From 9040d89456031aceaa51ac4ac2f7014e6aced6d5 Mon Sep 17 00:00:00 2001 From: Oscar van Leusen Date: Fri, 20 Jun 2025 16:55:40 +0100 Subject: [PATCH 1/2] Add support for psc_auto_connections feature to mysql and postgres --- modules/mysql/README.md | 2 +- modules/mysql/main.tf | 8 ++++++++ modules/mysql/read_replica.tf | 8 ++++++++ modules/mysql/variables.tf | 4 ++++ modules/postgresql/README.md | 2 +- modules/postgresql/main.tf | 8 ++++++++ modules/postgresql/read_replica.tf | 8 ++++++++ modules/postgresql/variables.tf | 10 +++++++--- 8 files changed, 45 insertions(+), 5 deletions(-) diff --git a/modules/mysql/README.md b/modules/mysql/README.md index 371926e0..0781116a 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -79,7 +79,7 @@ module "mysql-db" { | iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | 
list(object({
    id    = string,
    email = string,
    type  = optional(string)
  }))
| `[]` | no | | insights\_config | The insights\_config settings for the database. | 
object({
    query_plans_per_minute  = number
    query_string_length     = number
    record_application_tags = bool
    record_client_address   = bool
  })
| `null` | no | | instance\_type | Users can upgrade a read replica instance to a stand-alone Cloud SQL instance with the help of instance\_type. To promote, users have to set the instance\_type property as CLOUD\_SQL\_INSTANCE and remove/unset master\_instance\_name and replica\_configuration from instance configuration. This operation might cause your instance to restart. | `string` | `null` | no | -| ip\_configuration | The ip\_configuration settings subblock | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
  })
| `{}` | no | +| ip\_configuration | The ip\_configuration settings subblock | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
    psc_auto_connections = optional(list(object({
      consumer_network            = string
      consumer_service_project_id = string
    })), [])
  })
| `{}` | no | | maintenance\_version | The current software version on the instance. This attribute can not be set during creation. Refer to available\_maintenance\_versions attribute to see what maintenance\_version are available for upgrade. When this attribute gets updated, it will cause an instance restart. Setting a maintenance\_version value that is older than the current one on the instance will be ignored | `string` | `null` | no | | maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no | | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no | diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf index 57158479..ec00e4f3 100644 --- a/modules/mysql/main.tf +++ b/modules/mysql/main.tf @@ -160,6 +160,14 @@ resource "google_sql_database_instance" "default" { content { psc_enabled = ip_configuration.value.psc_enabled allowed_consumer_projects = ip_configuration.value.psc_allowed_consumer_projects + + dynamic "psc_auto_connections" { + for_each = lookup(ip_configuration.value, "psc_auto_connections", []) + content { + consumer_network = psc_auto_connections.value.consumer_network + consumer_service_project_id = psc_auto_connections.value.consumer_service_project_id + } + } } } diff --git a/modules/mysql/read_replica.tf b/modules/mysql/read_replica.tf index 01995648..52802ff7 100644 --- a/modules/mysql/read_replica.tf +++ b/modules/mysql/read_replica.tf @@ -92,6 +92,14 @@ resource "google_sql_database_instance" "replicas" { content { psc_enabled = ip_configuration.value.psc_enabled allowed_consumer_projects = ip_configuration.value.psc_allowed_consumer_projects + + dynamic "psc_auto_connections" { + for_each = lookup(ip_configuration.value, "psc_auto_connections", []) + content { + consumer_network = psc_auto_connections.value.consumer_network + consumer_service_project_id = psc_auto_connections.value.consumer_service_project_id + } + } } } } diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index db742727..6518e7ec 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -342,6 +342,10 @@ variable "ip_configuration" { enable_private_path_for_google_cloud_services = optional(bool, false) psc_enabled = optional(bool, false) psc_allowed_consumer_projects = optional(list(string), []) + psc_auto_connections = optional(list(object({ + consumer_network = string + consumer_service_project_id = string + })), []) }) default = {} } diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index b4b310ae..d940d041 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -151,7 +151,7 @@ module "pg" { | iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | 
list(object({
    id    = string,
    email = string,
    type  = optional(string)
  }))
| `[]` | no | | insights\_config | The insights\_config settings for the database. | 
object({
    query_plans_per_minute  = optional(number, 5)
    query_string_length     = optional(number, 1024)
    record_application_tags = optional(bool, false)
    record_client_address   = optional(bool, false)
  })
| `null` | no | | instance\_type | The type of the instance. The supported values are SQL\_INSTANCE\_TYPE\_UNSPECIFIED, CLOUD\_SQL\_INSTANCE, ON\_PREMISES\_INSTANCE and READ\_REPLICA\_INSTANCE. Set to READ\_REPLICA\_INSTANCE if master\_instance\_name value is provided | `string` | `"CLOUD_SQL_INSTANCE"` | no | -| ip\_configuration | The ip configuration for the Cloud SQL instances. | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
    server_ca_mode                                = optional(string)
    server_ca_pool                                = optional(string)
    custom_subject_alternative_names              = optional(list(string), [])
  })
| `{}` | no | +| ip\_configuration | The ip configuration for the Cloud SQL instances. | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
    psc_auto_connections = optional(list(object({
      consumer_network            = string
      consumer_service_project_id = string
    })), [])
    server_ca_mode                   = optional(string)
    server_ca_pool                   = optional(string)
    custom_subject_alternative_names = optional(list(string), [])
  })
