github.com/SaurabhDubey-Groww/go-cloud@v0.0.0-20221124105541-b26c29285fd8/postgres/gcppostgres/main.tf

github.com/SaurabhDubey-Groww/go-cloud@v0.0.0-20221124105541-b26c29285fd8/postgres/gcppostgres/main.tf (about)

     1  # Copyright 2018 The Go Cloud Development Kit Authors
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     https://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  # Harness for Cloud SQL Postgres tests.
    16  
    17  terraform {
    18    required_version = ">= 1.1.0"
    19    required_providers {
    20      google = {
    21        version = "4.40.0"
    22      }
    23      random = {
    24        version = "3.4.3"
    25      }
    26    }
    27  }
    28  
    29  provider "google" {
    30    project = var.project
    31    region  = var.region
    32  }
    33  
    34  variable "project" {
    35    type        = string
    36    description = "Project ID - Google Cloud project ID in which to create resources."
    37  }
    38  
    39  variable "user_email" {
    40    type        = string
    41    description = "User email address - Google identity to be used for testing IAM authentication."
    42  }
    43  
    44  variable "region" {
    45    default     = "us-central1"
    46    description = "GCP region to create database and storage in, for example 'us-central1'. See https://cloud.google.com/compute/docs/regions-zones/ for valid values."
    47  }
    48  
    49  locals {
    50    sql_instance = "go-cloud-test-${random_id.sql_instance.hex}"
    51  }
    52  
    53  resource "google_project_service" "sql" {
    54    service            = "sql-component.googleapis.com"
    55    disable_on_destroy = false
    56  }
    57  
    58  resource "google_project_service" "sqladmin" {
    59    service            = "sqladmin.googleapis.com"
    60    disable_on_destroy = false
    61  }
    62  
    63  resource "random_id" "sql_instance" {
    64    keepers = {
    65      project = var.project
    66      region  = var.region
    67    }
    68  
    69    byte_length = 12
    70  }
    71  
    72  resource "google_project_iam_member" "cloudsql_client" {
    73    project = var.project
    74    role    = "roles/cloudsql.client"
    75    member  = "user:${var.user_email}"
    76  }
    77  
    78  resource "google_project_iam_member" "cloudsql_instanceUser" {
    79    project = var.project
    80    role    = "roles/cloudsql.instanceUser"
    81    member  = "user:${var.user_email}"
    82  }
    83  
    84  resource "google_sql_database_instance" "main" {
    85    name             = local.sql_instance
    86    database_version = "POSTGRES_9_6"
    87    region           = var.region
    88    project          = var.project
    89  
    90    settings {
    91      tier      = "db-f1-micro"
    92      disk_size = 10 # GiB
    93      database_flags {
    94        name  = "cloudsql.iam_authentication"
    95        value = "on"
    96      }
    97    }
    98  
    99    depends_on = [
   100      google_project_service.sql,
   101      google_project_service.sqladmin,
   102    ]
   103  }
   104  
   105  resource "google_sql_database" "main" {
   106    project  = var.project
   107    name     = "testdb"
   108    instance = google_sql_database_instance.main.name
   109  }
   110  
   111  resource "random_string" "db_password" {
   112    keepers = {
   113      project = var.project
   114      db_name = local.sql_instance
   115      region  = var.region
   116    }
   117  
   118    special = false
   119    length  = 20
   120  }
   121  
   122  resource "google_sql_user" "root" {
   123    type     = "BUILT_IN"
   124    name     = "root"
   125    instance = google_sql_database_instance.main.name
   126    password = random_string.db_password.result
   127  }
   128  
   129  resource "google_sql_user" "user_account" {
   130    type     = "CLOUD_IAM_USER"
   131    name     = var.user_email
   132    instance = google_sql_database_instance.main.name
   133  }
   134  
   135  output "project" {
   136    value       = var.project
   137    description = "The GCP project ID."
   138  }
   139  
   140  output "region" {
   141    value       = var.region
   142    description = "The Cloud SQL instance region."
   143  }
   144  
   145  output "instance" {
   146    value       = local.sql_instance
   147    description = "The Cloud SQL instance region."
   148  }
   149  
   150  output "username" {
   151    value       = "root"
   152    description = "The Cloud SQL username to connect with."
   153  }
   154  
   155  output "password" {
   156    value       = random_string.db_password.result
   157    sensitive   = true
   158    description = "The Cloud SQL instance password for the user."
   159  }
   160  
   161  output "database" {
   162    value       = "testdb"
   163    description = "The name of the database inside the Cloud SQL instance."
   164  }
   165  
   166  output "user_email" {
   167    value       = var.user_email
   168    description = "The email of a GCP service account used for testing connections."
   169  }