random_password should not be created if random_password is set to false #672
Description
TL;DR
When a user has random_password = false, the module should not create the random_password.additional_passwords Terraform resource
Expected behavior
The resources random_password should only be created when random_password is set to true
Observed behavior
No response
Terraform Configuration
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.pg.google_sql_database.default[0] will be created
+ resource "google_sql_database" "default" {
+ collation = (known after apply)
+ deletion_policy = "DELETE"
+ id = (known after apply)
+ instance = "test-db"
+ name = "default"
+ project = "myprojectid"
+ self_link = (known after apply)
# (1 unchanged attribute hidden)
}
# module.pg.google_sql_database_instance.default will be created
+ resource "google_sql_database_instance" "default" {
+ available_maintenance_versions = (known after apply)
+ connection_name = (known after apply)
+ database_version = "POSTGRES_15"
+ deletion_protection = false
+ dns_name = (known after apply)
+ encryption_key_name = (known after apply)
+ first_ip_address = (known after apply)
+ id = (known after apply)
+ instance_type = "CLOUD_SQL_INSTANCE"
+ ip_address = (known after apply)
+ maintenance_version = (known after apply)
+ master_instance_name = (known after apply)
+ name = "test-db"
+ private_ip_address = (known after apply)
+ project = "myprojectid"
+ psc_service_attachment_link = (known after apply)
+ public_ip_address = (known after apply)
+ region = "europe-west1"
+ replica_names = (known after apply)
+ self_link = (known after apply)
+ server_ca_cert = (sensitive value)
+ service_account_email_address = (known after apply)
+ settings {
+ activation_policy = "ALWAYS"
+ availability_type = "ZONAL"
+ connector_enforcement = "NOT_REQUIRED"
+ deletion_protection_enabled = false
+ disk_autoresize = true
+ disk_autoresize_limit = 0
+ disk_size = 10
+ disk_type = "PD_SSD"
+ edition = (known after apply)
+ enable_google_ml_integration = false
+ pricing_plan = "PER_USE"
+ tier = "db-custom-1-3840"
+ user_labels = (known after apply)
+ version = (known after apply)
+ backup_configuration {
+ enabled = false
+ point_in_time_recovery_enabled = false
+ start_time = (known after apply)
+ transaction_log_retention_days = (known after apply)
}
+ ip_configuration {
+ enable_private_path_for_google_cloud_services = false
+ ipv4_enabled = true
+ server_ca_mode = (known after apply)
+ ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
}
+ maintenance_window {
+ day = 1
+ hour = 23
+ update_track = "canary"
}
}
+ timeouts {
+ create = "30m"
+ delete = "30m"
+ update = "30m"
}
}
# module.pg.google_sql_user.additional_users["tftest2"] will be created
+ resource "google_sql_user" "additional_users" {
+ host = (known after apply)
+ id = (known after apply)
+ instance = "test-db"
+ name = "tftest2"
+ password = (sensitive value)
+ project = "myprojectid"
+ sql_server_user_details = (known after apply)
}
# module.pg.google_sql_user.default[0] will be created
+ resource "google_sql_user" "default" {
+ host = (known after apply)
+ id = (known after apply)
+ instance = "test-db"
+ name = "default"
+ password = (sensitive value)
+ project = "myprojectid"
+ sql_server_user_details = (known after apply)
}
# module.pg.null_resource.module_depends_on will be created
+ resource "null_resource" "module_depends_on" {
+ id = (known after apply)
+ triggers = {
+ "value" = "0"
}
}
# module.pg.random_password.additional_passwords["tftest2"] will be created
+ resource "random_password" "additional_passwords" {
+ bcrypt_hash = (sensitive value)
+ id = (known after apply)
+ keepers = {
+ "name" = "test-db"
}
+ length = 32
+ lower = true
+ min_lower = 1
+ min_numeric = 1
+ min_special = 0
+ min_upper = 1
+ number = true
+ numeric = true
+ result = (sensitive value)
+ special = false
+ upper = true
}
# module.pg.random_password.user-password[0] will be created
+ resource "random_password" "user-password" {
+ bcrypt_hash = (sensitive value)
+ id = (known after apply)
+ keepers = {
+ "name" = "test-db"
}
+ length = 32
+ lower = true
+ min_lower = 1
+ min_numeric = 1
+ min_special = 0
+ min_upper = 1
+ number = true
+ numeric = true
+ result = (sensitive value)
+ special = false
+ upper = true
}
Plan: 7 to add, 0 to change, 0 to destroy.Terraform Version
1.8Additional information
Just need to update https://github.com/terraform-google-modules/terraform-google-sql-db/blob/master/modules/postgresql/main.tf#L256
resource "random_password" "additional_passwords" {
- for_each = local.users
+ for_each = { for user in local.users : user.name => user if user.random_password }