1/**
2 * Copyright 2022 Google LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17```hcl
18data "google_project" "project" {
19}
20
21resource "google_sql_database_instance" "instance" {
22 name = "my-instance"
23 database_version = "MYSQL_8_0"
24 region = "us-central1"
25 settings {
26 tier = "db-f1-micro"
27 backup_configuration {
28 enabled = true
29 binary_log_enabled = true
30 }
31
32 ip_configuration {
33
34 // Datastream IPs will vary by region.
35 authorized_networks {
36 value = "34.71.242.81"
37 }
38
39 authorized_networks {
40 value = "34.72.28.29"
41 }
42
43 authorized_networks {
44 value = "34.67.6.157"
45 }
46
47 authorized_networks {
48 value = "34.67.234.134"
49 }
50
51 authorized_networks {
52 value = "34.72.239.218"
53 }
54 }
55 }
56
57 deletion_protection = true
58}
59
60resource "google_sql_database" "db" {
61 instance = google_sql_database_instance.instance.name
62 name = "db"
63}
64
65resource "random_password" "pwd" {
66 length = 16
67 special = false
68}
69
70resource "google_sql_user" "user" {
71 name = "user"
72 instance = google_sql_database_instance.instance.name
73 host = "%"
74 password = random_password.pwd.result
75}
76
77resource "google_datastream_connection_profile" "source_connection_profile" {
78 display_name = "Source connection profile"
79 location = "us-central1"
80 connection_profile_id = "source-profile"
81
82 mysql_profile {
83 hostname = google_sql_database_instance.instance.public_ip_address
84 username = google_sql_user.user.name
85 password = google_sql_user.user.password
86 }
87}
88
89resource "google_storage_bucket" "bucket" {
90 name = "my-bucket"
91 location = "US"
92 uniform_bucket_level_access = true
93}
94
95resource "google_storage_bucket_iam_member" "viewer" {
96 bucket = google_storage_bucket.bucket.name
97 role = "roles/storage.objectViewer"
98 member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datastream.iam.gserviceaccount.com"
99}
100
101resource "google_storage_bucket_iam_member" "creator" {
102 bucket = google_storage_bucket.bucket.name
103 role = "roles/storage.objectCreator"
104 member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datastream.iam.gserviceaccount.com"
105}
106
107resource "google_storage_bucket_iam_member" "reader" {
108 bucket = google_storage_bucket.bucket.name
109 role = "roles/storage.legacyBucketReader"
110 member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datastream.iam.gserviceaccount.com"
111}
112
113resource "google_kms_crypto_key_iam_member" "key_user" {
114 crypto_key_id = "kms-name"
115 role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
116 member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datastream.iam.gserviceaccount.com"
117}
118
119resource "google_datastream_connection_profile" "destination_connection_profile" {
120 display_name = "Connection profile"
121 location = "us-central1"
122 connection_profile_id = "destination-profile"
123
124 gcs_profile {
125 bucket = google_storage_bucket.bucket.name
126 root_path = "/path"
127 }
128}
129
130resource "google_datastream_stream" "default" {
131 depends_on = [
132 google_kms_crypto_key_iam_member.key_user
133 ]
134 stream_id = "my-stream"
135 desired_state = "NOT_STARTED"
136 location = "us-central1"
137 display_name = "my stream"
138 labels = {
139 key = "value"
140 }
141 source_config {
142 source_connection_profile = google_datastream_connection_profile.source_connection_profile.id
143 mysql_source_config {
144 include_objects {
145 mysql_databases {
146 database = "my-database"
147 mysql_tables {
148 table = "includedTable"
149 mysql_columns {
150 column = "includedColumn"
151 data_type = "VARCHAR"
152 collation = "utf8mb4"
153 primary_key = false
154 nullable = false
155 ordinal_position = 0
156 }
157 }
158 }
159 }
160 exclude_objects {
161 mysql_databases {
162 database = "my-database"
163 mysql_tables {
164 table = "excludedTable"
165 mysql_columns {
166 column = "excludedColumn"
167 data_type = "VARCHAR"
168 collation = "utf8mb4"
169 primary_key = false
170 nullable = false
171 ordinal_position = 0
172 }
173 }
174 }
175 }
176 max_concurrent_cdc_tasks = 5
177 }
178 }
179 destination_config {
180 destination_connection_profile = google_datastream_connection_profile.destination_connection_profile.id
181 gcs_destination_config {
182 path = "mydata"
183 file_rotation_mb = 200
184 file_rotation_interval = "60s"
185 json_file_format {
186 schema_file_format = "NO_SCHEMA_FILE"
187 compression = "GZIP"
188 }
189 }
190 }
191
192 backfill_all {
193 mysql_excluded_objects {
194 mysql_databases {
195 database = "my-database"
196 mysql_tables {
197 table = "excludedTable"
198 mysql_columns {
199 column = "excludedColumn"
200 data_type = "VARCHAR"
201 collation = "utf8mb4"
202 primary_key = false
203 nullable = false
204 ordinal_position = 0
205 }
206 }
207 }
208 }
209 }
210
211 customer_managed_encryption_key = "kms-name"
212}
213```
View as plain text