From d742a13ad29e9f8580d2a56612c6bf38c5d356c0 Mon Sep 17 00:00:00 2001 From: Jason Vigil Date: Fri, 25 Oct 2024 19:55:20 +0000 Subject: [PATCH] fix: Fix SQLInstance authorizednetworks periodic Turns out, we need to set a default value for the IpConfiguration fields for Ipv4Enabled and SslMode, even if some of the IpConfiguration is specified. Also, SslMode appears to have a different default value depending on which type of database is used. --- .../direct/sql/sqlinstance_defaults.go | 29 +++++++++++++++++-- .../direct/sql/sqlinstance_equality.go | 13 +++++++++ .../_http.log | 2 -- .../sqlinstance-auditconfig-direct/_http.log | 2 -- .../_http.log | 8 +++-- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 1 - .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 6 ++-- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../sqlinstance-mysql-direct/_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 2 -- .../_http.log | 6 ++-- .../_http.log | 6 ++-- .../sqlinstance-replica-direct/_http.log | 2 -- .../sqlinstance-sqlserver-direct/_http.log | 1 - .../_http.log | 2 -- .../sqlinstance-ssl-direct/_http.log | 5 +++- .../sqlinstance-ssl-direct/create.yaml | 1 + .../sqlinstance/sqlinstance-ssl/_http.log | 3 +- .../sqlinstance/sqlinstance-ssl/create.yaml | 1 + .../sqlinstance-storage-direct/_http.log | 2 -- 32 files changed, 65 insertions(+), 55 deletions(-) diff --git a/pkg/controller/direct/sql/sqlinstance_defaults.go b/pkg/controller/direct/sql/sqlinstance_defaults.go index af6ce130c0..dc783ed6a3 100644 --- a/pkg/controller/direct/sql/sqlinstance_defaults.go +++ b/pkg/controller/direct/sql/sqlinstance_defaults.go @@ -15,6 +15,8 @@ package sql import ( + "strings" + krm "github.com/GoogleCloudPlatform/k8s-config-connector/apis/sql/v1beta1" "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct" api "google.golang.org/api/sqladmin/v1beta4" @@ -60,9 +62,30 @@ func ApplySQLInstanceGCPDefaults(in *krm.SQLInstance, out *api.DatabaseInstance, if in.Spec.Settings.IpConfiguration == nil { // GCP default IpConfiguration. out.Settings.IpConfiguration = &api.IpConfiguration{ - Ipv4Enabled: true, - ServerCaMode: "GOOGLE_MANAGED_INTERNAL_CA", - SslMode: "ALLOW_UNENCRYPTED_AND_ENCRYPTED", + Ipv4Enabled: true, + SslMode: "ALLOW_UNENCRYPTED_AND_ENCRYPTED", + } + } + if in.Spec.Settings.IpConfiguration != nil { + if in.Spec.Settings.IpConfiguration.Ipv4Enabled == nil { + // GCP default IpConfiguration.Ipv4Enabled is true. + out.Settings.IpConfiguration.Ipv4Enabled = true + } + if in.Spec.Settings.IpConfiguration.SslMode == nil { + if out.Settings.IpConfiguration.RequireSsl { + if strings.HasPrefix(out.DatabaseVersion, "MYSQL") || strings.HasPrefix(out.DatabaseVersion, "POSTGRES") { + // If RequireSsl is true, and db version is MySQL or Postgres, + // GCP default SslMode is TRUSTED_CLIENT_CERTIFICATE_REQUIRED. + out.Settings.IpConfiguration.SslMode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" + } else { + // Otherwise, if RequireSsl is true and db version is SQLSERVER, + // GCP default SslMode is ENCRYPTED_ONLY. + out.Settings.IpConfiguration.SslMode = "ENCRYPTED_ONLY" + } + } else { + // If RequireSsl is false, GCP default IpConfiguration.SslMode is ALLOW_UNENCRYPTED_AND_ENCRYPTED. + out.Settings.IpConfiguration.SslMode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED" + } } } if in.Spec.Settings.PricingPlan == nil { diff --git a/pkg/controller/direct/sql/sqlinstance_equality.go b/pkg/controller/direct/sql/sqlinstance_equality.go index e9370c371b..1b5891432a 100644 --- a/pkg/controller/direct/sql/sqlinstance_equality.go +++ b/pkg/controller/direct/sql/sqlinstance_equality.go @@ -16,6 +16,7 @@ package sql import ( "reflect" + "sort" api "google.golang.org/api/sqladmin/v1beta4" ) @@ -477,10 +478,22 @@ func IpConfigurationsMatch(desired *api.IpConfiguration, actual *api.IpConfigura return true } +// AclEntriesByName implements sort.Interface for []*api.AclEntry based on the Name field. +type AclEntriesByName []*api.AclEntry + +func (a AclEntriesByName) Len() int { return len(a) } +func (a AclEntriesByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a AclEntriesByName) Less(i, j int) bool { return a[i].Name < a[j].Name } + func AclEntryListsMatch(desired []*api.AclEntry, actual []*api.AclEntry) bool { if len(desired) != len(actual) { return false } + // We mustiterate over the AclEntry lists in sorted order, + // so that the comparison is deterministic. + sort.Sort(AclEntriesByName(desired)) + sort.Sort(AclEntriesByName(actual)) + // Compare the AclEntry lists. for i := 0; i < len(desired); i++ { if !AclEntriesMatch(desired[i], actual[i]) { return false diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-activationpolicy-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-activationpolicy-direct/_http.log index e724d1a3a5..daac5e2fc0 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-activationpolicy-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-activationpolicy-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -406,7 +405,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-auditconfig-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-auditconfig-direct/_http.log index ef3edadd20..6a6ab769dd 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-auditconfig-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-auditconfig-direct/_http.log @@ -186,7 +186,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -590,7 +589,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-authorizednetworks-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-authorizednetworks-direct/_http.log index ee41fc2838..b386bb87cf 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-authorizednetworks-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-authorizednetworks-direct/_http.log @@ -52,7 +52,9 @@ User-Agent: kcc/controller-manager "name": "all", "value": "0.0.0.0/0" } - ] + ], + "ipv4Enabled": true, + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { @@ -409,7 +411,9 @@ User-Agent: kcc/controller-manager "name": "my-network", "value": "1.2.3.0/24" } - ] + ], + "ipv4Enabled": true, + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-binarylog-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-binarylog-direct/_http.log index 3deec3d9ab..3cbf11edd1 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-binarylog-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-binarylog-direct/_http.log @@ -59,7 +59,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -604,7 +603,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-pitr-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-pitr-direct/_http.log