hashicorp · modular-magician · Apr 8, 2025 · Apr 8, 2025
@@ -0,0 +1,3 @@
+```release-note:enhancement
+databasemigrationservice: added `ssl.type` as an input field to `google_database_migration_service_connection_profile` resource
+```
@@ -424,9 +424,9 @@ This field is not returned on request, and the value is encrypted when stored in
 								Schema: map[string]*schema.Schema{
 									"ca_certificate": {
 										Type:     schema.TypeString,
-										Required: true,
+										Optional: true,
 										ForceNew: true,
-										Description: `Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+										Description: `Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
 The replica will use this certificate to verify it's connecting to the right host.`,
 										Sensitive: true,
 									},
@@ -447,9 +447,10 @@ If this field is used then the 'clientCertificate' field is mandatory.`,
 										Sensitive: true,
 									},
 									"type": {
-										Type:        schema.TypeString,
-										Computed:    true,
-										Description: `The current connection profile state.`,
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: verify.ValidateEnum([]string{"SERVER_ONLY", "SERVER_CLIENT", "REQUIRED", "NONE", ""}),
+										Description:  `The current connection profile state. Possible values: ["SERVER_ONLY", "SERVER_CLIENT", "REQUIRED", "NONE"]`,
 									},
 								},
 							},
@@ -571,9 +572,9 @@ This field is not returned on request, and the value is encrypted when stored in
 								Schema: map[string]*schema.Schema{
 									"ca_certificate": {
 										Type:     schema.TypeString,
-										Required: true,
+										Optional: true,
 										ForceNew: true,
-										Description: `Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+										Description: `Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
 The replica will use this certificate to verify it's connecting to the right host.`,
 										Sensitive: true,
 									},
@@ -671,9 +672,9 @@ This field is not returned on request, and the value is encrypted when stored in
 								Schema: map[string]*schema.Schema{
 									"ca_certificate": {
 										Type:     schema.TypeString,
-										Required: true,
+										Optional: true,
 										ForceNew: true,
-										Description: `Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+										Description: `Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
 The replica will use this certificate to verify it's connecting to the right host.`,
 										Sensitive: true,
 									},
@@ -696,9 +697,10 @@ If this field is used then the 'clientCertificate' field is mandatory.`,
 										RequiredWith: []string{},
 									},
 									"type": {
-										Type:        schema.TypeString,
-										Computed:    true,
-										Description: `The current connection profile state.`,
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: verify.ValidateEnum([]string{"SERVER_ONLY", "SERVER_CLIENT", "REQUIRED", "NONE", ""}),
+										Description:  `The current connection profile state. Possible values: ["SERVER_ONLY", "SERVER_CLIENT", "REQUIRED", "NONE"]`,
 									},
 								},
 							},

