feat: Upgrade to terraform 0.15 (#3)

* Upgrade provider plugins to latest release
* Improve README instructions
* Convert locals in main.tf to vars
* Add output for db proxy public IP to make connecting easier
* Add plan and crash.log to .gitignore
* Move backend config to backend.tf
* Move provider config to providers.tf
* Move required_versions to versions.tf

.gitignore

@@ -7,3 +7,4 @@
 crash.log
 override.tf
 override.tf.json
+plan

.terraform-version

@@ -1 +1 @@
-0.14.0
+0.15.5

.terraform.lock.hcl

@@ -2,37 +2,39 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/google" {
-  version     = "3.49.0"
-  constraints = ">= 3.49.0"
+  version     = "3.70.0"
+  constraints = ">= 3.70.0"
   hashes = [
-    "h1:r9DGN02xsR8k9hFqt37Yt7GjwVx34SJXqanR2igjm9Y=",
-    "zh:00ea68b3a3b6e11ea469f47ee949c7f8f5751f935a3366152f9d3c6660c27e9b",
-    "zh:1ef3efc2e81fa31ceb04e39ae25acd0f061629f104827e127bdb4345e95f37d0",
-    "zh:6bf00943baa776adef0bbc914886359cf95c505b0494f3936cedac5cd1e01a00",
-    "zh:7d2cce5a9be476d8eee67435d854d094f82b5814a0e34964d10f28c1e88a2c8f",
-    "zh:841d074e3fb06f0df7c930bc0c4a9733ce0c5f1a19d6af98632a7931d2ca6a59",
-    "zh:8920ccd27c8904fcf5d701d71baee4f64d9d6f1383e66c4673909d9c53895057",
-    "zh:91d4479d2d461ad582d127d47aa7094bd74a1278cc8d78ad36a1c4f31301f4f0",
-    "zh:a97c19cdb42b5f7e4e297183d60eaa45843ee7b0adde1120e47026c4cae456c1",
-    "zh:cbd862cc4d21866bb832e3e7fe4e6ed959f5e5363bcf3d74e476b42fec716efe",
-    "zh:ec3c63ba6db74b353fafff6aedbb30e3eb1a4e5c856b4920c7ffa10d7081cbbd",
+    "h1:BDbh9qJsoTo3MZz6Bff4ZUI/bK2Ss4IWeSkVFlB1WAM=",
+    "zh:26f37fc308ddb20baf20efd93726b2ff7894310c4980c07f3e0ae467ff3cad82",
+    "zh:40cd363b7a325833685940b5fd6d6ba5a54d1a637dba06ae05114facdf7f49a9",
+    "zh:42ee807cba7f0e1c06b52b3a70ee5da707a38d7a73a459e99cadd733a38f53a5",
+    "zh:57d6fd677c699be7ae97cfcd831283e2d04b1e168c9906ab49a499663ba0c801",
+    "zh:7238128698516b9a6f7d49b1f772aeee0234e162997ca5fd16315c6a57c8fead",
+    "zh:77d923faac5dd9744a4e0ba4d47a8b2de19358fff9b2060b82b127694a48c9d2",
+    "zh:7fdfb1b0bce09bbae8ab4d6c44d72ddbaddddf14c6aca3d952f71e03a57d9d0d",
+    "zh:a14af8edad375b15502cb33c2ac9a401b14c891832b4257056d86a4f65a453f7",
+    "zh:c8a7b2202db3ffaad11011911181a382f3b55a0804d3c0a1177e6431a391e426",
+    "zh:cd0818982ee24c8bd1caed93816b6f15fa1cef07de39d1edf5110fd17e892430",
+    "zh:d2abded6c1088a85d7487369998c71652a338b46b1646e67676a717ff1f394f8",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/tfe" {
-  version     = "0.23.0"
-  constraints = ">= 0.23.0"
+  version     = "0.25.3"
+  constraints = ">= 0.25.0"
   hashes = [
-    "h1:uL/ncubyON0u4VZTRwIBdT+lzsOEloDraZUwVhh5M3g=",
-    "zh:229d02658c011c184c63eecbdb0af5e1366d14dfab78862345b6d907c2e253e5",
-    "zh:4aac896b2570ad6fd96a7a297c3e67cf60cea7b4ef3c845d0fe432c739c665fa",
-    "zh:58638104a55cd0ad413d81a4b022d155658e70ea2f07d4b70298e7238a016f20",
-    "zh:63f36714ec2cc23d74f8b90eb4e71168071ac84036fbd21612fa92dc2349c911",
-    "zh:6db95efac6cd067892753edfc18bfa24a8ac46088c751ae86efd78e54f4d3938",
-    "zh:7750f7f552e30c3b930375f3aeb202ad527723344df7a80a6e20eb37f7918d68",
-    "zh:a5052ec512d77b079b8e734528f1859a113254fdb7d48646e9f69dfba670e09b",
-    "zh:a64f492553ba2c9176f620f419464c1409fe5a277b75e268cc5418df74c25d4e",
-    "zh:c29b855c789edbc6d7f4601e6ff0462476c8a554937c57ff49fb9fbeaa41328a",
-    "zh:e17469b18f6e2156d5d941a46d402423bc88b3ed7e097022fd906c09ee66d033",
+    "h1:lAHc3GGPq6MXy0F/RV9lLubshDz8fEPpqlE+Eqk0RC0=",
+    "zh:0979c23a42fb096ead4899ecd8117ef31dffaff68868eb59a4c00ff7aaa7ca52",
+    "zh:43b8f61b152cfa4e7568cff49c2252a4d67d35a8b3e3ce42fc87b0a2f86e80f1",
+    "zh:5326953390b5fa681a3f1989165f74782a06df2c27b2f833a592300ca5f7c84c",
+    "zh:79757c9ebbecba1ad6c76b49e382a36dcc56b94de04e6579b698bd574d5d42be",
+    "zh:92a91c40df51110a08597994c4af9c27d04ea86d36495056237c346324e1b993",
+    "zh:92def252c4e17c700d472b3bbbcf2396a92aa256d52382fddf24c5d9bbd56eea",
+    "zh:9f99e2f739439d395fc1a466448f799318cb7444268071cc57f43dbf0284d321",
+    "zh:a4421f846b0ffad38dbbc526be8f2bdb4ef67cbd1e4006f18232576865bb4510",
+    "zh:adefbca4d3041aa0d40aa347d6b6ebaa608ed797e132869cb2c0e43f83082e1f",
+    "zh:eb07847e98ee6fd7ad116a6c8f5563267393fd96b1e1e3d71c0f658114d1f2c7",
+    "zh:fe03bd4d2d34cd6d4a98d18910f95adb29e8e8ca844cab5614ba392a24f2ff6f",
   ]
 }

