fix: disable random_pass when default user off (#602)

terraform-google-modules · May 6, 2024 · 98c7f8c · 98c7f8c
1 parent 1c18d78
commit 98c7f8c
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 6 deletions.
diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf
@@ -194,6 +194,7 @@ resource "google_sql_database" "additional_databases" {
 }
 
 resource "random_password" "user-password" {
+  count   = var.enable_default_user ? 1 : 0
   length  = 8
   special = true
 
@@ -226,7 +227,7 @@ resource "google_sql_user" "default" {
   name       = var.user_name
   project    = var.project_id
   instance   = google_sql_database_instance.default.name
-  password   = coalesce(var.user_password, random_password.user-password.result)
+  password   = coalesce(var.user_password, random_password.user-password[0].result)
   depends_on = [null_resource.module_depends_on, google_sql_database_instance.default]
 }
 

diff --git a/modules/mssql/outputs.tf b/modules/mssql/outputs.tf
@@ -57,7 +57,7 @@ output "instance_service_account_email_address" {
 
 output "generated_user_password" {
   description = "The auto generated default user password if not input password was provided"
-  value       = random_password.user-password.result
+  value       = var.enable_default_user ? random_password.user-password[0].result : ""
   sensitive   = true
 }
 

diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -224,6 +224,7 @@ resource "google_sql_database" "additional_databases" {
 }
 
 resource "random_password" "user-password" {
+  count = var.enable_default_user ? 1 : 0
   keepers = {
     name = google_sql_database_instance.default.name
   }
@@ -269,7 +270,7 @@ resource "google_sql_user" "default" {
   project  = var.project_id
   instance = google_sql_database_instance.default.name
   host     = var.user_host
-  password = var.user_password == "" ? random_password.user-password.result : var.user_password
+  password = var.user_password == "" ? random_password.user-password[0].result : var.user_password
   depends_on = [
     null_resource.module_depends_on,
     google_sql_database_instance.default,

diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf
@@ -95,7 +95,7 @@ output "read_replica_instance_names" {
 
 output "generated_user_password" {
   description = "The auto generated default user password if not input password was provided"
-  value       = random_password.user-password.result
+  value       = var.enable_default_user ? random_password.user-password[0].result : ""
   sensitive   = true
 }
 

diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -231,6 +231,7 @@ resource "google_sql_database" "additional_databases" {
 }
 
 resource "random_password" "user-password" {
+  count = var.enable_default_user ? 1 : 0
   keepers = {
     name = google_sql_database_instance.default.name
   }
@@ -275,7 +276,7 @@ resource "google_sql_user" "default" {
   name     = var.user_name
   project  = var.project_id
   instance = google_sql_database_instance.default.name
-  password = var.user_password == "" ? random_password.user-password.result : var.user_password
+  password = var.user_password == "" ? random_password.user-password[0].result : var.user_password
   depends_on = [
     null_resource.module_depends_on,
     google_sql_database_instance.default,

diff --git a/modules/postgresql/outputs.tf b/modules/postgresql/outputs.tf
@@ -100,7 +100,7 @@ output "read_replica_instance_names" {
 
 output "generated_user_password" {
   description = "The auto generated default user password if not input password was provided"
-  value       = random_password.user-password.result
+  value       = var.enable_default_user ? random_password.user-password[0].result : ""
   sensitive   = true
 }