diff --git a/environment/deployments/science-platform/cloudsql/main.tf b/environment/deployments/science-platform/cloudsql/main.tf index 5435cbd8..df53a136 100644 --- a/environment/deployments/science-platform/cloudsql/main.tf +++ b/environment/deployments/science-platform/cloudsql/main.tf @@ -1,3 +1,44 @@ +resource "google_service_account_iam_member" "sqlproxy_butler_int_sa" { + count = var.environment != "stable" ? 1 : 0 + service_account_id = google_service_account.sqlproxy_butler_int_sa[count.index].name + role = "roles/iam.workloadIdentityUser" + member = "serviceAccount:${module.project_factory.project_id}.svc.id.goog[sqlproxy-cross-project/sqlproxy-butler-int]" +} + +# Butler Registry Original. Conditionally enabled with enable_butler_registry variable. Remove after migration to Butler Registry DP02 +module "butler_registry" { + source = "../../../../modules/cloudsql/postgres-private" + count = var.enable_butler_registry ? 1 : 0 + authorized_networks = [ + { + "name" : "sample-gcp-health-checkers-range", + "value" : "130.211.0.0/28" + } + ] + database_version = var.butler_registry_database_version + db_name = var.butler_registry_db_name + tier = var.butler_registry_tier + database_flags = var.butler_registry_database_flags + disk_size = var.butler_registry_disk_size + maintenance_window_day = var.butler_registry_db_maintenance_window_day + maintenance_window_hour = var.butler_registry_db_maintenance_window_hour + maintenance_window_update_track = var.butler_registry_db_maintenance_window_update_track + names = ["service-account"] + project_roles = ["${var.project_id}=>roles/cloudsql.client"] + project_id = var.project_id + vpc_network = var.network + ipv4_enabled = var.butler_registry_ipv4_enabled + require_ssl = var.butler_registry_require_ssl + deletion_protection = true + + backup_configuration = { + enabled = var.butler_registry_backups_enabled + start_time = var.butler_registry_backups_start_time + location = "us-central1" + point_in_time_recovery_enabled = var.butler_registry_backups_point_in_time_recovery_enabled + } +} + # Butler Registry DP02 module "db_butler_registry_dp02" { source = "../../../../modules/cloudsql/postgres-private" diff --git a/environment/deployments/science-platform/cloudsql/variables.tf b/environment/deployments/science-platform/cloudsql/variables.tf index eb0326bf..60466b6a 100644 --- a/environment/deployments/science-platform/cloudsql/variables.tf +++ b/environment/deployments/science-platform/cloudsql/variables.tf @@ -31,11 +31,108 @@ variable "maximum_cutouts_age" { default = 30 } +// Butler Registry Originally Deployed with Google Cloud + +variable "enable_butler_registry" { + description = "Enables the Butler Registry originally deployed with Google Cloud" + type = bool + default = true +} + +variable "butler_registry_db_name" { + description = "The name of the SQL Database instance" +} + +variable "butler_registry_database_version" { + description = "The database version to use for the Butler registry" + type = string + default = "POSTGRES_16" +} + +variable "butler_registry_tier" { + description = "The tier for the instance." + type = string + default = "db-f1-micro" +} + +variable "butler_registry_database_flags" { + description = "List of Cloud SQL flags that are applied to the database server. See [more details](https://cloud.google.com/sql/docs/mysql/flags)" + type = list(object({ + name = string + value = string + })) + default = [] +} + +variable "butler_registry_disk_size" { + description = "The disk size for the instance in GB. This value is ignored after initial provisioning with a terraform lifecycle policy in Google module. This is needed because of auto storage increase is enabled." + type = number +} + +variable "butler_registry_disk_type" { + description = "The disk type for the master instance." + type = string + default = "PD_SSD" +} + +variable "butler_registry_require_ssl" { + description = "True if the instance should require SSL/TLS for users connecting over IP. Note: SSL/TLS is needed to provide security when you connect to Cloud SQL using IP addresses. If you are connecting to your instance only by using the Cloud SQL Proxy or the Java Socket Library, you do not need to configure your instance to use SSL/TLS." + type = bool + default = true +} + +variable "butler_registry_ipv4_enabled" { + type = bool + description = "True if enabling public IP on database" + default = false +} + +variable "butler_registry_database_tier" { + description = "The tier for general database" + type = string + default = "db-g1-small" +} + +variable "butler_registry_db_maintenance_window_day" { + type = number + description = "The day of week (1-7) for the master instance maintenance." + default = 1 +} + +variable "butler_registry_db_maintenance_window_hour" { + type = number + description = "The hour of day (0-23) maintenance window for the master instance maintenance." + default = 23 +} + +variable "butler_registry_db_maintenance_window_update_track" { + type = string + description = "The update track of maintenance window for the master instance maintenance. Can be either `canary` or `stable`." + default = "stable" +} + +variable "butler_registry_backups_enabled" { + type = bool + description = "True if backup configuration is enabled" + default = false +} + +variable "butler_registry_backups_start_time" { + type = string + description = "Start time for backups" + default = "09:00" +} + +variable "butler_registry_backups_point_in_time_recovery_enabled" { + type = bool + description = "Enable Point in Time Recovery for backups" + default = true +} + // Butler Registry DP02 Database variables variable "butler_registry_dp02_db_name" { description = "The name of the SQL Database instance" - default = "example-postgresql-public" } variable "butler_registry_dp02_database_version" { @@ -60,12 +157,12 @@ variable "butler_registry_dp02_database_flags" { } variable "butler_registry_dp02_disk_size" { - description = "The disk size for the instance" + description = "The disk size for the instance in GB. This value is ignored after initial provisioning with a terraform lifecycle policy in Google module. This is needed because of auto storage increase is enabled." type = number } variable "butler_registry_dp02_disk_type" { - description = "The disk type for the master instance." + description = "The disk type for the instance." type = string default = "PD_SSD" } @@ -90,19 +187,19 @@ variable "butler_registry_dp02_database_tier" { variable "butler_registry_dp02_db_maintenance_window_day" { type = number - description = "The day of week (1-7) for the master instance maintenance." + description = "The day of week (1-7) for the instance maintenance." default = 1 } variable "butler_registry_dp02_db_maintenance_window_hour" { type = number - description = "The hour of day (0-23) maintenance window for the master instance maintenance." + description = "The hour of day (0-23) maintenance window for the instance maintenance." default = 23 } variable "butler_registry_dp02_db_maintenance_window_update_track" { type = string - description = "The update track of maintenance window for the master instance maintenance. Can be either `canary` or `stable`." + description = "The update track of maintenance window for the instance maintenance. Can be either `canary` or `stable`." default = "stable" } @@ -140,19 +237,19 @@ variable "science_platform_database_tier" { variable "science_platform_db_maintenance_window_day" { type = number - description = "The day of week (1-7) for the master instance maintenance." + description = "The day of week (1-7) for the instance maintenance." default = 1 } variable "science_platform_db_maintenance_window_hour" { type = number - description = "The hour of day (0-23) maintenance window for the master instance maintenance." + description = "The hour of day (0-23) maintenance window for the instance maintenance." default = 23 } variable "science_platform_db_maintenance_window_update_track" { type = string - description = "The update track of maintenance window for the master instance maintenance. Can be either `canary` or `stable`." + description = "The update track of maintenance window for the instance maintenance. Can be either `canary` or `stable`." default = "stable" } diff --git a/environment/deployments/science-platform/env/dev-cloudsql.tfvars b/environment/deployments/science-platform/env/dev-cloudsql.tfvars index f64742d5..c8df8ace 100644 --- a/environment/deployments/science-platform/env/dev-cloudsql.tfvars +++ b/environment/deployments/science-platform/env/dev-cloudsql.tfvars @@ -3,12 +3,29 @@ environment = "dev" application_name = "science-platform" project_id = "science-platform-dev-7696" +# Butler Registry Original Database +enable_butler_registry = true +butler_registry_db_name = "" +butler_registry_database_version = "POSTGRES_13" +butler_registry_tier = "db-n1-standard-2" +butler_registry_require_ssl = false +butler_registry_disk_size = 10 +butler_registry_database_flags = [ + { name = "password_encryption", value = "scram-sha-256" } +] +butler_registry_ipv4_enabled = true +butler_registry_db_maintenance_window_day = 1 +butler_registry_db_maintenance_window_hour = 23 +butler_registry_db_maintenance_window_update_track = "stable" +butler_registry_backups_enabled = true +butler_registry_backups_point_in_time_recovery_enabled = true + # Butler Registry DP02 Database -butler_db_name = "butler-registry-dp02-dev" -butler_registry_dpo02_database_version = "POSTGRES_16" -butler_registry_dp02_tier = "db-n1-standard-2" -butler_registry_dp02_require_ssl = false -butler_registry_dp02_disk_size = 700 +butler_registry_dp02_db_name = "butler-registry-dp02-dev" +butler_registry_dp02_database_version = "POSTGRES_16" +butler_registry_dp02_tier = "db-n1-standard-2" +butler_registry_dp02_require_ssl = false +butler_registry_dp02_disk_size = 700 butler_registry_dp02_database_flags = [ { name = "max_connections", value = "400" }, { name = "password_encryption", value = "scram-sha-256" } @@ -21,7 +38,6 @@ butler_registry_dp02_backups_enabled = false butler_registry_dp02_backups_point_in_time_recovery_enabled = false # Science Platform Database - science_platform_maintenance_window_day = 1 science_platform_db_maintenance_window_hour = 22 science_platform_db_maintenance_window_update_track = "canary"