Deprecate google_sql_database_instance.settings.ip_configuration's require_ssl in favor of ssl_mode (#11154)

feng-zhe · web-flow · commit bc7cde468a0c · 2024-07-24T14:36:16.000-07:00
diff --git a/mmv1/templates/terraform/examples/go/sql_instance_ssl_cert.tf.tmpl b/mmv1/templates/terraform/examples/go/sql_instance_ssl_cert.tf.tmpl
@@ -5,7 +5,7 @@ resource "google_sql_database_instance" "mysql_instance" {
   settings {
     tier              = "db-f1-micro"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     }
   }
   deletion_protection = "{{index $.Vars "deletion_protection"}}"
@@ -23,7 +23,7 @@ resource "google_sql_database_instance" "postgres_instance" {
   settings {
     tier              = "db-custom-2-7680"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     }
   }
   deletion_protection = "{{index $.Vars "deletion_protection"}}"
@@ -42,7 +42,7 @@ resource "google_sql_database_instance" "{{$.PrimaryResourceId}}" {
   settings {
     tier              = "db-custom-2-7680"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "ENCRYPTED_ONLY"
     }
   }
   deletion_protection = "{{index $.Vars "deletion_protection"}}"
diff --git a/mmv1/templates/terraform/examples/sql_instance_ssl_cert.tf.erb b/mmv1/templates/terraform/examples/sql_instance_ssl_cert.tf.erb
@@ -5,7 +5,7 @@ resource "google_sql_database_instance" "mysql_instance" {
   settings {
     tier              = "db-f1-micro"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     }
   }
   deletion_protection = "<%= ctx[:vars]['deletion_protection'] %>"
@@ -23,7 +23,7 @@ resource "google_sql_database_instance" "postgres_instance" {
   settings {
     tier              = "db-custom-2-7680"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     }
   }
   deletion_protection = "<%= ctx[:vars]['deletion_protection'] %>"
@@ -42,7 +42,7 @@ resource "google_sql_database_instance" "<%= ctx[:primary_resource_id] %>" {
   settings {
     tier              = "db-custom-2-7680"
     ip_configuration {
-      require_ssl = "true"
+      ssl_mode = "ENCRYPTED_ONLY"
     }
   }
   deletion_protection = "<%= ctx[:vars]['deletion_protection'] %>"
diff --git a/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go.tmpl b/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go.tmpl
@@ -74,7 +74,6 @@ var (
 	ipConfigurationKeys = []string{
 		"settings.0.ip_configuration.0.authorized_networks",
 		"settings.0.ip_configuration.0.ipv4_enabled",
-		"settings.0.ip_configuration.0.require_ssl",
 		"settings.0.ip_configuration.0.private_network",
 		"settings.0.ip_configuration.0.allocated_ip_range",
 		"settings.0.ip_configuration.0.enable_private_path_for_google_cloud_services",
@@ -437,13 +436,6 @@ is set to true. Defaults to ZONAL.`,
 										AtLeastOneOf: ipConfigurationKeys,
 										Description:  `Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.`,
 									},
-									"require_ssl": {
-										Type:         schema.TypeBool,
-										Optional:     true,
-										AtLeastOneOf: ipConfigurationKeys,
-										Description:  `Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.`,
-                                                                                Deprecated:   "`require_ssl` will be fully deprecated in a future major release. For now, please use `ssl_mode` with a compatible `require_ssl` value instead.",
-									},
 									"private_network": {
 										Type:             schema.TypeString,
 										Optional:         true,
@@ -492,7 +484,7 @@ is set to true. Defaults to ZONAL.`,
                                                                                 Optional:     true,
                                                                                 Computed:     true,
                                                                                 ValidateFunc: validation.StringInSlice([]string{"ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"}, false),
-                                                                                Description:  `Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl until next major release.`,
+                                                                                Description:  `Specify how SSL connection should be enforced in DB connections.`,
 										AtLeastOneOf: ipConfigurationKeys,
                                                                         },
 								},
@@ -1385,20 +1377,21 @@ func expandIpConfiguration(configured []interface{}, databaseVersion string) *sq
 
 	_ipConfiguration := configured[0].(map[string]interface{})
 
