From 39497565dafc2eef158e25630651c412204f0d44 Mon Sep 17 00:00:00 2001 From: Pavel Skuratovich Date: Thu, 19 Jul 2018 01:04:50 +0300 Subject: [PATCH] Add an example of 'authorized_networks' generation (#1741) Copy an example from https://github.com/terraform-providers/terraform-provider-google/issues/1644 to the docs --- .../r/sql_database_instance.html.markdown | 59 ++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown index 5967d0d5..1839aea9 100644 --- a/website/docs/r/sql_database_instance.html.markdown +++ b/website/docs/r/sql_database_instance.html.markdown @@ -34,7 +34,6 @@ resource "google_sql_database_instance" "master" { } ``` - ### SQL Second generation ```hcl @@ -51,6 +50,64 @@ resource "google_sql_database_instance" "master" { } ``` +### Granular restriction of network access + +```hcl +resource "google_compute_instance" "apps" { + count = 8 + name = "apps-${count.index + 1}" + machine_type = "f1-micro" + + boot_disk { + initialize_params { + image = "ubuntu-os-cloud/ubuntu-1804-lts" + } + } + + network_interface { + network = "default" + + access_config { + // Ephemeral IP + } + } +} + +data "null_data_source" "auth_netw_postgres_allowed_1" { + count = "${length(google_compute_instance.apps.*.self_link)}" + + inputs = { + name = "apps-${count.index + 1}" + value = "${element(google_compute_instance.apps.*.network_interface.0.access_config.0.assigned_nat_ip, count.index)}" + } +} + +data "null_data_source" "auth_netw_postgres_allowed_2" { + count = 2 + + inputs = { + name = "onprem-${count.index + 1}" + value = "${element(list("192.168.1.2", "192.168.2.3"), count.index)}" + } +} + +resource "google_sql_database_instance" "postgres" { + name = "postgres-instance" + database_version = "POSTGRES_9_6" + + settings { + tier = "db-f1-micro" + + ip_configuration { + authorized_networks = [ + "${data.null_data_source.auth_netw_postgres_allowed_1.*.outputs}", + "${data.null_data_source.auth_netw_postgres_allowed_2.*.outputs}", + ] + } + } +} +``` + ## Argument Reference The following arguments are supported: