feat: Add allocated_ip_range property to CloudSQL modules (#277)

BREAKING CHANGE: Minimum provider version increased to 4.4.
BREAKING CHANGE: `allocated_ip_range` must now be specified for instances; `allocated_ip_range = null` can be used to preserve old default.

Author: srs2210

examples/mysql-ha/main.tf

@@ -16,9 +16,10 @@
 
 locals {
   read_replica_ip_configuration = {
-    ipv4_enabled    = true
-    require_ssl     = false
-    private_network = null
+    ipv4_enabled       = true
+    require_ssl        = false
+    private_network    = null
+    allocated_ip_range = null
     authorized_networks = [
       {
         name  = "${var.project_id}-cidr"
@@ -55,9 +56,10 @@ module "mysql" {
   }
 
   ip_configuration = {
-    ipv4_enabled    = true
-    require_ssl     = true
-    private_network = null
+    ipv4_enabled       = true
+    require_ssl        = true
+    private_network    = null
+    allocated_ip_range = null
     authorized_networks = [
       {
         name  = "${var.project_id}-cidr"

examples/mysql-private/main.tf

@@ -29,7 +29,7 @@ locals {
 
 module "network-safer-mysql-simple" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 2.5"
+  version = "~> 4.0"
 
   project_id   = var.project_id
   network_name = local.network_name
@@ -73,8 +73,9 @@ module "safer-mysql-db" {
     },
   ]
 
-  assign_public_ip = "true"
-  vpc_network      = module.network-safer-mysql-simple.network_self_link
+  assign_public_ip   = "true"
+  vpc_network        = module.network-safer-mysql-simple.network_self_link
+  allocated_ip_range = module.private-service-access.google_compute_global_address_name
 
   // Optional: used to enforce ordering in the creation of resources.
   module_depends_on = [module.private-service-access.peering_completed]

examples/mysql-public/main.tf

@@ -34,6 +34,7 @@ module "mysql-db" {
     ipv4_enabled        = true
     private_network     = null
     require_ssl         = true
+    allocated_ip_range  = null
     authorized_networks = var.authorized_networks
   }
 

examples/postgresql-ha/main.tf

@@ -17,9 +17,10 @@
 
 locals {
   read_replica_ip_configuration = {
-    ipv4_enabled    = true
-    require_ssl     = false
-    private_network = null
+    ipv4_enabled       = true
+    require_ssl        = false
+    private_network    = null
+    allocated_ip_range = null
     authorized_networks = [
       {
         name  = "${var.project_id}-cidr"
@@ -54,9 +55,10 @@ module "pg" {
   }
 
   ip_configuration = {
-    ipv4_enabled    = true
-    require_ssl     = true
-    private_network = null
+    ipv4_enabled       = true
+    require_ssl        = true
+    private_network    = null
+    allocated_ip_range = null
     authorized_networks = [
       {
         name  = "${var.project_id}-cidr"

examples/postgresql-public-iam/main.tf

@@ -31,6 +31,7 @@ module "postgresql-db" {
     ipv4_enabled        = true
     private_network     = null
     require_ssl         = true
+    allocated_ip_range  = null
     authorized_networks = var.authorized_networks
   }
 

examples/postgresql-public/main.tf

@@ -31,6 +31,7 @@ module "postgresql-db" {
     ipv4_enabled        = true
     private_network     = null
     require_ssl         = true
+    allocated_ip_range  = null
     authorized_networks = var.authorized_networks
   }
 }

modules/mssql/README.md

@@ -26,7 +26,7 @@ The following dependency must be available for SQL Server module:
 | disk\_size | The disk size for the master instance. | `number` | `10` | no |
 | disk\_type | The disk type for the master instance. | `string` | `"PD_SSD"` | no |
 | encryption\_key\_name | The full path to the encryption key used for the CMEK disk encryption | `string` | `null` | no |
-| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br>    authorized_networks = list(map(string))<br>    ipv4_enabled        = bool<br>    private_network     = string<br>    require_ssl         = bool<br>  })</pre> | <pre>{<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
+| ip\_configuration | The ip configuration for the master instances. | <pre>object({<br>    authorized_networks = list(map(string))<br>    ipv4_enabled        = bool<br>    private_network     = string<br>    require_ssl         = bool<br>    allocated_ip_range  = string<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "require_ssl": null<br>}</pre> | no |
 | maintenance\_window\_day | The day of week (1-7) for the master instance maintenance. | `number` | `1` | no |
 | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | `number` | `23` | no |
 | maintenance\_window\_update\_track | The update track of maintenance window for the master instance maintenance.Can be either `canary` or `stable`. | `string` | `"canary"` | no |

modules/mssql/main.tf

@@ -75,9 +75,10 @@ resource "google_sql_database_instance" "default" {
     dynamic "ip_configuration" {
       for_each = [local.ip_configurations[local.ip_configuration_enabled ? "enabled" : "disabled"]]
       content {
-        ipv4_enabled    = lookup(ip_configuration.value, "ipv4_enabled", null)
-        private_network = lookup(ip_configuration.value, "private_network", null)
-        require_ssl     = lookup(ip_configuration.value, "require_ssl", null)
+        ipv4_enabled       = lookup(ip_configuration.value, "ipv4_enabled", null)
+        private_network    = lookup(ip_configuration.value, "private_network", null)
+        require_ssl        = lookup(ip_configuration.value, "require_ssl", null)
+        allocated_ip_range = lookup(ip_configuration.value, "allocated_ip_range", null)
 
         dynamic "authorized_networks" {
           for_each = lookup(ip_configuration.value, "authorized_networks", [])

modules/mssql/variables.tf

@@ -131,12 +131,14 @@ variable "ip_configuration" {
     ipv4_enabled        = bool
     private_network     = string
     require_ssl         = bool
+    allocated_ip_range  = string
   })
   default = {
     authorized_networks = []
     ipv4_enabled        = true
     private_network     = null
     require_ssl         = null
+    allocated_ip_range  = null
   }
 }
 

modules/mssql/versions.tf

@@ -20,7 +20,7 @@ terraform {
 
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.60, < 5.0"
+      version = ">= 4.4.0, < 5.0"
     }
   }