Generate a postgresql certificate.

2021-07-18 21:19:08 -04:00
parent 8a7fa68a6e
commit fd63ea2c43
3 changed files with 53 additions and 0 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -105,6 +105,45 @@ module "cloudsql" {
  ]
 }

+output "cloudsql_server_certificate" {
+  description = "CA certificate"
+  value       = module.cloudsql.certificate.server_ca_cert
+  sensitive   = true
+}
+
+output "cloudsql_client_certificate" {
+  description = "CA certificate"
+  value       = module.cloudsql.certificate.cert
+  sensitive   = true
+}
+
+output "cloudsql_client_key" {
+  description = "CA certificate"
+  value       = module.cloudsql.certificate.private_key
+  sensitive   = true
+}
+
+resource "local_file" "pgserver_crt" {
+  sensitive_content    = module.cloudsql.certificate.server_ca_cert
+  filename             = "${path.module}/pgserver.crt"
+  file_permission      = "0600"
+  directory_permission = "0700"
+}
+
+resource "local_file" "pgclient_crt" {
+  sensitive_content    = module.cloudsql.certificate.cert
+  filename             = "${path.module}/pgclient.crt"
+  file_permission      = "0600"
+  directory_permission = "0700"
+}
+
+resource "local_file" "pgclient_key" {
+  sensitive_content    = module.cloudsql.certificate.private_key
+  filename             = "${path.module}/pgclient.key"
+  file_permission      = "0600"
+  directory_permission = "0700"
+}
+
 # Create a workload identity service account for IAM authentication to
 # cloudsql
 module "cloudsql_test_sa" {