feat: Added support for setting transaction_log_retention_days, retai…

…ned_backups, and retention_unit to backup_configuration. (#203) BREAKING CHANGE: When setting the backup_configuration variable, transaction_log_retention_days, retained_backups, and retention_unit must be set. Use `null` to preserve default behavior.
terraform-google-modules · Jun 10, 2021 · 2237a3d · 2237a3d
1 parent 15cd106
commit 2237a3d
Show file tree

Hide file tree

Showing 19 changed files with 106 additions and 32 deletions.
diff --git a/examples/mysql-ha/main.tf b/examples/mysql-ha/main.tf
@@ -79,10 +79,13 @@ module "mysql" {
   }
 
   backup_configuration = {
-    enabled            = true
-    binary_log_enabled = true
-    start_time         = "20:55"
-    location           = null
+    enabled                        = true
+    binary_log_enabled             = true
+    start_time                     = "20:55"
+    location                       = null
+    transaction_log_retention_days = null
+    retained_backups               = 365
+    retention_unit                 = "COUNT"
   }
 
   // Read replica configurations

diff --git a/examples/postgresql-ha/main.tf b/examples/postgresql-ha/main.tf
@@ -81,6 +81,9 @@ module "pg" {
     start_time                     = "20:55"
     location                       = null
     point_in_time_recovery_enabled = false
+    transaction_log_retention_days = null
+    retained_backups               = 365
+    retention_unit                 = "COUNT"
   }
 
   // Read replica configurations

diff --git a/modules/mssql/README.md b/modules/mssql/README.md
@@ -14,7 +14,7 @@ The following dependency must be available for SQL Server module:
 | additional\_users | A list of users to be created in your cluster | <pre>list(object({<br>    name     = string<br>    password = string<br>  }))</pre> | `[]` | no |
 | authorized\_gae\_applications | The authorized gae applications for the Cloud SQL instances | `list(string)` | `[]` | no |
 | availability\_type | The availability type for the master instance.This is only used to set up high availability for the MSSQL instance. Can be either `ZONAL` or `REGIONAL`. | `string` | `"ZONAL"` | no |
-| backup\_configuration | The database backup configuration. | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    point_in_time_recovery_enabled = bool<br>    start_time                     = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": null,<br>  "enabled": false,<br>  "point_in_time_recovery_enabled": null,<br>  "start_time": null<br>}</pre> | no |
+| backup\_configuration | The database backup configuration. | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    point_in_time_recovery_enabled = bool<br>    start_time                     = string<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": null,<br>  "enabled": false,<br>  "point_in_time_recovery_enabled": null,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
 | create\_timeout | The optional timeout that is applied to limit long database creates. | `string` | `"15m"` | no |
 | database\_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/sqlserver/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use: SQLSERVER\_2017\_STANDARD, SQLSERVER\_2017\_ENTERPRISE, SQLSERVER\_2017\_EXPRESS, or SQLSERVER\_2017\_WEB | `string` | `"SQLSERVER_2017_STANDARD"` | no |

diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf
@@ -24,6 +24,9 @@ locals {
 
   databases = { for db in var.additional_databases : db.name => db }
   users     = { for u in var.additional_users : u.name => u }
+
+  retained_backups = lookup(var.backup_configuration, "retained_backups", null)
+  retention_unit   = lookup(var.backup_configuration, "retention_unit", null)
 }
 
 resource "random_id" "suffix" {
@@ -59,6 +62,15 @@ resource "google_sql_database_instance" "default" {
         enabled                        = lookup(backup_configuration.value, "enabled", null)
         start_time                     = lookup(backup_configuration.value, "start_time", null)
         point_in_time_recovery_enabled = lookup(backup_configuration.value, "point_in_time_recovery_enabled", null)
+        transaction_log_retention_days = lookup(backup_configuration.value, "transaction_log_retention_days", null)
+
+        dynamic "backup_retention_settings" {
+          for_each = local.retained_backups != null || local.retention_unit != null ? [var.backup_configuration] : []
+          content {
+            retained_backups = local.retained_backups
+            retention_unit   = local.retention_unit
+          }
+        }
       }
     }
     dynamic "ip_configuration" {

diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf
@@ -153,12 +153,18 @@ variable "backup_configuration" {
     enabled                        = bool
     point_in_time_recovery_enabled = bool
     start_time                     = string
+    transaction_log_retention_days = string
+    retained_backups               = number
+    retention_unit                 = string
   })
   default = {
     binary_log_enabled             = null
     enabled                        = false
     point_in_time_recovery_enabled = null
     start_time                     = null
+    transaction_log_retention_days = null
+    retained_backups               = null
+    retention_unit                 = null
   }
 }
 

diff --git a/modules/mssql/versions.tf b/modules/mssql/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "~> 3.53"
+      version = "~> 3.60"
     }
   }
 

