From 59b32af83e03da4b4dc0eb1fa6d5372dc4a3b696 Mon Sep 17 00:00:00 2001
From: Sebastian Melchior <801781+smelchior@users.noreply.github.com>
Date: Mon, 17 Apr 2023 19:33:21 +0200
Subject: [PATCH] feat: support query insights for MySQL for read replicas
 (#453)

Co-authored-by: Awais Malik <malik.awais@gmail.com>
---
 modules/mysql/README.md          |  2 +-
 modules/mysql/read_replica.tf    | 12 ++++++++++++
 modules/mysql/variables.tf       |  5 +++++
 modules/safer_mysql/README.md    |  2 +-
 modules/safer_mysql/variables.tf |  5 +++++
 5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/modules/mysql/README.md b/modules/mysql/README.md
index bb45236d..f3a3416d 100644
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
@@ -46,7 +46,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
 | read\_replica\_deletion\_protection\_enabled | Enables protection of a read replica from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
 | read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
-| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = string<br>    zone                  = string<br>    availability_type     = string<br>    disk_type             = string<br>    disk_autoresize       = bool<br>    disk_autoresize_limit = number<br>    disk_size             = string<br>    user_labels           = map(string)<br>    database_flags = list(object({<br>      name  = string<br>      value = string<br>    }))<br>    ip_configuration = object({<br>      authorized_networks = list(map(string))<br>      ipv4_enabled        = bool<br>      private_network     = string<br>      require_ssl         = bool<br>      allocated_ip_range  = string<br>    })<br>    encryption_key_name = string<br>  }))</pre> | `[]` | no |
+| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = string<br>    zone                  = string<br>    availability_type     = string<br>    disk_type             = string<br>    disk_autoresize       = bool<br>    disk_autoresize_limit = number<br>    disk_size             = string<br>    user_labels           = map(string)<br>    database_flags = list(object({<br>      name  = string<br>      value = string<br>    }))<br>    insights_config = optional(object({<br>      query_string_length     = number<br>      record_application_tags = bool<br>      record_client_address   = bool<br>    }))<br>    ip_configuration = object({<br>      authorized_networks = list(map(string))<br>      ipv4_enabled        = bool<br>      private_network     = string<br>      require_ssl         = bool<br>      allocated_ip_range  = string<br>    })<br>    encryption_key_name = string<br>  }))</pre> | `[]` | no |
 | region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
 | replica\_database\_version | The read replica database version to use. This var should only be used during a database update. The update sequence 1. read-replica 2. master, setting this to an updated version will cause the replica to update, then you may update the master with the var database\_version and remove this field after update is complete | `string` | `""` | no |
 | root\_password | Mysql password for the root user. If not set, a random one will be generated and available in the root\_password output variable. | `string` | `""` | no |
diff --git a/modules/mysql/read_replica.tf b/modules/mysql/read_replica.tf
index 511a5ae6..395caf4a 100644
--- a/modules/mysql/read_replica.tf
+++ b/modules/mysql/read_replica.tf
@@ -41,6 +41,18 @@ resource "google_sql_database_instance" "replicas" {
     availability_type           = lookup(each.value, "availability_type", var.availability_type)
     deletion_protection_enabled = var.read_replica_deletion_protection_enabled
 
+
+    dynamic "insights_config" {
+      for_each = lookup(each.value, "insights_config") != null ? [lookup(each.value, "insights_config")] : []
+
+      content {
+        query_insights_enabled  = true
+        query_string_length     = lookup(insights_config.value, "query_string_length", 1024)
+        record_application_tags = lookup(insights_config.value, "record_application_tags", false)
+        record_client_address   = lookup(insights_config.value, "record_client_address", false)
+      }
+    }
+
     dynamic "ip_configuration" {
       for_each = [lookup(each.value, "ip_configuration", {})]
       content {
diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
index c979d751..abb35172 100644
--- a/modules/mysql/variables.tf
+++ b/modules/mysql/variables.tf
@@ -252,6 +252,11 @@ variable "read_replicas" {
       name  = string
       value = string
     }))
+    insights_config = optional(object({
+      query_string_length     = number
+      record_application_tags = bool
+      record_client_address   = bool
+    }))
     ip_configuration = object({
       authorized_networks = list(map(string))
       ipv4_enabled        = bool
diff --git a/modules/safer_mysql/README.md b/modules/safer_mysql/README.md
index 5137b3bd..e3389e0b 100644
--- a/modules/safer_mysql/README.md
+++ b/modules/safer_mysql/README.md
@@ -199,7 +199,7 @@ mysql -S $HOME/mysql_sockets/myproject:region:instance -u user -p
 | read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
 | read\_replica\_deletion\_protection\_enabled | Enables protection of a read replica from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
 | read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
-| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = string<br>    availability_type     = string<br>    zone                  = string<br>    disk_type             = string<br>    disk_autoresize       = bool<br>    disk_autoresize_limit = number<br>    disk_size             = string<br>    user_labels           = map(string)<br>    database_flags = list(object({<br>      name  = string<br>      value = string<br>    }))<br>    ip_configuration = object({<br>      authorized_networks = list(map(string))<br>      ipv4_enabled        = bool<br>      private_network     = string<br>      require_ssl         = bool<br>      allocated_ip_range  = string<br>    })<br>    encryption_key_name = string<br>  }))</pre> | `[]` | no |
+| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = string<br>    availability_type     = string<br>    zone                  = string<br>    disk_type             = string<br>    disk_autoresize       = bool<br>    disk_autoresize_limit = number<br>    disk_size             = string<br>    user_labels           = map(string)<br>    database_flags = list(object({<br>      name  = string<br>      value = string<br>    }))<br>    insights_config = optional(object({<br>      query_string_length     = number<br>      record_application_tags = bool<br>      record_client_address   = bool<br>    }))<br>    ip_configuration = object({<br>      authorized_networks = list(map(string))<br>      ipv4_enabled        = bool<br>      private_network     = string<br>      require_ssl         = bool<br>      allocated_ip_range  = string<br>    })<br>    encryption_key_name = string<br>  }))</pre> | `[]` | no |
 | region | The region of the Cloud SQL resources | `string` | n/a | yes |
 | secondary\_zone | The preferred zone for the secondary/failover instance, it should be something like: `us-central1-a`, `us-east1-c`. | `string` | `null` | no |
 | tier | The tier for the master instance. | `string` | `"db-n1-standard-1"` | no |
diff --git a/modules/safer_mysql/variables.tf b/modules/safer_mysql/variables.tf
index f84868cc..1436691f 100644
--- a/modules/safer_mysql/variables.tf
+++ b/modules/safer_mysql/variables.tf
@@ -227,6 +227,11 @@ variable "read_replicas" {
       name  = string
       value = string
     }))
+    insights_config = optional(object({
+      query_string_length     = number
+      record_application_tags = bool
+      record_client_address   = bool
+    }))
     ip_configuration = object({
       authorized_networks = list(map(string))
       ipv4_enabled        = bool