README.md

@@ -3,35 +3,42 @@
 This repo demonstrates how to create a Cloud SQL DB with a private IP address
 only, and connect to it with [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy). The full explanation of how this works can be found in [this blog post](https://medium.com/@ryanboehning/how-to-deploy-a-cloud-sql-db-with-a-private-ip-only-using-terraform-e184b08eca64).
 
-Terraform v0.14.0 or higher is required.
+Terraform v0.15.0 or higher is required.
 
-## Deploy the db and Cloud SQL Proxy
+## How To Use
 
-```bash
-gcloud services enable \
-    cloudresourcemanager.googleapis.com \
-    compute.googleapis.com \
-    iam.googleapis.com \
-    oslogin.googleapis.com \
-    servicenetworking.googleapis.com \
-    sqladmin.googleapis.com
+1. Set the name of your Terraform Cloud organization in `backend.tf`.
 
-terraform init
-terraform apply
-```
+2. Deploy the db and Cloud SQL Proxy
 
-## Upload your public SSH key to Google's OS Login service
+    ```bash
+    gcloud services enable \
+        cloudresourcemanager.googleapis.com \
+        compute.googleapis.com \
+        iam.googleapis.com \
+        oslogin.googleapis.com \
+        servicenetworking.googleapis.com \
+        sqladmin.googleapis.com
 
-```bash
-gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub --ttl=365d
-```
+    terraform init
+    terraform apply
+    ```
 
-## Connect to the private db through Cloud SQL Proxy
+3. Upload your public SSH key to Google's OS Login service
 
-```bash
-# get your SSH username
-gcloud compute os-login describe-profile | grep username
+    ```bash
+    gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub --ttl=365d
+    ```
 