diff --git a/modules/mysql/README.md b/modules/mysql/README.md
@@ -12,7 +12,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | additional\_users | A list of users to be created in your cluster | <pre>list(object({<br>    name     = string<br>    password = string<br>    host     = string<br>  }))</pre> | `[]` | no |
 | authorized\_gae\_applications | The list of authorized App Engine project names | `list(string)` | `[]` | no |
 | availability\_type | The availability type for the master instance. Can be either `REGIONAL` or `null`. | `string` | `"REGIONAL"` | no |
-| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    binary_log_enabled = bool<br>    enabled            = bool<br>    start_time         = string<br>    location           = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": false,<br>  "enabled": false,<br>  "location": null,<br>  "start_time": null<br>}</pre> | no |
+| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": false,<br>  "enabled": false,<br>  "location": null,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
 | create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"10m"` | no |
 | database\_flags | List of Cloud SQL flags that are applied to the database server. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use | `string` | n/a | yes |

diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -31,6 +31,9 @@ locals {
   // HA method using REGIONAL availability_type requires binary logs to be enabled
   binary_log_enabled = var.availability_type == "REGIONAL" ? true : lookup(var.backup_configuration, "binary_log_enabled", null)
   backups_enabled    = var.availability_type == "REGIONAL" ? true : lookup(var.backup_configuration, "enabled", null)
+
+  retained_backups = lookup(var.backup_configuration, "retained_backups", null)
+  retention_unit   = lookup(var.backup_configuration, "retention_unit", null)
 }
 
 resource "random_id" "suffix" {
@@ -56,10 +59,19 @@ resource "google_sql_database_instance" "default" {
     dynamic "backup_configuration" {
       for_each = [var.backup_configuration]
       content {
-        binary_log_enabled = local.binary_log_enabled
-        enabled            = local.backups_enabled
-        start_time         = lookup(backup_configuration.value, "start_time", null)
-        location           = lookup(backup_configuration.value, "location", null)
+        binary_log_enabled             = local.binary_log_enabled
+        enabled                        = local.backups_enabled
+        start_time                     = lookup(backup_configuration.value, "start_time", null)
+        location                       = lookup(backup_configuration.value, "location", null)
+        transaction_log_retention_days = lookup(backup_configuration.value, "transaction_log_retention_days", null)
+
+        dynamic "backup_retention_settings" {
+          for_each = local.retained_backups != null || local.retention_unit != null ? [var.backup_configuration] : []
+          content {
+            retained_backups = local.retained_backups
+            retention_unit   = local.retention_unit
+          }
+        }
       }
     }
     dynamic "ip_configuration" {

diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
@@ -134,16 +134,22 @@ variable "user_labels" {
 variable "backup_configuration" {
   description = "The backup_configuration settings subblock for the database setings"
   type = object({
-    binary_log_enabled = bool
-    enabled            = bool
-    start_time         = string
-    location           = string
+    binary_log_enabled             = bool
+    enabled                        = bool
+    start_time                     = string
+    location                       = string
+    transaction_log_retention_days = string
+    retained_backups               = number
+    retention_unit                 = string
   })
   default = {
-    binary_log_enabled = false
-    enabled            = false
-    start_time         = null
-    location           = null
+    binary_log_enabled             = false
+    enabled                        = false
+    start_time                     = null
+    location                       = null
+    transaction_log_retention_days = null
+    retained_backups               = null
+    retention_unit                 = null
   }
 }
 

diff --git a/modules/mysql/versions.tf b/modules/mysql/versions.tf
@@ -27,7 +27,7 @@ terraform {
     }
     google = {
       source  = "hashicorp/google"
-      version = "~> 3.53"
+      version = "~> 3.60"
     }
   }
 

diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
@@ -11,7 +11,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | additional\_databases | A list of databases to be created in your cluster | <pre>list(object({<br>    name      = string<br>    charset   = string<br>    collation = string<br>  }))</pre> | `[]` | no |
 | additional\_users | A list of users to be created in your cluster | <pre>list(object({<br>    name     = string<br>    password = string<br>  }))</pre> | `[]` | no |
 | availability\_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`. | `string` | `"ZONAL"` | no |
-| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    point_in_time_recovery_enabled = bool<br>  })</pre> | <pre>{<br>  "enabled": false,<br>  "location": null,<br>  "point_in_time_recovery_enabled": false,<br>  "start_time": null<br>}</pre> | no |
+| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    point_in_time_recovery_enabled = bool<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "enabled": false,<br>  "location": null,<br>  "point_in_time_recovery_enabled": false,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
 | create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"15m"` | no |
 | database\_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/postgres/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use | `string` | n/a | yes |

diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -30,6 +30,9 @@ locals {
     email         = iu,
     is_account_sa = trimsuffix(iu, "gserviceaccount.com") == iu ? false : true
   }]
+
+  retained_backups = lookup(var.backup_configuration, "retained_backups", null)
+  retention_unit   = lookup(var.backup_configuration, "retention_unit", null)
 }
 
