Fix style nits and output real certificate info.

2025-12-19 18:05:44 -05:00 · 2019-02-13 18:52:09 +02:00
parent c6cb54a1ee
commit def6a30fb8
4 changed files with 64 additions and 19 deletions
--- a/examples/mysql-replicas/outputs.tf
+++ b/examples/mysql-replicas/outputs.tf
@@ -71,20 +71,20 @@ output "failover_proxy_connection" {

 output "read_replica_instance_names" {
  description = "List of names for the read replica instances"
-  value       = "${module.mysql.read_replica_instance_names}"
+  value       = ["${module.mysql.read_replica_instance_names}"]
 }

 output "read_replica_public_ips" {
  description = "List of first IPv4 addresses of the addresses assigned to the read replica instances. As the instances have only public IP in the example, the are the public IP addresses."
-  value       = "${module.mysql.read_replica_first_ip_addresses}"
+  value       = ["${module.mysql.read_replica_first_ip_addresses}"]
 }

 output "read_replica_instances" {
  description = "List of self links to the read replica instances"
-  value       = "${module.mysql.read_replica_instances}"
+  value       = ["${module.mysql.read_replica_instances}"]
 }

 output "read_replica_proxy_connections" {
  description = "List of read replica instance paths for connecting with Cloud SQL Proxy. Read more at https://cloud.google.com/sql/docs/mysql/sql-proxy"
-  value       = "${module.mysql.read_replica_proxy_connections}"
+  value       = ["${module.mysql.read_replica_proxy_connections}"]
 }
--- a/modules/mysql/compute_outputs.tf
+++ b/modules/mysql/compute_outputs.tf
@@ -68,3 +68,36 @@ data "template_file" "read_replica_proxy_connection" {
  count    = "${var.num_read_replicas}"
  template = "${var.project}:${var.region}:${google_sql_database_instance.read_replica.*.name[count.index]}"
 }
+
+# ------------------------------------------------------------------------------
+# READ REPLICA CERTIFICATE TEMPLATES
+#
+# We have to produce the certificate outputs via template_file. Using splat syntax would yield:
+# Resource 'google_sql_database_instance.read_replica' does not have attribute 'server_ca_cert.0.cert'
+# for variable 'google_sql_database_instance.read_replica.*.server_ca_cert.0.cert'
+# ------------------------------------------------------------------------------
+
+data "template_file" "read_replica_certificate" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.cert[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_common_name" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.common_name[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_create_time" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.create_time[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_expiration_time" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.expiration_time[count.index]}"
+}
+
+data "template_file" "read_replica_certificate_sha1_fingerprint" {
+  count    = "${var.num_read_replicas}"
+  template = "${google_sql_database_instance.read_replica.*.server_ca_cert.0.sha1_fingerprint[count.index]}"
+}
--- a/modules/mysql/outputs.tf
+++ b/modules/mysql/outputs.tf
@@ -32,28 +32,28 @@ output "master_proxy_connection" {
 # ------------------------------------------------------------------------------

 output "master_ca_cert" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.cert}"
  description = "The CA Certificate used to connect to the master instance via SSL"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.cert}"
 }

 output "master_ca_cert_common_name" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.common_name}"
  description = "The CN valid for the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.common_name}"
 }

 output "master_ca_cert_create_time" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.create_time}"
  description = "Creation time of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.create_time}"
 }

 output "master_ca_cert_expiration_time" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.expiration_time}"
  description = "Expiration time of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.expiration_time}"
 }

 output "master_ca_cert_sha1_fingerprint" {
-  value       = "${google_sql_database_instance.master.server_ca_cert.0.sha1_fingerprint}"
  description = "SHA Fingerprint of the master instance CA Cert"
+  value       = "${google_sql_database_instance.master.server_ca_cert.0.sha1_fingerprint}"
 }

