From 060f283652bc1b7bf82dde5a894986ea823e49f9 Mon Sep 17 00:00:00 2001
From: "David H. Irving" <david.irving@noirlab.edu>
Date: Wed, 15 Jan 2025 14:22:24 -0700
Subject: [PATCH 1/4] Set default values for DP02 Cloud SQL

For DP02 SQL configuration that is expected to be identical on all three environments, use the default value specified in variables.tf instead of explicitly specifying it in each configuration.  This will make it easier to keep the configuration in sync.
---
 .../deployments/science-platform/cloudsql/variables.tf |  9 ++++++---
 .../science-platform/env/dev-cloudsql.tfvars           | 10 ----------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/environment/deployments/science-platform/cloudsql/variables.tf b/environment/deployments/science-platform/cloudsql/variables.tf
index 1de10fb9..04f30921 100644
--- a/environment/deployments/science-platform/cloudsql/variables.tf
+++ b/environment/deployments/science-platform/cloudsql/variables.tf
@@ -149,13 +149,16 @@ variable "butler_registry_dp02_database_flags" {
     name  = string
     value = string
   }))
-  default = []
+  default = [
+    { name = "max_connections", value = "400" },
+    { name = "password_encryption", value = "scram-sha-256" }
+  ]
 }
 
 variable "butler_registry_dp02_disk_size" {
   description = "The disk size for the instance in GB.  This value is ignored after initial provisioning with a terraform lifecycle policy in Google module.  This is needed because of auto storage increase is enabled."
   type        = number
-  default     = 100
+  default     = 700
 }
 
 variable "butler_registry_dp02_disk_type" {
@@ -174,7 +177,7 @@ variable "butler_registry_dp02_edition" {
 variable "butler_registry_dp02_require_ssl" {
   description = "True if the instance should require SSL/TLS for users connecting over IP. Note: SSL/TLS is needed to provide security when you connect to Cloud SQL using IP addresses. If you are connecting to your instance only by using the Cloud SQL Proxy or the Java Socket Library, you do not need to configure your instance to use SSL/TLS."
   type        = bool
-  default     = true
+  default     = false
 }
 
 variable "butler_registry_dp02_ipv4_enabled" {
diff --git a/environment/deployments/science-platform/env/dev-cloudsql.tfvars b/environment/deployments/science-platform/env/dev-cloudsql.tfvars
index 65e843de..6fed9ae9 100644
--- a/environment/deployments/science-platform/env/dev-cloudsql.tfvars
+++ b/environment/deployments/science-platform/env/dev-cloudsql.tfvars
@@ -19,17 +19,7 @@ butler_registry_backups_point_in_time_recovery_enabled = true
 
 # Butler Registry DP02 Database
 butler_registry_dp02_db_name          = "butler-registry-dp02-dev"
-butler_registry_dp02_database_version = "POSTGRES_16"
 butler_registry_dp02_tier             = "db-custom-2-7680"
-butler_registry_dp02_require_ssl      = false
-butler_registry_dp02_disk_size        = 700
-butler_registry_dp02_database_flags = [
-  { name = "max_connections", value = "400" },
-  { name = "password_encryption", value = "scram-sha-256" }
-]
-butler_registry_dp02_edition                                = "ENTERPRISE"
-butler_registry_dp02_ipv4_enabled                           = false
-butler_registry_dp02_ssl_mode                               = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
 butler_registry_dp02_db_maintenance_window_day              = 1
 butler_registry_dp02_db_maintenance_window_hour             = 23
 butler_registry_dp02_db_maintenance_window_update_track     = "stable"

From fac006f46624490cd8843d36b32efddfb8e3e1f4 Mon Sep 17 00:00:00 2001
From: "David H. Irving" <david.irving@noirlab.edu>
Date: Wed, 15 Jan 2025 15:11:07 -0700
Subject: [PATCH 2/4] Add moved block to prevent SQL instance deletion

---
 environment/deployments/science-platform/cloudsql/main.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/environment/deployments/science-platform/cloudsql/main.tf b/environment/deployments/science-platform/cloudsql/main.tf
index 0c5a0984..f35d2716 100644
--- a/environment/deployments/science-platform/cloudsql/main.tf
+++ b/environment/deployments/science-platform/cloudsql/main.tf
@@ -66,6 +66,13 @@ module "db_butler_registry_dp02" {
   }
 }
 
+moved {
+  # The 'count' parameter to this module was added after it was already
+  # deployed to dev.
+  from = module.db_butler_registry_dp02
+  to = module.db_butler_registry_dp02[0]
+}
+
 resource "random_password" "gafaelfawr" {
   length  = 24
   numeric = true

