" { 29 | value = module.pg1.replicas 30 | sensitive = true 31 | } 32 | 33 | output "instance1_instances" { 34 | value = module.pg1.instances 35 | sensitive = true 36 | } 37 | 38 | output "kms_key_name1" { 39 | value = module.pg1.primary.encryption_key_name 40 | sensitive = true 41 | } 42 | 43 | // Failover Replica instance with its own read replicas 44 | 45 | output "instance2_name" { 46 | description = "The name for Cloud SQL instance" 47 | value = module.pg2.instance_name 48 | } 49 | 50 | output "instance2_replicas" { 51 | value = module.pg2.replicas 52 | sensitive = true 53 | } 54 | 55 | output "instance2_instances" { 56 | value = module.pg2.instances 57 | sensitive = true 58 | } 59 | 60 | output "kms_key_name2" { 61 | value = module.pg2.primary.encryption_key_name 62 | sensitive = true 63 | } 64 | 65 | output "master_instance_name" { 66 | value = module.pg2.primary.master_instance_name 67 | sensitive = true 68 | } 69 | -------------------------------------------------------------------------------- /examples/postgresql-with-cross-region-failover/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "pg_name_1" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-pg-x-1" 26 | } 27 | 28 | variable "pg_name_2" { 29 | type = string 30 | description = "The name for Cloud SQL instance" 31 | default = "tf-pg-x-2" 32 | } 33 | 34 | variable "pg_ha_external_ip_range" { 35 | type = string 36 | description = "The ip range to allow connecting from/to Cloud SQL" 37 | default = "192.10.10.10/32" 38 | } 39 | 40 | variable "network_name" { 41 | description = "The ID of the network in which to provision resources." 42 | type = string 43 | default = "test-postgres-failover" 44 | } 45 | -------------------------------------------------------------------------------- /examples/private_service_access/README.md: -------------------------------------------------------------------------------- 1 | # Private Service Acces 2 | 3 | This example shows how to create private service access 4 | 5 | ## Run Terraform 6 | 7 | Create resources with terraform: 8 | 9 | ```bash 10 | terraform init 11 | terraform plan 12 | terraform apply 13 | ``` 14 | 15 | To remove all resources created by terraform: 16 | 17 | ```bash 18 | terraform destroy 19 | ``` 20 | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | project\_id | The project to run tests against | `string` | n/a | yes | 27 | 28 | ## Outputs 29 | 30 | | Name | Description | 31 | |------|-------------| 32 | | project\_id | The project to run tests against | 33 | | psa | psa created | 34 | 35 | 36 | -------------------------------------------------------------------------------- /examples/private_service_access/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_compute_network" "default" { 18 | name = "test-psa-network" 19 | project = var.project_id 20 | auto_create_subnetworks = false 21 | description = "test network" 22 | } 23 | 24 | module "test_psa" { 25 | source = "terraform-google-modules/sql-db/google//modules/private_service_access" 26 | version = "~> 25.0" 27 | 28 | project_id = var.project_id 29 | vpc_network = google_compute_network.default.name 30 | address = "10.220.0.0" 31 | deletion_policy = "ABANDON" 32 | depends_on = [google_compute_network.default] 33 | } 34 | -------------------------------------------------------------------------------- /examples/private_service_access/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | description = "The project to run tests against" 19 | value = var.project_id 20 | } 21 | 22 | output "psa" { 23 | description = "psa created" 24 | value = module.test_psa 25 | } 26 | -------------------------------------------------------------------------------- /examples/private_service_access/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | -------------------------------------------------------------------------------- /metadata.display.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-sql-db-display 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | info: 23 | title: terraform-google-sql 24 | source: 25 | repo: https://github.com/terraform-google-modules/terraform-google-sql-db.git 26 | sourceType: git 27 | ui: 28 | input: {} 29 | -------------------------------------------------------------------------------- /modules/backup/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "backup_workflow_name" { 18 | value = var.enable_internal_backup ? google_workflows_workflow.sql_backup[0].name : null 19 | description = "The name for internal backup workflow" 20 | } 21 | 22 | output "export_workflow_name" { 23 | value = var.enable_export_backup ? google_workflows_workflow.sql_export[0].name : null 24 | description = "The name for export workflow" 25 | } 26 | 27 | output "service_account" { 28 | value = local.service_account 29 | description = "The service account email running the scheduler and workflow" 30 | } 31 | 32 | output "region" { 33 | description = "The region for running the scheduler and workflow" 34 | value = var.region 35 | } 36 | -------------------------------------------------------------------------------- /modules/backup/templates/backup.yaml.tftpl: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | main: 16 | steps: 17 | - init: 18 | assign: 19 | - deletedBackups: [] 20 | - allBackups: [] 21 | - create new backup: 22 | call: googleapis.sqladmin.v1.backupRuns.insert 23 | args: 24 | project: ${project} 25 | instance: ${instanceName} 26 | body: 27 | description: Backup triggered by the Backup Workflow 28 | result: backupRun 29 | 30 | # By calling the backups list and delete only after the new backup was created 31 | # we can be sure that there is always a backup existing even if the backup run 32 | # is failing 33 | 34 | - get older backups: 35 | call: googleapis.sqladmin.v1.backupRuns.list 36 | args: 37 | project: ${project} 38 | instance: ${instanceName} 39 | maxResults: ${backupRunsListMaxResults} 40 | result: backupList 41 | - delete old backups: 42 | for: 43 | value: backup 44 | in: $${backupList.items} 45 | steps: 46 | - get backup endtime: 47 | assign: 48 | - backupEndTime: $${time.parse(backup.endTime)} 49 | - delete only old backups: 50 | switch: 51 | - condition: $${backupEndTime < sys.now() - 60 * 60 * 24 * ${backupRetentionTime} AND backup.type == "ON_DEMAND" } 52 | steps: 53 | - delete: 54 | call: googleapis.sqladmin.v1beta4.backupRuns.delete 55 | args: 56 | project: ${project} 57 | instance: ${instanceName} 58 | id: $${backup.id} 59 | - add to list of deleted backups: 60 | assign: 61 | - deletedBackups: $${list.concat(deletedBackups, backup.id)} 62 | 63 | - return: 64 | return: 65 | deletedBackups: $${deletedBackups} 66 | -------------------------------------------------------------------------------- /modules/backup/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 6.11.0, < 7" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /modules/mssql/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // Master 18 | output "instance_name" { 19 | value = google_sql_database_instance.default.name 20 | description = "The instance name for the master instance" 21 | } 22 | 23 | output "instance_address" { 24 | value = google_sql_database_instance.default.ip_address 25 | description = "The IPv4 addesses assigned for the master instance" 26 | } 27 | 28 | output "private_address" { 29 | value = google_sql_database_instance.default.private_ip_address 30 | description = "The private IP address assigned for the master instance" 31 | } 32 | 33 | output "instance_first_ip_address" { 34 | value = google_sql_database_instance.default.first_ip_address 35 | description = "The first IPv4 address of the addresses assigned." 