 resource "random_id" "suffix" {
@@ -60,6 +63,15 @@ resource "google_sql_database_instance" "default" {
         start_time                     = lookup(backup_configuration.value, "start_time", null)
         location                       = lookup(backup_configuration.value, "location", null)
         point_in_time_recovery_enabled = lookup(backup_configuration.value, "point_in_time_recovery_enabled", false)
+        transaction_log_retention_days = lookup(backup_configuration.value, "transaction_log_retention_days", null)
+
+        dynamic "backup_retention_settings" {
+          for_each = local.retained_backups != null || local.retention_unit != null ? [var.backup_configuration] : []
+          content {
+            retained_backups = local.retained_backups
+            retention_unit   = local.retention_unit
+          }
+        }
       }
     }
     dynamic "ip_configuration" {

diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
@@ -129,12 +129,18 @@ variable "backup_configuration" {
     start_time                     = string
     location                       = string
     point_in_time_recovery_enabled = bool
+    transaction_log_retention_days = string
+    retained_backups               = number
+    retention_unit                 = string
   })
   default = {
     enabled                        = false
     start_time                     = null
     location                       = null
     point_in_time_recovery_enabled = false
+    transaction_log_retention_days = null
+    retained_backups               = null
+    retention_unit                 = null
   }
 }
 

diff --git a/modules/postgresql/versions.tf b/modules/postgresql/versions.tf
@@ -27,7 +27,7 @@ terraform {
     }
     google = {
       source  = "hashicorp/google"
-      version = "~> 3.53"
+      version = "~> 3.60"
     }
   }
 

diff --git a/modules/safer_mysql/README.md b/modules/safer_mysql/README.md
@@ -170,7 +170,7 @@ mysql -S $HOME/mysql_sockets/myproject:region:instance -u user -p
 | assign\_public\_ip | Set to true if the master instance should also have a public IP (less secure). | `string` | `false` | no |
 | authorized\_gae\_applications | The list of authorized App Engine project names | `list(string)` | `[]` | no |
 | availability\_type | The availability type for the master instance. Can be either `REGIONAL` or `null`. | `string` | `"REGIONAL"` | no |
-| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    binary_log_enabled = bool<br>    enabled            = bool<br>    start_time         = string<br>    location           = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": false,<br>  "enabled": false,<br>  "location": null,<br>  "start_time": null<br>}</pre> | no |
+| backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    binary_log_enabled             = bool<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    transaction_log_retention_days = string<br>    retained_backups               = number<br>    retention_unit                 = string<br>  })</pre> | <pre>{<br>  "binary_log_enabled": false,<br>  "enabled": false,<br>  "location": null,<br>  "retained_backups": null,<br>  "retention_unit": null,<br>  "start_time": null,<br>  "transaction_log_retention_days": null<br>}</pre> | no |
 | create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"15m"` | no |
 | database\_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/mysql/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use | `string` | n/a | yes |

diff --git a/modules/safer_mysql/variables.tf b/modules/safer_mysql/variables.tf
@@ -138,16 +138,22 @@ variable "user_labels" {
 variable "backup_configuration" {
   description = "The backup_configuration settings subblock for the database setings"
   type = object({
-    binary_log_enabled = bool
-    enabled            = bool
-    start_time         = string
-    location           = string
+    binary_log_enabled             = bool
+    enabled                        = bool
+    start_time                     = string
+    location                       = string
+    transaction_log_retention_days = string
+    retained_backups               = number
+    retention_unit                 = string
   })
   default = {
-    binary_log_enabled = false
-    enabled            = false
-    start_time         = null
-    location           = null
+    binary_log_enabled             = false
+    enabled                        = false
+    start_time                     = null
+    location                       = null
+    transaction_log_retention_days = null
+    retained_backups               = null
+    retention_unit                 = null
   }
 }
 

diff --git a/modules/safer_mysql/versions.tf b/modules/safer_mysql/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = "~> 3.53"
+      version = "~> 3.60"
     }
   }
 

diff --git a/test/integration/mysql-ha/controls/mysql.rb b/test/integration/mysql-ha/controls/mysql.rb
@@ -136,6 +136,10 @@
 
     it "backup configuration is enabled" do
       expect(data['settings']['backupConfiguration']).to include(
+        "backupRetentionSettings" => {
+          "retainedBackups" => 365,
+          "retentionUnit" => "COUNT"
+        },
         "binaryLogEnabled" => true,
         "enabled" => true,
         "kind" => "sql#backupConfiguration",

diff --git a/test/integration/postgresql-ha/controls/pg.rb b/test/integration/postgresql-ha/controls/pg.rb
@@ -135,6 +135,10 @@
 
     it "backup configuration is enabled" do
       expect(data['settings']['backupConfiguration']).to include(
+        "backupRetentionSettings" => {
+          "retainedBackups" => 365,
+          "retentionUnit" => "COUNT"
+        },
         "enabled" => true,
         "kind" => "sql#backupConfiguration",
         "startTime" => "20:55")