index 379176aa17..08d36b3570 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-pitr-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-backupconfiguration-pitr-direct/_http.log @@ -59,7 +59,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -428,7 +427,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-clone-minimal-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-clone-minimal-direct/_http.log index bf88324e05..0b16ad48c4 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-clone-minimal-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-clone-minimal-direct/_http.log @@ -51,7 +51,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-connectorenforcement-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-connectorenforcement-direct/_http.log index ac7680b782..cd8f2781ea 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-connectorenforcement-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-connectorenforcement-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -406,7 +405,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-databaseflags-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-databaseflags-direct/_http.log index 2be80f1e76..09394cea15 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-databaseflags-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-databaseflags-direct/_http.log @@ -52,7 +52,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -434,7 +433,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-datacacheconfig-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-datacacheconfig-direct/_http.log index 33050ec6cd..7b2fc29834 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-datacacheconfig-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-datacacheconfig-direct/_http.log @@ -49,7 +49,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -595,7 +594,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE_PLUS", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-deletionprotection-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-deletionprotection-direct/_http.log index 6af5fb4389..3e08443279 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-deletionprotection-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-deletionprotection-direct/_http.log @@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -408,7 +407,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-denymaintenanceperiod-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-denymaintenanceperiod-direct/_http.log index bec3fee14f..8ee95b7e59 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-denymaintenanceperiod-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-denymaintenanceperiod-direct/_http.log @@ -53,7 +53,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -434,7 +433,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey-direct/_http.log index 1fcac639eb..d816e7e871 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey-direct/_http.log @@ -1074,7 +1074,8 @@ User-Agent: kcc/controller-manager "ipConfiguration": { "ipv4Enabled": false, "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}", - "requireSsl": true + "requireSsl": true, + "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" }, "kind": "sql#settings", "locationPreference": { @@ -1505,7 +1506,8 @@ User-Agent: kcc/controller-manager "ipConfiguration": { "ipv4Enabled": false, "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}", - "requireSsl": true + "requireSsl": true, + "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" }, "kind": "sql#settings", "locationPreference": { diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-insightsconfig-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-insightsconfig-direct/_http.log index b828b72ca7..c19a93991a 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-insightsconfig-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-insightsconfig-direct/_http.log @@ -53,7 +53,6 @@ User-Agent: kcc/controller-manager }, "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -428,7 +427,6 @@ User-Agent: kcc/controller-manager }, "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-locationpreference-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-locationpreference-direct/_http.log index 77dc5b0e25..15ad81ce70 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-locationpreference-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-locationpreference-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -392,7 +391,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-maintenancewindow-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-maintenancewindow-direct/_http.log index 53496af6d9..746eba0483 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-maintenancewindow-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-maintenancewindow-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -424,7 +423,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-multithreading-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-multithreading-direct/_http.log index db221b9f96..7314c05c20 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-multithreading-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-multithreading-direct/_http.log @@ -50,7 +50,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -485,7 +484,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-direct/_http.log index 0b8c0d3930..a531d19019 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-direct/_http.log @@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -584,7 +583,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-minimal-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-minimal-direct/_http.log index 4150f4d232..fa3061cfbd 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-minimal-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-mysql-minimal-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -810,7 +809,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-passwordvalidationpolicy-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-passwordvalidationpolicy-direct/_http.log index 4da4e7cf52..2e4743feb6 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-passwordvalidationpolicy-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-passwordvalidationpolicy-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -415,7 +414,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-postgres-minimal-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-postgres-minimal-direct/_http.log index 596285707b..535ffa6131 