-	forceSendFields := []string{"Ipv4Enabled", "RequireSsl"}
+	forceSendFields := []string{"Ipv4Enabled"}
+	nullFields := []string{"RequireSsl"}
 
 	if !strings.HasPrefix(databaseVersion, "SQLSERVER") {
 		forceSendFields = append(forceSendFields, "EnablePrivatePathForGoogleCloudServices")
 	}
 
 	return &sqladmin.IpConfiguration{
 		Ipv4Enabled:                             _ipConfiguration["ipv4_enabled"].(bool),
-		RequireSsl:                              _ipConfiguration["require_ssl"].(bool),
 		PrivateNetwork:                          _ipConfiguration["private_network"].(string),
 		AllocatedIpRange:                        _ipConfiguration["allocated_ip_range"].(string),
 		AuthorizedNetworks:                      expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),
 		EnablePrivatePathForGoogleCloudServices: _ipConfiguration["enable_private_path_for_google_cloud_services"].(bool),
 		ForceSendFields:                         forceSendFields,
+		NullFields:                              nullFields,
 		PscConfig:                               expandPscConfig(_ipConfiguration["psc_config"].(*schema.Set).List()),
 		SslMode:                                 _ipConfiguration["ssl_mode"].(string),
 	}
@@ -2241,8 +2234,8 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema
 		"ipv4_enabled":                                  ipConfiguration.Ipv4Enabled,
 		"private_network":                               ipConfiguration.PrivateNetwork,
 		"allocated_ip_range":                            ipConfiguration.AllocatedIpRange,
-		"require_ssl":                                   ipConfiguration.RequireSsl,
 		"enable_private_path_for_google_cloud_services": ipConfiguration.EnablePrivatePathForGoogleCloudServices,
+		"ssl_mode":                                      ipConfiguration.SslMode,
 	}
 
 	if ipConfiguration.AuthorizedNetworks != nil {
@@ -2253,11 +2246,6 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema
 		data["psc_config"] = flattenPscConfigs(ipConfiguration.PscConfig)
 	}
 
-        // We store the ssl_mode value only if the customer already uses `ssl_mode`.
-        if _, ok := d.GetOk("settings.0.ip_configuration.0.ssl_mode"); ok {
-                data["ssl_mode"] = ipConfiguration.SslMode
-        }
-
 	return []map[string]interface{}{data}
 }
 
diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.erb b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.erb
@@ -75,7 +75,6 @@ var (
 	ipConfigurationKeys = []string{
 		"settings.0.ip_configuration.0.authorized_networks",
 		"settings.0.ip_configuration.0.ipv4_enabled",
-		"settings.0.ip_configuration.0.require_ssl",
 		"settings.0.ip_configuration.0.private_network",
 		"settings.0.ip_configuration.0.allocated_ip_range",
 		"settings.0.ip_configuration.0.enable_private_path_for_google_cloud_services",
@@ -438,13 +437,6 @@ is set to true. Defaults to ZONAL.`,
 										AtLeastOneOf: ipConfigurationKeys,
 										Description:  `Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.`,
 									},
-									"require_ssl": {
-										Type:         schema.TypeBool,
-										Optional:     true,
-										AtLeastOneOf: ipConfigurationKeys,
-										Description:  `Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.`,
-                                                                                Deprecated:   "`require_ssl` will be fully deprecated in a future major release. For now, please use `ssl_mode` with a compatible `require_ssl` value instead.",
-									},
 									"private_network": {
 										Type:             schema.TypeString,
 										Optional:         true,
@@ -493,7 +485,7 @@ is set to true. Defaults to ZONAL.`,
                                                                                 Optional:     true,
                                                                                 Computed:     true,
                                                                                 ValidateFunc: validation.StringInSlice([]string{"ALLOW_UNENCRYPTED_AND_ENCRYPTED", "ENCRYPTED_ONLY", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"}, false),
-                                                                                Description:  `Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl until next major release.`,
+                                                                                Description:  `Specify how SSL connection should be enforced in DB connections.`,
 										AtLeastOneOf: ipConfigurationKeys,
                                                                         },
 								},
@@ -1386,20 +1378,21 @@ func expandIpConfiguration(configured []interface{}, databaseVersion string) *sq
 
