From c3e5b70a84ab4fe6b0a317ad6969b84ee102c693 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 18 Jul 2021 22:11:22 -0400
Subject: [PATCH] Add require_tls param to cloudsql module.

---
 terraform/modules/cloudsql/cloudsql.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
index 35d68c0..9d85a5f 100644
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -33,6 +33,12 @@ variable "postgres_password" {
   default     = "hunter2"
 }
 
+variable "require_tls" {
+  description = "Whether or not we should require TLS when connecting to cloudsql."
+  type        = bool
+  default     = false
+}
+
 output "connection_name" {
   description = "The connection string for connecting to the cloudsql instance (for example, through cloudsql proxy)."
   value       = google_sql_database_instance.instance.connection_name
@@ -71,7 +77,7 @@ resource "google_sql_database_instance" "instance" {
     ip_configuration {
       ipv4_enabled    = false
       private_network = var.private_network_id
-      require_ssl     = true
+      require_ssl     = var.require_tls
     }
 
     database_flags {