Skip to content

Commit

Permalink
feat: Provide DB instance server CA pem as terraform output (#47)
Browse files Browse the repository at this point in the history
  • Loading branch information
sunilhonest authored Sep 3, 2024
1 parent 238ee4a commit de961b7
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
6 changes: 6 additions & 0 deletions modules/google_sql_database_instance/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ locals {

tmp_database_flags = local.is_postgres ? local.postgres_database_flags : local.mysql_database_flags
custom_database_flags = merge(var.settings_database_flags, local.tmp_database_flags)

primary_db_server_ca_furthest_expiration_time = reverse(sort([for k, v in google_sql_database_instance.instance.server_ca_cert : v.expiration_time]))[0]
primary_db_server_ca = [for v in google_sql_database_instance.instance.server_ca_cert : v.cert if v.expiration_time == local.primary_db_server_ca_furthest_expiration_time][0]

read_replica_db_server_ca_furthest_expiration_time = var.enable_read_replica ? reverse(sort([for k, v in google_sql_database_instance.read_replica[0].server_ca_cert : v.expiration_time]))[0] : ""
read_replica_db_server_ca = var.enable_read_replica ? [for v in google_sql_database_instance.read_replica[0].server_ca_cert : v.cert if v.expiration_time == local.read_replica_db_server_ca_furthest_expiration_time][0] : ""
}

#These setting will override from code
Expand Down
6 changes: 6 additions & 0 deletions modules/google_sql_database_instance/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,9 @@ output "database_version" {
description = "Database version, such as MYSQL_8_0 or POSTGRES_*"
value = google_sql_database_instance.instance.database_version
}

output "primary_db_server_ca" {
description = "Latest CA certificate used by the primary database server"
value = local.primary_db_server_ca
sensitive = true
}
6 changes: 6 additions & 0 deletions modules/google_sql_database_instance/read_replica_outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,9 @@ output "read_replica_private_ip_address" {
description = "The first private (`PRIVATE`) IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config."
value = try(google_sql_database_instance.read_replica[0].private_ip_address, "")
}

output "read_replica_db_server_ca" {
description = "Latest CA certificate used by the read replica database server"
value = local.read_replica_db_server_ca
sensitive = true
}

0 comments on commit de961b7

Please sign in to comment.