 	_ipConfiguration := configured[0].(map[string]interface{})
 
-	forceSendFields := []string{"Ipv4Enabled", "RequireSsl"}
+	forceSendFields := []string{"Ipv4Enabled"}
+	nullFields := []string{"RequireSsl"}
 
 	if !strings.HasPrefix(databaseVersion, "SQLSERVER") {
 		forceSendFields = append(forceSendFields, "EnablePrivatePathForGoogleCloudServices")
 	}
 
 	return &sqladmin.IpConfiguration{
 		Ipv4Enabled:                             _ipConfiguration["ipv4_enabled"].(bool),
-		RequireSsl:                              _ipConfiguration["require_ssl"].(bool),
 		PrivateNetwork:                          _ipConfiguration["private_network"].(string),
 		AllocatedIpRange:                        _ipConfiguration["allocated_ip_range"].(string),
 		AuthorizedNetworks:                      expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),
 		EnablePrivatePathForGoogleCloudServices: _ipConfiguration["enable_private_path_for_google_cloud_services"].(bool),
 		ForceSendFields:                         forceSendFields,
+		NullFields:                              nullFields,
 		PscConfig:                               expandPscConfig(_ipConfiguration["psc_config"].(*schema.Set).List()),
 		SslMode:                                 _ipConfiguration["ssl_mode"].(string),
 	}
@@ -2242,8 +2235,8 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema
 		"ipv4_enabled":                                  ipConfiguration.Ipv4Enabled,
 		"private_network":                               ipConfiguration.PrivateNetwork,
 		"allocated_ip_range":                            ipConfiguration.AllocatedIpRange,
-		"require_ssl":                                   ipConfiguration.RequireSsl,
 		"enable_private_path_for_google_cloud_services": ipConfiguration.EnablePrivatePathForGoogleCloudServices,
+                "ssl_mode":                                      ipConfiguration.SslMode,
 	}
 
 	if ipConfiguration.AuthorizedNetworks != nil {
@@ -2254,11 +2247,6 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema
 		data["psc_config"] = flattenPscConfigs(ipConfiguration.PscConfig)
 	}
 
-        // We store the ssl_mode value only if the customer already uses `ssl_mode`.
-        if _, ok := d.GetOk("settings.0.ip_configuration.0.ssl_mode"); ok {
-                data["ssl_mode"] = ipConfiguration.SslMode
-        }
-
 	return []map[string]interface{}{data}
 }
 
diff --git a/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go b/mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go
@@ -2344,9 +2344,8 @@ func TestAccSqlDatabaseInstance_updateSslOptionsForPostgreSQL(t *testing.T) {
 		// We don't do ImportStateVerify for the ssl_mode because of the implementation. The ssl_mode is expected to be discarded if the local state doesn't have it.
 		Steps: []resource.TestStep{
 			{
-				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, false, "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
+				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.require_ssl", "false"),
 					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.ssl_mode", "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
 				),
 			},
@@ -2357,9 +2356,8 @@ func TestAccSqlDatabaseInstance_updateSslOptionsForPostgreSQL(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"deletion_protection", "settings.0.ip_configuration.0.ssl_mode"},
 			},
 			{
-				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, false, "ENCRYPTED_ONLY"),
+				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, "ENCRYPTED_ONLY"),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.require_ssl", "false"),
 					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.ssl_mode", "ENCRYPTED_ONLY"),
 				),
 			},
@@ -2370,9 +2368,8 @@ func TestAccSqlDatabaseInstance_updateSslOptionsForPostgreSQL(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"deletion_protection", "settings.0.ip_configuration.0.ssl_mode"},
 			},
 			{
-				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, true, "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"),
+				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.require_ssl", "true"),
 					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.ssl_mode", "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"),
 				),
 			},
@@ -2383,9 +2380,8 @@ func TestAccSqlDatabaseInstance_updateSslOptionsForPostgreSQL(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"deletion_protection", "settings.0.ip_configuration.0.ssl_mode"},
 			},
 			{
-				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, false, "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
+				Config: testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName, databaseVersion, "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.require_ssl", "false"),
 					resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.ssl_mode", "ALLOW_UNENCRYPTED_AND_ENCRYPTED"),
 				),
 			},
@@ -2399,7 +2395,7 @@ func TestAccSqlDatabaseInstance_updateSslOptionsForPostgreSQL(t *testing.T) {
 	})
 }
 
