Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
sqladmin.googleapis.com/Instance requireSSL Not Triggering
See original GitHub issuegcp_sql_ssl_v1.yaml template:
Is looking for:
asset.resource.settings.ipConfiguration.requireSsl == false
but the CAI returns:
[
{
"name": "<redacted>",
"asset_type": "sqladmin.googleapis.com/Instance",
"ancestry_path": "<redacted>",
"resource": {
"version": "v1beta4",
"discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/sqladmin/v1beta4/rest",
"discovery_name": "DatabaseInstance",
"parent": "<redacted>",
"data": {
"databaseVersion": "POSTGRES_9_6",
"name": "master-instance",
"project": "<redacted>",
"region": "us-central1",
"settings": {
"ipConfiguration": {
"ipv4Enabled": true,
"requireSsl": false
},
"pricingPlan": "PER_USE",
"replicationType": "SYNCHRONOUS",
"storageAutoResize": true,
"tier": "db-f1-micro"
}
}
}
}
]
It looks like it is missing “data” so I added it to the template:
asset.resource.data.settings.ipConfiguration.requireSsl == false
but that still does not catch the entry:
variable project {}
provider "google" {
project = "${var.project}"
region = "us-east1"
}
resource "google_sql_database_instance" "master" {
name = "master-instance"
database_version = "POSTGRES_9_6"
region = "us-central1"
settings {
# Second-generation instance tiers are based on the machine
# type. See argument reference below.
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = "true"
require_ssl = "false"
}
}
}
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Configure SSL/TLS certificates | Cloud SQL for MySQL
Using the Cloud SQL Auth proxy doesn't require SSL/TLS Certificates because the connection is encrypted no matter the setting. To enable requiring SSL/TLS:....
Read more >Unable to configure GCP's "deletion protection" on Cloud SQL ...
I really want to delete this database and I expect Terraform to delete it. Actual Behavior. There's no way to configure the database...
Read more >Sqladmin - googleapis documentation
API for Cloud SQL database instance management. const {google} = require('googleapis'); const sqladmin ... options, GlobalOptions, No.
Read more >IpConfiguration (Cloud SQL Admin API v1beta4 (Rev. 76) 1.25 ...
Whether the instance should be assigned an IP address or not. java.lang.String, getPrivateNetwork(). The resource link for the VPC network from which the ......
Read more >Google.Apis.SQLAdmin.v1beta4.xml - PowerShell Gallery
<member name="P:Google.Apis.SQLAdmin.v1beta4.BackupRunsResource.GetRequest.Instance"> <summary>Cloud SQL instance ID. This does not include the project ID.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jdyke I opened #125 to address the issue in the constraint template.
I tested the conversion in Terraform Validator and it looks like it properly converts the requireSsl prop:
@AdrienWalkowiak @ocervell This was likely fixed for Forseti with this PR. Forseti had some incorrect logic where it was setting falsy values to None. The change can be tested from master branch of Forseti; will be included in v2.26.0.