chore(ops): refactor cloudsql variables to be an array to allow multi…

…ple databases
opensource-observer · Feb 27, 2025 · 1c87c15 · 1c87c15
1 parent c4730a1
commit 1c87c15
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 50 deletions.
diff --git a/ops/tf-modules/warehouse/main.tf b/ops/tf-modules/warehouse/main.tf
@@ -131,16 +131,19 @@ module "warehouse_cloudsql" {
   source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
   version = "8.0.0"
 
+  count = length(var.cloudsql_databases)
+
   project_id       = data.google_project.project.project_id
-  database_version = var.cloudsql_postgres_version
-  tier             = var.cloudsql_tier
+  database_version = var.cloudsql_databases[count.index].postgres_version
+  tier             = var.cloudsql_databases[count.index].tier
   user_name        = local.cloudsql_db_user
-  zone             = var.cloudsql_zone
+  zone             = var.cloudsql_databases[count.index].zone
   name             = local.cloudsql_name
   user_labels = {
     dw_name = var.name
   }
-  ip_configuration = var.cloudsql_ip_configuration
+  ip_configuration    = var.cloudsql_databases[count.index].ip_configuration
+  deletion_protection = var.cloudsql_databases[count.index].deletion_protection
 
   additional_databases = [
     {
@@ -243,13 +246,14 @@ resource "google_project_iam_custom_role" "readonly_custom_role" {
 
 
 resource "google_project_iam_member" "service_account_binding" {
+  count   = length(var.cloudsql_databases)
   project = data.google_project.project.project_id
   role    = "roles/cloudsql.admin"
 
   member = "serviceAccount:${google_service_account.warehouse_admin.email}"
 
   condition {
-    expression  = "resource.name == 'projects/${data.google_project.project.project_id}/instances/${var.cloudsql_name}' && resource.type == 'sqladmin.googleapis.com/Instance'"
+    expression  = "resource.name == 'projects/${data.google_project.project.project_id}/instances/${var.cloudsql_databases[count.index].name}' && resource.type == 'sqladmin.googleapis.com/Instance'"
     title       = "created"
     description = "Cloud SQL instance creation"
   }

diff --git a/ops/tf-modules/warehouse/variables.tf b/ops/tf-modules/warehouse/variables.tf
@@ -26,11 +26,6 @@ variable "environment" {
   description = "The environment"
 }
 
-variable "cloudsql_name" {
-  type        = string
-  description = "CloudSQL instance name"
-}
-
 variable "additional_cloudsql_client_principals" {
   type        = list(string)
   description = "List of principals to give client access to the cloudsql instance"
@@ -49,44 +44,25 @@ variable "additional_bucket_rw_service_account_names" {
   default     = []
 }
 
-variable "cloudsql_db_name" {
-  type        = string
-  default     = "postgres"
-  description = "CloudSQL DB Name"
-}
-
-variable "cloudsql_postgres_version" {
-  type        = string
-  description = "CloudSQL Postgres Version"
-  default     = "POSTGRES_15"
-}
-
-variable "cloudsql_tier" {
-  type        = string
-  description = "The cloudsql tier to deploy"
-}
-
-variable "cloudsql_zone" {
-  type        = string
-  description = "The cloudsql zone"
-}
-
-variable "cloudsql_deletion_protection_enabled" {
-  type    = bool
-  default = false
-}
-
-variable "cloudsql_ip_configuration" {
-  type = object({
-    authorized_networks                           = optional(list(map(string)), [])
-    ipv4_enabled                                  = optional(bool, true)
-    private_network                               = optional(string)
-    require_ssl                                   = optional(bool)
-    ssl_mode                                      = optional(string)
-    allocated_ip_range                            = optional(string)
-    enable_private_path_for_google_cloud_services = optional(bool, false)
-    psc_enabled                                   = optional(bool, false)
-    psc_allowed_consumer_projects                 = optional(list(string), [])
-  })
-  default = {}
+variable "cloudsql_databases" {
+  type = list(object({
+    name                = string
+    postgres_version    = string
+    tier                = string
+    zone                = string
+    deletion_protection = bool
+    ip_configuration = object({
+      authorized_networks                           = optional(list(map(string)), [])
+      ipv4_enabled                                  = optional(bool, true)
+      private_network                               = optional(string)
+      require_ssl                                   = optional(bool)
+      ssl_mode                                      = optional(string)
+      allocated_ip_range                            = optional(string)
+      enable_private_path_for_google_cloud_services = optional(bool, false)
+      psc_enabled                                   = optional(bool, false)
+      psc_allowed_consumer_projects                 = optional(list(string), [])
+    })
+  }))
+  description = "List of CloudSQL databases with their configurations"
+  default     = []
 }