-func testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName string, databaseVersion string, requireSsl bool, sslMode string) string {
+func testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName string, databaseVersion string, sslMode string) string {
 	return fmt.Sprintf(`
 resource "google_sql_database_instance" "instance" {
   name                = "%s"
@@ -2410,11 +2406,10 @@ resource "google_sql_database_instance" "instance" {
     tier = "db-g1-small"
     ip_configuration {
       ipv4_enabled = true
-      require_ssl = %t
       ssl_mode = "%s"
     }
   }
-}`, databaseName, databaseVersion, requireSsl, sslMode)
+}`, databaseName, databaseVersion, sslMode)
 }
 
 func testAccSqlDatabaseInstance_sqlMysqlInstancePvpExample(context map[string]interface{}) string {
@@ -2498,7 +2493,7 @@ resource "google_sql_database_instance" "instance" {
     collation = "Polish_CI_AS"
     ip_configuration {
       ipv4_enabled = true
-      require_ssl = true
+      ssl_mode = "ENCRYPTED_ONLY"
     }
   }
 }
diff --git a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown
@@ -375,12 +375,7 @@ Specifying a network enables private IP.
 At least `ipv4_enabled` must be enabled or a `private_network` must be configured.
 This setting can be updated, but it cannot be removed after it is set.
 
-* `require_ssl` - (Optional, Deprecated) Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in `ssl_mode`. It will be fully deprecated in a future major release. For now, please use `ssl_mode` with a compatible `require_ssl` value instead.
-
-* `ssl_mode` - (Optional) Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to `require_ssl`. To change this field, also set the correspoding value in `require_ssl`.
-    * For PostgreSQL instances, the value pairs are listed in the [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration) for `ssl_mode` field.
-    * For MySQL instances, use the same value pairs as the PostgreSQL instances.
-    * For SQL Server instances, set it to `ALLOW_UNENCRYPTED_AND_ENCRYPTED` when `require_ssl=false` and `ENCRYPTED_ONLY` otherwise.
+* `ssl_mode` - (Optional) Specify how SSL connection should be enforced in DB connections.
 
 * `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.
 
diff --git a/mmv1/third_party/tgc/sql_database_instance.go b/mmv1/third_party/tgc/sql_database_instance.go
@@ -189,10 +189,11 @@ func expandIpConfiguration(configured []interface{}) *sqladmin.IpConfiguration {
 
 	return &sqladmin.IpConfiguration{
 		Ipv4Enabled:        _ipConfiguration["ipv4_enabled"].(bool),
-		RequireSsl:         _ipConfiguration["require_ssl"].(bool),
 		PrivateNetwork:     _ipConfiguration["private_network"].(string),
 		AuthorizedNetworks: expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),
-		ForceSendFields:    []string{"Ipv4Enabled", "RequireSsl"},
+		ForceSendFields:    []string{"Ipv4Enabled"},
+		NullFields:         []string{"RequireSsl"},
+		SslMode:            _ipConfiguration["ssl_mode"].(string),
 	}
 }
 func expandAuthorizedNetworks(configured []interface{}) []*sqladmin.AclEntry {
diff --git a/mmv1/third_party/tgc/tests/data/example_google_datastream_stream.json b/mmv1/third_party/tgc/tests/data/example_google_datastream_stream.json
@@ -59,7 +59,7 @@
                             }
                         ],
                         "ipv4Enabled": true,
-                        "requireSsl": false
+                        "requireSsl": null
                     },
                     "pricingPlan": "PER_USE",
                     "storageAutoResize": true,
@@ -155,4 +155,4 @@
         "ancestors": ["organizations/{{.OrgID}}"],
         "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}"
     }
-]
+]
diff --git a/mmv1/third_party/tgc/tests/data/example_google_datastream_stream_append_only.json b/mmv1/third_party/tgc/tests/data/example_google_datastream_stream_append_only.json
@@ -59,7 +59,7 @@
                             }
                         ],
                         "ipv4Enabled": true,
-                        "requireSsl": false
+                        "requireSsl": null
                     },
                     "pricingPlan": "PER_USE",
                     "storageAutoResize": true,
@@ -155,4 +155,4 @@
         "ancestors": ["organizations/{{.OrgID}}"],
         "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}"
     }
-]
+]
diff --git a/mmv1/third_party/tgc/tests/data/full_sql_database_instance.json b/mmv1/third_party/tgc/tests/data/full_sql_database_instance.json
@@ -64,7 +64,8 @@
               }
             ],
             "ipv4Enabled": true,
-            "requireSsl": true
+            "requireSsl": null,
+            "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
           },
           "locationPreference": {
             "followGaeApplication": "test-follow_gae_application",
diff --git a/mmv1/third_party/tgc/tests/data/full_sql_database_instance.tf b/mmv1/third_party/tgc/tests/data/full_sql_database_instance.tf

