From 612e598f067e042d58e30b637672209f619f5e3d Mon Sep 17 00:00:00 2001 From: Vedant Pareek Date: Tue, 27 Feb 2024 13:11:37 +0530 Subject: [PATCH 1/4] Added support for control plane in GCP --- gcs.tf | 26 +++++++ iam.tf | 25 +++++++ locals.tf | 21 ++++++ network.tf | 14 ++++ output.tf | 99 ++++++++++++++++++++++++++ postgres.tf | 60 ++++++++++++++++ variables.tf | 192 +++++++++++++++++++++++++++++++++++++++++++++++++++ versions.tf | 17 +++++ 8 files changed, 454 insertions(+) create mode 100644 gcs.tf create mode 100644 iam.tf create mode 100644 locals.tf create mode 100644 network.tf create mode 100644 output.tf create mode 100644 postgres.tf create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/gcs.tf b/gcs.tf new file mode 100644 index 0000000..dac1f71 --- /dev/null +++ b/gcs.tf @@ -0,0 +1,26 @@ +module "truefoundry_gcs" { + count = var.truefoundry_gcs_enabled ? 1 : 0 + source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket" + version = "4.0.1" + project_id = var.project_id + name = local.truefoundry_blob_storage_name + location = var.region + force_destroy = var.truefoundry_gcs_force_destroy + labels = local.tags + public_access_prevention = "enforced" + cors = [{ + origin = var.truefoundry_gcs_cors_origins + method = ["GET", "POST", "PUT"] + max_age_seconds = 3000 + }] + lifecycle_rules = [ + { + action = { + type = "AbortIncompleteMultipartUpload" + } + condition = { + age = "7" + } + } + ] +} \ No newline at end of file diff --git a/iam.tf b/iam.tf new file mode 100644 index 0000000..c00d900 --- /dev/null +++ b/iam.tf @@ -0,0 +1,25 @@ +module "service_accounts" { + source = "terraform-google-modules/service-accounts/google" + version = "4.2.2" + project_id = var.project_id + names = [local.serviceaccount_name] + descriptions = ["Truefoundry serviceaccount for truefoundry control-plane components"] + display_name = "Terraform-managed truefoundry control-plane service account" + generate_keys = false + project_roles = local.serviceaccount_roles +} + +# // binding the serviceaccount to k8s serviceaccount +module "service_account_iam_bindings" { + source = "terraform-google-modules/iam/google//modules/service_accounts_iam" + version = "7.7.1" + service_accounts = module.service_accounts.service_accounts[*].email + project = var.project_id + mode = "additive" + bindings = { + "roles/iam.workloadIdentityUser" = [ + "serviceAccount:${var.project_id}.svc.id.goog[${var.svcfoundry_k8s_namespace}/${var.svcfoundry_k8s_service_account}]", + "serviceAccount:${var.project_id}.svc.id.goog[${var.mlfoundry_k8s_namespace}/${var.mlfoundry_k8s_service_account}]", + ] + } +} \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..63bf78f --- /dev/null +++ b/locals.tf @@ -0,0 +1,21 @@ +locals { + truefoundry_blob_storage_name = var.truefoundry_gcs_enable_override ? var.truefoundry_gcs_override_name : "${var.cluster_name}-truefoundry" + truefoundry_db_unique_name = var.truefoundry_db_enable_override ? var.truefoundry_db_override_name : "${var.cluster_name}-db" + serviceaccount_name = "${var.cluster_name}-sa" + serviceaccount_roles = [ + "${var.project_id}=>roles/artifactregistry.admin", + "${var.project_id}=>roles/secretmanager.admin", + "${var.project_id}=>roles/iam.serviceAccountTokenCreator", + "${var.project_id}=>roles/storage.admin" + ] + tags = merge({ + "terraform-module" = "tfy-control-plane" + "terraform" = "true" + "cluster-name" = var.cluster_name + "truefoundry" = "managed" + }, + var.tags + ) + database_address = split("/", var.truefoundry_db_network_cidr)[0] + database_prefix = tonumber(split("/", var.truefoundry_db_network_cidr)[1]) +} \ No newline at end of file diff --git a/network.tf b/network.tf new file mode 100644 index 0000000..2468f7d --- /dev/null +++ b/network.tf @@ -0,0 +1,14 @@ +resource "google_compute_global_address" "default" { + name = local.truefoundry_db_unique_name + address_type = "INTERNAL" + purpose = "VPC_PEERING" + network = var.vpc_id + prefix_length = local.database_prefix + address = local.database_address +} + +resource "google_service_networking_connection" "default" { + network = var.vpc_id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.default.name] +} \ No newline at end of file diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..0e65a13 --- /dev/null +++ b/output.tf @@ -0,0 +1,99 @@ +################################################################################ +# Buket +################################################################################ + +output "bucket_name" { + value = var.truefoundry_gcs_enabled ? module.truefoundry_gcs[0].name : "" + description = "GCS bucket name" +} + +output "bucket_url" { + value = var.truefoundry_gcs_enabled ? module.truefoundry_gcs[0].url : "" + description = "GCS bucket URL" +} + +################################################################################ +# IAM serviceaccount +################################################################################ + +output "serviceaccount_email" { + value = module.service_accounts.email + description = "Serviceaccount email" +} + +output "serviceaccount_iam_email" { + value = module.service_accounts.iam_email + description = "Serviceaccount IAM email" +} + +output "serviceaccount_detail" { + value = module.service_accounts.service_account + description = "Serviceaccount details" +} + +output "serviceaccount_members" { + value = module.service_account_iam_bindings.members + description = "Serviceaccount members" +} + +output "serviceaccount_roles" { + value = module.service_account_iam_bindings.roles + description = "Serviceaccount roles" +} + +output "serviceaccount_binding_service_accounts" { + value = module.service_account_iam_bindings.service_accounts + description = "Serviceaccount bindings" +} + +################################################################################ +# Database +################################################################################ + + +output "database_password" { + value = var.truefoundry_db_enable ? random_password.truefoundry_db_password.result : "" + sensitive = true + description = "Database's password" +} + +output "instance_ip_address" { + value = var.truefoundry_db_enable ? module.postgresql-db.instance_ip_address : "" + description = "Database instance IP address" +} + +output "instance_name" { + value = var.truefoundry_db_enable ? module.postgresql-db.instance_name : "" + description = "Database instance name" +} + +output "instance_self_link" { + value = var.truefoundry_db_enable ? module.postgresql-db.instance_self_link : "" + description = "Self link of the database" +} + +output "instance_server_ca_cert" { + value = var.truefoundry_db_enable ? module.postgresql-db.instance_server_ca_cert : "" + sensitive = true + description = "Self link of the database server ca cert" +} + +output "instance_service_account_email_address" { + value = var.truefoundry_db_enable ? module.postgresql-db.instance_service_account_email_address : "" + description = "Service account email address" +} + +output "instances" { + value = var.truefoundry_db_enable ? module.postgresql-db.instances : "" + sensitive = true +} + +output "primary" { + value = var.truefoundry_db_enable ? module.postgresql-db.primary : "" + sensitive = true +} + +output "private_ip_address" { + value = var.truefoundry_db_enable ? module.postgresql-db.private_ip_address : "" + description = "Private IP address of the database instance" +} \ No newline at end of file diff --git a/postgres.tf b/postgres.tf new file mode 100644 index 0000000..dd63d09 --- /dev/null +++ b/postgres.tf @@ -0,0 +1,60 @@ + +resource "random_password" "truefoundry_db_password" { + count = var.truefoundry_db_enable ? 1 : 0 + length = 42 + special = true + override_special = "-_=+" +} + +module "postgresql-db" { + source = "GoogleCloudPlatform/sql-db/google//modules/postgresql" + version = "19.0.0" + + count = var.truefoundry_db_enable ? 