Initial commit

EvyBongers · Evy Bongers · commit 190671664f82 · 2021-06-29T10:04:16.000+02:00
diff --git a/database.tf b/database.tf
@@ -0,0 +1,8 @@
+resource "google_sql_database" "database" {
+  for_each = toset(var.databases)
+
+  instance  = google_sql_database_instance.instance.name
+  name      = each.value
+  charset   = "utf8"
+  collation = "utf8_general_ci"
+}
diff --git a/instance.tf b/instance.tf
@@ -0,0 +1,35 @@
+resource "google_sql_database_instance" "instance" {
+  database_version     = var.database_version
+  name                 = var.instance_name
+  master_instance_name = var.primary_instance_name
+  settings {
+    availability_type     = var.highly_available == true ? "REGIONAL" : "ZONAL"
+    disk_autoresize       = var.storage_autoresize
+    disk_autoresize_limit = var.storage_limit
+    disk_size             = local.storage_size
+    disk_type             = "PD_SSD"
+    tier                  = local.tier
+    user_labels           = local.labels
+    backup_configuration {
+      binary_log_enabled = local.backup_config.binary_log_enabled
+      enabled            = local.backup_config.enabled
+      location           = local.backup_config.location
+    }
+    dynamic "database_flags" {
+      for_each = var.flags
+      iterator = flag
+      content {
+        name  = flag.key
+        value = flag.value
+      }
+    }
+    ip_configuration {
+      ipv4_enabled = true
+      require_ssl  = true
+    }
+    maintenance_window {
+      day  = 1
+      hour = 4
+    }
+  }
+}
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,17 @@
+locals {
+  default_backup_config = {
+    binary_log_enabled = var.highly_available == true ? true : false
+    enabled            = var.highly_available == true ? true : false
+    location           = "eu"
+  }
+  default_labels = {
+    env = var.environment
+  }
+  default_tier = var.environment == "production" ? "db-custom-2-8192" : "db-f1-micro"
+
+  backup_config = defaults(var.backup_config, local.default_backup_config)
+  labels        = merge(local.default_labels, var.labels)
+  storage_size  = var.storage_autoresize == true ? null : var.storage_size
+  tier          = var.tier != null ? var.tier : local.default_tier
+  users         = { for user in var.users : "${user.name}@${user.host}" => user }
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 0.15.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.70.0"
+    }
+  }
+  experiments = [module_variable_optional_attrs]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,4 @@
+output "passwords" {
+  sensitive = true
+  value     = { for user, pwd in random_password.sql_user : user => pwd.result }
+}
diff --git a/user.tf b/user.tf
@@ -0,0 +1,14 @@
+resource "random_password" "sql_user" {
+  for_each = local.users
+
+  length = 48
+}
+
+resource "google_sql_user" "sql_user" {
+  for_each = local.users
+
+  instance = google_sql_database_instance.instance.name
+  name     = each.value.name
+  host     = each.value.host
+  password = random_password.sql_user[each.key].result
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,75 @@
+variable "backup_config" {
+  type = object({
+    binary_log_enabled = optional(bool)
+    enabled            = optional(bool)
+    location           = optional(string)
+  })
+  default = {
+  }
+}
+
+variable "database_version" {
+  type = string
+}
+
+variable "databases" {
+  type = list(string)
+}
+
+variable "environment" {
+  type = string
+  validation {
+    condition     = contains(["production", "staging"], var.environment)
+    error_message = "Environment must be production or staging."
+  }
+}
+
+variable "flags" {
+  type    = map(string)
+  default = {}
+}
+
+variable "highly_available" {
+  type = bool
+}
+
+variable "instance_name" {
+  type = string
+}
+
+variable "labels" {
+  type    = map(string)
+  default = {}
+}
+
+variable "primary_instance_name" {
+  type    = string
+  default = null
+}
+
+variable "storage_autoresize" {
+  type = bool
+}
+
+variable "storage_limit" {
+  type    = number
+  default = 0
+}
+
+variable "storage_size" {
+  type    = number
+  default = 0
+}
+
+variable "tier" {
+  type    = string
+  default = null
+}
+
+variable "users" {
+  type = list(object({
+    name     = string
+    host     = string
+    readonly = optional(bool)
+  }))
+}
