feat(google_cloudsql_postgres): Add ip_configuration.ssl_module variable

google_cloudsql_postgres/main.tf

@@ -55,6 +55,7 @@ resource "google_sql_database_instance" "primary" {
     ip_configuration {
       ipv4_enabled                                  = var.enable_public_ip
       require_ssl                                   = var.ip_configuration_require_ssl
+      ssl_mode                                      = var.ip_configuration_ssl_mode
       enable_private_path_for_google_cloud_services = var.enable_private_path_for_google_cloud_services
       dynamic "authorized_networks" {
         for_each = var.authorized_networks

google_cloudsql_postgres/variables.tf

@@ -93,6 +93,14 @@ variable "ip_configuration_require_ssl" {
   default = true
 }
 
+variable "ip_configuration_ssl_mode" {
+  default = "ENCRYPTED_ONLY"
+  validation {
+    condition     = contains(["ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"], var.ip_configuration_ssl_mode)
+    error_message = "The ip_configuration_ssl_mode value must be one of ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, or TRUSTED_CLIENT_CERTIFICATE_REQUIRED. Also ensure that ip_configuration_require_ssl value matches this variable."
+  }
+}
+
 variable "maintenance_window_day" {
   # Monday
   default = 1

google_cloudsql_postgres/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.48"
+      version = ">= 5.7"
     }
   }
 }