-# psql into your private db
-ssh -t <username>@<proxy-ip-address> docker run --rm --network=host -it postgres:13-alpine psql -U postgres -h localhost
-```
+4. Connect to the private db through Cloud SQL Proxy
+
+    ```bash
+    # get your SSH username
+    gcloud compute os-login describe-profile | grep username
+
+    # get the public IP of the instance running Cloud SQL Proxy
+    CLOUD_SQL_PROXY_IP=$(terraform output proxy_ip)
+
+    # psql into your private db
+    ssh -t <username>@$CLOUD_SQL_PROXY_IP docker run --rm --network=host -it postgres:13-alpine psql -U postgres -h localhost
+    ```

backend.tf

@@ -0,0 +1,8 @@
+terraform {
+  backend "remote" {
+    organization = "studybeast-org"
+    workspaces {
+      name = "private-ip-cloud-sql-db"
+    }
+  }
+}

main.tf

@@ -1,38 +1,3 @@
-// root module
-
-terraform {
-  required_version = ">= 0.14.0"
-  required_providers {
-    tfe = {
-      source  = "hashicorp/tfe"
-      version = ">= 0.23.0"
-    }
-    google = {
-      source  = "hashicorp/google"
-      version = ">= 3.49.0"
-    }
-  }
-  backend "remote" {
-    organization = "my-terraform-cloud-org"
-    workspaces {
-      name = "private-ip-cloud-sql-db"
-    }
-  }
-}
-
-locals {
-  db_username      = "my_user" # Postgres username
-  gcp_project_name = "my-gcp-project-274601"
-  gcp_region       = "us-central1"
-  gcp_zone         = "us-central1-b"
-}
-
-provider "google" {
-  project = local.gcp_project_name
-  region  = local.gcp_region
-  zone    = local.gcp_zone
-}
-
 module "vpc" {
   source = "./modules/vpc"
 
@@ -45,7 +10,7 @@ module "db" {
   disk_size     = 10
   instance_type = "db-f1-micro"
   password      = var.db_password # This is a variable because it's a secret. It's stored here: https://app.terraform.io/app/<YOUR-ORGANIZATION>/workspaces/<WORKSPACE>/variables
-  user          = local.db_username
+  user          = var.db_username
   vpc_name      = module.vpc.name
   vpc_link      = module.vpc.link
 
@@ -64,10 +29,10 @@ module "dbproxy" {
 
   machine_type     = "f1-micro"
   db_instance_name = module.db.connection_name # e.g. my-project:us-central1:my-db
-  region           = local.gcp_region
-  zone             = local.gcp_zone
+  region           = var.gcp_region
+  zone             = var.gcp_zone
 
-  # By passing the VPC name ("main-vpc") as the output of the VPC module
-  # (module.vpc.name), we ensure the VPC will be created before the proxy.
+  # By passing the VPC name as the output of the VPC module we ensure the VPC
+  # will be created before the proxy.
   vpc_name = module.vpc.name
 }

modules/dbproxy/outputs.tf

@@ -0,0 +1,4 @@
+output "public_ip" {
+  description = "The public IP of the bastion instance running Cloud SQL Proxy"
+  value       = google_compute_instance.db_proxy.network_interface.0.access_config.0.nat_ip
+}

outputs.tf

@@ -0,0 +1,7 @@
+output "proxy_ip" {
+  description = <<-EOT
+    The public IP of the instance running Cloud SQL Proxy. psql into this
+    instance to connect to your private db.
+    EOT
+  value = module.dbproxy.public_ip
+}

providers.tf

@@ -0,0 +1,5 @@
+provider "google" {
+  project = var.gcp_project_name
+  region  = var.gcp_region
+  zone    = var.gcp_zone
+}

variables.tf

@@ -1,7 +1,25 @@
-// root module
-
 variable "db_password" {
   description = "The Postgres password"
   type        = string
   sensitive   = true
 }
+
+variable "db_username" {
+  description = "The Postgres username"
+  type = string
+}
+
+variable "gcp_project_name" {
+  description = "The name of the GCP project where the db and Cloud SQL Proxy will be created"
+  type = string
+}
+
+variable "gcp_region" {
+  description = "The GCP region where the db and Cloud SQL Proxy will be created"
+  type = string
+}
+
+variable "gcp_zone" {
+  description = "The GCP availability zone where the db and Cloud SQL Proxy will be created"
+  type = string
+}

versions.tf

@@ -1,3 +1,14 @@
 terraform {
-  required_version = ">= 0.14"
+  required_version = ">= 0.15"
+
+  required_providers {
+    tfe = {
+      source  = "hashicorp/tfe"
+      version = ">= 0.25.0"
+    }
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.70.0"
+    }
+  }
 }