Merge pull request #32 from mineiros-io/lukas/add-ssl-mode

feat: add ssl_mode attribute
mineiros-io · Feb 27, 2024 · 1606608 · 1606608
2 parents 5458a73 + 6d5a92c
commit 1606608
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -285,6 +285,12 @@ See [variables.tf] and [examples/] for details and use-cases.
 
     Whether SSL connections over IP are enforced or not.
 
+  - [**`ssl_mode`**](#attr-ip_configuration-ssl_mode): *(Optional `string`)*<a name="attr-ip_configuration-ssl_mode"></a>
+
+    Specify how SSL connection should be enforced in DB connections.
+    To change this field, also set the correspoding value in require_ssl.
+    Check the value pairs [API reference](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration)
+
   - [**`allocated_ip_range `**](#attr-ip_configuration-allocated_ip_range ): *(Optional `string`)*<a name="attr-ip_configuration-allocated_ip_range "></a>
 
     The name of the allocated ip range for the private ip CloudSQL instance.

diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
@@ -389,6 +389,15 @@ section {
             Whether SSL connections over IP are enforced or not.
           END
         }
+
+        attribute "ssl_mode" {
+          type        = string
+          description = <<-END
+            Specify how SSL connection should be enforced in DB connections.
+            To change this field, also set the correspoding value in require_ssl.
+            Check the value pairs [API reference](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration)
+          END
+        }
         attribute "allocated_ip_range " {
           type        = string
           description = <<-END

diff --git a/main.tf b/main.tf
@@ -83,6 +83,7 @@ resource "google_sql_database_instance" "instance" {
         ipv4_enabled                                  = try(ip_configuration.value.ipv4_enabled, null)
         private_network                               = try(ip_configuration.value.private_network, null)
         require_ssl                                   = try(ip_configuration.value.require_ssl, null)
+        ssl_mode                                      = try(ip_configuration.value.ssl_mode, null)
         allocated_ip_range                            = try(ip_configuration.value.allocated_ip_range, null)
         enable_private_path_for_google_cloud_services = try(ip_configuration.value.enable_private_path_for_google_cloud_services, null)
 

diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5, <5.6"
+      version = ">= 5.6, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 5, <5.6"
+      version = ">= 5.6, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
@@ -67,6 +67,7 @@ module "test" {
     }]
     private_network    = "projects/${local.project_id}/global/networks/default"
     require_ssl        = true
+    ssl_mode           = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     allocated_ip_range = "google-managed-services-default"
   }
 

diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5, <5.6"
+      version = ">= 5.6, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 5, <5.6"
+      version = ">= 5.6, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "5"
+      version = "5.6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "5"
+      version = "5.6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/versions.tf b/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5, <5.6"
+      version = ">= 5.6, <6"
     }
   }
 }
diff --git a/versions.tm.hcl b/versions.tm.hcl
@@ -2,9 +2,9 @@ globals {
   minimum_terraform_version   = "1.0"
 
   provider                    = "google"
-  minimum_provider_version    = "5"
+  minimum_provider_version    = "5.6"
 
-  provider_version_constraint  = ">= ${global.minimum_provider_version}, <5.6"
+  provider_version_constraint  = ">= ${global.minimum_provider_version}, <6"
   terraform_version_constraint = "~> ${global.minimum_terraform_version}, != 1.1.0, != 1.1.1"
   # we exclude 1.1.0 and 1.1.1 because of:
   # https://github.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md#112-december-17-2021