MRG: Merge pull request #2 from octue/add-database-query-insights

cortadocodes · web-flow · commit 242d526dd662 · 2025-04-22T12:03:39.000+01:00
Add database query insights
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ locals {
 
 
 module "octue_django_api" {
-  source = "git::github.com/octue/terraform-octue-django-api.git?ref=0.1.0"
+  source = "git::github.com/octue/terraform-octue-django-api.git?ref=0.2.0"
   project = var.google_cloud_project_id
   region = var.google_cloud_region
   resource_affix = var.resource_affix
@@ -158,9 +158,10 @@ terraform destroy
 | `google_cloud_region`              | `string`      | Yes      | N/A                                                                                     | 
 | `resource_affix`                   | `string`      | Yes      | N/A                                                                                     |                 
 | `environment`                      | `string`      | No       | `"main"`                                                                                |
-| `maintainer_service_account_names` | `set(string)` | No       | `["default"]`                                                                           |
 | `secret_names`                     | `set(string)` | No       | `set(["django-secret-key", "database-proxy-url", "database-url", "stripe-secret-key"])` |     
-| `tasks_queue_name_suffix`          | `string`      | No       | `""`                                                                                    |     
+| `tasks_queue_name_suffix`          | `string`      | No       | `""`                                                                                    |
+| `database_availability_type`       | `string`      | No       | `"ZONAL"`                                                                               | 
+| `maintainer_service_account_names` | `set(string)` | No       | `["default"]`                                                                           |
 | `deletion_protection`              | `bool`        | No       | `true`                                                                                  | 
 
 See [`variables.tf`](/variables.tf) for descriptions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-0.1.0
+0.2.0
diff --git a/database.tf b/database.tf
@@ -14,15 +14,17 @@ resource "google_sql_database_instance" "postgres_instance" {
       value = "400"
     }
 
+    insights_config {
+      query_insights_enabled = true
+    }
+
+    availability_type = var.database_availability_type
+
     backup_configuration {
-      enabled = true
+      enabled                        = true
       point_in_time_recovery_enabled = true
     }
   }
-  # If we need to execute SQL...
-  #   provisioner "local-exec" {
-  #     command = "PGPASSWORD=<password> psql -f schema.sql -p <port> -U <username> <databasename>"
-  #   }
 
   timeouts {}
 }
diff --git a/iam_roles.tf b/iam_roles.tf
@@ -8,23 +8,23 @@ locals {
 
 
 resource "google_project_iam_member" "iam__service_account_user" {
-  project  = var.google_cloud_project_id
-  role     = "roles/iam.serviceAccountUser"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/iam.serviceAccountUser"
+  member  = local.server_service_account_email
 }
 
 
 resource "google_project_iam_member" "run__developer" {
-  project  = var.google_cloud_project_id
-  role     = "roles/run.developer"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/run.developer"
+  member  = local.server_service_account_email
 }
 
 
 resource "google_project_iam_member" "storage__object_admin" {
-  project  = var.google_cloud_project_id
-  role     = "roles/storage.objectAdmin"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/storage.objectAdmin"
+  member  = local.server_service_account_email
 }
 
 
@@ -36,9 +36,9 @@ resource "google_project_iam_member" "error_reporting__writer" {
 
 
 resource "google_project_iam_member" "cloudsql__client" {
-  project  = var.google_cloud_project_id
-  role     = "roles/cloudsql.client"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/cloudsql.client"
+  member  = local.server_service_account_email
 }
 
 
@@ -48,9 +48,9 @@ resource "google_project_iam_member" "cloudsql__client" {
 #  - https://cloud.google.com/sql/docs/mysql/iam-permissions
 resource "google_project_iam_member" "cloudsql_maintainers" {
   for_each = local.maintainer_service_account_emails
-  project = var.google_cloud_project_id
-  role    = "roles/cloudsql.editor"
-  member = each.value
+  project  = var.google_cloud_project_id
+  role     = "roles/cloudsql.editor"
+  member   = each.value
 }
 
 
@@ -66,15 +66,15 @@ resource "google_project_iam_member" "cloudsql_maintainers" {
 
 # Allow django-gcp.tasks to create periodic tasks in google cloud scheduler
 resource "google_project_iam_member" "cloudscheduler__admin" {
-  project  = var.google_cloud_project_id
-  role     = "roles/cloudscheduler.admin"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/cloudscheduler.admin"
+  member  = local.server_service_account_email
 }
 
 
 # Allow the server to pull secrets.
 resource "google_project_iam_member" "secretmanager__secret_accessor" {
-  project  = var.google_cloud_project_id
-  role     = "roles/secretmanager.secretAccessor"
-  member   = local.server_service_account_email
+  project = var.google_cloud_project_id
+  role    = "roles/secretmanager.secretAccessor"
+  member  = local.server_service_account_email
 }
diff --git a/variables.tf b/variables.tf
@@ -23,13 +23,6 @@ variable "environment" {
 }
 
 
-variable "maintainer_service_account_names" {
-  type        = set(string)
-  default     = ["default"]
-  description = "The names of each maintainer IAM service account that should be created. They'll automatically be prefixed with 'maintainer-'."
-}
-
-
 variable "secret_names" {
   description = "A list of secrets to be created and made accessible to the cloud run instance."
   type        = set(string)
@@ -49,6 +42,24 @@ variable "tasks_queue_name_suffix" {
 }
 
 
+variable "database_availability_type" {
+  type    = string
+  default = "ZONAL"
+  validation {
+    condition     = length(regexall("^(ZONAL|REGIONAL)$", var.database_availability_type)) > 0
+    error_message = "ERROR: Valid types are \"ZONAL\" and \"REGIONAL\"."
+  }
+  description = "Must be one of 'ZONAL' (low availability) and 'REGIONAL' (high availability)."
+}
+
+
+variable "maintainer_service_account_names" {
+  type        = set(string)
+  default     = ["default"]
+  description = "The names of each maintainer IAM service account that should be created. They'll automatically be prefixed with 'maintainer-'."
+}
+
+
 variable "deletion_protection" {
   type        = bool
   default     = true

Original file line number	Diff line number	Diff line change
`@@ -14,15 +14,17 @@ resource "google_sql_database_instance" "postgres_instance" {`
`14`	`14`	`value = "400"`
`15`	`15`	`}`
`16`	`16`
	`17`	`+ insights_config {`
	`18`	`+ query_insights_enabled = true`
	`19`	`+ }`
	`20`	`+`
	`21`	`+ availability_type = var.database_availability_type`
	`22`	`+`
`17`	`23`	`backup_configuration {`
`18`		`- enabled = true`
	`24`	`+ enabled = true`
`19`	`25`	`point_in_time_recovery_enabled = true`
`20`	`26`	`}`
`21`	`27`	`}`
`22`		`- # If we need to execute SQL...`
`23`		`- # provisioner "local-exec" {`
`24`		`- # command = "PGPASSWORD=<password> psql -f schema.sql -p <port> -U <username> <databasename>"`
`25`		`- # }`
`26`	`28`
`27`	`29`	`timeouts {}`
`28`	`30`	`}`