From 00979f1edfc3842ce55d2716bda6b83e093ef627 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 8 Mar 2019 02:27:34 +0900 Subject: [PATCH 1/6] enable multiple users --- modules/mysql/README.md | 2 ++ modules/mysql/main.tf | 10 ++++++++ modules/mysql/variables.tf | 5 ++++ modules/postgresql/README.md | 2 ++ modules/postgresql/main.tf | 10 ++++++++ modules/postgresql/variables.tf | 5 ++++ test/fixtures/mysql-ha/main.tf | 24 ++++++++++++++----- test/fixtures/postgresql-ha/main.tf | 24 ++++++++++++++----- test/integration/mysql-ha/controls/mysql.rb | 7 +++++- test/integration/postgresql-ha/controls/pg.rb | 4 +++- 10 files changed, 79 insertions(+), 14 deletions(-) diff --git a/modules/mysql/README.md b/modules/mysql/README.md index fd20edd8..237e1de0 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -7,6 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance. Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | +| additional_databases | The list of databases for the instacne | list | `` | no | +| additional_users | The list of users for the instance | list | `` | no | | authorized_gae_applications | The list of authorized App Engine project names | list | `` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | | database_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | list | `` | no | diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf index 1ab66b17..a591ceb0 100644 --- a/modules/mysql/main.tf +++ b/modules/mysql/main.tf @@ -97,3 +97,13 @@ resource "google_sql_user" "default" { password = "${var.user_password == "" ? random_id.user-password.hex : var.user_password}" depends_on = ["google_sql_database_instance.default"] } + +resource "google_sql_user" "additional_users" { + count = "${length(var.additional_users)}" + project = "${var.project_id}" + name = "${lookup(var.additional_users[count.index], "name")}" + password = "${lookup(var.additional_users[count.index], "password", random_id.user-password.hex)}" + host = "${lookup(var.additional_users[count.index], "host", var.user_host)}" + instance = "${google_sql_database_instance.default.name}" + depends_on = ["google_sql_database_instance.default"] +} diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index d7bf5c09..e688455d 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -322,3 +322,8 @@ variable "user_password" { description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." default = "" } + +variable "additional_users" { + description = "The list of users for the instance" + default = [] +} diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index f397de45..967d3561 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -7,6 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance.Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | +| additional_databases | The list of databases for the instacne | list | `` | no | +| additional_users | The list of users for the instance | list | `` | no | | authorized_gae_applications | The authorized gae applications for the Cloud SQL instances | list | `` | no | | availability_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`. | string | `ZONAL` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf index 8e4fae00..f33f9ab3 100644 --- a/modules/postgresql/main.tf +++ b/modules/postgresql/main.tf @@ -97,3 +97,13 @@ resource "google_sql_user" "default" { password = "${var.user_password == "" ? random_id.user-password.hex : var.user_password}" depends_on = ["google_sql_database_instance.default"] } + +resource "google_sql_user" "additional_users" { + count = "${length(var.additional_users)}" + project = "${var.project_id}" + name = "${lookup(var.additional_users[count.index], "name")}" + password = "${lookup(var.additional_users[count.index], "password", random_id.user-password.hex)}" + host = "${lookup(var.additional_users[count.index], "host", var.user_host)}" + instance = "${google_sql_database_instance.default.name}" + depends_on = ["google_sql_database_instance.default"] +} diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 312c5fcf..f59c1877 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -242,3 +242,8 @@ variable "user_password" { description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." default = "" } + +variable "additional_users" { + description = "The list of users for the instance" + default = [] +} diff --git a/test/fixtures/mysql-ha/main.tf b/test/fixtures/mysql-ha/main.tf index adf6a033..6becc333 100644 --- a/test/fixtures/mysql-ha/main.tf +++ b/test/fixtures/mysql-ha/main.tf @@ -133,17 +133,29 @@ module "mysql" { }] } - user_name = "tftest" - user_password = "foobar" - db_name = "${var.mysql_ha_name}" - db_charset = "utf8mb4" - db_collation = "utf8mb4_general_ci" + db_name = "${var.mysql_ha_name}" + db_charset = "utf8mb4" + db_collation = "utf8mb4_general_ci" additional_databases = [ { name = "${var.mysql_ha_name}-additional" charset = "utf8mb4" collation = "utf8mb4_general_ci" - } + }, + ] + + user_name = "tftest" + user_password = "foobar" + + additional_users = [ + { + name = "tftest2" + password = "abcdefg" + }, + { + name = "tftest3" + host = "localhost" + }, ] } diff --git a/test/fixtures/postgresql-ha/main.tf b/test/fixtures/postgresql-ha/main.tf index e77ed409..4f9aa008 100644 --- a/test/fixtures/postgresql-ha/main.tf +++ b/test/fixtures/postgresql-ha/main.tf @@ -98,17 +98,29 @@ module "pg" { }] } - user_name = "tftest" - user_password = "foobar" - db_name = "${var.pg_ha_name}" - db_charset = "UTF8" - db_collation = "en_US.UTF8" + db_name = "${var.pg_ha_name}" + db_charset = "UTF8" + db_collation = "en_US.UTF8" additional_databases = [ { name = "${var.pg_ha_name}-additional" charset = "UTF8" collation = "en_US.UTF8" - } + }, + ] + + user_name = "tftest" + user_password = "foobar" + + additional_users = [ + { + name = "tftest2" + password = "abcdefg" + }, + { + name = "tftest3" + host = "localhost" + }, ] } diff --git a/test/integration/mysql-ha/controls/mysql.rb b/test/integration/mysql-ha/controls/mysql.rb index 3a3f229f..05b42bbf 100644 --- a/test/integration/mysql-ha/controls/mysql.rb +++ b/test/integration/mysql-ha/controls/mysql.rb @@ -130,6 +130,11 @@ end end -describe google_sql_users(project: project_id, database: basename).where(user_name: /\Atftest\z/) do +describe google_sql_users(project: project_id, database: basename).where(user_name: /\Atftest/) do + its(:count) { should be 3 } + it { should exist } +end + +describe google_sql_users(project: project_id, database: basename).where(user_host: 'localhost') do it { should exist } end diff --git a/test/integration/postgresql-ha/controls/pg.rb b/test/integration/postgresql-ha/controls/pg.rb index 7998f8d5..11f12d98 100644 --- a/test/integration/postgresql-ha/controls/pg.rb +++ b/test/integration/postgresql-ha/controls/pg.rb @@ -96,6 +96,8 @@ end end -describe google_sql_users(project: project_id, database: basename).where(user_name: /\Atftest\z/) do +describe google_sql_users(project: project_id, database: basename).where(user_name: /\Atftest/) do + # NOTE: postgresql has `postgres` as a default user. + its(:count) { should be 4 } it { should exist } end From 3d5d36d990a3fa45361d9bfc1937ec48c01e6419 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 8 Mar 2019 02:31:35 +0900 Subject: [PATCH 2/6] remove user host from the postgresql module Since the argument has not been provided for PostgreSQL, this commit removes it from the postgresql module. --- modules/postgresql/README.md | 1 - modules/postgresql/main.tf | 3 --- modules/postgresql/variables.tf | 5 ----- 3 files changed, 9 deletions(-) diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index 967d3561..45b09758 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -47,7 +47,6 @@ | read_replica_zones | The zones for the read replica instancess, it should be something like: `a,b,c`. Given zones are used rotationally for creating read replicas. | string | `` | no | | region | The region of the Cloud SQL resources | string | `us-central1` | no | | tier | The tier for the master instance. | string | `db-f1-micro` | no | -| user_host | The host for the default user | string | `%` | no | | user_labels | The key/value labels for the master instances. | map | `` | no | | user_name | The name of the default user | string | `default` | no | | user_password | The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable. | string | `` | no | diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf index f33f9ab3..a78594e4 100644 --- a/modules/postgresql/main.tf +++ b/modules/postgresql/main.tf @@ -15,7 +15,6 @@ */ locals { - default_user_host = "" ip_configuration_enabled = "${length(keys(var.ip_configuration)) > 0 ? true : false}" ip_configurations = { @@ -93,7 +92,6 @@ resource "google_sql_user" "default" { name = "${var.user_name}" project = "${var.project_id}" instance = "${google_sql_database_instance.default.name}" - host = "${var.user_host}" password = "${var.user_password == "" ? random_id.user-password.hex : var.user_password}" depends_on = ["google_sql_database_instance.default"] } @@ -103,7 +101,6 @@ resource "google_sql_user" "additional_users" { project = "${var.project_id}" name = "${lookup(var.additional_users[count.index], "name")}" password = "${lookup(var.additional_users[count.index], "password", random_id.user-password.hex)}" - host = "${lookup(var.additional_users[count.index], "host", var.user_host)}" instance = "${google_sql_database_instance.default.name}" depends_on = ["google_sql_database_instance.default"] } diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index f59c1877..0e1d643e 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -233,11 +233,6 @@ variable "user_name" { default = "default" } -variable "user_host" { - description = "The host for the default user" - default = "%" -} - variable "user_password" { description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." default = "" From f8e6d2932d342b8f17510bd4c831ae3b4420f752 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 12 Mar 2019 23:56:29 +0900 Subject: [PATCH 3/6] fix typo & make -S --- modules/mysql/README.md | 4 ++-- modules/mysql/variables.tf | 4 ++-- modules/postgresql/README.md | 4 ++-- modules/postgresql/variables.tf | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/mysql/README.md b/modules/mysql/README.md index 237e1de0..76e4dceb 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -7,8 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance. Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | -| additional_databases | The list of databases for the instacne | list | `` | no | -| additional_users | The list of users for the instance | list | `` | no | +| additional_databases | The list of databases for all instances | list | `` | no | +| additional_users | The list of users for all instances | list | `` | no | | authorized_gae_applications | The list of authorized App Engine project names | list | `` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | | database_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | list | `` | no | diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index e688455d..4b2723e1 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -304,7 +304,7 @@ variable "db_collation" { } variable "additional_databases" { - description = "The list of databases for the instacne" + description = "The list of databases for all instances" default = [] } @@ -324,6 +324,6 @@ variable "user_password" { } variable "additional_users" { - description = "The list of users for the instance" + description = "The list of users for all instances" default = [] } diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index 45b09758..a1556090 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -7,8 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance.Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | -| additional_databases | The list of databases for the instacne | list | `` | no | -| additional_users | The list of users for the instance | list | `` | no | +| additional_databases | The list of databases for all instances | list | `` | no | +| additional_users | The list of users for all instances | list | `` | no | | authorized_gae_applications | The authorized gae applications for the Cloud SQL instances | list | `` | no | | availability_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`. | string | `ZONAL` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 0e1d643e..5cdb44ec 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -224,7 +224,7 @@ variable "db_collation" { } variable "additional_databases" { - description = "The list of databases for the instacne" + description = "The list of databases for all instances" default = [] } @@ -239,6 +239,6 @@ variable "user_password" { } variable "additional_users" { - description = "The list of users for the instance" + description = "The list of users for all instances" default = [] } From e4ef23595bcfb13222f7589363b685c792b2b422 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Wed, 13 Mar 2019 02:32:29 +0900 Subject: [PATCH 4/6] update modules/mysql/variables.tf Co-Authored-By: namusyaka --- modules/mysql/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index 4b2723e1..bf2dfd66 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -304,7 +304,7 @@ variable "db_collation" { } variable "additional_databases" { - description = "The list of databases for all instances" + description = "A list of databases to create in your cluster" default = [] } From 586ff19a6cbbdbce5dc9736f9667a96101afbc73 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Wed, 13 Mar 2019 02:32:37 +0900 Subject: [PATCH 5/6] update modules/mysql/variables.tf Co-Authored-By: namusyaka --- modules/mysql/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index bf2dfd66..d16e480e 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -324,6 +324,6 @@ variable "user_password" { } variable "additional_users" { - description = "The list of users for all instances" + description = "A list of users to be created in your cluster" default = [] } From 30d0a0bb319414a9ae7b6a41b42bc1efd4ce4651 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Wed, 13 Mar 2019 02:34:44 +0900 Subject: [PATCH 6/6] rewording --- modules/mysql/README.md | 4 ++-- modules/mysql/variables.tf | 2 +- modules/postgresql/README.md | 4 ++-- modules/postgresql/variables.tf | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/mysql/README.md b/modules/mysql/README.md index 76e4dceb..b9e9d66f 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -7,8 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance. Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | -| additional_databases | The list of databases for all instances | list | `` | no | -| additional_users | The list of users for all instances | list | `` | no | +| additional_databases | A list of databases to be created in your cluster | list | `` | no | +| additional_users | A list of users to be created in your cluster | list | `` | no | | authorized_gae_applications | The list of authorized App Engine project names | list | `` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | | database_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | list | `` | no | diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index d16e480e..d92c8ff3 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -304,7 +304,7 @@ variable "db_collation" { } variable "additional_databases" { - description = "A list of databases to create in your cluster" + description = "A list of databases to be created in your cluster" default = [] } diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index a1556090..1ef49750 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -7,8 +7,8 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | activation_policy | The activation policy for the master instance.Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`. | string | `ALWAYS` | no | -| additional_databases | The list of databases for all instances | list | `` | no | -| additional_users | The list of users for all instances | list | `` | no | +| additional_databases | A list of databases to be created in your cluster | list | `` | no | +| additional_users | A list of users to be created in your cluster | list | `` | no | | authorized_gae_applications | The authorized gae applications for the Cloud SQL instances | list | `` | no | | availability_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`. | string | `ZONAL` | no | | backup_configuration | The backup configuration block of the Cloud SQL resources This argument will be passed through the master instance directrly.

See [more details](https://www.terraform.io/docs/providers/google/r/sql_database_instance.html). | map | `` | no | diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 5cdb44ec..a3f2ed8c 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -224,7 +224,7 @@ variable "db_collation" { } variable "additional_databases" { - description = "The list of databases for all instances" + description = "A list of databases to be created in your cluster" default = [] } @@ -239,6 +239,6 @@ variable "user_password" { } variable "additional_users" { - description = "The list of users for all instances" + description = "A list of users to be created in your cluster" default = [] }