From 3ea6a08ebb049c55c9f4054c5e0ff56cd65e816d Mon Sep 17 00:00:00 2001
From: "David H. Irving" <david.irving@noirlab.edu>
Date: Wed, 15 Jan 2025 15:23:00 -0700
Subject: [PATCH 3/4] Add Butler DP02 database to idfint

---
 .../science-platform/env/integration-cloudsql.tfvars   | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/environment/deployments/science-platform/env/integration-cloudsql.tfvars b/environment/deployments/science-platform/env/integration-cloudsql.tfvars
index 5eaa06b9..d3945125 100644
--- a/environment/deployments/science-platform/env/integration-cloudsql.tfvars
+++ b/environment/deployments/science-platform/env/integration-cloudsql.tfvars
@@ -16,8 +16,14 @@ butler_registry_db_maintenance_window_update_track     = "canary"
 butler_registry_backups_enabled                        = true
 butler_registry_backups_point_in_time_recovery_enabled = true
 
-# Butler Registry DP02
-butler_registry_dp02_enable = false
+# Butler Registry DP02 Database
+butler_registry_dp02_db_name          = "butler-registry-dp02-int"
+butler_registry_dp02_tier             = "db-custom-2-7680"
+butler_registry_dp02_db_maintenance_window_day              = 2
+butler_registry_dp02_db_maintenance_window_hour             = 23
+butler_registry_dp02_db_maintenance_window_update_track     = "stable"
+butler_registry_dp02_backups_enabled                        = false
+butler_registry_dp02_backups_point_in_time_recovery_enabled = false
 
 # Science Platform Database
 science_platform_db_maintenance_window_day  = 2

From 0be9acfae1723b7b6b09be7628331729ad56a0d3 Mon Sep 17 00:00:00 2001
From: "David H. Irving" <david.irving@noirlab.edu>
Date: Fri, 17 Jan 2025 11:04:32 -0700
Subject: [PATCH 4/4] Set up an internal domain name for DP02 database

Add a private DNS name for the DP02 Cloud SQL instance to the VPC, so we don't have to hard-code IP addresses in configuration.
---
 .../science-platform/cloudsql/main.tf         | 25 +++++++++++++++++++
 .../science-platform/env/dev-cloudsql.tfvars  |  2 +-
 .../env/integration-cloudsql.tfvars           |  2 +-
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/environment/deployments/science-platform/cloudsql/main.tf b/environment/deployments/science-platform/cloudsql/main.tf
index f35d2716..6015c24b 100644
--- a/environment/deployments/science-platform/cloudsql/main.tf
+++ b/environment/deployments/science-platform/cloudsql/main.tf
@@ -73,6 +73,31 @@ moved {
   to = module.db_butler_registry_dp02[0]
 }
 
+resource "google_dns_managed_zone" "sql_private_zone" {
+  name        = "sql-private-zone"
+  dns_name    = "rsp-sql-${var.environment}.internal."
+  description = "DNS Zone containing domain names used to access internal databases."
+
+  visibility = "private"
+
+  private_visibility_config {
+    networks {
+      network_url = data.google_compute_network.network.id
+    }
+  }
+}
+
+resource "google_dns_record_set" "dp02" {
+  count  = var.butler_registry_dp02_enable ? 1 : 0
+
+  managed_zone = google_dns_managed_zone.sql_private_zone.name
+  name         = "dp02.${google_dns_managed_zone.sql_private_zone.dns_name}"
+  type         = "A"
+  rrdatas      = [module.db_butler_registry_dp02[0].private_ip_address]
+  ttl          = 1800
+}
+
+
 resource "random_password" "gafaelfawr" {
   length  = 24
   numeric = true
diff --git a/environment/deployments/science-platform/env/dev-cloudsql.tfvars b/environment/deployments/science-platform/env/dev-cloudsql.tfvars
index 6fed9ae9..34b9c7a2 100644
--- a/environment/deployments/science-platform/env/dev-cloudsql.tfvars
+++ b/environment/deployments/science-platform/env/dev-cloudsql.tfvars
@@ -33,4 +33,4 @@ science_platform_db_maintenance_window_update_track = "canary"
 science_platform_backups_enabled                    = true
 
 # Increase this number to force Terraform to update the dev environment.
-# Serial: 20
+# Serial: 21
diff --git a/environment/deployments/science-platform/env/integration-cloudsql.tfvars b/environment/deployments/science-platform/env/integration-cloudsql.tfvars
index d3945125..96a8bc3b 100644
--- a/environment/deployments/science-platform/env/integration-cloudsql.tfvars
+++ b/environment/deployments/science-platform/env/integration-cloudsql.tfvars
@@ -31,4 +31,4 @@ science_platform_db_maintenance_window_hour = 22
 science_platform_backups_enabled            = true
 
 # Increase this number to force Terraform to update the int environment.
-# Serial: 8
+# Serial: 9