From 238ee4a107f44409eeefb8dc0822767e40923982 Mon Sep 17 00:00:00 2001
From: Sagar Trivedi <sagar@honestbank.com>
Date: Fri, 16 Aug 2024 10:19:41 +0700
Subject: [PATCH] feat: DEVOP-4924 Add an option to STOP the Cloud SQL
 instances (#46)

---
 .../create_mysql_instance_with_private_ip/README.md    |  2 +-
 .../create_mysql_instance_with_public_ip/README.md     |  2 +-
 examples/mysql_instance_with_read_replica/README.md    |  2 +-
 examples/postgres_instance_with_read_replica/README.md |  2 +-
 modules/google_service_networking_connection/README.md |  1 +
 modules/google_sql_database_instance/README.md         |  3 ++-
 modules/google_sql_database_instance/main.tf           |  1 +
 modules/google_sql_database_instance/variables.tf      | 10 ++++++++++
 8 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/examples/create_mysql_instance_with_private_ip/README.md b/examples/create_mysql_instance_with_private_ip/README.md
index 7dbe5ae..65c768c 100644
--- a/examples/create_mysql_instance_with_private_ip/README.md
+++ b/examples/create_mysql_instance_with_private_ip/README.md
@@ -43,7 +43,7 @@ No requirements.
 | <a name="input_settings_backup_configuration_enabled"></a> [settings\_backup\_configuration\_enabled](#input\_settings\_backup\_configuration\_enabled) | (Optional) True if backup configuration is enabled. | `bool` | `true` | no |
 | <a name="input_settings_disk_size"></a> [settings\_disk\_size](#input\_settings\_disk\_size) | (Optional, Default: `10`) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | `number` | `10` | no |
 | <a name="input_settings_disk_type"></a> [settings\_disk\_type](#input\_settings\_disk\_type) | (Optional, Default: `PD_SSD`) The type of data disk: `PD_SSD` or `PD_HDD`. | `string` | `"PD_SSD"` | no |
-| <a name="input_settings_ip_configuration_require_ssl"></a> [settings\_ip\_configuration\_require\_ssl](#input\_settings\_ip\_configuration\_require\_ssl) | (Optional) Whether SSL connections over IP are enforced or not. | `bool` | `true` | no |
+| <a name="input_settings_ip_configuration_ssl_mode"></a> [settings\_ip\_configuration\_ssl\_mode](#input\_settings\_ip\_configuration\_ssl\_mode) | (Optional) Specify how SSL connection should be enforced in DB connections. | `string` | `"ALLOW_UNENCRYPTED_AND_ENCRYPTED"` | no |
 | <a name="input_settings_tier"></a> [settings\_tier](#input\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | n/a | yes |
 | <a name="input_user_host"></a> [user\_host](#input\_user\_host) | (Required) The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_user_name"></a> [user\_name](#input\_user\_name) | (Required) The name of the database in the Cloud SQL instance. This does not include the project ID or instance name. | `string` | n/a | yes |
diff --git a/examples/create_mysql_instance_with_public_ip/README.md b/examples/create_mysql_instance_with_public_ip/README.md
index d193cd2..3fa8218 100644
--- a/examples/create_mysql_instance_with_public_ip/README.md
+++ b/examples/create_mysql_instance_with_public_ip/README.md
@@ -45,7 +45,7 @@ No requirements.
