From def6a30fb86867db15bc4be3847605ff426f57fd Mon Sep 17 00:00:00 2001
From: Petri Autero <petri@gruntwork.io>
Date: Wed, 13 Feb 2019 18:52:09 +0200
Subject: [PATCH] Fix style nits and output real certificate info.

---
 examples/mysql-replicas/outputs.tf  |  8 +++----
 modules/mysql/compute_outputs.tf    | 33 +++++++++++++++++++++++++++++
 modules/mysql/outputs.tf            | 30 +++++++++++++-------------
 test/example_mysql_replicas_test.go | 12 +++++++++++
 4 files changed, 64 insertions(+), 19 deletions(-)

diff --git a/examples/mysql-replicas/outputs.tf b/examples/mysql-replicas/outputs.tf
index 26d4ff7..f64b1c5 100644
--- a/examples/mysql-replicas/outputs.tf
+++ b/examples/mysql-replicas/outputs.tf
@@ -71,20 +71,20 @@ output "failover_proxy_connection" {
 
 output "read_replica_instance_names" {
   description = "List of names for the read replica instances"
-  value       = "${module.mysql.read_replica_instance_names}"
+  value       = ["${module.mysql.read_replica_instance_names}"]
 }
 
 output "read_replica_public_ips" {
   description = "List of first IPv4 addresses of the addresses assigned to the read replica instances. As the instances have only public IP in the example, the are the public IP addresses."
-  value       = "${module.mysql.read_replica_first_ip_addresses}"
+  value       = ["${module.mysql.read_replica_first_ip_addresses}"]
 }
 
 output "read_replica_instances" {
   description = "List of self links to the read replica instances"
-  value       = "${module.mysql.read_replica_instances}"
+  value       = ["${module.mysql.read_replica_instances}"]
 }
 
 output "read_replica_proxy_connections" {
   description = "List of read replica instance paths for connecting with Cloud SQL Proxy. Read more at https://cloud.google.com/sql/docs/mysql/sql-proxy"
-  value       = "${module.mysql.read_replica_proxy_connections}"
+  value       = ["${module.mysql.read_replica_proxy_connections}"]
 }
diff --git a/modules/mysql/compute_outputs.tf b/modules/mysql/compute_outputs.tf
index ebba7bc..2cbae38 100644
--- a/modules/mysql/compute_outputs.tf
+++ b/modules/mysql/compute_outputs.tf
@@ -68,3 +68,36 @@ data "template_file" "read_replica_proxy_connection" {
   count    = "${var.num_read_replicas}"
   template = "${var.project}:${var.region}:${google_sql_database_instance.read_replica.*.name[count.index]}"
 }
+
+# ------------------------------------------------------------------------------
+# READ REPLICA CERTIFICATE TEMPLATES
+#
+# We have to produce the certificate outputs via template_file. Using splat syntax would yield:
+# Resource 'google_sql_database_instance.read_replica' does not have attribute 'server_ca_cert.0.cert'
+# for variable 'google_sql_database_instance.read_replica.*.server_ca_cert.0.cert'
+# ------------------------------------------------------------------------------
+
+data "template_file" "read_replica_certificate" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.cert[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_common_name" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.common_name[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_create_time" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.create_time[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_expiration_time" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.expiration_time[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_sha1_fingerprint" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.sha1_fingerprint[count.index]}"
+}
diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf
index 23c592b..5a2d757 100644
--- a/modules/mysql/outputs.tf
+++ b/modules/mysql/outputs.tf
@@ -32,28 +32,28 @@ output "master_proxy_connection" {
 # ------------------------------------------------------------------------------
 
 output "master_ca_cert" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.cert}"
   description = "The CA Certificate used to connect to the master instance via SSL"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.cert}"
 }
 
 output "master_ca_cert_common_name" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.common_name}"
   description = "The CN valid for the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.common_name}"
 }
 
 output "master_ca_cert_create_time" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.create_time}"
   description = "Creation time of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.create_time}"
 }
 
 output "master_ca_cert_expiration_time" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.expiration_time}"
   description = "Expiration time of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.expiration_time}"
 }
 
 output "master_ca_cert_sha1_fingerprint" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.sha1_fingerprint}"
   description = "SHA Fingerprint of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.sha1_fingerprint}"
 }
 