36 | } 37 | 38 | output "instance_connection_name" { 39 | value = google_sql_database_instance.default.connection_name 40 | description = "The connection name of the master instance to be used in connection strings" 41 | } 42 | 43 | output "instance_self_link" { 44 | value = google_sql_database_instance.default.self_link 45 | description = "The URI of the master instance" 46 | } 47 | 48 | output "instance_server_ca_cert" { 49 | value = google_sql_database_instance.default.server_ca_cert 50 | description = "The CA certificate information used to connect to the SQL instance via SSL" 51 | sensitive = true 52 | } 53 | 54 | output "instance_service_account_email_address" { 55 | value = google_sql_database_instance.default.service_account_email_address 56 | description = "The service account email address assigned to the master instance" 57 | } 58 | 59 | output "generated_user_password" { 60 | description = "The auto generated default user password if not input password was provided" 61 | value = var.enable_default_user ? random_password.user-password[0].result : "" 62 | sensitive = true 63 | } 64 | 65 | output "additional_users" { 66 | description = "List of maps of additional users and passwords" 67 | value = [for r in google_sql_user.additional_users : 68 | { 69 | name = r.name 70 | password = r.password 71 | } 72 | ] 73 | sensitive = true 74 | } 75 | 76 | output "root_password" { 77 | description = "MSSERVER password for the root user. If not set, a random one will be generated and available in the root_password output variable." 78 | value = coalesce(var.root_password, random_password.root-password.result) 79 | sensitive = true 80 | } 81 | 82 | // Resources 83 | output "primary" { 84 | value = google_sql_database_instance.default 85 | description = "The `google_sql_database_instance` resource representing the primary instance" 86 | sensitive = true 87 | } 88 | 89 | output "apphub_service_uri" { 90 | value = { 91 | service_uri = "//cloudsql.googleapis.com/projects${element(split("/projects", google_sql_database_instance.default.self_link), 1)}" 92 | service_id = substr(format("%s-%s", var.name, md5(var.project_id)), 0, 63) 93 | } 94 | description = "Service URI in CAIS style to be used by Apphub." 95 | } 96 | -------------------------------------------------------------------------------- /modules/mssql/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 5.12, < 7" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 5.12, < 7" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | version = "~> 3.4" 31 | } 32 | null = { 33 | source = "hashicorp/null" 34 | version = "~> 3.2" 35 | } 36 | } 37 | 38 | provider_meta "google-beta" { 39 | module_name = "blueprints/terraform/terraform-google-sql-db:mssql/v25.2.2" 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /modules/mysql/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | null = { 21 | source = "hashicorp/null" 22 | version = "~> 3.1" 23 | } 24 | random = { 25 | source = "hashicorp/random" 26 | version = "~> 3.1" 27 | } 28 | google = { 29 | source = "hashicorp/google" 30 | version = ">= 6.17, < 7" 31 | } 32 | google-beta = { 33 | source = "hashicorp/google-beta" 34 | version = ">= 6.17, < 7" 35 | } 36 | } 37 | 38 | provider_meta "google" { 39 | module_name = "blueprints/terraform/terraform-google-sql-db:mysql/v25.2.2" 40 | } 41 | provider_meta "google-beta" { 42 | module_name = "blueprints/terraform/terraform-google-sql-db:mysql/v25.2.2" 43 | } 44 | 45 | } 46 | -------------------------------------------------------------------------------- /modules/postgresql/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | null = { 21 | source = "hashicorp/null" 22 | version = "~> 3.1" 23 | } 24 | random = { 25 | source = "hashicorp/random" 26 | version = "~> 3.1" 27 | } 28 | google = { 29 | source = "hashicorp/google" 30 | version = ">= 6.17, < 7" 31 | } 32 | google-beta = { 33 | source = "hashicorp/google-beta" 34 | version = ">= 6.17, < 7" 35 | } 36 | } 37 | 38 | provider_meta "google" { 39 | module_name = "blueprints/terraform/terraform-google-sql-db:postgresql/v25.2.2" 40 | } 41 | provider_meta "google-beta" { 42 | module_name = "blueprints/terraform/terraform-google-sql-db:postgresql/v25.2.2" 43 | } 44 | 45 | } 46 | -------------------------------------------------------------------------------- /modules/private_service_access/README.md: -------------------------------------------------------------------------------- 1 | # Submodule for Private Service Access 2 | 3 | MySQL [Private IP](https://cloud.google.com/sql/docs/mysql/private-ip) 4 | configurations require a special peering between your VPC network and a 5 | VPC managed by Google. The module supports creating such a peering. 6 | 7 | It is sufficient to instantiate this module once for all MySQL instances 8 | that are connected to the same VPC. 9 | 10 | > NOTE: See the linked [documentation](https://cloud.google.com/sql/docs/mysql/private-ip) 11 | > for all requirements for accessing a MySQL instance via its Private IP. 12 | 13 | ## Usage 14 | Basic usage of this module is as follows: 15 | 16 | ``` 17 | module "test_psa" { 18 | source = "terraform-google-modules/sql-db/google//modules/private_service_access" 19 | version = "~> 25.2" 20 | 21 | project_id = var.project_id 22 | vpc_network = google_compute_network.default.name 23 | address = "10.220.0.0" 24 | deletion_policy = "ABANDON" 25 | depends_on = [google_compute_network.default] 26 | } 27 | ``` 28 | 29 | 30 | 31 | ## Inputs 32 | 33 | | Name | Description | Type | Default | Required | 34 | |------|-------------|------|---------|:--------:| 35 | | address | First IP address of the IP range to allocate to CLoud SQL instances and other Private Service Access services. If not set, GCP will pick a valid one for you. | `string` | `""` | no | 36 | | deletion\_policy | The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. This will enable a successful terraform destroy when destroying CloudSQL instances. Use with care as it can lead to dangling resources. | `string` | `null` | no | 37 | | description | An optional description of the Global Address resource. | `string` | `""` | no | 38 | | ip\_version | IP Version for the allocation. Can be IPV4 or IPV6. | `string` | `""` | no | 39 | | labels | The key/value labels for the IP range allocated to the peered network. | `map(string)` | `{}` | no | 40 | | prefix\_length | Prefix length of the IP range reserved for Cloud SQL instances and other Private Service Access services. Defaults to /16. | `number` | `16` | no | 41 | | project\_id | The project ID of the VPC network to peer. This can be a shared VPC host projec. | `string` | n/a | yes | 42 | | vpc\_network | Name of the VPC network to peer. | `string` | n/a | yes | 43 | 44 | ## Outputs 45 | 46 | | Name | Description | 47 | |------|-------------| 48 | | address | First IP of the reserved range. | 49 | | google\_compute\_global\_address\_name | URL of the reserved range. | 50 | | peering\_completed | Use for enforce ordering between resource creation | 51 | 52 | 53 | -------------------------------------------------------------------------------- /modules/private_service_access/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_compute_network" "main" { 18 | name = var.vpc_network 19 | project = var.project_id 20 | } 21 | 22 | // We define a VPC peering subnet that will be peered with the 23 | // Cloud SQL instance network. The Cloud SQL instance will 24 | // have a private IP within the provided range. 