From 6d5a92c8c529e7fdf545e70ff9ddd590ba31e227 Mon Sep 17 00:00:00 2001
From: Esanim <17294241+Esanim@users.noreply.github.com>
Date: Tue, 27 Feb 2024 14:37:43 +0100
Subject: [PATCH] feat: add ssl_mode attribute
BREAKING CHANGE: upgrades google provider to version 5.6+
---
README.md | 6 ++++++
README.tfdoc.hcl | 9 +++++++++
main.tf | 1 +
test/unit-complete/_generated_google.tf | 4 ++--
test/unit-complete/main.tf | 1 +
test/unit-disabled/_generated_google.tf | 4 ++--
test/unit-minimal/_generated_google.tf | 4 ++--
versions.tf | 2 +-
versions.tm.hcl | 4 ++--
9 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index a7d1363..c7ee41a 100644
--- a/README.md
+++ b/README.md
@@ -285,6 +285,12 @@ See [variables.tf] and [examples/] for details and use-cases.
Whether SSL connections over IP are enforced or not.
+ - [**`ssl_mode`**](#attr-ip_configuration-ssl_mode): *(Optional `string`)*
+
+ Specify how SSL connection should be enforced in DB connections.
+ To change this field, also set the correspoding value in require_ssl.
+ Check the value pairs [API reference](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration)
+
- [**`allocated_ip_range `**](#attr-ip_configuration-allocated_ip_range ): *(Optional `string`)*
The name of the allocated ip range for the private ip CloudSQL instance.
diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
index 3cf699c..73b0739 100644
--- a/README.tfdoc.hcl
+++ b/README.tfdoc.hcl
@@ -389,6 +389,15 @@ section {
Whether SSL connections over IP are enforced or not.
END
}
+
+ attribute "ssl_mode" {
+ type = string
+ description = <<-END
+ Specify how SSL connection should be enforced in DB connections.
+ To change this field, also set the correspoding value in require_ssl.
+ Check the value pairs [API reference](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration)
+ END
+ }
attribute "allocated_ip_range " {
type = string
description = <<-END
diff --git a/main.tf b/main.tf
index 1595a2f..9530c52 100644
--- a/main.tf
+++ b/main.tf
@@ -83,6 +83,7 @@ resource "google_sql_database_instance" "instance" {
ipv4_enabled = try(ip_configuration.value.ipv4_enabled, null)
private_network = try(ip_configuration.value.private_network, null)
require_ssl = try(ip_configuration.value.require_ssl, null)
+ ssl_mode = try(ip_configuration.value.ssl_mode, null)
allocated_ip_range = try(ip_configuration.value.allocated_ip_range, null)
enable_private_path_for_google_cloud_services = try(ip_configuration.value.enable_private_path_for_google_cloud_services, null)
diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
index 2c250fc..d563c10 100644
--- a/test/unit-complete/_generated_google.tf
+++ b/test/unit-complete/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5, <5.6"
+ version = ">= 5.6, <6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5, <5.6"
+ version = ">= 5.6, <6"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
index 105a957..af3c772 100644
--- a/test/unit-complete/main.tf
+++ b/test/unit-complete/main.tf
@@ -67,6 +67,7 @@ module "test" {
}]
private_network = "projects/${local.project_id}/global/networks/default"
require_ssl = true
+ ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
allocated_ip_range = "google-managed-services-default"
}
diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
index b1043db..13b4c45 100644
--- a/test/unit-disabled/_generated_google.tf
+++ b/test/unit-disabled/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5, <5.6"
+ version = ">= 5.6, <6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5, <5.6"
+ version = ">= 5.6, <6"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
index bed3f25..9e6f395 100644
--- a/test/unit-minimal/_generated_google.tf
+++ b/test/unit-minimal/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "5"
+ version = "5.6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "5"
+ version = "5.6"
}
random = {
source = "hashicorp/random"
diff --git a/versions.tf b/versions.tf
index 7c51573..4a75cb8 100644
--- a/versions.tf
+++ b/versions.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5, <5.6"
+ version = ">= 5.6, <6"
}
}
}
diff --git a/versions.tm.hcl b/versions.tm.hcl
index fe28525..42781a8 100644
--- a/versions.tm.hcl
+++ b/versions.tm.hcl
@@ -2,9 +2,9 @@ globals {
minimum_terraform_version = "1.0"
provider = "google"
- minimum_provider_version = "5"
+ minimum_provider_version = "5.6"
- provider_version_constraint = ">= ${global.minimum_provider_version}, <5.6"
+ provider_version_constraint = ">= ${global.minimum_provider_version}, <6"
terraform_version_constraint = "~> ${global.minimum_terraform_version}, != 1.1.0, != 1.1.1"
# we exclude 1.1.0 and 1.1.1 because of:
# https://github.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md#112-december-17-2021