terraform-google-sql-db icon indicating copy to clipboard operation
terraform-google-sql-db copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Enable root_password for postgres

Open BusiPlay opened this issue 3 years ago • 4 comments

Per https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance#root_password:

(Optional) Initial root password. Required for MS SQL Server, ignored by MySQL and PostgreSQL.

The creation of a CloudSQL Postgres instance automatically creates a postgres user, whose password can be set through API per https://cloud.google.com/sql/docs/postgres/create-manage-users#rest-v1beta4

Right now in order to create a root user via Terraform, a separate cloudsql_database_user resource must be created with root privileges.

Being able to set the postgres user password through the existing root_password attribute seems like a better approach, as it reduces the number of users being given administrative privileges to the database instance.

BusiPlay avatar Apr 30 '21 13:04 BusiPlay

According to google_sql_database_instance documentation

  • Second-generation instances include a default 'root'@'%' user with no password. This user will be deleted by Terraform on instance creation. You should use google_sql_user to define a custom user with a restricted host and strong password.

This is provider or API limitation and cant be solved by this module.

imrannayer avatar Sep 21 '21 15:09 imrannayer

This statement applies only to MySQL 2nd Generation instances. Postgres instances do create a postgres user, this is not deleted by Terraform currently. This request was entered to allow the root_password attribute to update this default postgres user as it does for SQL Server.

BusiPlay avatar Sep 21 '21 15:09 BusiPlay

It still applies to provider not this module. Right now provider uses root_password paraeter for MsSQL instance only and ignores for MySQL and Postgres. You may wana create issue for on provider's site. Once provider has the capability it can be added to module.

imrannayer avatar Sep 21 '21 15:09 imrannayer

right, my error - I will direct this to the provider site. Thanks!

BusiPlay avatar Sep 21 '21 17:09 BusiPlay

I think the google_sql_database_instance resource from the provider can now accept root_password according to the official google docs: https://cloud.google.com/sql/docs/postgres/samples/cloud-sql-postgres-instance-pvp

This PR should allow it: https://github.com/terraform-google-modules/terraform-google-sql-db/pull/521

the-veloper avatar Oct 05 '23 13:10 the-veloper