25 | // https://cloud.google.com/vpc/docs/configure-private-services-access 26 | resource "google_compute_global_address" "google-managed-services-range" { 27 | project = var.project_id 28 | name = "google-managed-services-${var.vpc_network}" 29 | description = var.description 30 | purpose = "VPC_PEERING" 31 | address = var.address 32 | prefix_length = var.prefix_length 33 | ip_version = var.ip_version 34 | labels = var.labels 35 | address_type = "INTERNAL" 36 | network = data.google_compute_network.main.self_link 37 | } 38 | 39 | # Creates the peering with the producer network. 40 | resource "google_service_networking_connection" "private_service_access" { 41 | network = data.google_compute_network.main.self_link 42 | service = "servicenetworking.googleapis.com" 43 | reserved_peering_ranges = [google_compute_global_address.google-managed-services-range.name] 44 | deletion_policy = var.deletion_policy 45 | } 46 | 47 | resource "null_resource" "dependency_setter" { 48 | depends_on = [google_service_networking_connection.private_service_access] 49 | } 50 | -------------------------------------------------------------------------------- /modules/private_service_access/metadata.display.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-sql-db-display 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | info: 23 | title: Submodule for Private Service Access 24 | source: 25 | repo: https://github.com/terraform-google-modules/terraform-google-sql-db.git 26 | sourceType: git 27 | dir: /modules/private_service_access 28 | ui: 29 | input: 30 | variables: 31 | address: 32 | name: address 33 | title: Address 34 | deletion_policy: 35 | name: deletion_policy 36 | title: Deletion Policy 37 | description: 38 | name: description 39 | title: Description 40 | ip_version: 41 | name: ip_version 42 | title: Ip Version 43 | labels: 44 | name: labels 45 | title: Labels 46 | prefix_length: 47 | name: prefix_length 48 | title: Prefix Length 49 | project_id: 50 | name: project_id 51 | title: Project Id 52 | vpc_network: 53 | name: vpc_network 54 | title: Vpc Network 55 | -------------------------------------------------------------------------------- /modules/private_service_access/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "address" { 18 | value = google_compute_global_address.google-managed-services-range.address 19 | description = "First IP of the reserved range." 20 | } 21 | 22 | output "google_compute_global_address_name" { 23 | value = google_compute_global_address.google-managed-services-range.name 24 | description = "URL of the reserved range." 25 | } 26 | 27 | output "peering_completed" { 28 | value = null_resource.dependency_setter.id 29 | description = "Use for enforce ordering between resource creation" 30 | } 31 | -------------------------------------------------------------------------------- /modules/private_service_access/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID of the VPC network to peer. This can be a shared VPC host projec." 19 | type = string 20 | } 21 | 22 | variable "vpc_network" { 23 | description = "Name of the VPC network to peer." 24 | type = string 25 | } 26 | 27 | variable "address" { 28 | description = "First IP address of the IP range to allocate to CLoud SQL instances and other Private Service Access services. If not set, GCP will pick a valid one for you." 29 | type = string 30 | default = "" 31 | } 32 | 33 | variable "description" { 34 | description = "An optional description of the Global Address resource." 35 | type = string 36 | default = "" 37 | } 38 | 39 | variable "prefix_length" { 40 | description = "Prefix length of the IP range reserved for Cloud SQL instances and other Private Service Access services. Defaults to /16." 41 | type = number 42 | default = 16 43 | } 44 | 45 | variable "ip_version" { 46 | description = "IP Version for the allocation. Can be IPV4 or IPV6." 47 | type = string 48 | default = "" 49 | } 50 | 51 | variable "labels" { 52 | description = "The key/value labels for the IP range allocated to the peered network." 53 | type = map(string) 54 | default = {} 55 | } 56 | 57 | variable "deletion_policy" { 58 | description = "The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. This will enable a successful terraform destroy when destroying CloudSQL instances. Use with care as it can lead to dangling resources." 59 | type = string 60 | default = null 61 | } 62 | -------------------------------------------------------------------------------- /modules/private_service_access/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | null = { 21 | source = "hashicorp/null" 22 | version = "~> 3.1" 23 | } 24 | google = { 25 | source = "hashicorp/google" 26 | version = ">= 5.38, < 7" 27 | } 28 | google-beta = { 29 | source = "hashicorp/google-beta" 30 | version = ">= 5.38, < 7" 31 | } 32 | } 33 | 34 | provider_meta "google" { 35 | module_name = "blueprints/terraform/terraform-google-sql-db:private_service_access/v25.2.2" 36 | } 37 | 38 | provider_meta "google-beta" { 39 | module_name = "blueprints/terraform/terraform-google-sql-db:private_service_access/v25.2.2" 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /modules/restore/README.md: -------------------------------------------------------------------------------- 1 | # GCP CloudSQL Restore 2 | 3 | ## Import from GCS Export Dump 4 | 5 | This module can be used for [importing Cloud SQL Postgres database](https://cloud.google.com/sql/docs/postgres/import-export/import-export-sql) from a SQL export dump stored in GCS bucket. 6 | 7 | This module uses the SQL export dump file timestamp passed as an input parameter to the Workflow to get the exported dumps from GCS. Following are the steps in import workflow: 8 | 9 | 1. Fetch list of databases from the source database instance (one that the export was created for) 10 | 2. Delete the databases (list from step 1) except system (`postgres` for Postgres and `tempdb` for SQL Server) databases in the database instance that we are going to import databases to 11 | 3. Create the databases (list from step 1) except system databases in the import database instance 12 | 4. Fetch the SQL export file(s) from GCS and import those into the import database instance 13 | 5. The import API call is asynchronous, so the workflow checks the status of the import at regular interval and wait until it finishes 14 | 15 | ## How to run 16 | 17 | ``` 18 | gcloud workflows run [WORKFLOW_NAME] --data='{"exportTimestamp":"[EXPORT_TIMESTAMP]"}' 19 | ``` 20 | 21 | where `WORKFLOW_NAME` is the name of your import workflow and `exportTimestamp` is the timestamp of your export file(s) (you can get it from GCS object key of the export file). For example: 22 | 23 | ``` 24 | gcloud workflows run my-import-workflow --data='{"exportTimestamp": "1658779617"}' 25 | ``` 26 | 27 | ## Required APIs 28 | 29 | - `workflows.googleapis.com` 30 | - `cloudscheduler.googleapis.com` 31 | 32 | 33 | ## Inputs 34 | 35 | | Name | Description | Type | Default | Required | 36 | |------|-------------|------|---------|:--------:| 37 | | import\_databases | The list of databases that should be imported - if is an empty set all databases will be imported | `set(string)` | `[]` | no | 38 | | import\_uri | The bucket and path uri of GCS backup file for importing | `string` | n/a | yes | 39 | | project\_id | The project ID | `string` | n/a | yes | 40 | | region | The region to run the workflow | `string` | `"us-central1"` | no | 41 | | service\_account | The service account to use for running the workflow and triggering the workflow by Cloud Scheduler - If empty or null a service account will be created. If you have provided a service account you need to grant the Cloud SQL Admin and the Workflows Invoker role to that | `string` | `null` | no | 42 | | sql\_instance | The name of the SQL instance to backup | `string` | n/a | yes | 43 | 44 | ## Outputs 45 | 46 | | Name | Description | 47 | |------|-------------| 48 | | import\_workflow\_name | The name for import workflow | 49 | | region | The region for running the scheduler and workflow | 50 | | service\_account | The service account email running the scheduler and workflow | 51 | 52 | 53 | -------------------------------------------------------------------------------- /modules/restore/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | locals { 19 | create_service_account = var.service_account == null || var.service_account == "" ? true : false 20 | service_account = local.create_service_account ? google_service_account.sql_import_serviceaccount[0].email : var.service_account 21 | } 22 | 23 | 24 | ################################ 25 | # # 26 | # Service Account and IAM # 27 | # # 28 | ################################ 29 | resource "google_service_account" "sql_import_serviceaccount" { 30 | count = local.create_service_account ? 1 : 0 31 | account_id = trimsuffix(substr("import-${var.sql_instance}", 0, 28), "-") 32 | display_name = "Managed by Terraform - Service account for import of SQL Instance ${var.sql_instance}" 33 | project = var.project_id 34 | } 35 | 36 | resource "google_project_iam_member" "sql_import_serviceaccount_sql_admin" { 37 | count = local.create_service_account ? 1 : 0 38 | member = "serviceAccount:${google_service_account.sql_import_serviceaccount[0].email}" 39 | role = "roles/cloudsql.admin" 40 | project = var.project_id 41 | } 42 | 43 | resource "google_project_iam_member" "sql_import_serviceaccount_workflow_invoker" { 44 | count = local.create_service_account ? 1 : 0 45 | member = "serviceAccount:${google_service_account.sql_import_serviceaccount[0].email}" 46 | role = "roles/workflows.invoker" 47 | project = var.project_id 48 | } 49 | 50 | data "google_sql_database_instance" "import_instance" { 51 | name = var.sql_instance 52 | project = var.project_id 53 | } 54 | 55 | ################################ 56 | # # 57 | # Import Workflow # 58 | # # 59 | ################################ 60 | resource "google_workflows_workflow" "sql_import" { 61 | name = "sql-import-${var.sql_instance}" 62 | region = var.region 63 | description = "Workflow for importing the CloudSQL Instance database using an external import" 64 | project = var.project_id 65 | service_account = local.service_account 66 | source_contents = templatefile("${path.module}/templates/import.yaml.tftpl", { 67 | project = var.project_id 68 | instanceName = var.sql_instance 69 | databases = jsonencode(var.import_databases) 70 | gcsBucket = var.import_uri 71 | exportedInstance = split("/", var.import_uri)[3] 72 | dbType = split("_", data.google_sql_database_instance.import_instance.database_version)[0] 73 | }) 74 | } 75 | 76 | resource "google_storage_bucket_iam_member" "sql_instance_account" { 77 | bucket = split("/", var.import_uri)[2] #Get the name of the bucket out of the URI 78 | member = "serviceAccount:${data.google_sql_database_instance.import_instance.service_account_email_address}" 79 | role = "roles/storage.objectViewer" 80 | } 81 | -------------------------------------------------------------------------------- /modules/restore/metadata.display.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-sql-db-display 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | info: 23 | title: GCP CloudSQL Restore 24 | source: 25 | repo: https://github.com/terraform-google-modules/terraform-google-sql-db.git 26 | sourceType: git 27 | dir: /modules/restore 28 | ui: 29 | input: 30 | variables: 31 | import_databases: 32 | name: import_databases 33 | title: Import Databases 34 | import_uri: 35 | name: import_uri 36 | title: Import Uri 37 | project_id: 38 | name: project_id 39 | title: Project Id 40 | region: 41 | name: region 42 | title: Region 43 | service_account: 44 | name: service_account 45 | title: Service Account 46 | sql_instance: 47 | name: sql_instance 48 | title: Sql Instance 49 | -------------------------------------------------------------------------------- /modules/restore/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "import_workflow_name" { 18 | value = google_workflows_workflow.sql_import.name 19 | description = "The name for import workflow" 20 | } 21 | 22 | output "service_account" { 23 | value = local.service_account 24 | description = "The service account email running the scheduler and workflow" 25 | } 26 | 27 | output "region" { 28 | description = "The region for running the scheduler and workflow" 29 | value = var.region 30 | } 31 | -------------------------------------------------------------------------------- /modules/restore/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "region" { 18 | description = "The region to run the workflow" 19 | type = string 20 | default = "us-central1" 21 | } 22 | 23 | variable "service_account" { 24 | description = "The service account to use for running the workflow and triggering the workflow by Cloud Scheduler - If empty or null a service account will be created. If you have provided a service account you need to grant the Cloud SQL Admin and the Workflows Invoker role to that" 25 | type = string 26 | default = null 27 | } 28 | 29 | variable "project_id" { 30 | description = "The project ID" 31 | type = string 32 | } 33 | 34 | variable "sql_instance" { 35 | description = "The name of the SQL instance to backup" 36 | type = string 37 | } 38 | 39 | variable "import_databases" { 40 | description = "The list of databases that should be imported - if is an empty set all databases will be imported" 41 | type = set(string) 42 | default = [] 43 | validation { 44 | condition = var.import_databases != null 45 | error_message = "Must not be null." 46 | } 47 | } 48 | 49 | variable "import_uri" { 50 | description = "The bucket and path uri of GCS backup file for importing" 51 | type = string 52 | validation { 53 | condition = can(regex("^gs:\\/\\/", var.import_uri)) 54 | error_message = "Must be a full GCS URI starting with gs://." #TODO: test 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /modules/restore/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 4.0, < 7" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /modules/safer_mysql/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // Master 18 | output "instance_name" { 19 | value = module.safer_mysql.instance_name 20 | description = "The instance name for the master instance" 21 | } 22 | 23 | output "instance_connection_name" { 24 | value = module.safer_mysql.instance_connection_name 25 | description = "The connection name of the master instance to be used in connection strings" 26 | } 27 | 28 | output "instance_self_link" { 29 | value = module.safer_mysql.instance_self_link 30 | description = "The URI of the master instance" 31 | } 32 | 33 | output "instance_service_account_email_address" { 34 | value = module.safer_mysql.instance_service_account_email_address 35 | description = "The service account email address assigned to the master instance" 36 | } 37 | 38 | // Replicas 39 | output "replicas_instance_connection_names" { 40 | value = module.safer_mysql.replicas_instance_connection_names 41 | description = "The connection names of the replica instances to be used in connection strings" 42 | } 43 | 44 | output "replicas_instance_self_links" { 45 | value = module.safer_mysql.replicas_instance_self_links 46 | description = "The URIs of the replica instances" 47 | } 48 | 49 | output "replicas_instance_service_account_email_addresses" { 50 | value = module.safer_mysql.replicas_instance_service_account_email_addresses 51 | description = "The service account email addresses assigned to the replica instances" 52 | } 53 | 54 | output "read_replica_instance_names" { 55 | value = module.safer_mysql.read_replica_instance_names 56 | description = "The instance names for the read replica instances" 57 | } 58 | 59 | output "generated_user_password" { 60 | description = "The auto generated default user password if not input password was provided" 61 | value = module.safer_mysql.generated_user_password 62 | sensitive = true 63 | } 64 | 65 | output "public_ip_address" { 66 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 67 | value = module.safer_mysql.public_ip_address 68 | } 69 | 70 | output "private_ip_address" { 71 | description = "The first private (PRIVATE) IPv4 address assigned for the master instance" 72 | value = module.safer_mysql.private_ip_address 73 | } 74 | 75 | output "instance_ip_address" { 76 | value = module.safer_mysql.instance_ip_address 77 | description = "The IPv4 address assigned for the master instance" 78 | } 79 | 80 | // Resources 81 | output "primary" { 82 | value = module.safer_mysql.primary 83 | description = "The `google_sql_database_instance` resource representing the primary instance" 84 | sensitive = true 85 | } 86 | 87 | output "replicas" { 88 | value = module.safer_mysql.replicas 89 | description = "A list of `google_sql_database_instance` resources representing the replicas" 90 | sensitive = true 91 | } 92 | 93 | output "instances" { 94 | value = module.safer_mysql.instances 95 | description = "A list of all `google_sql_database_instance` resources we've created" 96 | sensitive = true 97 | } 98 | -------------------------------------------------------------------------------- /modules/safer_mysql/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 6.17, < 7" 24 | } 25 | } 26 | 27 | provider_meta "google" { 28 | module_name = "blueprints/terraform/terraform-google-sql-db:safer_mysql/v25.2.2" 29 | } 30 | 31 | } 32 | -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | source.sh 2 | -------------------------------------------------------------------------------- /test/fixtures/mssql-ha/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" { 18 | region = var.region 19 | } 20 | 21 | provider "google-beta" { 22 | region = var.region 23 | } 24 | 25 | resource "random_id" "instance_name_suffix" { 26 | byte_length = 5 27 | } 28 | 29 | locals { 30 | /* 31 | Random instance name needed because: 32 | "You cannot reuse an instance name for up to a week after you have deleted an instance." 33 | See https://cloud.google.com/sql/docs/sqlserver/delete-instance for details. 34 | */ 35 | instance_name = "${var.ha_name}-${random_id.instance_name_suffix.hex}" 36 | } 37 | 38 | module "mssql" { 39 | source = "../../../modules/mssql" 40 | name = local.instance_name 41 | project_id = var.project_id 42 | db_name = var.ha_name 43 | 44 | deletion_protection = false 45 | 46 | // Master configurations 47 | tier = "db-custom-1-3840" 48 | availability_type = "REGIONAL" 49 | maintenance_window_day = 7 50 | maintenance_window_hour = 12 51 | maintenance_window_update_track = "stable" 52 | 53 | database_flags = [ 54 | { 55 | name = "default trace enabled" 56 | value = "off" 57 | }, 58 | ] 59 | 60 | user_labels = { 61 | foo = "bar" 62 | } 63 | 64 | ip_configuration = { 65 | ipv4_enabled = true 66 | ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" 67 | private_network = null 68 | allocated_ip_range = null 69 | authorized_networks = [ 70 | { 71 | name = "${var.project_id}-cidr" 72 | value = var.ha_external_ip_range 73 | }, 74 | ] 75 | } 76 | 77 | additional_databases = [ 78 | { 79 | name = "${var.ha_name}-additional" 80 | charset = "" 81 | collation = "" 82 | instance = local.instance_name 83 | project = var.project_id 84 | }, 85 | ] 86 | 87 | user_name = "tftest" 88 | user_password = "foobar" 89 | 90 | additional_users = [ 91 | { 92 | project = var.project_id 93 | name = "tftest2" 94 | password = "abcdefg" 95 | host = "localhost" 96 | instance = local.instance_name 97 | random_password = false 98 | }, 99 | { 100 | project = var.project_id 101 | name = "tftest3" 102 | password = "abcdefg" 103 | host = "localhost" 104 | instance = local.instance_name 105 | random_password = false 106 | }, 107 | ] 108 | } 109 | -------------------------------------------------------------------------------- /test/fixtures/mssql-ha/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | value = local.instance_name 23 | } 24 | 25 | output "authorized_network" { 26 | value = var.ha_external_ip_range 27 | } 28 | -------------------------------------------------------------------------------- /test/fixtures/mssql-ha/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mssql-ha" 26 | } 27 | 28 | variable "ha_external_ip_range" { 29 | type = string 30 | description = "The ip range to allow connecting from/to Cloud SQL" 31 | default = "192.10.10.10/32" 32 | } 33 | 34 | variable "region" { 35 | default = "us-central1" 36 | type = string 37 | } 38 | -------------------------------------------------------------------------------- /test/fixtures/mssql-ha/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /test/fixtures/mssql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "random_id" "instance_name_suffix" { 18 | byte_length = 5 19 | } 20 | 21 | locals { 22 | /* 23 | Random instance name needed because: 24 | "You cannot reuse an instance name for up to a week after you have deleted an instance." 25 | See https://cloud.google.com/sql/docs/sqlserver/delete-instance for details. 