Creating multiple authorized_networks under Google CloudSQL instance

[Andrew Teixeira]

Hello,

I am trying to add multiple authorized networks under a Google CloudSQL instance.  However, all I can seem to get working is one network, even though the output clearly shows it as indexable.  Therefore, I assume that you can add multiple networks, but I can't figure out the syntax.  My current configuration looks something like the following:

resource "google_sql_database_instance" "mysql" {

    name = "mysql01"

    region = "${var.region}"

    database_version = "${var.cloudsql_version}"

    settings {

        activation_policy = "${var.cloudsql_activation_policy}"

        pricing_plan = "${var.cloudsql_pricing_plan}"

        replication_type = "${var.cloudsql_replication_type}"

        tier = "D16"

        backup_configuration {

            binary_log_enabled = false

            enabled = true

            start_time = "06:00"

        }

        ip_configuration {

            ipv4_enabled = true

            # require_ssl = true

            authorized_networks = {

                name = "The Network"

                value = "10.0.0.0/24"

            }

        }

    }

}

This, however, only adds one network.  Every time I try to use brackets to make a list, I can't find a syntax that works to add multiple networks.  Is there some syntax that will work for this, or is this a bug in Terraform where you can't add more than one network.

Thanks!

[Paul Hinze]

Hi Andrew,

The syntax to build a list of non-primitives is to just repeat the clause in the config. So see if this works for you:

ip_configuration {

  // ...

  authorized_networks {

    name = "one"

    // ...

  }

  authorized_networks {

    name = "two"

    // ...

  }

}

We generally make the field names singular in these cases so the resulting config is a bit more intuitive, but it looks like this one ended up plural.

Hope this helps!

Paul

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/ec157737-a759-4451-9d5b-eda029d8ccf8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Andrew Teixeira]

Paul,

Thanks for the clarification.  I can now add multiple networks, which is exactly what I needed.  However, as much as the manifest now makes it through plan and apply, it seems that all it does is wipe out all the authorized networks on the CloudSQL instance.  I have run this both from local Terraform and through Atlas with the same results.  Both plans state that two networks need to be added, and the apply succeeds, but no authorized networks exist when I check back on the web interface.  Also, when I run the plan again, it shows no networks and I can repeat the whole process through to completion with no change to the authorized networks on CloudSQL.  I imagine this should just be a bug report to the terraform repo, correct, unless there is some other reason that I could be messing this up?  My current config is as follows (with identifying information blanked out):

resource "google_sql_database_instance" "mysql" {

    name = "mysql${format("%02d", count.index+1)}"

    count = "${var.num_cloudsql_instances}"

    region = "${var.cloudsql_region}"

    database_version = "${var.cloudsql_version}"

    settings {

        activation_policy = "${var.cloudsql_activation_policy}"

        pricing_plan = "${var.cloudsql_pricing_plan}"

        replication_type = "${var.cloudsql_replication_type}"

        tier = "D16"

        backup_configuration {

            binary_log_enabled = false

            enabled = true

            start_time = "06:00"

        }

        ip_configuration {

            ipv4_enabled = true

            # require_ssl = true

            authorized_networks = {

                name = "The Network"

                value = "x.x.x.x/x"

            }

            authorized_networks = {

                name = "${google_compute_instance.computename.0.name}"

                value = "${google_compute_address.computename.0.address}/32"

            }

        }

    }

}

When I run the plan I get:

~ google_sql_database_instance.mysql

    settings.0.ip_configuration.0.authorized_networks.#:       "0" => "2"

    settings.0.ip_configuration.0.authorized_networks.0.name:  "" => "The Network"

    settings.0.ip_configuration.0.authorized_networks.0.value: "" => "x.x.x.x/x"

    settings.0.ip_configuration.0.authorized_networks.1.name:  "" => "computename"

    settings.0.ip_configuration.0.authorized_networks.1.value: "" => "x.x.x.x/32"

and expected results on apply.

Please let me know.

Thanks!

[Paul Hinze]

Yep that looks like a bug - file a GitHub issue and somebody will take a look!

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/88db0e72-8b10-493e-9fa9-fb8ec66c3682%40googlegroups.com.