feat(TPG >= 4.80)!: add support for psc (private service connect) (#507)

Co-authored-by: Awais Malik <malik.awais@gmail.com> Co-authored-by: Awais Malik <awmalik@google.com>
terraform-google-modules · Sep 4, 2023 · 64c2435 · 64c2435
1 parent 0e0c196
commit 64c2435
Show file tree

Hide file tree

Showing 28 changed files with 896 additions and 119 deletions.
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -81,6 +81,21 @@ steps:
     name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
     args: ['/bin/bash', '-c', 'cft test run TestMySqlHaModule --stage teardown --verbose']
 
+  - id: apply mysql-psc-local
+    waitFor: ["init-all", "wait for api activation"]
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlPscModule --stage apply --verbose']
+  - id: verify mysql-psc-local
+    waitFor:
+      - apply mysql-psc-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlPscModule --stage verify --verbose']
+  - id: teardown mysql-psc-local
+    waitFor:
+      - verify mysql-psc-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlPscModule --stage teardown --verbose']
+
   - id: apply mysql-private-local
     waitFor: ["init-all", "wait for api activation"]
     name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
@@ -126,6 +141,21 @@ steps:
     name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
     args: ['/bin/bash', '-c', 'cft test run TestPostgreSqlHaModule --stage teardown --verbose']
 
+  - id: apply postgresql-psc-local
+    waitFor: ["init-all", "wait for api activation"]
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgreSqlPscModule --stage apply --verbose']
+  - id: verify postgresql-psc-local
+    waitFor:
+      - apply postgresql-psc-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgreSqlPscModule --stage verify --verbose']
+  - id: teardown postgresql-psc-local
+    waitFor:
+      - verify postgresql-psc-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgreSqlPscModule --stage teardown --verbose']
+
   - id: apply postgresql-public-local
     waitFor: ["init-all", "wait for api activation"]
     name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'

diff --git a/docs/upgrading_to_sql_db_17.0.0.md b/docs/upgrading_to_sql_db_17.0.0.md
@@ -0,0 +1,5 @@
+# Upgrading to SQL DB 17.0.0
+
+The 16.0.0 release of SQL DB is a backward incompatible release.
+
+This update requires upgrading the minimum provider version from `4.74` to `4.80`.
diff --git a/examples/mysql-ha/main.tf b/examples/mysql-ha/main.tf
@@ -86,7 +86,7 @@ module "mysql" {
   }
 
   // Read replica configurations
-  read_replica_name_suffix = "-test"
+  read_replica_name_suffix = "-test-ha"
   replica_database_version = "MYSQL_5_7"
   read_replicas = [
     {