 | <a name="input_settings_disk_type"></a> [settings\_disk\_type](#input\_settings\_disk\_type) | (Optional, Default: `PD_SSD`) The type of data disk: `PD_SSD` or `PD_HDD`. | `string` | `"PD_SSD"` | no |
 | <a name="input_settings_ip_configuration_ipv4_enabled"></a> [settings\_ip\_configuration\_ipv4\_enabled](#input\_settings\_ip\_configuration\_ipv4\_enabled) | (Optional) Whether this Cloud SQL instance should be assigned a public IPV4 address. At least `ipv4_enabled` must be enabled or a `private_network` must be configured. | `bool` | `false` | no |
 | <a name="input_settings_ip_configuration_private_network"></a> [settings\_ip\_configuration\_private\_network](#input\_settings\_ip\_configuration\_private\_network) | The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. | `string` | `""` | no |
-| <a name="input_settings_ip_configuration_require_ssl"></a> [settings\_ip\_configuration\_require\_ssl](#input\_settings\_ip\_configuration\_require\_ssl) | (Optional) Whether SSL connections over IP are enforced or not. | `bool` | `true` | no |
+| <a name="input_settings_ip_configuration_ssl_mode"></a> [settings\_ip\_configuration\_ssl\_mode](#input\_settings\_ip\_configuration\_ssl\_mode) | (Optional) Specify how SSL connection should be enforced in DB connections. | `string` | `"ALLOW_UNENCRYPTED_AND_ENCRYPTED"` | no |
 | <a name="input_settings_tier"></a> [settings\_tier](#input\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | n/a | yes |
 | <a name="input_user_host"></a> [user\_host](#input\_user\_host) | (Required) The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_user_name"></a> [user\_name](#input\_user\_name) | (Required) The name of the database in the Cloud SQL instance. This does not include the project ID or instance name. | `string` | n/a | yes |
diff --git a/examples/mysql_instance_with_read_replica/README.md b/examples/mysql_instance_with_read_replica/README.md
index 380bc0d..a35d370 100644
--- a/examples/mysql_instance_with_read_replica/README.md
+++ b/examples/mysql_instance_with_read_replica/README.md
@@ -43,7 +43,7 @@ No requirements.
 | <a name="input_settings_backup_configuration_enabled"></a> [settings\_backup\_configuration\_enabled](#input\_settings\_backup\_configuration\_enabled) | (Optional) True if backup configuration is enabled. | `bool` | `true` | no |
 | <a name="input_settings_disk_size"></a> [settings\_disk\_size](#input\_settings\_disk\_size) | (Optional, Default: `10`) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | `number` | `10` | no |
 | <a name="input_settings_disk_type"></a> [settings\_disk\_type](#input\_settings\_disk\_type) | (Optional, Default: `PD_SSD`) The type of data disk: `PD_SSD` or `PD_HDD`. | `string` | `"PD_SSD"` | no |
-| <a name="input_settings_ip_configuration_require_ssl"></a> [settings\_ip\_configuration\_require\_ssl](#input\_settings\_ip\_configuration\_require\_ssl) | (Optional) Whether SSL connections over IP are enforced or not. | `bool` | `true` | no |
+| <a name="input_settings_ip_configuration_ssl_mode"></a> [settings\_ip\_configuration\_ssl\_mode](#input\_settings\_ip\_configuration\_ssl\_mode) | (Optional) Specify how SSL connection should be enforced in DB connections. | `string` | `"ALLOW_UNENCRYPTED_AND_ENCRYPTED"` | no |
 | <a name="input_settings_tier"></a> [settings\_tier](#input\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | n/a | yes |
 | <a name="input_user_host"></a> [user\_host](#input\_user\_host) | (Required) The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_user_name"></a> [user\_name](#input\_user\_name) | (Required) The name of the database in the Cloud SQL instance. This does not include the project ID or instance name. | `string` | n/a | yes |
diff --git a/examples/postgres_instance_with_read_replica/README.md b/examples/postgres_instance_with_read_replica/README.md
index 0ad4072..012ca81 100644
--- a/examples/postgres_instance_with_read_replica/README.md
+++ b/examples/postgres_instance_with_read_replica/README.md
@@ -43,7 +43,7 @@ No requirements.