1 : 0 + name = local.truefoundry_db_unique_name + database_version = var.truefoundry_db_postgres_version + project_id = var.project_id + + activation_policy = "ALWAYS" + availability_type = var.truefoundry_db_availability_type + + backup_configuration = { + enabled = true + start_time = "20:55" + location = null # will store in multi-region by default + point_in_time_recovery_enabled = true + transaction_log_retention_days = "7" + retained_backups = 14 + retention_unit = "COUNT" + } + db_charset = var.truefoundry_db_database_charset + db_collation = var.truefoundry_db_database_collation + db_name = var.truefoundry_db_database_name + deletion_protection = var.truefoundry_db_deletion_protection + disk_autoresize = var.truefoundry_db_disk_autoresize + disk_autoresize_limit = var.truefoundry_db_disk_autoresize_limit + disk_size = var.truefoundry_db_disk_size + disk_type = var.truefoundry_db_disk_type + edition = var.truefoundry_db_edition + + ip_configuration = { + ipv4_enabled = false # recheck + private_network = var.vpc_id + require_ssl = false + allocated_ip_range = null + authorized_networks = [ + { + name = "sample-gcp-health-checkers-range" + value = "130.211.0.0/28" + } + ] + } + region = var.region + root_password = random_password.truefoundry_db_password[0].result + zone = var.truefoundry_db_zone + tier = var.truefoundry_db_tier + user_labels = local.tags + random_instance_name = true + + depends_on = [google_service_networking_connection.default] +} \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..490c1d5 --- /dev/null +++ b/variables.tf @@ -0,0 +1,192 @@ +################################################################################ +# Generic +################################################################################ + +variable "cluster_name" { + description = "Truefoundry deployment unique name" + type = string +} + +variable "tags" { + description = "A map of tags to add to all resources" + type = map(string) + default = {} +} + +variable "region" { + description = "region" + type = string +} + +variable "project_id" { + description = "GCP Project" + type = string +} + +variable "vpc_id" { + description = "ID of the network VPC" + type = string +} +################################################################################## +## Database +################################################################################## + +variable "truefoundry_db_enable" { + type = bool + description = "Enable CloudSQL database" +} + +variable "truefoundry_db_deletion_protection" { + type = bool + description = "Enable deletion protection" + default = false +} + +variable "truefoundry_db_postgres_version" { + type = string + description = "Postgres version of cloudSQL" + default = "POSTGRES_15" +} + +variable "truefoundry_db_network_cidr" { + type = string + description = "Network CIDR for the truefoundry postgres database. Minimum range is /24. This CIDR must be different from the main subnet where your cluster is gettin created. This subnet is created inside the GCP's network." +} + +variable "truefoundry_db_availability_type" { + type = string + description = "Postgres availability type for the master instance. Accepted values are [ZONAL, REGIONAL]. Chose REGIONAL for HA" + default = "REGIONAL" +} + +variable "truefoundry_db_database_charset" { + type = string + description = "Charset for the default database" + default = "UTF8" +} + +variable "truefoundry_db_database_collation" { + type = string + description = "Collation for the default database" + default = "en_US.UTF8" +} + +variable "truefoundry_db_database_name" { + type = string + description = "Name of the database" + default = "ctl" +} + +variable "truefoundry_db_disk_autoresize" { + type = bool + description = "Automically increase storage size" + default = true +} + +variable "truefoundry_db_disk_autoresize_limit" { + type = number + description = "Automically increase storage size" +} + +variable "truefoundry_db_disk_size" { + type = number + description = "Disk size of the master instance" + default = 20 +} + +variable "truefoundry_db_disk_type" { + type = string + description = "Disk size of the master instance" + default = "PD_SSD" +} + +variable "truefoundry_db_edition" { + type = string + description = "The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS" + default = null +} + +variable "truefoundry_db_tier" { + type = string + description = "Instance class for SQL DB" +} +variable "truefoundry_db_zone" { + type = string + description = "Zone for SQL DB - This must match the region" +} + +variable "truefoundry_db_enable_override" { + description = "Enable override for truefoundry db name. You must pass truefoundry_db_override_name" + type = bool + default = false +} +variable "truefoundry_db_override_name" { + description = "Override name for truefoundry db. truefoundry_db_enable_override must be set true" + type = string + default = "" +} + +################################################################################ +# mlfoundry +################################################################################ + +variable "mlfoundry_k8s_service_account" { + description = "The k8s mlfoundry service account name" + type = string +} + +variable "mlfoundry_k8s_namespace" { + description = "The k8s mlfoundry namespace" + type = string +} + +################################################################################ +# servicefoundry +################################################################################ + +variable "svcfoundry_k8s_service_account" { + description = "The k8s svcfoundry service account name" + type = string +} + +variable "svcfoundry_k8s_namespace" { + description = "The k8s svcfoundry namespace" + type = string +} + +################################################################################ +# MLfoundry bucket +################################################################## + +variable "truefoundry_gcs_enabled" { + description = "Enable creation of GCS bucket" + type = bool + default = false +} + +variable "truefoundry_gcs_enable_override" { + description = "Enable override for GCS bucket name. You must pass truefoundry_gcs_override_name" + type = bool + default = false +} +variable "truefoundry_gcs_override_name" { + description = "Override name for GCS bucket. truefoundry_gcs_enable_override must be set true" + type = string + default = "" + + validation { + condition = length(var.truefoundry_gcs_override_name) <= 63 + error_message = "Error: Bucket name is too long." + } +} + +variable "truefoundry_gcs_cors_origins" { + description = "Allowed CORS origin for GCS bucket" + type = list(string) + default = ["*"] +} +variable "truefoundry_gcs_force_destroy" { + description = "Enable force destroy on GCS bucket" + type = bool + default = true +} \ No newline at end of file diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..665360b --- /dev/null +++ b/versions.tf @@ -0,0 +1,17 @@ +terraform { + required_version = ">= 1.4" + required_providers { + google-beta = { + source = "hashicorp/google-beta" + version = "5.18.0" + } + google = { + source = "hashicorp/google" + version = "5.18.0" + } + random = { + source = "hashicorp/random" + version = "3.6.0" + } + } +} From 52acdf7dedf42e24bff41ba4c46654afb8b99285 Mon Sep 17 00:00:00 2001 From: Vedant Pareek Date: Tue, 27 Feb 2024 13:42:09 +0530 Subject: [PATCH 2/4] Removed versions.tf - sync issue in hashicorp --- versions.tf | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 versions.tf diff --git a/versions.tf b/versions.tf deleted file mode 100644 index 665360b..0000000 --- a/versions.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = ">= 1.4" - required_providers { - google-beta = { - source = "hashicorp/google-beta" - version = "5.18.0" - } - google = { - source = "hashicorp/google" - version = "5.18.0" - } - random = { - source = "hashicorp/random" - version = "3.6.0" - } - } -} From 342cf6a2e4ffebdbea05c82c9de66f2eaf753d17 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 27 Feb 2024 08:13:20 +0000 Subject: [PATCH 3/4] terraform-docs: automated action --- README.md | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/README.md b/README.md index 69facf4..5901697 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,90 @@ # terraform-google-truefoundry-control-plane Truefoundry Google Cloud Control Plane Module + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [postgresql-db](#module\_postgresql-db) | GoogleCloudPlatform/sql-db/google//modules/postgresql | 19.0.0 | +| [service\_account\_iam\_bindings](#module\_service\_account\_iam\_bindings) | terraform-google-modules/iam/google//modules/service_accounts_iam | 7.7.1 | +| [service\_accounts](#module\_service\_accounts) | terraform-google-modules/service-accounts/google | 4.2.2 | +| [truefoundry\_gcs](#module\_truefoundry\_gcs) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | 4.0.1 | + +## Resources + +| Name | Type | +|------|------| +| [google_compute_global_address.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource | +| [google_service_networking_connection.