diff --git a/examples/cloud-sql-mysql/main.tf b/examples/cloud-sql-mysql/main.tf index 504961a..27c2ab9 100644 --- a/examples/cloud-sql-mysql/main.tf +++ b/examples/cloud-sql-mysql/main.tf @@ -24,7 +24,7 @@ module "mysql" { master_username = "${var.master_username}" master_host = "%" - publicly_accessible = "${var.publicly_accessible}" + enable_public_internet_access = "${var.enable_public_internet_access}" # Never do this in production! # We're setting permissive network rules to make diff --git a/examples/cloud-sql-mysql/variables.tf b/examples/cloud-sql-mysql/variables.tf index 054a089..4754e98 100644 --- a/examples/cloud-sql-mysql/variables.tf +++ b/examples/cloud-sql-mysql/variables.tf @@ -28,10 +28,11 @@ variable "master_password" { # OPTIONAL PARAMETERS # Generally, these values won't need to be changed. # --------------------------------------------------------------------------------------------------------------------- -variable "publicly_accessible" { - default = "true" +# In nearly all cases, databases should NOT be publicly accessible, however if you're migrating from a PAAS provider like Heroku to GCP, this needs to remain open to the internet. +variable "enable_public_internet_access" { + description = "WARNING: - In nearly all cases a database should NOT be publicly accessible. Only set this to true if you want the database open to the internet." + default = true } - variable "mysql_version" { description = "The engine version of the database, e.g. `MYSQL_5_6` or `MYSQL_5_7`." default = "MYSQL_5_7" diff --git a/modules/mysql/README.md b/modules/mysql/README.md index eaad1fe..cd7df48 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -31,8 +31,8 @@ variables](https://www.terraform.io/intro/getting-started/outputs.html): 1. TODO: **Private IP** `private_ip`: The public endpoint for the cluster. 1. **Public IP** `public_ip`: The public endpoint for the cluster. -1. **Connection name** `connection_name`: The private endpoint for the cluster. -1. **Replica endpoints** `replica_endpoints`: A comma-separated list of all DB instance URLs in the cluster, including the primary and all +1. **Proxy connection** `proxy_connection`: "Instance path for connecting with Cloud SQL Proxy. Read more at https://cloud.google.com/sql/docs/mysql/sql-proxy. +1. TODO: **Replica endpoints** `replica_endpoints`: A comma-separated list of all DB instance URLs in the cluster, including the primary and all read replicas. Use these URLs for reads (see "How do you scale this DB?" below). diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf index 4334b91..76df989 100644 --- a/modules/mysql/main.tf +++ b/modules/mysql/main.tf @@ -25,7 +25,7 @@ resource "google_sql_database_instance" "master" { ip_configuration { authorized_networks = ["${var.authorized_networks}"], - ipv4_enabled = "${var.publicly_accessible}" + ipv4_enabled = "${var.enable_public_internet_access}" } location_preference { diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf index 23f64fc..024c945 100644 --- a/modules/mysql/outputs.tf +++ b/modules/mysql/outputs.tf @@ -5,7 +5,7 @@ output "instance_name" { output "public_ip" { description = "The IPv4 address of the master database instance" - value = "${var.publicly_accessible ? google_sql_database_instance.master.ip_address.0.ip_address : ""}" + value = "${var.enable_public_internet_access ? google_sql_database_instance.master.ip_address.0.ip_address : ""}" } output "instance" { diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index 9695e21..dc4be6c 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -137,7 +137,7 @@ variable "master_host" { } # In nearly all cases, databases should NOT be publicly accessible, however if you're migrating from a PAAS provider like Heroku to GCP, this needs to remain open to the internet. -variable "publicly_accessible" { +variable "enable_public_internet_access" { description = "WARNING: - In nearly all cases a database should NOT be publicly accessible. Only set this to true if you want the database open to the internet." default = false } \ No newline at end of file