|
|
|
@ -1,3 +1,5 @@
|
|
|
|
|
# For the cloudsql auth proxy grant roles/cloudsql.instanceUser and
|
|
|
|
|
# roles/cloudsql.client roles to the service account for the proxy.
|
|
|
|
|
variable "project" {
|
|
|
|
|
description = "Project ID."
|
|
|
|
|
type = string
|
|
|
|
@ -25,11 +27,22 @@ variable "private_network_id" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "postgres_password" {
|
|
|
|
|
description = "Password for the default postgres user."
|
|
|
|
|
type = string
|
|
|
|
|
default = "hunter2"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "connection_name" {
|
|
|
|
|
description = "The connection string for connecting to the cloudsql instance (for example, through cloudsql proxy)."
|
|
|
|
|
value = google_sql_database_instance.instance.connection_name
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "instance" {
|
|
|
|
|
description = "The google_sql_database_instance object."
|
|
|
|
|
value = google_sql_database_instance.instance
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Needed for CloudSQL Auth Proxy
|
|
|
|
|
resource "google_project_service" "sqladmin" {
|
|
|
|
|
project = var.project
|
|
|
|
@ -55,8 +68,20 @@ resource "google_sql_database_instance" "instance" {
|
|
|
|
|
private_network = var.private_network_id
|
|
|
|
|
require_ssl = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
database_flags {
|
|
|
|
|
name = "cloudsql.iam_authentication"
|
|
|
|
|
value = "on"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
deletion_protection = "false"
|
|
|
|
|
# deletion_protection = "true"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "google_sql_user" "postgres" {
|
|
|
|
|
project = var.project
|
|
|
|
|
name = "postgres"
|
|
|
|
|
instance = google_sql_database_instance.instance.name
|
|
|
|
|
password = var.postgres_password
|
|
|
|
|
}
|
|
|
|
|