26 | */ 27 | instance_name = "${var.name}-${random_id.instance_name_suffix.hex}" 28 | } 29 | 30 | resource "google_storage_bucket" "sql_server_audit_logs" { 31 | project = var.project_id 32 | name = "sql-server-audit-${random_id.instance_name_suffix.hex}" 33 | location = "US" 34 | force_destroy = true 35 | } 36 | 37 | module "mssql" { 38 | source = "../../../examples/mssql-public" 39 | name = local.instance_name 40 | project_id = var.project_id 41 | 42 | sql_server_audit_config = { 43 | bucket = google_storage_bucket.sql_server_audit_logs.url 44 | upload_interval = "300s" 45 | retention_interval = "172800s" #2days 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /test/fixtures/mssql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = var.project_id 19 | } 20 | 21 | output "name" { 22 | value = module.mssql.instance_name 23 | } 24 | 25 | output "mssql_connection" { 26 | value = local.instance_name 27 | description = "The connection name of the master instance to be used in connection strings" 28 | } 29 | 30 | output "public_ip_address" { 31 | value = module.mssql.public_ip_address 32 | description = "Public ip address" 33 | } 34 | -------------------------------------------------------------------------------- /test/fixtures/mssql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mssql-public" 26 | } 27 | -------------------------------------------------------------------------------- /test/fixtures/mssql-public/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /test/fixtures/mysql-ha/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/mysql-ha" 19 | 20 | project_id = var.project_id 21 | mysql_ha_name = var.mysql_ha_name 22 | mysql_ha_external_ip_range = var.mysql_ha_external_ip_range 23 | 24 | } 25 | -------------------------------------------------------------------------------- /test/fixtures/mysql-ha/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | } 20 | 21 | output "name" { 22 | value = module.example.name 23 | } 24 | 25 | output "authorized_network" { 26 | value = module.example.authorized_network 27 | } 28 | -------------------------------------------------------------------------------- /test/fixtures/mysql-ha/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "mysql_ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-mysql-ha" 26 | } 27 | 28 | variable "mysql_ha_external_ip_range" { 29 | type = string 30 | description = "The ip range to allow connecting from/to Cloud SQL" 31 | default = "192.10.10.10/32" 32 | } 33 | -------------------------------------------------------------------------------- /test/fixtures/mysql-ha/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/mysql-private/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/mysql-private" 19 | project_id = var.project_id 20 | network_name = var.network_name 21 | cloudsql_mysql_sa = var.cloudsql_mysql_sa 22 | } 23 | -------------------------------------------------------------------------------- /test/fixtures/mysql-private/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | value = module.example.name 24 | description = "The name for Cloud SQL instance" 25 | } 26 | 27 | output "mysql_conn" { 28 | value = module.example.mysql_conn 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "mysql_user_pass" { 33 | value = module.example.mysql_user_pass 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | sensitive = true 36 | } 37 | 38 | output "reserved_range_name" { 39 | description = "The Global Address resource name" 40 | value = module.example.reserved_range_name 41 | } 42 | 43 | output "serivce_vpc_ip" { 44 | value = module.example.reserved_range_address 45 | } 46 | 47 | output "public_ip_address" { 48 | description = "The first public (PRIMARY) IPv4 address assigned." 49 | value = module.example.public_ip_address 50 | } 51 | 52 | output "private_ip_address" { 53 | description = "The first public (PRIMARY) IPv4 address assigned." 54 | value = module.example.private_ip_address 55 | } 56 | 57 | -------------------------------------------------------------------------------- /test/fixtures/mysql-private/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "network_name" { 23 | default = "mysql-private" 24 | type = string 25 | } 26 | 27 | variable "cloudsql_mysql_sa" { 28 | type = string 29 | description = "IAM service account user created for Cloud SQL for MySql." 30 | } 31 | -------------------------------------------------------------------------------- /test/fixtures/mysql-private/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/mysql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/mysql-public" 19 | db_name = var.db_name 20 | project_id = var.project_id 21 | authorized_networks = var.authorized_networks 22 | } 23 | 24 | -------------------------------------------------------------------------------- /test/fixtures/mysql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | value = module.example.name 24 | description = "The name for Cloud SQL instance" 25 | } 26 | 27 | output "mysql_conn" { 28 | value = module.example.mysql_conn 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "mysql_user_pass" { 33 | value = module.example.mysql_user_pass 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | sensitive = true 36 | } 37 | 38 | output "public_ip_address" { 39 | description = "The first public (PRIMARY) IPv4 address assigned." 40 | value = module.example.public_ip_address 41 | } 42 | 43 | output "private_ip_address" { 44 | description = "The first public (PRIMARY) IPv4 address assigned." 45 | value = module.example.private_ip_address 46 | } 47 | 48 | output "env_vars" { 49 | value = module.example.env_vars 50 | description = "Exported environment variables" 51 | } 52 | -------------------------------------------------------------------------------- /test/fixtures/mysql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "db_name" { 23 | description = "The name of the SQL Database instance" 24 | default = "example-mysql-public" 25 | } 26 | 27 | variable "authorized_networks" { 28 | default = [{ 29 | name = "sample-gcp-health-checkers-range" 30 | value = "130.211.0.0/28" 31 | }] 32 | type = list(map(string)) 33 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 34 | } 35 | -------------------------------------------------------------------------------- /test/fixtures/mysql-public/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-ha/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "random_id" "instance_name_suffix" { 18 | byte_length = 5 19 | } 20 | 21 | locals { 22 | /* 23 | Random instance name needed because: 24 | "You cannot reuse an instance name for up to a week after you have deleted an instance." 25 | See https://cloud.google.com/sql/docs/postgres/delete-instance for details. 26 | */ 27 | instance_name = "${var.pg_ha_name}-${random_id.instance_name_suffix.hex}" 28 | } 29 | 30 | module "example" { 31 | source = "../../../examples/postgresql-ha" 32 | project_id = var.project_id 33 | pg_ha_name = var.pg_ha_name 34 | pg_ha_external_ip_range = var.pg_ha_external_ip_range 35 | key_project_id = var.key_project_id 36 | folder_id = var.folder_id 37 | } 38 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-ha/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | } 20 | 21 | output "name" { 22 | value = module.example.name 23 | } 24 | 25 | output "authorized_network" { 26 | value = module.example.authorized_network 27 | } 28 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-ha/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | type = string 19 | description = "The project to run tests against" 20 | } 21 | 22 | variable "pg_ha_name" { 23 | type = string 24 | description = "The name for Cloud SQL instance" 25 | default = "tf-pg-ha" 26 | } 27 | 28 | variable "pg_ha_external_ip_range" { 29 | type = string 30 | description = "The ip range to allow connecting from/to Cloud SQL" 31 | default = "192.10.10.10/32" 32 | } 33 | 34 | variable "key_project_id" { 35 | type = string 36 | description = "The project where autokey is setup" 37 | } 38 | 39 | variable "folder_id" { 40 | type = string 41 | description = "The folder where project is created" 42 | } 43 