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource | +| [random_password.truefoundry_db_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | Truefoundry deployment unique name | `string` | n/a | yes | +| [mlfoundry\_k8s\_namespace](#input\_mlfoundry\_k8s\_namespace) | The k8s mlfoundry namespace | `string` | n/a | yes | +| [mlfoundry\_k8s\_service\_account](#input\_mlfoundry\_k8s\_service\_account) | The k8s mlfoundry service account name | `string` | n/a | yes | +| [project\_id](#input\_project\_id) | GCP Project | `string` | n/a | yes | +| [region](#input\_region) | region | `string` | n/a | yes | +| [svcfoundry\_k8s\_namespace](#input\_svcfoundry\_k8s\_namespace) | The k8s svcfoundry namespace | `string` | n/a | yes | +| [svcfoundry\_k8s\_service\_account](#input\_svcfoundry\_k8s\_service\_account) | The k8s svcfoundry service account name | `string` | n/a | yes | +| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | +| [truefoundry\_db\_availability\_type](#input\_truefoundry\_db\_availability\_type) | Postgres availability type for the master instance. Accepted values are [ZONAL, REGIONAL]. Chose REGIONAL for HA | `string` | `"REGIONAL"` | no | +| [truefoundry\_db\_database\_charset](#input\_truefoundry\_db\_database\_charset) | Charset for the default database | `string` | `"UTF8"` | no | +| [truefoundry\_db\_database\_collation](#input\_truefoundry\_db\_database\_collation) | Collation for the default database | `string` | `"en_US.UTF8"` | no | +| [truefoundry\_db\_database\_name](#input\_truefoundry\_db\_database\_name) | Name of the database | `string` | `"ctl"` | no | +| [truefoundry\_db\_deletion\_protection](#input\_truefoundry\_db\_deletion\_protection) | Enable deletion protection | `bool` | `false` | no | +| [truefoundry\_db\_disk\_autoresize](#input\_truefoundry\_db\_disk\_autoresize) | Automically increase storage size | `bool` | `true` | no | +| [truefoundry\_db\_disk\_autoresize\_limit](#input\_truefoundry\_db\_disk\_autoresize\_limit) | Automically increase storage size | `number` | n/a | yes | +| [truefoundry\_db\_disk\_size](#input\_truefoundry\_db\_disk\_size) | Disk size of the master instance | `number` | `20` | no | +| [truefoundry\_db\_disk\_type](#input\_truefoundry\_db\_disk\_type) | Disk size of the master instance | `string` | `"PD_SSD"` | no | +| [truefoundry\_db\_edition](#input\_truefoundry\_db\_edition) | The edition of the instance, can be ENTERPRISE or ENTERPRISE\_PLUS | `string` | `null` | no | +| [truefoundry\_db\_enable](#input\_truefoundry\_db\_enable) | Enable CloudSQL database | `bool` | n/a | yes | +| [truefoundry\_db\_enable\_override](#input\_truefoundry\_db\_enable\_override) | Enable override for truefoundry db name. You must pass truefoundry\_db\_override\_name | `bool` | `false` | no | +| [truefoundry\_db\_network\_cidr](#input\_truefoundry\_db\_network\_cidr) | Network CIDR for the truefoundry postgres database. Minimum range is /24. This CIDR must be different from the main subnet where your cluster is gettin created. This subnet is created inside the GCP's network. | `string` | n/a | yes | +| [truefoundry\_db\_override\_name](#input\_truefoundry\_db\_override\_name) | Override name for truefoundry db. truefoundry\_db\_enable\_override must be set true | `string` | `""` | no | +| [truefoundry\_db\_postgres\_version](#input\_truefoundry\_db\_postgres\_version) | Postgres version of cloudSQL | `string` | `"POSTGRES_15"` | no | +| [truefoundry\_db\_tier](#input\_truefoundry\_db\_tier) | Instance class for SQL DB | `string` | n/a | yes | +| [truefoundry\_db\_zone](#input\_truefoundry\_db\_zone) | Zone for SQL DB - This must match the region | `string` | n/a | yes | +| [truefoundry\_gcs\_cors\_origins](#input\_truefoundry\_gcs\_cors\_origins) | Allowed CORS origin for GCS bucket | `list(string)` | 
[
  "*"
]