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ resource "google_sql_database_instance" "mysql_instance" {`
`5`	`5`	`settings {`
`6`	`6`	`tier = "db-f1-micro"`
`7`	`7`	`ip_configuration {`
`8`		`- require_ssl = "true"`
	`8`	`+ ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"`
`9`	`9`	`}`
`10`	`10`	`}`
`11`	`11`	`deletion_protection = "{{index $.Vars "deletion_protection"}}"`
`@@ -23,7 +23,7 @@ resource "google_sql_database_instance" "postgres_instance" {`
`23`	`23`	`settings {`
`24`	`24`	`tier = "db-custom-2-7680"`
`25`	`25`	`ip_configuration {`
`26`		`- require_ssl = "true"`
	`26`	`+ ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`	`deletion_protection = "{{index $.Vars "deletion_protection"}}"`
`@@ -42,7 +42,7 @@ resource "google_sql_database_instance" "{{$.PrimaryResourceId}}" {`
`42`	`42`	`settings {`
`43`	`43`	`tier = "db-custom-2-7680"`
`44`	`44`	`ip_configuration {`
`45`		`- require_ssl = "true"`
	`45`	`+ ssl_mode = "ENCRYPTED_ONLY"`
`46`	`46`	`}`
`47`	`47`	`}`
`48`	`48`	`deletion_protection = "{{index $.Vars "deletion_protection"}}"`
Original file line number	Diff line number	Diff line change
`@@ -189,10 +189,11 @@ func expandIpConfiguration(configured []interface{}) *sqladmin.IpConfiguration {`
`189`	`189`
`190`	`190`	`return &sqladmin.IpConfiguration{`
`191`	`191`	`Ipv4Enabled: _ipConfiguration["ipv4_enabled"].(bool),`
`192`		`- RequireSsl: _ipConfiguration["require_ssl"].(bool),`
`193`	`192`	`PrivateNetwork: _ipConfiguration["private_network"].(string),`
`194`	`193`	`AuthorizedNetworks: expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),`
`195`		`- ForceSendFields: []string{"Ipv4Enabled", "RequireSsl"},`
	`194`	`+ ForceSendFields: []string{"Ipv4Enabled"},`
	`195`	`+ NullFields: []string{"RequireSsl"},`
	`196`	`+ SslMode: _ipConfiguration["ssl_mode"].(string),`
`196`	`197`	`}`
`197`	`198`	`}`
`198`	`199`	`func expandAuthorizedNetworks(configured []interface{}) []*sqladmin.AclEntry {`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@`
`59`	`59`	`}`
`60`	`60`	`],`
`61`	`61`	`"ipv4Enabled": true,`
`62`		`- "requireSsl": false`
	`62`	`+ "requireSsl": null`
`63`	`63`	`},`
`64`	`64`	`"pricingPlan": "PER_USE",`
`65`	`65`	`"storageAutoResize": true,`
`@@ -155,4 +155,4 @@`
`155`	`155`	`"ancestors": ["organizations/{{.OrgID}}"],`
`156`	`156`	`"ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}"`
`157`	`157`	`}`
`158`		`-]`
	`158`	`+]`