@@ -103,6 +103,7 @@ resource "google_database_migration_service_connection_profile" "cloudsqlprofile
       client_key         = google_sql_ssl_cert.sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-my-database%{random_suffix}"
   }
@@ -213,6 +214,155 @@ resource "google_database_migration_service_connection_profile" "postgresprofile
       client_key = google_sql_ssl_cert.sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.sql_client_cert.cert
       ca_certificate = google_sql_ssl_cert.sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
+    }
+    cloud_sql_id = "tf-test-my-database%{random_suffix}"
+  }
+  depends_on = [google_sql_user.sqldb_user]
+}
+`, context)
+}
+
+func TestAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresNoSslExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDatabaseMigrationServiceConnectionProfileDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresNoSslExample(context),
+			},
+			{
+				ResourceName:            "google_database_migration_service_connection_profile.postgresprofile",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"connection_profile_id", "labels", "location", "postgresql.0.password", "postgresql.0.ssl.0.ca_certificate", "postgresql.0.ssl.0.client_certificate", "postgresql.0.ssl.0.client_key", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresNoSslExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_sql_database_instance" "postgresqldb" {
+  name             = "tf-test-my-database%{random_suffix}"
+  database_version = "POSTGRES_12"
+  settings {
+    tier = "db-custom-2-13312"
+  }
+  deletion_protection = false
+}
+
+resource "google_sql_ssl_cert" "sql_client_cert" {
+  common_name = "tf-test-my-cert%{random_suffix}"
+  instance    = google_sql_database_instance.postgresqldb.name
+
+  depends_on = [google_sql_database_instance.postgresqldb]
+}
+
+resource "google_sql_user" "sqldb_user" {
+  name     = "tf-test-my-username%{random_suffix}"
+  instance = google_sql_database_instance.postgresqldb.name
+  password = "tf-test-my-password%{random_suffix}"
+
+
+  depends_on = [google_sql_ssl_cert.sql_client_cert]
+}
+
+resource "google_database_migration_service_connection_profile" "postgresprofile" {
+  location = "us-central1"
+  connection_profile_id = "tf-test-my-profileid%{random_suffix}"
+  display_name = "tf-test-my-profileid%{random_suffix}_display"
+  labels = { 
+    foo = "bar" 
+  }
+  postgresql {
+    host = google_sql_database_instance.postgresqldb.ip_address.0.ip_address
+    port = 5432
+    username = google_sql_user.sqldb_user.name
+    password = google_sql_user.sqldb_user.password
+    ssl {
+      type = "NONE"
+    }
+    cloud_sql_id = "tf-test-my-database%{random_suffix}"
+  }
+  depends_on = [google_sql_user.sqldb_user]
+}
+`, context)
+}
+
+func TestAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresRequiredSslExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDatabaseMigrationServiceConnectionProfileDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresRequiredSslExample(context),
+			},
+			{
+				ResourceName:            "google_database_migration_service_connection_profile.postgresprofile",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"connection_profile_id", "labels", "location", "postgresql.0.password", "postgresql.0.ssl.0.ca_certificate", "postgresql.0.ssl.0.client_certificate", "postgresql.0.ssl.0.client_key", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfilePostgresRequiredSslExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_sql_database_instance" "postgresqldb" {
+  name             = "tf-test-my-database%{random_suffix}"
+  database_version = "POSTGRES_12"
+  settings {
+    tier = "db-custom-2-13312"
+  }
+  deletion_protection = false
+}
+
+resource "google_sql_ssl_cert" "sql_client_cert" {
+  common_name = "tf-test-my-cert%{random_suffix}"
+  instance    = google_sql_database_instance.postgresqldb.name
+
+  depends_on = [google_sql_database_instance.postgresqldb]
+}
+
+resource "google_sql_user" "sqldb_user" {
+  name     = "tf-test-my-username%{random_suffix}"
+  instance = google_sql_database_instance.postgresqldb.name
+  password = "tf-test-my-password%{random_suffix}"
+
+
+  depends_on = [google_sql_ssl_cert.sql_client_cert]
+}
+
+resource "google_database_migration_service_connection_profile" "postgresprofile" {
+  location = "us-central1"
+  connection_profile_id = "tf-test-my-profileid%{random_suffix}"
+  display_name = "tf-test-my-profileid%{random_suffix}_display"
+  labels = { 
+    foo = "bar" 
+  }
+  postgresql {
+    host = google_sql_database_instance.postgresqldb.ip_address.0.ip_address
+    port = 5432
+    username = google_sql_user.sqldb_user.name
+    password = google_sql_user.sqldb_user.password
+    ssl {
+      type = "REQUIRED"
     }
     cloud_sql_id = "tf-test-my-database%{random_suffix}"
   }

@@ -101,6 +101,7 @@ resource "google_database_migration_service_connection_profile" "source_cp" {
       client_key         = google_sql_ssl_cert.source_sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-source-csql%{random_suffix}"
   }
@@ -235,6 +236,7 @@ resource "google_database_migration_service_connection_profile" "source_cp" {
       client_key         = google_sql_ssl_cert.source_sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-source-csql%{random_suffix}"
   }
@@ -354,6 +356,7 @@ resource "google_database_migration_service_connection_profile" "source_cp" {
       client_key         = google_sql_ssl_cert.source_sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-source-csql%{random_suffix}"
   }

@@ -90,6 +90,7 @@ resource "google_database_migration_service_connection_profile" "source_cp" {
       client_key         = google_sql_ssl_cert.source_sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-source-csql%{random_suffix}"
   }
@@ -197,6 +198,7 @@ resource "google_database_migration_service_connection_profile" "source_cp" {
       client_key         = google_sql_ssl_cert.source_sql_client_cert.private_key
       client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert
       ca_certificate     = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert
+      type = "SERVER_CLIENT"
     }
     cloud_sql_id = "tf-test-source-csql%{random_suffix}"
   }