Fix invalid SSL mode (#1171)

Use a valid SSL mode string from the IpConfiguration documentation for MySQL[1]. `SSL_MODE_UNSPECIFIED` is invalid despite being listed in the enumerated options[2]. [1] https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration [2] https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#SslMode Signed-off-by: Colleen Murphy <[email protected]>
sigstore · Jul 8, 2024 · d1f63df · d1f63df
1 parent 8c2fc61
commit d1f63df
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/terraform/gcp/modules/mysql-shard/mysql.tf b/terraform/gcp/modules/mysql-shard/mysql.tf
@@ -40,7 +40,7 @@ resource "google_sql_database_instance" "trillian" {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network
       require_ssl     = var.require_ssl
-      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "SSL_MODE_UNSPECIFIED"
+      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     }
 
     database_flags {
@@ -81,7 +81,7 @@ resource "google_sql_database_instance" "read_replica" {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network
       require_ssl     = var.require_ssl
-      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "SSL_MODE_UNSPECIFIED"
+      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     }
 
     database_flags {

diff --git a/terraform/gcp/modules/mysql/mysql.tf b/terraform/gcp/modules/mysql/mysql.tf
@@ -126,7 +126,7 @@ resource "google_sql_database_instance" "sigstore" {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network
       require_ssl     = var.require_ssl
-      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "SSL_MODE_UNSPECIFIED"
+      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     }
 
     database_flags {
@@ -174,7 +174,7 @@ resource "google_sql_database_instance" "read_replica" {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network
       require_ssl     = var.require_ssl
-      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "SSL_MODE_UNSPECIFIED"
+      ssl_mode        = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
     }
 
     database_flags {