make each ip_configuration pass properly to replicas

Fixes #49

Author: namusyaka

modules/mysql/failover_replica.tf

@@ -14,6 +14,15 @@
  * limitations under the License.
  */
 
+locals {
+  failover_replica_ip_configuration_enabled = "${length(keys(var.failover_replica_ip_configuration)) > 0 ? true : false}"
+
+  failover_replica_ip_configurations = {
+    enabled  = "${var.failover_replica_ip_configuration}"
+    disabled = "${map()}"
+  }
+}
+
 resource "google_sql_database_instance" "failover-replica" {
   count                 = "${var.failover_replica ? 1 : 0}"
   project               = "${var.project_id}"
@@ -27,7 +36,7 @@ resource "google_sql_database_instance" "failover-replica" {
     tier                        = "${var.failover_replica_tier}"
     activation_policy           = "${var.failover_replica_activation_policy}"
     authorized_gae_applications = ["${var.authorized_gae_applications}"]
-    ip_configuration            = ["${var.failover_replica_ip_configuration}"]
+    ip_configuration            = ["${local.failover_replica_ip_configurations["${local.failover_replica_ip_configuration_enabled ? "enabled" : "disabled"}"]}"]
 
     crash_safe_replication = "${var.failover_replica_crash_safe_replication}"
     disk_autoresize        = "${var.failover_replica_disk_autoresize}"

modules/mysql/read_replica.tf

@@ -27,6 +27,13 @@ locals {
   mod_by        = "${local.zones_enabled ? length(local.read_replica_zones) : 1}"
 
   zones = "${local.zone_mapping["${local.zones_enabled ? "enabled" : "disabled"}"]}"
+
+  read_replica_ip_configuration_enabled = "${length(keys(var.read_replica_ip_configuration)) > 0 ? true : false}"
+
+  read_replica_ip_configurations = {
+    enabled  = "${var.read_replica_ip_configuration}"
+    disabled = "${map()}"
+  }
 }
 
 resource "google_sql_database_instance" "replicas" {
@@ -41,7 +48,7 @@ resource "google_sql_database_instance" "replicas" {
   settings {
     tier                        = "${var.read_replica_tier}"
     activation_policy           = "${var.read_replica_activation_policy}"
-    ip_configuration            = ["${local.ip_configurations["${local.ip_configuration_enabled ? "enabled" : "disabled"}"]}"]
+    ip_configuration            = ["${local.read_replica_ip_configurations["${local.read_replica_ip_configuration_enabled ? "enabled" : "disabled"}"]}"]
     authorized_gae_applications = ["${var.authorized_gae_applications}"]
 
     crash_safe_replication = "${var.read_replica_crash_safe_replication}"

modules/mysql/variables.tf

@@ -201,7 +201,10 @@ variable "read_replica_user_labels" {
 
 variable "read_replica_ip_configuration" {
   description = "The ip configuration for the read replica instances."
-  default     = {}
+
+  default = {
+    ipv4_enabled = "true"
+  }
 }
 
 // Failover replica
@@ -288,7 +291,10 @@ variable "failover_replica_user_labels" {
 
 variable "failover_replica_ip_configuration" {
   description = "The ip configuration for the failover replica instances."
-  default     = {}
+
+  default = {
+    ipv4_enabled = "true"
+  }
 }
 
 variable "db_name" {

modules/postgresql/read_replica.tf

@@ -27,6 +27,13 @@ locals {
   mod_by        = "${local.zones_enabled ? length(local.read_replica_zones) : 1}"
 
   zones = "${local.zone_mapping["${local.zones_enabled ? "enabled" : "disabled"}"]}"
+
+  read_replica_ip_configuration_enabled = "${length(keys(var.read_replica_ip_configuration)) > 0 ? true : false}"
+
+  read_replica_ip_configurations = {
+    enabled  = "${var.read_replica_ip_configuration}"
+    disabled = "${map()}"
+  }
 }
 
 resource "google_sql_database_instance" "replicas" {
@@ -43,7 +50,7 @@ resource "google_sql_database_instance" "replicas" {
     activation_policy           = "${var.read_replica_activation_policy}"
     authorized_gae_applications = ["${var.authorized_gae_applications}"]
     availability_type           = "${var.read_replica_availability_type}"
-    ip_configuration            = ["${local.ip_configurations["${local.ip_configuration_enabled ? "enabled" : "disabled"}"]}"]
+    ip_configuration            = ["${local.read_replica_ip_configurations["${local.read_replica_ip_configuration_enabled ? "enabled" : "disabled"}"]}"]
 
     crash_safe_replication = "${var.read_replica_crash_safe_replication}"
     disk_autoresize        = "${var.read_replica_disk_autoresize}"

modules/postgresql/variables.tf

@@ -208,7 +208,10 @@ variable "read_replica_replication_type" {
 
 variable "read_replica_ip_configuration" {
   description = "The ip configuration for the read instances."
-  default     = {}
+
+  default = {
+    ipv4_enabled = "true"
+  }
 }
 
 variable "db_name" {

test/fixtures/mysql-ha/main.tf

@@ -88,7 +88,7 @@ module "mysql" {
 
   read_replica_ip_configuration {
     ipv4_enabled = true
-    require_ssl  = true
+    require_ssl  = false
 
     authorized_networks = [{
       name  = "${var.project}-cidr"
@@ -125,7 +125,7 @@ module "mysql" {
 
   failover_replica_ip_configuration {
     ipv4_enabled = true
-    require_ssl  = true
+    require_ssl  = false
 
     authorized_networks = [{
       name  = "${var.project}-cidr"

test/fixtures/postgresql-ha/main.tf

@@ -90,7 +90,7 @@ module "pg" {
 
   read_replica_ip_configuration {
     ipv4_enabled = true
-    require_ssl  = true
+    require_ssl  = false
 
     authorized_networks = [{
       name  = "${var.project}-cidr"

test/integration/mysql-ha/controls/mysql.rb

@@ -85,7 +85,7 @@
   its(:gce_zone)         { should eq 'us-central1-a' }
 
   it { expect(settings).to include(expected_settings) }
-  it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: true) }
+  it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: false) }
   it { expect(database_flags).to include(name: "long_query_time", value: "1") }
   it { expect(location_preference).to include(kind: "sql#locationPreference", zone: "us-central1-a") }
   it { expect(maintenance_window).to include(kind: "sql#maintenanceWindow", day: 3, hour: 20, update_track: "canary") }
@@ -122,7 +122,7 @@
     its(:gce_zone)         { should eq "us-central1-#{zone}" }
 
     it { expect(settings).to include(expected_settings) }
-    it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: true) }
+    it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: false) }
     it { expect(database_flags).to include(name: "long_query_time", value: "1") }
     it { expect(location_preference).to include(kind: "sql#locationPreference", zone: "us-central1-#{zone}") }
     it { expect(maintenance_window).to include(kind: "sql#maintenanceWindow", day: 1, hour: 22, update_track: "stable") }

test/integration/postgresql-ha/controls/pg.rb

@@ -88,7 +88,7 @@
     its(:gce_zone)         { should eq "us-central1-#{zone}" }
 
     it { expect(settings).to include(expected_settings) }
-    it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: true) }
+    it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: false) }
     it { expect(database_flags).to include(name: "autovacuum", value: "off") }
     it { expect(location_preference).to include(kind: "sql#locationPreference", zone: "us-central1-#{zone}") }
     it { expect(maintenance_window).to include(kind: "sql#maintenanceWindow", day: 1, hour: 22, update_track: "stable") }