Add IAM auth and set postgres user password.
This commit is contained in:
parent
78b497783b
commit
8a7fa68a6e
@ -1,3 +1,5 @@
|
||||
# For the cloudsql auth proxy grant roles/cloudsql.instanceUser and
|
||||
# roles/cloudsql.client roles to the service account for the proxy.
|
||||
variable "project" {
|
||||
description = "Project ID."
|
||||
type = string
|
||||
@ -25,11 +27,22 @@ variable "private_network_id" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "postgres_password" {
|
||||
description = "Password for the default postgres user."
|
||||
type = string
|
||||
default = "hunter2"
|
||||
}
|
||||
|
||||
output "connection_name" {
|
||||
description = "The connection string for connecting to the cloudsql instance (for example, through cloudsql proxy)."
|
||||
value = google_sql_database_instance.instance.connection_name
|
||||
}
|
||||
|
||||
output "instance" {
|
||||
description = "The google_sql_database_instance object."
|
||||
value = google_sql_database_instance.instance
|
||||
}
|
||||
|
||||
# Needed for CloudSQL Auth Proxy
|
||||
resource "google_project_service" "sqladmin" {
|
||||
project = var.project
|
||||
@ -55,8 +68,20 @@ resource "google_sql_database_instance" "instance" {
|
||||
private_network = var.private_network_id
|
||||
require_ssl = true
|
||||
}
|
||||
|
||||
database_flags {
|
||||
name = "cloudsql.iam_authentication"
|
||||
value = "on"
|
||||
}
|
||||
}
|
||||
|
||||
deletion_protection = "false"
|
||||
# deletion_protection = "true"
|
||||
}
|
||||
|
||||
resource "google_sql_user" "postgres" {
|
||||
project = var.project
|
||||
name = "postgres"
|
||||
instance = google_sql_database_instance.instance.name
|
||||
password = var.postgres_password
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user