 # ------------------------------------------------------------------------------
@@ -105,28 +105,28 @@ output "failover_proxy_connection" {
 # ------------------------------------------------------------------------------
 
 output "failover_replica_ca_cert" {
-  value       = "${local.failover_certificate}"
   description = "The CA Certificate used to connect to the failover instance via SSL"
+  value       = "${local.failover_certificate}"
 }
 
 output "failover_replica_ca_cert_common_name" {
-  value       = "${local.failover_certificate_common_name}"
   description = "The CN valid for the failover instance CA Cert"
+  value       = "${local.failover_certificate_common_name}"
 }
 
 output "failover_replica_ca_cert_create_time" {
-  value       = "${local.failover_certificate_create_time}"
   description = "Creation time of the failover instance CA Cert"
+  value       = "${local.failover_certificate_create_time}"
 }
 
 output "failover_replica_ca_cert_expiration_time" {
-  value       = "${local.failover_certificate_expiration_time}"
   description = "Expiration time of the failover instance CA Cert"
+  value       = "${local.failover_certificate_expiration_time}"
 }
 
 output "failover_replica_ca_cert_sha1_fingerprint" {
-  value       = "${local.failover_certificate_sha1_fingerprint}"
   description = "SHA Fingerprint of the failover instance CA Cert"
+  value       = "${local.failover_certificate_sha1_fingerprint}"
 }
 
 # ------------------------------------------------------------------------------
@@ -164,28 +164,28 @@ output "read_replica_proxy_connections" {
 # ------------------------------------------------------------------------------
 
 output "read_replica_ca_certs" {
-  value       = "${local.failover_certificate}"
   description = "List of CA Certificates used to connect to the read replica instances via SSL"
+  value       = ["${data.template_file.read_replica_certificate.*.rendered}"]
 }
 
 output "read_replica_ca_cert_common_names" {
-  value       = "${local.failover_certificate_common_name}"
   description = "List of CNs valid for the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_common_name.*.rendered}"]
 }
 
 output "read_replica_ca_cert_create_times" {
-  value       = "${local.failover_certificate_create_time}"
   description = "List of creation times of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_create_time.*.rendered}"]
 }
 
 output "read_replica_ca_cert_expiration_times" {
-  value       = "${local.failover_certificate_expiration_time}"
   description = "List of expiration times of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_expiration_time.*.rendered}"]
 }
 
 output "read_replica_ca_cert_sha1_fingerprints" {
-  value       = "${local.failover_certificate_sha1_fingerprint}"
   description = "List of SHA Fingerprints of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_sha1_fingerprint.*.rendered}"]
 }
 
 # ------------------------------------------------------------------------------
diff --git a/test/example_mysql_replicas_test.go b/test/example_mysql_replicas_test.go
index dbe1c27..21a0514 100644
--- a/test/example_mysql_replicas_test.go
+++ b/test/example_mysql_replicas_test.go
@@ -89,6 +89,18 @@ func TestMySqlReplicas(t *testing.T) {
 
 		assert.True(t, strings.HasPrefix(failoverInstanceNameFromOutput, NAME_PREFIX_REPLICAS))
 		assert.Equal(t, expectedFailoverDBConn, failoverProxyConnectionFromOutput)
+
+		// Read replica outputs
+		readReplicaInstanceNameFromOutputList := terraform.OutputList(t, terraformOptions, OUTPUT_READ_REPLICA_INSTANCE_NAMES)
+		readReplicaProxyConnectionFromOutputList := terraform.OutputList(t, terraformOptions, OUTPUT_READ_REPLICA_PROXY_CONNECTIONS)
+
+		readReplicaInstanceNameFromOutput := readReplicaInstanceNameFromOutputList[0]
+		readReplicaProxyConnectionFromOutput := readReplicaProxyConnectionFromOutputList[0]
+
+		expectedReadReplicaDBConn := fmt.Sprintf("%s:%s:%s", projectId, region, readReplicaInstanceNameFromOutput)
+
+		assert.True(t, strings.HasPrefix(readReplicaInstanceNameFromOutput, NAME_PREFIX_REPLICAS))
+		assert.Equal(t, expectedReadReplicaDBConn, readReplicaProxyConnectionFromOutput)
 	})
 
 	// TEST REGULAR SQL CLIENT