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-postgres-minimal-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-postgres-minimal-direct/_http.log @@ -46,7 +46,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -576,7 +575,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-direct/_http.log index 1e63312907..da2ebe9967 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-direct/_http.log @@ -1384,7 +1384,8 @@ User-Agent: kcc/controller-manager "allocatedIpRange": "computeaddress-${uniqueId}", "enablePrivatePathForGoogleCloudServices": true, "ipv4Enabled": false, - "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}" + "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}", + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { @@ -1729,7 +1730,8 @@ User-Agent: kcc/controller-manager "allocatedIpRange": "computeaddress2-${uniqueId}", "enablePrivatePathForGoogleCloudServices": true, "ipv4Enabled": false, - "privateNetwork": "projects/${projectId}/global/networks/computenetwork2-${uniqueId}" + "privateNetwork": "projects/${projectId}/global/networks/computenetwork2-${uniqueId}", + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-legacyref-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-legacyref-direct/_http.log index 53108e4dbf..5126a5e830 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-legacyref-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-privatenetwork-legacyref-direct/_http.log @@ -1384,7 +1384,8 @@ User-Agent: kcc/controller-manager "allocatedIpRange": "computeaddress-${uniqueId}", "enablePrivatePathForGoogleCloudServices": true, "ipv4Enabled": false, - "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}" + "privateNetwork": "projects/${projectId}/global/networks/computenetwork-${uniqueId}", + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { @@ -1729,7 +1730,8 @@ User-Agent: kcc/controller-manager "allocatedIpRange": "computeaddress2-${uniqueId}", "enablePrivatePathForGoogleCloudServices": true, "ipv4Enabled": false, - "privateNetwork": "projects/${projectId}/global/networks/computenetwork2-${uniqueId}" + "privateNetwork": "projects/${projectId}/global/networks/computenetwork2-${uniqueId}", + "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", "locationPreference": { diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-replica-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-replica-direct/_http.log index b1716026fd..bf0266c738 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-replica-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-replica-direct/_http.log @@ -51,7 +51,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -442,7 +441,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-direct/_http.log index acb6bb57b0..dafaa9cd7d 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-direct/_http.log @@ -48,7 +48,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-minimal-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-minimal-direct/_http.log index 48802b232e..18efe8cd3b 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-minimal-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-sqlserver-minimal-direct/_http.log @@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -649,7 +648,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/_http.log index 86b06c02c8..9811966532 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/_http.log @@ -45,7 +45,9 @@ User-Agent: kcc/controller-manager "dataDiskType": "PD_SSD", "edition": "ENTERPRISE", "ipConfiguration": { - "requireSsl": true + "ipv4Enabled": true, + "requireSsl": true, + "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" }, "kind": "sql#settings", "locationPreference": { @@ -389,6 +391,7 @@ User-Agent: kcc/controller-manager "dataDiskType": "PD_SSD", "edition": "ENTERPRISE", "ipConfiguration": { + "ipv4Enabled": true, "requireSsl": false, "sslMode": "ENCRYPTED_ONLY" }, diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/create.yaml b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/create.yaml index 5ef87398eb..ba67d74592 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/create.yaml +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl-direct/create.yaml @@ -27,6 +27,7 @@ spec: # for docs about the different possible `sslMode` field values, and the limiations of the # `requireSsl` field. requireSsl: true + sslMode: "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" # Location preference is not actually a required field. However, setting it for tests # helps with with normalizing the GCP responses, because otherwise GCP chooses a zone # preference based on availability. Therefore it could potentially vary if not diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/_http.log index 049a8684ff..c0f25e3447 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/_http.log @@ -44,7 +44,8 @@ User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terr "ipConfiguration": { "enablePrivatePathForGoogleCloudServices": false, "ipv4Enabled": true, - "requireSsl": true + "requireSsl": true, + "sslMode": "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" }, "locationPreference": { "zone": "us-central1-a" diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/create.yaml b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/create.yaml index b306020ff3..9f66ee9303 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/create.yaml +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-ssl/create.yaml @@ -25,6 +25,7 @@ spec: # for docs about the different possible `sslMode` field values, and the limiations of the # `requireSsl` field. requireSsl: true + sslMode: "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" # Location preference is not actually a required field. However, setting it for tests # helps with with normalizing the GCP responses, because otherwise GCP chooses a zone # preference based on availability. Therefore it could potentially vary if not diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-storage-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-storage-direct/_http.log index 1be57fe225..bed536f3cc 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-storage-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-storage-direct/_http.log @@ -47,7 +47,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings", @@ -407,7 +406,6 @@ User-Agent: kcc/controller-manager "edition": "ENTERPRISE", "ipConfiguration": { "ipv4Enabled": true, - "serverCaMode": "GOOGLE_MANAGED_INTERNAL_CA", "sslMode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED" }, "kind": "sql#settings",