| no | +| [truefoundry\_gcs\_enable\_override](#input\_truefoundry\_gcs\_enable\_override) | Enable override for GCS bucket name. You must pass truefoundry\_gcs\_override\_name | `bool` | `false` | no | +| [truefoundry\_gcs\_enabled](#input\_truefoundry\_gcs\_enabled) | Enable creation of GCS bucket | `bool` | `false` | no | +| [truefoundry\_gcs\_force\_destroy](#input\_truefoundry\_gcs\_force\_destroy) | Enable force destroy on GCS bucket | `bool` | `true` | no | +| [truefoundry\_gcs\_override\_name](#input\_truefoundry\_gcs\_override\_name) | Override name for GCS bucket. truefoundry\_gcs\_enable\_override must be set true | `string` | `""` | no | +| [vpc\_id](#input\_vpc\_id) | ID of the network VPC | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [bucket\_name](#output\_bucket\_name) | GCS bucket name | +| [bucket\_url](#output\_bucket\_url) | GCS bucket URL | +| [database\_password](#output\_database\_password) | Database's password | +| [instance\_ip\_address](#output\_instance\_ip\_address) | Database instance IP address | +| [instance\_name](#output\_instance\_name) | Database instance name | +| [instance\_self\_link](#output\_instance\_self\_link) | Self link of the database | +| [instance\_server\_ca\_cert](#output\_instance\_server\_ca\_cert) | Self link of the database server ca cert | +| [instance\_service\_account\_email\_address](#output\_instance\_service\_account\_email\_address) | Service account email address | +| [instances](#output\_instances) | n/a | +| [primary](#output\_primary) | n/a | +| [private\_ip\_address](#output\_private\_ip\_address) | Private IP address of the database instance | +| [serviceaccount\_binding\_service\_accounts](#output\_serviceaccount\_binding\_service\_accounts) | Serviceaccount bindings | +| [serviceaccount\_detail](#output\_serviceaccount\_detail) | Serviceaccount details | +| [serviceaccount\_email](#output\_serviceaccount\_email) | Serviceaccount email | +| [serviceaccount\_iam\_email](#output\_serviceaccount\_iam\_email) | Serviceaccount IAM email | +| [serviceaccount\_members](#output\_serviceaccount\_members) | Serviceaccount members | +| [serviceaccount\_roles](#output\_serviceaccount\_roles) | Serviceaccount roles | + \ No newline at end of file From a9a35d4405c3992ab0f86b39a983cf81082447d0 Mon Sep 17 00:00:00 2001 From: Vedant Pareek Date: Tue, 27 Feb 2024 14:47:48 +0530 Subject: [PATCH 4/4] Added count.index --- output.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/output.tf b/output.tf index 0e65a13..0e0d393 100644 --- a/output.tf +++ b/output.tf @@ -52,48 +52,48 @@ output "serviceaccount_binding_service_accounts" { output "database_password" { - value = var.truefoundry_db_enable ? random_password.truefoundry_db_password.result : "" + value = var.truefoundry_db_enable ? random_password.truefoundry_db_password[0].result : "" sensitive = true description = "Database's password" } output "instance_ip_address" { - value = var.truefoundry_db_enable ? module.postgresql-db.instance_ip_address : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instance_ip_address : "" description = "Database instance IP address" } output "instance_name" { - value = var.truefoundry_db_enable ? module.postgresql-db.instance_name : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instance_name : "" description = "Database instance name" } output "instance_self_link" { - value = var.truefoundry_db_enable ? module.postgresql-db.instance_self_link : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instance_self_link : "" description = "Self link of the database" } output "instance_server_ca_cert" { - value = var.truefoundry_db_enable ? module.postgresql-db.instance_server_ca_cert : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instance_server_ca_cert : "" sensitive = true description = "Self link of the database server ca cert" } output "instance_service_account_email_address" { - value = var.truefoundry_db_enable ? module.postgresql-db.instance_service_account_email_address : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instance_service_account_email_address : "" description = "Service account email address" } output "instances" { - value = var.truefoundry_db_enable ? module.postgresql-db.instances : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].instances : "" sensitive = true } output "primary" { - value = var.truefoundry_db_enable ? module.postgresql-db.primary : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].primary : "" sensitive = true } output "private_ip_address" { - value = var.truefoundry_db_enable ? module.postgresql-db.private_ip_address : "" + value = var.truefoundry_db_enable ? module.postgresql-db[0].private_ip_address : "" description = "Private IP address of the database instance" } \ No newline at end of file