| `{}` | no | | maintenance\_version | The current software version on the instance. This attribute can not be set during creation. Refer to available\_maintenance\_versions attribute to see what maintenance\_version are available for upgrade. When this attribute gets updated, it will cause an instance restart. Setting a maintenance\_version value that is older than the current one on the instance will be ignored | `string` | `null` | no | | maintenance\_window\_day | The day of week (1-7) for the Cloud SQL instance maintenance. | `number` | `1` | no | | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the Cloud SQL instance maintenance. | `number` | `23` | no | diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf index f44f7198..9dcb1a76 100644 --- a/modules/postgresql/main.tf +++ b/modules/postgresql/main.tf @@ -145,6 +145,14 @@ resource "google_sql_database_instance" "default" { content { psc_enabled = ip_configuration.value.psc_enabled allowed_consumer_projects = ip_configuration.value.psc_allowed_consumer_projects + + dynamic "psc_auto_connections" { + for_each = lookup(ip_configuration.value, "psc_auto_connections", []) + content { + consumer_network = psc_auto_connections.value.consumer_network + consumer_service_project_id = psc_auto_connections.value.consumer_service_project_id + } + } } } diff --git a/modules/postgresql/read_replica.tf b/modules/postgresql/read_replica.tf index 3cae2aa1..c5d2308d 100644 --- a/modules/postgresql/read_replica.tf +++ b/modules/postgresql/read_replica.tf @@ -67,6 +67,14 @@ resource "google_sql_database_instance" "replicas" { content { psc_enabled = ip_configuration.value.psc_enabled allowed_consumer_projects = ip_configuration.value.psc_enabled ? ip_configuration.value.psc_allowed_consumer_projects : [] + + dynamic "psc_auto_connections" { + for_each = lookup(ip_configuration.value, "psc_auto_connections", []) + content { + consumer_network = psc_auto_connections.value.consumer_network + consumer_service_project_id = psc_auto_connections.value.consumer_service_project_id + } + } } } } diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 3769abe2..6ca5f5ce 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -330,9 +330,13 @@ variable "ip_configuration" { enable_private_path_for_google_cloud_services = optional(bool, false) psc_enabled = optional(bool, false) psc_allowed_consumer_projects = optional(list(string), []) - server_ca_mode = optional(string) - server_ca_pool = optional(string) - custom_subject_alternative_names = optional(list(string), []) + psc_auto_connections = optional(list(object({ + consumer_network = string + consumer_service_project_id = string + })), []) + server_ca_mode = optional(string) + server_ca_pool = optional(string) + custom_subject_alternative_names = optional(list(string), []) }) default = {} } From ca9761f9ddac09d2aa14888179c90bd4bc971626 Mon Sep 17 00:00:00 2001 From: Oscar van Leusen Date: Fri, 27 Jun 2025 20:55:32 +0100 Subject: [PATCH 2/2] Regenerate docs --- modules/postgresql/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index 8288c664..a1145444 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -152,7 +152,7 @@ module "pg" { | iam\_users | A list of IAM users to be created in your CloudSQL instance. iam.users.type can be CLOUD\_IAM\_USER, CLOUD\_IAM\_SERVICE\_ACCOUNT, CLOUD\_IAM\_GROUP and is required for type CLOUD\_IAM\_GROUP (IAM groups) | 
list(object({
    id    = string,
    email = string,
    type  = optional(string)
  }))
| `[]` | no | | insights\_config | The insights\_config settings for the database. | 
object({
    query_plans_per_minute  = optional(number, 5)
    query_string_length     = optional(number, 1024)
    record_application_tags = optional(bool, false)
    record_client_address   = optional(bool, false)
  })
| `null` | no | | instance\_type | The type of the instance. The supported values are SQL\_INSTANCE\_TYPE\_UNSPECIFIED, CLOUD\_SQL\_INSTANCE, ON\_PREMISES\_INSTANCE and READ\_REPLICA\_INSTANCE. Set to READ\_REPLICA\_INSTANCE if master\_instance\_name value is provided | `string` | `"CLOUD_SQL_INSTANCE"` | no | -| ip\_configuration | The ip configuration for the Cloud SQL instances. | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
    server_ca_mode                                = optional(string)
    server_ca_pool                                = optional(string)
    custom_subject_alternative_names              = optional(list(string), [])
  })
| `{}` | no | +| ip\_configuration | The ip configuration for the Cloud SQL instances. | 
object({
    authorized_networks                           = optional(list(map(string)), [])
    ipv4_enabled                                  = optional(bool, true)
    private_network                               = optional(string)
    ssl_mode                                      = optional(string)
    allocated_ip_range                            = optional(string)
    enable_private_path_for_google_cloud_services = optional(bool, false)
    psc_enabled                                   = optional(bool, false)
    psc_allowed_consumer_projects                 = optional(list(string), [])
    psc_auto_connections = optional(list(object({
      consumer_network            = string
      consumer_service_project_id = string
    })), [])
    server_ca_mode                   = optional(string)
    server_ca_pool                   = optional(string)
    custom_subject_alternative_names = optional(list(string), [])
  })
| `{}` | no | | kms\_key\_handle\_name | key handle name. If not provided module will use instance name as key handle name | `string` | `null` | no | | maintenance\_version | The current software version on the instance. This attribute can not be set during creation. Refer to available\_maintenance\_versions attribute to see what maintenance\_version are available for upgrade. When this attribute gets updated, it will cause an instance restart. Setting a maintenance\_version value that is older than the current one on the instance will be ignored | `string` | `null` | no | | maintenance\_window\_day | The day of week (1-7) for the Cloud SQL instance maintenance. | `number` | `1` | no |