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-ha/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public-iam/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/postgresql-public-iam" 19 | 20 | project_id = var.project_id 21 | authorized_networks = var.authorized_networks 22 | db_name = var.db_name 23 | cloudsql_pg_sa = var.cloudsql_pg_sa 24 | } 25 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public-iam/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | value = module.example.name 24 | description = "The name for Cloud SQL instance" 25 | } 26 | 27 | output "psql_conn" { 28 | value = module.example.psql_conn 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "psql_user_pass" { 33 | value = module.example.psql_user_pass 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | sensitive = true 36 | } 37 | 38 | output "public_ip_address" { 39 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 40 | value = module.example.public_ip_address 41 | } 42 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public-iam/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "authorized_networks" { 23 | default = [{ 24 | name = "sample-gcp-health-checkers-range" 25 | value = "130.211.0.0/28" 26 | }] 27 | type = list(map(string)) 28 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 29 | } 30 | 31 | variable "db_name" { 32 | description = "The name of the SQL Database instance" 33 | default = "example-postgres-public-iam" 34 | } 35 | 36 | variable "cloudsql_pg_sa" { 37 | type = string 38 | description = "IAM service account user created for Cloud SQL." 39 | } 40 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public-iam/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/postgresql-public" 19 | 20 | project_id = var.project_id 21 | authorized_networks = var.authorized_networks 22 | db_name = var.db_name 23 | } 24 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.example.project_id 19 | description = "The project to run tests against" 20 | } 21 | 22 | output "name" { 23 | value = module.example.name 24 | description = "The name for Cloud SQL instance" 25 | } 26 | 27 | output "psql_conn" { 28 | value = module.example.psql_conn 29 | description = "The connection name of the master instance to be used in connection strings" 30 | } 31 | 32 | output "psql_user_pass" { 33 | value = module.example.psql_user_pass 34 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 35 | sensitive = true 36 | } 37 | 38 | output "public_ip_address" { 39 | description = "The first public (PRIMARY) IPv4 address assigned for the master instance" 40 | value = module.example.public_ip_address 41 | } 42 | 43 | output "env_vars" { 44 | value = module.example.env_vars 45 | description = "Exported environment variables" 46 | } 47 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which resources will be provisioned." 19 | type = string 20 | } 21 | 22 | variable "authorized_networks" { 23 | default = [{ 24 | name = "sample-gcp-health-checkers-range" 25 | value = "130.211.0.0/28" 26 | }] 27 | type = list(map(string)) 28 | description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs" 29 | } 30 | 31 | variable "db_name" { 32 | description = "The name of the SQL Database instance" 33 | default = "example-postgres-public" 34 | } 35 | -------------------------------------------------------------------------------- /test/fixtures/postgresql-public/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/integration/discover_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package test 16 | 17 | import ( 18 | // should be imported to enable testing for GO modules 19 | "testing" 20 | 21 | // should be imported to use terraform helpers in blueprints test framework 22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 23 | ) 24 | 25 | // entry function for the test; can be named as Test* 26 | func TestAll(t *testing.T) { 27 | // the helper to autodiscover and test blueprint examples 28 | tft.AutoDiscoverAndTest(t) 29 | } 30 | -------------------------------------------------------------------------------- /test/integration/mssql-public/mssql_public_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package mssql_public 16 | 17 | import ( 18 | "fmt" 19 | "testing" 20 | 21 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" 22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 23 | "github.com/stretchr/testify/assert" 24 | ) 25 | 26 | func TestMsSqlPublicModule(t *testing.T) { 27 | msSql := tft.NewTFBlueprintTest(t) 28 | 29 | msSql.DefineVerify(func(assert *assert.Assertions) { 30 | msSql.DefaultVerify(assert) 31 | 32 | op := gcloud.Run(t, fmt.Sprintf("sql instances describe %s --project %s", msSql.GetStringOutput("name"), msSql.GetStringOutput("project_id"))) 33 | 34 | // assert general database settings 35 | assert.Equal("ALWAYS", op.Get("settings.activationPolicy").String(), "Expected ALWAYS activationPolicy") 36 | assert.Equal(int64(10), op.Get("settings.dataDiskSizeGb").Int(), "Expected 10 dataDiskSizeGb") 37 | assert.Equal("PD_SSD", op.Get("settings.dataDiskType").String(), "Expected PD_SSD dataDiskType") 38 | assert.Equal("sql#settings", op.Get("settings.kind").String(), "Expected sql#settings kind") 39 | assert.Equal("PER_USE", op.Get("settings.pricingPlan").String(), "Expected PER_USE pricingPlan") 40 | assert.Equal("SYNCHRONOUS", op.Get("settings.replicationType").String(), "Expected SYNCHRONOUS replicationType") 41 | assert.True(op.Get("settings.storageAutoResize").Bool(), "Expected TRUE storageAutoResize") 42 | assert.Equal(int64(0), op.Get("settings.storageAutoResizeLimit").Int(), "Expected 0 storageAutoResizeLimit") 43 | assert.Equal("db-custom-2-3840", op.Get("settings.tier").String(), "Expected db-custom-2-3840 tier") 44 | 45 | // assert location database settings 46 | assert.Equal("sql#locationPreference", op.Get("settings.locationPreference.kind").String(), "Expected sql#locationPreference locationPreference.kind") 47 | 48 | // assert maintenance windows 49 | assert.Equal("sql#maintenanceWindow", op.Get("settings.maintenanceWindow.kind").String(), "Expected sql#maintenanceWindow maintenanceWindow.kind") 50 | assert.Equal(int64(1), op.Get("settings.maintenanceWindow.day").Int(), "Expected 1 maintenanceWindow.day") 51 | assert.Equal(int64(23), op.Get("settings.maintenanceWindow.hour").Int(), "Expected 23 maintenanceWindow.hour") 52 | assert.Equal("canary", op.Get("settings.maintenanceWindow.updateTrack").String(), "Expected canary maintenanceWindow.updateTrack") 53 | 54 | // assert standard database settings 55 | assert.Equal("SQLSERVER_2017_STANDARD", op.Get("databaseVersion").String(), "Expected SQLSERVER_2017_STANDARD databaseVersion") 56 | assert.Equal("SECOND_GEN", op.Get("backendType").String(), "Expected SECOND_GEN backendType") 57 | assert.Equal("RUNNABLE", op.Get("state").String(), "Expected RUNNABLE state") 58 | assert.Equal("us-central1", op.Get("region").String(), "Expected us-central1 region") 59 | }) 60 | 61 | msSql.Test() 62 | } 63 | -------------------------------------------------------------------------------- /test/integration/mysql-backup-create-service-account/mysql_backup_create_service_account_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package mysql_backup 16 | 17 | import ( 18 | "fmt" 19 | "testing" 20 | 21 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" 22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 23 | "github.com/stretchr/testify/assert" 24 | ) 25 | 26 | func