 | <a name="input_settings_backup_configuration_enabled"></a> [settings\_backup\_configuration\_enabled](#input\_settings\_backup\_configuration\_enabled) | (Optional) True if backup configuration is enabled. | `bool` | `true` | no |
 | <a name="input_settings_disk_size"></a> [settings\_disk\_size](#input\_settings\_disk\_size) | (Optional, Default: `10`) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. | `number` | `10` | no |
 | <a name="input_settings_disk_type"></a> [settings\_disk\_type](#input\_settings\_disk\_type) | (Optional, Default: `PD_SSD`) The type of data disk: `PD_SSD` or `PD_HDD`. | `string` | `"PD_SSD"` | no |
-| <a name="input_settings_ip_configuration_require_ssl"></a> [settings\_ip\_configuration\_require\_ssl](#input\_settings\_ip\_configuration\_require\_ssl) | (Optional) Whether SSL connections over IP are enforced or not. | `bool` | `true` | no |
+| <a name="input_settings_ip_configuration_ssl_mode"></a> [settings\_ip\_configuration\_ssl\_mode](#input\_settings\_ip\_configuration\_ssl\_mode) | (Optional) Specify how SSL connection should be enforced in DB connections. | `string` | `"ALLOW_UNENCRYPTED_AND_ENCRYPTED"` | no |
 | <a name="input_settings_tier"></a> [settings\_tier](#input\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | n/a | yes |
 | <a name="input_user_host"></a> [user\_host](#input\_user\_host) | (Required) The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. | `string` | n/a | yes |
 | <a name="input_user_name"></a> [user\_name](#input\_user\_name) | (Required) The name of the database in the Cloud SQL instance. This does not include the project ID or instance name. | `string` | n/a | yes |
diff --git a/modules/google_service_networking_connection/README.md b/modules/google_service_networking_connection/README.md
index c9c683b..6c26a7c 100644
--- a/modules/google_service_networking_connection/README.md
+++ b/modules/google_service_networking_connection/README.md
@@ -25,6 +25,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_deletion_policy"></a> [deletion\_policy](#input\_deletion\_policy) | (Optional) The deletion policy for the service networking connection. Setting to ABANDON allows the resource to be abandoned rather than deleted. This will enable a successful terraform destroy when destroying CloudSQL instances. Use with care as it can lead to dangling resources. | `string` | `""` | no |
 | <a name="input_network"></a> [network](#input\_network) | (Required) Name of VPC network connected with service producers using VPC peering. | `string` | n/a | yes |
 | <a name="input_reserved_peering_ranges"></a> [reserved\_peering\_ranges](#input\_reserved\_peering\_ranges) | (Required) Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks. | `list(string)` | n/a | yes |
 | <a name="input_service"></a> [service](#input\_service) | (Required) Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'. | `string` | `"servicenetworking.googleapis.com"` | no |
diff --git a/modules/google_sql_database_instance/README.md b/modules/google_sql_database_instance/README.md
index 23ed391..b735f65 100644
--- a/modules/google_sql_database_instance/README.md
+++ b/modules/google_sql_database_instance/README.md
@@ -34,6 +34,7 @@ No modules.
 | <a name="input_read_replica_settings_ip_configuration_ipv4_enabled"></a> [read\_replica\_settings\_ip\_configuration\_ipv4\_enabled](#input\_read\_replica\_settings\_ip\_configuration\_ipv4\_enabled) | Whether this Cloud SQL instance should be assigned a public IPV4 address. At least `ipv4_enabled` must be enabled or a `private_network` must be configured. | `bool` | `false` | no |
 | <a name="input_read_replica_settings_tier"></a> [read\_replica\_settings\_tier](#input\_read\_replica\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | `""` | no |
 | <a name="input_region"></a> [region](#input\_region) | (Optional) The region the instance will sit in | `string` | `""` | no |
+| <a name="input_settings_activation_policy"></a> [settings\_activation\_policy](#input\_settings\_activation\_policy) | This specifies when the instance should be active. Set value to ALWAYS to start the instance and NEVER to stop the instance | `string` | `"ALWAYS"` | no |
 | <a name="input_settings_availability_type"></a> [settings\_availability\_type](#input\_settings\_availability\_type) | (Optional, Default: `ZONAL`) The availability type of the Cloud SQL instance, high availability (`REGIONAL`) or single zone (`ZONAL`) | `string` | `"ZONAL"` | no |
 | <a name="input_settings_backup_configuration_backup_retention_settings_retained_backups"></a> [settings\_backup\_configuration\_backup\_retention\_settings\_retained\_backups](#input\_settings\_backup\_configuration\_backup\_retention\_settings\_retained\_backups) | (Optional) Depending on the value of retention\_unit, this is used to determine if a backup needs to be deleted. If retention\_unit is 'COUNT', we will retain this many backups | `number` | `7` | no |
 | <a name="input_settings_backup_configuration_binary_log_enabled"></a> [settings\_backup\_configuration\_binary\_log\_enabled](#input\_settings\_backup\_configuration\_binary\_log\_enabled) | (Optional) True if binary logging is enabled. Cannot be used with PostgreSQL. | `bool` | `true` | no |
@@ -52,7 +53,7 @@ No modules.
