From c738ba65bfa51fd565c11764cccfe6174ac4151d Mon Sep 17 00:00:00 2001
From: Diego Rabatone Oliveira <diego.rabatone@cabify.com>
Date: Thu, 13 Feb 2020 16:40:09 -0300
Subject: [PATCH] [gcp/mysql] Add network specific fw rule

---
 google-cloud/gcp/mysql/inputs.tf  |  5 +++
 google-cloud/gcp/mysql/main.tf    | 56 ++++++++++++++++++++++++++-----
 google-cloud/gcp/mysql/outputs.tf |  6 ++--
 3 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/google-cloud/gcp/mysql/inputs.tf b/google-cloud/gcp/mysql/inputs.tf
index 3b33ea0..fb13656 100644
--- a/google-cloud/gcp/mysql/inputs.tf
+++ b/google-cloud/gcp/mysql/inputs.tf
@@ -21,6 +21,11 @@ variable "replica_instance_size" {
   type        = "string"
 }
 
+variable "network" {
+  description = "Network to be used for the cluster"
+  type        = "string"
+}
+
 variable "subnetwork" {
   description = "Subnetwork to be used for the instances"
   type        = "string"
diff --git a/google-cloud/gcp/mysql/main.tf b/google-cloud/gcp/mysql/main.tf
index c35eeed..c649c5a 100644
--- a/google-cloud/gcp/mysql/main.tf
+++ b/google-cloud/gcp/mysql/main.tf
@@ -1,9 +1,44 @@
+# Firewall rules
+resource "google_compute_firwall" "mysql_cluster_replication" {
+  name = "mysql-cluster-${var.service_name}"
+  network = "${var.network}"
+
+  allow {
+    protocol = "tcp"
+    ports = ["33061"]  # MySQL Group Replication port
+  }
+
+  target_tags = ["mysqlcluster-${var.service_name}"]
+  source_tags = [
+    "mysqlcluster-${var.service_name}",
+    "34.90.26.15", # Bastion IP
+    "34.95.192.109", # Bastion IP
+  ]
+}
+
+resource "google_compute_firwall" "mysql_cluster" {
+  name = "mysql-cluster-replication-${var.service_name}"
+  network = "${var.network}"
+
+  allow {
+    protocol = "tcp"
+    ports = ["3306"]  # MySQL Group Replication port
+  }
+
+  target_tags = ["mysqlcluster-${var.service_name}"]
+  source_tags = [
+    "mysqlcluster-${var.service_name}",
+    "34.90.26.15", # Bastion IP
+    "34.95.192.109", # Bastion IP
+  ]
+}
+
 # MASTER INSTANCE #
-resource "google_compute_address" "mysqlcluster-module_first" {
+resource "google_compute_address" "mysqlcluster_module_first" {
   name = "mysqlcluster-${var.service_name}-first"
 }
 
-resource "google_compute_instance" "mysqlcluster-module_first" {
+resource "google_compute_instance" "mysqlcluster_module_first" {
   name         = "mysqlcluster-${var.service_name}-first"
   machine_type = "${var.first_instance_size}"
 
@@ -23,7 +58,7 @@ resource "google_compute_instance" "mysqlcluster-module_first" {
     subnetwork = "${var.subnetwork}"
 
     access_config {
-      nat_ip = "${google_compute_address.mysqlcluster-module_first.address}"
+      nat_ip = "${google_compute_address.mysqlcluster_module_first.address}"
     }
   }
 
@@ -67,11 +102,11 @@ resource "google_compute_instance" "mysqlcluster-module_first" {
 
 # REPLICAS (instances number 2 and 3)
 # Replica A
-resource "google_compute_address" "mysqlcluster-module_second" {
+resource "google_compute_address" "mysqlcluster_module_second" {
   name = "mysqlcluster-${var.service_name}-second"
 }
 
-resource "google_compute_instance" "mysqlcluster-module_second" {
+resource "google_compute_instance" "mysqlcluster_module_second" {
   name         = "mysqlcluster-${var.service_name}-second"
   machine_type = "${var.replica_instance_size}"
 
@@ -93,7 +128,7 @@ resource "google_compute_instance" "mysqlcluster-module_second" {
     subnetwork = "${var.subnetwork}"
 
     access_config {
-      nat_ip = "${google_compute_address.mysqlcluster-module_second.address}"
+      nat_ip = "${google_compute_address.mysqlcluster_module_second.address}"
     }
   }
 
@@ -133,14 +168,16 @@ resource "google_compute_instance" "mysqlcluster-module_second" {
       "https://www.googleapis.com/auth/devstorage.read_write",
     ]
   }
+
+  depends_on = ["google_compute_instance.mysqlcluster_module_first"]
 }
 
 # Replica B
-resource "google_compute_address" "mysqlcluster-module_third" {
+resource "google_compute_address" "mysqlcluster_module_third" {
   name = "mysqlcluster-${var.service_name}-third"
 }
 
-resource "google_compute_instance" "mysqlcluster-module_third" {
+resource "google_compute_instance" "mysqlcluster_module_third" {
   name         = "mysqlcluster-${var.service_name}-third"
   machine_type = "${var.replica_instance_size}"
 
@@ -162,7 +199,7 @@ resource "google_compute_instance" "mysqlcluster-module_third" {
     subnetwork = "${var.subnetwork}"
 
     access_config {
-      nat_ip = "${google_compute_address.mysqlcluster-module_third.address}"
+      nat_ip = "${google_compute_address.mysqlcluster_module_third.address}"
     }
   }
 
@@ -202,4 +239,5 @@ resource "google_compute_instance" "mysqlcluster-module_third" {
       "https://www.googleapis.com/auth/devstorage.read_write",
     ]
   }
+  depends_on = ["google_compute_instance.mysqlcluster_module_first"]
 }
diff --git a/google-cloud/gcp/mysql/outputs.tf b/google-cloud/gcp/mysql/outputs.tf
index face2d1..cbbf73c 100644
--- a/google-cloud/gcp/mysql/outputs.tf
+++ b/google-cloud/gcp/mysql/outputs.tf
@@ -2,13 +2,13 @@
 ## Instances Names
 ################################################################################
 output "mysqlcluster_first_name" {
-  value = "${google_compute_instance.mysqlcluster-module_first.name}"
+  value = "${google_compute_instance.mysqlcluster_module_first.name}"
 }
 
 output "mysqlcluster_second_name" {
-  value = "${google_compute_instance.mysqlcluster-module_second.name}"
+  value = "${google_compute_instance.mysqlcluster_module_second.name}"
 }
 
 output "mysqlcluster_third_name" {
-  value = "${google_compute_instance.mysqlcluster-module_third.name}"
+  value = "${google_compute_instance.mysqlcluster_module_third.name}"
 }