From 4f58540a6336182f697782ba96c14bcd972a404b Mon Sep 17 00:00:00 2001
From: Jon Buckley <jon@jbuckley.ca>
Date: Fri, 1 Dec 2023 11:57:59 -0500
Subject: [PATCH] feat(google_cloudsql_postgres): Add
 ip_configuration.ssl_module variable

---
 google_cloudsql_postgres/main.tf      | 1 +
 google_cloudsql_postgres/variables.tf | 8 ++++++++
 google_cloudsql_postgres/versions.tf  | 2 +-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/google_cloudsql_postgres/main.tf b/google_cloudsql_postgres/main.tf
index f7174ab6..e906cf3f 100644
--- a/google_cloudsql_postgres/main.tf
+++ b/google_cloudsql_postgres/main.tf
@@ -55,6 +55,7 @@ resource "google_sql_database_instance" "primary" {
     ip_configuration {
       ipv4_enabled                                  = var.enable_public_ip
       require_ssl                                   = var.ip_configuration_require_ssl
+      ssl_mode                                      = var.ip_configuration_ssl_mode
       enable_private_path_for_google_cloud_services = var.enable_private_path_for_google_cloud_services
       dynamic "authorized_networks" {
         for_each = var.authorized_networks
diff --git a/google_cloudsql_postgres/variables.tf b/google_cloudsql_postgres/variables.tf
index 7db671c3..38e2c8bb 100644
--- a/google_cloudsql_postgres/variables.tf
+++ b/google_cloudsql_postgres/variables.tf
@@ -93,6 +93,14 @@ variable "ip_configuration_require_ssl" {
   default = true
 }
 
+variable "ip_configuration_ssl_mode" {
+  default = "ENCRYPTED_ONLY"
+  validation {
+    condition     = contains(["ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"], var.ip_configuration_ssl_mode)
+    error_message = "The ip_configuration_ssl_mode value must be one of ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, or TRUSTED_CLIENT_CERTIFICATE_REQUIRED. Also ensure that ip_configuration_require_ssl value matches this variable."
+  }
+}
+
 variable "maintenance_window_day" {
   # Monday
   default = 1
diff --git a/google_cloudsql_postgres/versions.tf b/google_cloudsql_postgres/versions.tf
index f8f29d7c..7662f6a6 100644
--- a/google_cloudsql_postgres/versions.tf
+++ b/google_cloudsql_postgres/versions.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.48"
+      version = ">= 5.7"
     }
   }
 }