terraform-google-modules / terraform-docs-samples

Terraform samples intended for inclusion in cloud.google.com
Apache License 2.0
308 stars 224 forks source link

enforce SSL/TLS encryption to mysql_instance #404

Closed yugandhar-btc closed 1 year ago

yugandhar-btc commented 1 year ago

TL;DR

Iam trying to enforce SSL/TLS encryption to my mysql_instance and I have followed this code spinet instance_ssl_cert and terraform is failed run in all stated ( plan,validate & appy)

Expected behavior

No response

Observed behavior

Step #2 - "Validate": │ Error: Unsupported block type Step #2 - "Validate": │ Step #2 - "Validate": │ on main.tf line 99, in module "XXXXX": Step #2 - "Validate": │ 99: settings { Step #2 - "Validate": │ Step #2 - "Validate": │ Blocks of type "settings" are not expected here.

Terraform Configuration

module "mysql-test" {
  source  = "......./modules/safer_mysql"
  version = "~> 9.0.0"

  name              = "mysql-test"
  project_id        = module.project.project_id
  region            = "us-central1"
  zone              = "us-central1-a"
  availability_type = "REGIONAL"
  database_version  = "MYSQL_8_0_26"
  vpc_network       = "test-network"

   settings {
    tier = "db-n1-standard-1"
    ip_configuration {
      require_ssl = "false"
    }
  }
}

Terraform Version

Terraform v0.14.8

Additional information

No response

msampathkumar commented 1 year ago

Hi @yugandhar-btc Thank you for reporting. Can you please provide a minimum reproducible code sample please?

LMK, if you are trying to combine a module code module "mysql-test" and a resource code (https://github.com/terraform-google-modules/terraform-docs-samples/blob/main/cloud_sql/instance_ssl_cert/main.tf#L18-L29).

yugandhar-btc commented 1 year ago

Thank you for the resonance and yes @msampathkumar , I would trying to combine my code module "mysql-test"to https://github.com/terraform-google-modules/terraform-docs-samples/blob/main/cloud_sql/instance_ssl_cert/main.tf#L18-L29 and my tf configuration file( main.tf) was provided above.

msampathkumar commented 1 year ago

Thank you for your response @yugandhar-btc

I hope you have understood the issues now. If so, you can ignore the content below.

Modules and Resources are completely different. To put simply, Resources are like building blocks and Modules are concept-specific ready-made infra-automation tools. So combining two different items will not work.

When using a module, I would strictly limit the definition of the module, as you can find it here @ https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v14.1.0/modules/safer_mysql#inputs

While modules are built based on lots of observations, consideration and management, IMO, they are not a perfect fit for every case. In your case, I believe you want ssl to be disabled. If so, I have the following recommendations.

  1. (My humble recommendation) Take a copy(or fork) of the module https://github.com/terraform-google-modules/terraform-google-sql-db/tree/v14.1.0/modules/safer_mysql and customise it according to your requirements.

  2. Raise a feature request to https://github.com/terraform-google-modules/terraform-google-sql-db with clear details & preferably with an example.

If you have still doubts on this, please re-open this issue.