 # ------------------------------------------------------------------------------
@@ -105,28 +105,28 @@ output "failover_proxy_connection" {
 # ------------------------------------------------------------------------------

 output "failover_replica_ca_cert" {
-  value       = "${local.failover_certificate}"
  description = "The CA Certificate used to connect to the failover instance via SSL"
+  value       = "${local.failover_certificate}"
 }

 output "failover_replica_ca_cert_common_name" {
-  value       = "${local.failover_certificate_common_name}"
  description = "The CN valid for the failover instance CA Cert"
+  value       = "${local.failover_certificate_common_name}"
 }

 output "failover_replica_ca_cert_create_time" {
-  value       = "${local.failover_certificate_create_time}"
  description = "Creation time of the failover instance CA Cert"
+  value       = "${local.failover_certificate_create_time}"
 }

 output "failover_replica_ca_cert_expiration_time" {
-  value       = "${local.failover_certificate_expiration_time}"
  description = "Expiration time of the failover instance CA Cert"
+  value       = "${local.failover_certificate_expiration_time}"
 }

 output "failover_replica_ca_cert_sha1_fingerprint" {
-  value       = "${local.failover_certificate_sha1_fingerprint}"
  description = "SHA Fingerprint of the failover instance CA Cert"
+  value       = "${local.failover_certificate_sha1_fingerprint}"
 }

 # ------------------------------------------------------------------------------
@@ -164,28 +164,28 @@ output "read_replica_proxy_connections" {
 # ------------------------------------------------------------------------------

 output "read_replica_ca_certs" {
-  value       = "${local.failover_certificate}"
  description = "List of CA Certificates used to connect to the read replica instances via SSL"
+  value       = ["${data.template_file.read_replica_certificate.*.rendered}"]
 }

 output "read_replica_ca_cert_common_names" {
-  value       = "${local.failover_certificate_common_name}"
  description = "List of CNs valid for the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_common_name.*.rendered}"]
 }

 output "read_replica_ca_cert_create_times" {
-  value       = "${local.failover_certificate_create_time}"
  description = "List of creation times of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_create_time.*.rendered}"]
 }

 output "read_replica_ca_cert_expiration_times" {
-  value       = "${local.failover_certificate_expiration_time}"
  description = "List of expiration times of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_expiration_time.*.rendered}"]
 }

 output "read_replica_ca_cert_sha1_fingerprints" {
-  value       = "${local.failover_certificate_sha1_fingerprint}"
  description = "List of SHA Fingerprints of the read replica instances CA Certs"
+  value       = ["${data.template_file.read_replica_certificate_sha1_fingerprint.*.rendered}"]
 }

 # ------------------------------------------------------------------------------
--- a/test/example_mysql_replicas_test.go
+++ b/test/example_mysql_replicas_test.go
@@ -89,6 +89,18 @@ func TestMySqlReplicas(t *testing.T) {

 		assert.True(t, strings.HasPrefix(failoverInstanceNameFromOutput, NAME_PREFIX_REPLICAS))
 		assert.Equal(t, expectedFailoverDBConn, failoverProxyConnectionFromOutput)
+
+		// Read replica outputs
+		readReplicaInstanceNameFromOutputList := terraform.OutputList(t, terraformOptions, OUTPUT_READ_REPLICA_INSTANCE_NAMES)
+		readReplicaProxyConnectionFromOutputList := terraform.OutputList(t, terraformOptions, OUTPUT_READ_REPLICA_PROXY_CONNECTIONS)
+
+		readReplicaInstanceNameFromOutput := readReplicaInstanceNameFromOutputList[0]
+		readReplicaProxyConnectionFromOutput := readReplicaProxyConnectionFromOutputList[0]
+
+		expectedReadReplicaDBConn := fmt.Sprintf("%s:%s:%s", projectId, region, readReplicaInstanceNameFromOutput)
+
+		assert.True(t, strings.HasPrefix(readReplicaInstanceNameFromOutput, NAME_PREFIX_REPLICAS))
+		assert.Equal(t, expectedReadReplicaDBConn, readReplicaProxyConnectionFromOutput)
 	})

 	// TEST REGULAR SQL CLIENT