 | <a name="input_settings_ip_configuration_enable_private_path_for_google_cloud_services"></a> [settings\_ip\_configuration\_enable\_private\_path\_for\_google\_cloud\_services](#input\_settings\_ip\_configuration\_enable\_private\_path\_for\_google\_cloud\_services) | (Optional) Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported. | `string` | `true` | no |
 | <a name="input_settings_ip_configuration_ipv4_enabled"></a> [settings\_ip\_configuration\_ipv4\_enabled](#input\_settings\_ip\_configuration\_ipv4\_enabled) | Whether this Cloud SQL instance should be assigned a public IPV4 address. At least `ipv4_enabled` must be enabled or a `private_network` must be configured. | `bool` | `false` | no |
 | <a name="input_settings_ip_configuration_private_network"></a> [settings\_ip\_configuration\_private\_network](#input\_settings\_ip\_configuration\_private\_network) | The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. | `string` | `""` | no |
-| <a name="input_settings_ip_configuration_require_ssl"></a> [settings\_ip\_configuration\_require\_ssl](#input\_settings\_ip\_configuration\_require\_ssl) | (Optional) Whether SSL connections over IP are enforced or not. | `bool` | `true` | no |
+| <a name="input_settings_ip_configuration_ssl_mode"></a> [settings\_ip\_configuration\_ssl\_mode](#input\_settings\_ip\_configuration\_ssl\_mode) | (Optional) Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, `TRUSTED_CLIENT_CERTIFICATE_REQUIRED`. | `string` | `"ALLOW_UNENCRYPTED_AND_ENCRYPTED"` | no |
 | <a name="input_settings_maintenance_window_day"></a> [settings\_maintenance\_window\_day](#input\_settings\_maintenance\_window\_day) | (Optional) The day of week (1-7) for maintenance window to start.Starting on Monday | `number` | `1` | no |
 | <a name="input_settings_maintenance_window_hour"></a> [settings\_maintenance\_window\_hour](#input\_settings\_maintenance\_window\_hour) | (Optional) The hour of day (0-23) maintenance window starts.The maintenance window is specified in UTC time | `number` | `3` | no |
 | <a name="input_settings_tier"></a> [settings\_tier](#input\_settings\_tier) | (Required) The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types | `string` | n/a | yes |
diff --git a/modules/google_sql_database_instance/main.tf b/modules/google_sql_database_instance/main.tf
index 8c5dd3d..71c3d2b 100644
--- a/modules/google_sql_database_instance/main.tf
+++ b/modules/google_sql_database_instance/main.tf
@@ -66,6 +66,7 @@ resource "google_sql_database_instance" "instance" {
   master_instance_name = var.master_instance_name
 
   settings {
+    activation_policy           = var.settings_activation_policy
     availability_type           = var.settings_availability_type
     deletion_protection_enabled = var.deletion_protection
     disk_autoresize             = var.settings_disk_autoresize
diff --git a/modules/google_sql_database_instance/variables.tf b/modules/google_sql_database_instance/variables.tf
index 5bb0394..7923753 100644
--- a/modules/google_sql_database_instance/variables.tf
+++ b/modules/google_sql_database_instance/variables.tf
@@ -50,6 +50,16 @@ variable "read_replica_settings_tier" {
   default     = ""
 }
 
+variable "settings_activation_policy" {
+  description = "This specifies when the instance should be active. Set value to ALWAYS to start the instance and NEVER to stop the instance"
+  type        = string
+  default     = "ALWAYS"
+  validation {
+    condition     = can(regex("^ALWAYS|^NEVER", var.settings_activation_policy))
+    error_message = "Support only `ALWAYS` or `NEVER`."
+  }
+}
+
 variable "settings_availability_type" {
   description = "(Optional, Default: `ZONAL`) The availability type of the Cloud SQL instance, high availability (`REGIONAL`) or single zone (`ZONAL`)"
   type        = string