TestMySqlBackupModuleCreateServiceAccount(t *testing.T) { 27 | 28 | mySql := tft.NewTFBlueprintTest(t) 29 | 30 | mySql.DefineVerify(func(assert *assert.Assertions) { 31 | mySql.DefaultVerify(assert) 32 | 33 | projectID := mySql.GetStringOutput("project_id") 34 | workflowLocation := mySql.GetStringOutput("workflow_location") 35 | instanceName := mySql.GetStringOutput("instance_name") 36 | 37 | backupWorkflow := gcloud.Runf(t, "workflows describe %s --project=%s --location=%s", 38 | mySql.GetStringOutput("backup_workflow_name"), projectID, workflowLocation) 39 | exportWorkflow := gcloud.Run(t, fmt.Sprintf("workflows describe %s --project=%s --location=%s", 40 | mySql.GetStringOutput("export_workflow_name"), projectID, workflowLocation)) 41 | 42 | serviceAccountSelfLink := fmt.Sprintf("projects/%s/serviceAccounts/%s", projectID, mySql.GetStringOutput("service_account")) 43 | 44 | assert.Equal(serviceAccountSelfLink, backupWorkflow.Get("serviceAccount").String()) 45 | assert.Equal(serviceAccountSelfLink, exportWorkflow.Get("serviceAccount").String()) 46 | 47 | backupContainsExpecations := []string{ 48 | fmt.Sprintf("instance: %s", instanceName), 49 | fmt.Sprintf("project: %s", projectID), 50 | "- create new backup:", 51 | "- delete old backups:", 52 | } 53 | 54 | exportContainsExpecations := []string{ 55 | fmt.Sprintf("instance: %s", instanceName), 56 | fmt.Sprintf("project: %s", projectID), 57 | "- backupTime: ${string(int(sys.now()))}", 58 | fmt.Sprintf("uri: ${\"gs://%s-backup/%[1]s-\" + backupTime + \".sql\"}", instanceName), 59 | } 60 | 61 | for _, expected := range backupContainsExpecations { 62 | assert.Contains(backupWorkflow.Get("sourceContents").String(), expected) 63 | } 64 | 65 | for _, expected := range exportContainsExpecations { 66 | assert.Contains(exportWorkflow.Get("sourceContents").String(), expected) 67 | } 68 | 69 | }) 70 | 71 | mySql.Test() 72 | } 73 | -------------------------------------------------------------------------------- /test/integration/postgresql-backup-provided-service-account/postgresql_backup_provided_service_account_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package postgresql_backup 16 | 17 | import ( 18 | "fmt" 19 | "testing" 20 | 21 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" 22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 23 | "github.com/stretchr/testify/assert" 24 | ) 25 | 26 | func TestPostgresqlBackupModuleProvidedServiceAccount(t *testing.T) { 27 | 28 | mySql := tft.NewTFBlueprintTest(t) 29 | 30 | mySql.DefineVerify(func(assert *assert.Assertions) { 31 | // mySql.DefaultVerify(assert) 32 | 33 | projectID := mySql.GetStringOutput("project_id") 34 | workflowLocation := mySql.GetStringOutput("workflow_location") 35 | instanceName := mySql.GetStringOutput("instance_name") 36 | 37 | backupWorkflow := gcloud.Runf(t, "workflows describe %s --project=%s --location=%s", mySql.GetStringOutput("backup_workflow_name"), projectID, workflowLocation) 38 | exportWorkflow := gcloud.Runf(t, "workflows describe %s --project=%s --location=%s", mySql.GetStringOutput("export_workflow_name"), projectID, workflowLocation) 39 | 40 | serviceAccountSelfLink := fmt.Sprintf("projects/%s/serviceAccounts/%s", projectID, mySql.GetStringOutput("service_account")) 41 | 42 | assert.Equal(serviceAccountSelfLink, backupWorkflow.Get("serviceAccount").String()) 43 | assert.Equal(serviceAccountSelfLink, exportWorkflow.Get("serviceAccount").String()) 44 | 45 | backupContainsExpecations := []string{ 46 | fmt.Sprintf("instance: %s", instanceName), 47 | fmt.Sprintf("project: %s", projectID), 48 | "- create new backup:", 49 | "- delete old backups:", 50 | } 51 | 52 | exportContainsExpecations := []string{ 53 | fmt.Sprintf("instance: %s", instanceName), 54 | fmt.Sprintf("project: %s", projectID), 55 | "- backupTime: ${string(int(sys.now()))}", 56 | fmt.Sprintf("uri: ${\"gs://%s-backup/%[1]s-\" + database + \"-\" + backupTime + \".sql.gz\"}", instanceName), 57 | } 58 | 59 | for _, expected := range backupContainsExpecations { 60 | assert.Contains(backupWorkflow.Get("sourceContents").String(), expected) 61 | } 62 | 63 | for _, expected := range exportContainsExpecations { 64 | assert.Contains(exportWorkflow.Get("sourceContents").String(), expected) 65 | } 66 | 67 | }) 68 | 69 | mySql.Test() 70 | } 71 | -------------------------------------------------------------------------------- /test/setup/.gitignore: -------------------------------------------------------------------------------- 1 | terraform.tfvars 2 | source.sh 3 | -------------------------------------------------------------------------------- /test/setup/iam.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | int_required_roles = [ 19 | "roles/cloudkms.admin", 20 | "roles/cloudkms.autokeyAdmin", 21 | "roles/cloudkms.cryptoKeyEncrypterDecrypter", 22 | "roles/cloudscheduler.admin", 23 | "roles/cloudsql.admin", 24 | "roles/compute.admin", 25 | "roles/compute.networkAdmin", 26 | "roles/iam.serviceAccountAdmin", 27 | "roles/iam.serviceAccountUser", 28 | "roles/monitoring.editor", 29 | "roles/resourcemanager.projectIamAdmin", 30 | "roles/storage.admin", 31 | "roles/workflows.admin", 32 | ] 33 | } 34 | 35 | resource "google_service_account" "int_test" { 36 | project = module.project.project_id 37 | account_id = "ci-account" 38 | display_name = "ci-account" 39 | } 40 | 41 | resource "google_project_iam_member" "int_test" { 42 | count = length(local.int_required_roles) 43 | 44 | project = module.project.project_id 45 | role = local.int_required_roles[count.index] 46 | member = "serviceAccount:${google_service_account.int_test.email}" 47 | } 48 | 49 | resource "google_folder_iam_member" "int_test" { 50 | count = length(local.int_required_roles) 51 | 52 | folder = google_folder.autokey_folder.folder_id 53 | role = local.int_required_roles[count.index] 54 | member = "serviceAccount:${google_service_account.int_test.email}" 55 | } 56 | 57 | 58 | resource "google_service_account_key" "int_test" { 59 | service_account_id = google_service_account.int_test.id 60 | } 61 | -------------------------------------------------------------------------------- /test/setup/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.project.project_id 19 | } 20 | 21 | output "sa_key" { 22 | value = google_service_account_key.int_test.private_key 23 | sensitive = true 24 | } 25 | 26 | output "cloudsql_pg_sa" { 27 | value = google_service_account.cloudsql_pg_sa.email 28 | description = "IAM service account user created for Cloud SQL for PostgreSQL." 29 | } 30 | 31 | output "cloudsql_mysql_sa" { 32 | value = google_service_account.cloudsql_mysql_sa.email 33 | description = "IAM service account user created for Cloud SQL for MySql." 34 | } 35 | 36 | output "key_project_id" { 37 | value = module.autokey-project.project_id 38 | } 39 | 40 | output "folder_id" { 41 | value = google_folder.autokey_folder.folder_id 42 | } 43 | -------------------------------------------------------------------------------- /test/setup/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | variable "org_id" { 17 | description = "The numeric organization id" 18 | } 19 | 20 | variable "folder_id" { 21 | description = "The folder to deploy in" 22 | } 23 | 24 | variable "billing_account" { 25 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" 26 | } 27 | --------------------------------------------------------------------------------