diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 9b5e158dc..0162ba0bd 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -26,7 +26,7 @@ jobs: - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v2.0.0 with: # TODO: extract terraform from the tf file when we have pinned - terraform_version: 1.9.5 + terraform_version: 1.9.4 - name: Terraform fmt id: fmt @@ -46,7 +46,7 @@ jobs: - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v2.0.0 with: # TODO: extract terraform from the tf file when we have pinned - terraform_version: 1.9.5 + terraform_version: 1.9.4 - name: Terraform init id: init diff --git a/terraform/gcp/modules/argocd/versions.tf b/terraform/gcp/modules/argocd/versions.tf index 54d142c2d..718c172e3 100644 --- a/terraform/gcp/modules/argocd/versions.tf +++ b/terraform/gcp/modules/argocd/versions.tf @@ -15,7 +15,7 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { kubectl = { @@ -24,7 +24,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.15.0" + version = "2.14.1" } } } diff --git a/terraform/gcp/modules/audit/versions.tf b/terraform/gcp/modules/audit/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/audit/versions.tf +++ b/terraform/gcp/modules/audit/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/bastion/versions.tf b/terraform/gcp/modules/bastion/versions.tf index c557d9945..a384bb256 100644 --- a/terraform/gcp/modules/bastion/versions.tf +++ b/terraform/gcp/modules/bastion/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } random = { diff --git a/terraform/gcp/modules/ca/versions.tf b/terraform/gcp/modules/ca/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/ca/versions.tf +++ b/terraform/gcp/modules/ca/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/ctlog/versions.tf b/terraform/gcp/modules/ctlog/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/ctlog/versions.tf +++ b/terraform/gcp/modules/ctlog/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/dex/versions.tf b/terraform/gcp/modules/dex/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/dex/versions.tf +++ b/terraform/gcp/modules/dex/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/external_secrets/versions.tf b/terraform/gcp/modules/external_secrets/versions.tf index 2fb96ba82..b33e111f7 100644 --- a/terraform/gcp/modules/external_secrets/versions.tf +++ b/terraform/gcp/modules/external_secrets/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } kubectl = { @@ -28,7 +28,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.15.0" + version = "2.14.1" } } } diff --git a/terraform/gcp/modules/fulcio/versions.tf b/terraform/gcp/modules/fulcio/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/fulcio/versions.tf +++ b/terraform/gcp/modules/fulcio/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/gke_cluster/versions.tf b/terraform/gcp/modules/gke_cluster/versions.tf index 8c8c648bd..2955aa17b 100644 --- a/terraform/gcp/modules/gke_cluster/versions.tf +++ b/terraform/gcp/modules/gke_cluster/versions.tf @@ -15,15 +15,15 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } google-beta = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google-beta" } random = { diff --git a/terraform/gcp/modules/monitoring/dex/versions.tf b/terraform/gcp/modules/monitoring/dex/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/dex/versions.tf +++ b/terraform/gcp/modules/monitoring/dex/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/fulcio/versions.tf b/terraform/gcp/modules/monitoring/fulcio/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/fulcio/versions.tf +++ b/terraform/gcp/modules/monitoring/fulcio/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/infra/versions.tf b/terraform/gcp/modules/monitoring/infra/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/infra/versions.tf +++ b/terraform/gcp/modules/monitoring/infra/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/prober/versions.tf b/terraform/gcp/modules/monitoring/prober/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/prober/versions.tf +++ b/terraform/gcp/modules/monitoring/prober/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/rekor/versions.tf b/terraform/gcp/modules/monitoring/rekor/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/rekor/versions.tf +++ b/terraform/gcp/modules/monitoring/rekor/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/slo/versions.tf b/terraform/gcp/modules/monitoring/slo/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/slo/versions.tf +++ b/terraform/gcp/modules/monitoring/slo/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/monitoring/versions.tf b/terraform/gcp/modules/monitoring/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/monitoring/versions.tf +++ b/terraform/gcp/modules/monitoring/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/mysql-shard/mysql.tf b/terraform/gcp/modules/mysql-shard/mysql.tf index db0d44657..6d781f3e6 100644 --- a/terraform/gcp/modules/mysql-shard/mysql.tf +++ b/terraform/gcp/modules/mysql-shard/mysql.tf @@ -39,6 +39,7 @@ resource "google_sql_database_instance" "trillian" { ip_configuration { ipv4_enabled = var.ipv4_enabled private_network = var.network + require_ssl = var.require_ssl ssl_mode = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED" } @@ -79,6 +80,7 @@ resource "google_sql_database_instance" "read_replica" { ip_configuration { ipv4_enabled = var.ipv4_enabled private_network = var.network + require_ssl = var.require_ssl ssl_mode = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED" } diff --git a/terraform/gcp/modules/mysql-shard/versions.tf b/terraform/gcp/modules/mysql-shard/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/mysql-shard/versions.tf +++ b/terraform/gcp/modules/mysql-shard/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/mysql/mysql.tf b/terraform/gcp/modules/mysql/mysql.tf index 137da9ca5..8b50ec4e7 100644 --- a/terraform/gcp/modules/mysql/mysql.tf +++ b/terraform/gcp/modules/mysql/mysql.tf @@ -125,6 +125,7 @@ resource "google_sql_database_instance" "sigstore" { ip_configuration { ipv4_enabled = var.ipv4_enabled private_network = var.network + require_ssl = var.require_ssl ssl_mode = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED" } @@ -172,6 +173,7 @@ resource "google_sql_database_instance" "read_replica" { ip_configuration { ipv4_enabled = var.ipv4_enabled private_network = var.network + require_ssl = var.require_ssl ssl_mode = var.require_ssl ? "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" : "ALLOW_UNENCRYPTED_AND_ENCRYPTED" } diff --git a/terraform/gcp/modules/mysql/versions.tf b/terraform/gcp/modules/mysql/versions.tf index c557d9945..a384bb256 100644 --- a/terraform/gcp/modules/mysql/versions.tf +++ b/terraform/gcp/modules/mysql/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } random = { diff --git a/terraform/gcp/modules/network/versions.tf b/terraform/gcp/modules/network/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/network/versions.tf +++ b/terraform/gcp/modules/network/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/oslogin/versions.tf b/terraform/gcp/modules/oslogin/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/oslogin/versions.tf +++ b/terraform/gcp/modules/oslogin/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/project_roles/versions.tf b/terraform/gcp/modules/project_roles/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/project_roles/versions.tf +++ b/terraform/gcp/modules/project_roles/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/redis/versions.tf b/terraform/gcp/modules/redis/versions.tf index c557d9945..a384bb256 100644 --- a/terraform/gcp/modules/redis/versions.tf +++ b/terraform/gcp/modules/redis/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } random = { diff --git a/terraform/gcp/modules/rekor/versions.tf b/terraform/gcp/modules/rekor/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/rekor/versions.tf +++ b/terraform/gcp/modules/rekor/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/sigstore/versions.tf b/terraform/gcp/modules/sigstore/versions.tf index f41f223ae..e690d1055 100644 --- a/terraform/gcp/modules/sigstore/versions.tf +++ b/terraform/gcp/modules/sigstore/versions.tf @@ -15,15 +15,15 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } google-beta = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google-beta" } } diff --git a/terraform/gcp/modules/timestamp/versions.tf b/terraform/gcp/modules/timestamp/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/timestamp/versions.tf +++ b/terraform/gcp/modules/timestamp/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } } diff --git a/terraform/gcp/modules/tuf/versions.tf b/terraform/gcp/modules/tuf/versions.tf index 0fde56345..fbf4dd4ff 100644 --- a/terraform/gcp/modules/tuf/versions.tf +++ b/terraform/gcp/modules/tuf/versions.tf @@ -15,11 +15,11 @@ */ terraform { - required_version = "1.9.5" + required_version = "1.9.4" required_providers { google = { - version = "6.2.0" + version = "5.40.0" source = "hashicorp/google" } }