diff --git a/examples/mysql-psc/README.md b/examples/mysql-psc/README.md
@@ -0,0 +1,36 @@
+# Cloud SQL Database Example
+
+This example shows how to create the public MySQL HA Cloud cluster using the Terraform module.
+
+## Run Terraform
+
+Create resources with terraform:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove all resources created by terraform:
+
+```bash
+terraform destroy
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| mysql\_ha\_name | The name for Cloud SQL instance | `string` | `"tf-mysql-psc"` | no |
+| project\_id | The project to run tests against | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| name | The name for Cloud SQL instance |
+| project\_id | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/mysql-psc/main.tf b/examples/mysql-psc/main.tf
@@ -0,0 +1,123 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  read_replica_ip_configuration = {
+    ipv4_enabled                  = false
+    require_ssl                   = false
+    psc_enabled                   = true
+    psc_allowed_consumer_projects = [var.project_id]
+  }
+
+}
+
+
+module "mysql" {
+  source               = "../../modules/mysql"
+  name                 = var.mysql_ha_name
+  random_instance_name = true
+  project_id           = var.project_id
+  database_version     = "MYSQL_8_0"
+  region               = "us-central1"
+
+  deletion_protection = false
+
+  // Master configurations
+  tier                            = "db-custom-4-15360"
+  zone                            = "us-central1-c"
+  availability_type               = "REGIONAL"
+  maintenance_window_day          = 7
+  maintenance_window_hour         = 12
+  maintenance_window_update_track = "stable"
+
+  database_flags = [{ name = "long_query_time", value = 1 }]
+
+  user_labels = {
+    foo = "bar"
+  }
+
+  ip_configuration = {
+    ipv4_enabled                  = false
+    psc_enabled                   = true
+    psc_allowed_consumer_projects = [var.project_id]
+  }
+
+  password_validation_policy_config = {
+    enable_password_policy      = true
+    complexity                  = "COMPLEXITY_DEFAULT"
+    disallow_username_substring = true
+    min_length                  = 8
+  }
+
+  backup_configuration = {
+    enabled                        = true
+    binary_log_enabled             = true
+    start_time                     = "20:55"
+    location                       = null
+    transaction_log_retention_days = null
+    retained_backups               = 365
+    retention_unit                 = "COUNT"
+  }
+
+  // Read replica configurations
+  read_replica_name_suffix = "-test-psc"
+  replica_database_version = "MYSQL_8_0"
+  read_replicas = [
+    {
+      name              = "0"
+      zone              = "us-central1-a"
+      availability_type = "REGIONAL"
+      tier              = "db-custom-4-15360"
+      ip_configuration  = local.read_replica_ip_configuration
+      database_flags    = [{ name = "long_query_time", value = 1 }]
+      disk_type         = "PD_SSD"
+      user_labels       = { bar = "baz" }
+    },
+  ]
+
+  db_name      = var.mysql_ha_name
+  db_charset   = "utf8mb4"
+  db_collation = "utf8mb4_general_ci"
+
+  additional_databases = [
+    {
+      name      = "${var.mysql_ha_name}-additional"
+      charset   = "utf8mb4"
+      collation = "utf8mb4_general_ci"
+    },
+  ]
+
+  user_name     = "tftest"
+  user_password = "Example!12345"
+  root_password = ".5nHITPioEJk^k}="
+
+  additional_users = [
+    {
+      name            = "tftest2"
+      password        = "Example!12345"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
+    },
+    {
+      name            = "tftest3"
+      password        = "Example!12345"
+      host            = "localhost"
+      type            = "BUILT_IN"
+      random_password = false
+    },
+  ]
+}
diff --git a/examples/mysql-psc/outputs.tf b/examples/mysql-psc/outputs.tf
@@ -0,0 +1,24 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "project_id" {
+  value = var.project_id
+}
+
+output "name" {
+  description = "The name for Cloud SQL instance"
+  value       = module.mysql.instance_name
+}
diff --git a/examples/mysql-psc/variables.tf b/examples/mysql-psc/variables.tf
@@ -0,0 +1,26 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  type        = string
+  description = "The project to run tests against"
+}
+
+variable "mysql_ha_name" {
+  type        = string
+  description = "The name for Cloud SQL instance"
+  default     = "tf-mysql-psc"
+}
diff --git a/examples/mysql-psc/versions.tf b/examples/mysql-psc/versions.tf
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_providers {
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0"
+    }
+  }
+  required_version = ">= 1.3"
+}
diff --git a/examples/postgresql-ha/main.tf b/examples/postgresql-ha/main.tf
@@ -78,7 +78,7 @@ module "pg" {
   }
 
   // Read replica configurations
-  read_replica_name_suffix = "-test"
+  read_replica_name_suffix = "-test-ha"
   read_replicas = [
     {
       name                  = "0"

diff --git a/examples/postgresql-psc/README.md b/examples/postgresql-psc/README.md
@@ -0,0 +1,36 @@
+# Cloud SQL Database Example
+
+This example shows how to create the public HA Postgres Cloud SQL cluster using the Terraform module.
+
+## Run Terraform
+
+Create resources with terraform:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove all resources created by terraform:
+
+```bash
+terraform destroy
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| pg\_psc\_name | The name for Cloud SQL instance | `string` | `"tf-pg-psc"` | no |
+| project\_id | The project to run tests against | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| name | The name for Cloud SQL instance |
+| project\_id | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->