|
|
|
@ -105,6 +105,45 @@ module "cloudsql" {
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "cloudsql_server_certificate" {
|
|
|
|
|
description = "CA certificate"
|
|
|
|
|
value = module.cloudsql.certificate.server_ca_cert
|
|
|
|
|
sensitive = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "cloudsql_client_certificate" {
|
|
|
|
|
description = "CA certificate"
|
|
|
|
|
value = module.cloudsql.certificate.cert
|
|
|
|
|
sensitive = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "cloudsql_client_key" {
|
|
|
|
|
description = "CA certificate"
|
|
|
|
|
value = module.cloudsql.certificate.private_key
|
|
|
|
|
sensitive = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "local_file" "pgserver_crt" {
|
|
|
|
|
sensitive_content = module.cloudsql.certificate.server_ca_cert
|
|
|
|
|
filename = "${path.module}/pgserver.crt"
|
|
|
|
|
file_permission = "0600"
|
|
|
|
|
directory_permission = "0700"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "local_file" "pgclient_crt" {
|
|
|
|
|
sensitive_content = module.cloudsql.certificate.cert
|
|
|
|
|
filename = "${path.module}/pgclient.crt"
|
|
|
|
|
file_permission = "0600"
|
|
|
|
|
directory_permission = "0700"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "local_file" "pgclient_key" {
|
|
|
|
|
sensitive_content = module.cloudsql.certificate.private_key
|
|
|
|
|
filename = "${path.module}/pgclient.key"
|
|
|
|
|
file_permission = "0600"
|
|
|
|
|
directory_permission = "0700"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Create a workload identity service account for IAM authentication to
|
|
|
|
|
# cloudsql
|
|
|
|
|
module "cloudsql_test_sa" {
|
|
|
|
|