Merge pull request #75 from remerge/DATA-897-terraform-create-a-cloud-sql-instance-in-dwh-v2

add variable to enable adding authorised networks for cloud_sql

Author: ltruongg

google/sql/postgresql/main.tf

@@ -23,7 +23,14 @@ resource "google_sql_database_instance" "main" {
     ip_configuration {
       private_network = var.network
       ipv4_enabled    = var.ipv4_enabled
-      ssl_mode        = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
+      ssl_mode        = var.ipv4_enabled ? "ENCRYPTED_ONLY" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
+      dynamic "authorized_networks" {
+        for_each = var.ipv4_enabled ? var.authorized_networks : []
+        content {
+          name  = authorized_networks.value.name
+          value = authorized_networks.value.value
+        }
+      }
     }
 
     availability_type = "REGIONAL"

google/sql/postgresql/variables.tf

@@ -46,3 +46,12 @@ variable "ipv4_enabled" {
   type    = bool
   default = false
 }
+
+variable "authorized_networks" {
+  description = "List of authorized networks for public access. Each object must have 'name' and 'value' (subnet/CIDR)."
+  type = list(object({
+    name  = string
+    value = string
+  }))
+  default = []
+}