Add IAM auth and set postgres user password.

This commit is contained in:
Tom Alexander 2021-07-18 20:49:50 -04:00
parent 78b497783b
commit 8a7fa68a6e
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE

View File

@ -1,3 +1,5 @@
# For the cloudsql auth proxy grant roles/cloudsql.instanceUser and
# roles/cloudsql.client roles to the service account for the proxy.
variable "project" {
description = "Project ID."
type = string
@ -25,11 +27,22 @@ variable "private_network_id" {
type = string
}
variable "postgres_password" {
description = "Password for the default postgres user."
type = string
default = "hunter2"
}
output "connection_name" {
description = "The connection string for connecting to the cloudsql instance (for example, through cloudsql proxy)."
value = google_sql_database_instance.instance.connection_name
}
output "instance" {
description = "The google_sql_database_instance object."
value = google_sql_database_instance.instance
}
# Needed for CloudSQL Auth Proxy
resource "google_project_service" "sqladmin" {
project = var.project
@ -55,8 +68,20 @@ resource "google_sql_database_instance" "instance" {
private_network = var.private_network_id
require_ssl = true
}
database_flags {
name = "cloudsql.iam_authentication"
value = "on"
}
}
deletion_protection = "false"
# deletion_protection = "true"
}
resource "google_sql_user" "postgres" {
project = var.project
name = "postgres"
instance = google_sql_database_instance.instance.name
password = var.postgres_password
}