From 26335b271b0da58cd28309422cb701d7c4ba2f0d Mon Sep 17 00:00:00 2001
From: Matthew Sharkey <matthew.sharkey@buildertrend.com>
Date: Thu, 9 Oct 2025 12:48:51 -0500
Subject: [PATCH 1/3] add psc input mssql

---
 .gitignore                 |  2 ++
 chefignore                 |  2 ++
 kitchen.yml                | 15 +++++++++++++++
 modules/mssql/README.md    |  3 ++-
 modules/mssql/main.tf      |  7 +++++++
 modules/mssql/outputs.tf   |  5 +++++
 modules/mssql/variables.tf |  4 ++++
 7 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 chefignore
 create mode 100644 kitchen.yml

diff --git a/.gitignore b/.gitignore
index 921728e8..c4bdb9e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@
 .idea
 .kitchen
 credentials.json
+.kitchen/
+.kitchen.local.yml
diff --git a/chefignore b/chefignore
new file mode 100644
index 00000000..77924ab1
--- /dev/null
+++ b/chefignore
@@ -0,0 +1,2 @@
+.kitchen
+kitchen*.yml
\ No newline at end of file
diff --git a/kitchen.yml b/kitchen.yml
new file mode 100644
index 00000000..cf5444bc
--- /dev/null
+++ b/kitchen.yml
@@ -0,0 +1,15 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_solo
+
+platforms:
+  - name: ubuntu-20.04
+  - name: centos-8
+
+suites:
+  - name: default
+    run_list:
+    attributes:
diff --git a/modules/mssql/README.md b/modules/mssql/README.md
index 4b977b8f..03ee17d9 100644
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
@@ -62,7 +62,7 @@ module "mssql" {
 | follow\_gae\_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | `string` | `null` | no |
 | insights\_config | The insights\_config settings for the database. | <pre>object({<br>    query_plans_per_minute  = optional(number, 5)<br>    query_string_length     = optional(number, 1024)<br>    record_application_tags = optional(bool, false)<br>    record_client_address   = optional(bool, false)<br>  })</pre> | `null` | no |
 | instance\_type | The type of the instance. The supported values are SQL\_INSTANCE\_TYPE\_UNSPECIFIED, CLOUD\_SQL\_INSTANCE, ON\_PREMISES\_INSTANCE and READ\_REPLICA\_INSTANCE. Set to READ\_REPLICA\_INSTANCE when primary\_instance\_name is provided | `string` | `"CLOUD_SQL_INSTANCE"` | no |
-| ip\_configuration | The ip configuration for the Cloud SQL instances. | <pre>object({<br>    authorized_networks = optional(list(map(string)), [])<br>    ipv4_enabled        = optional(bool)<br>    private_network     = optional(string)<br>    allocated_ip_range  = optional(string)<br>    ssl_mode            = optional(string)<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "ssl_mode": null<br>}</pre> | no |
+| ip\_configuration | The ip configuration for the Cloud SQL instances. | <pre>object({<br>    authorized_networks = optional(list(map(string)), [])<br>    ipv4_enabled        = optional(bool)<br>    private_network     = optional(string)<br>    allocated_ip_range  = optional(string)<br>    ssl_mode            = optional(string)<br>    psc_enabled         = optional(bool, false)<br>    psc_allowed_consumer_projects = optional(list(string), [])<br>  })</pre> | <pre>{<br>  "allocated_ip_range": null,<br>  "authorized_networks": [],<br>  "ipv4_enabled": true,<br>  "private_network": null,<br>  "psc_allowed_consumer_projects": [],<br>  "psc_enabled": false,<br>  "ssl_mode": null<br>}</pre> | no |
 | maintenance\_version | The current software version on the instance. This attribute can not be set during creation. Refer to available\_maintenance\_versions attribute to see what maintenance\_version are available for upgrade. When this attribute gets updated, it will cause an instance restart. Setting a maintenance\_version value that is older than the current one on the instance will be ignored | `string` | `null` | no |
 | maintenance\_window\_day | The day of week (1-7) for the Cloud SQL maintenance. | `number` | `1` | no |
 | maintenance\_window\_hour | The hour of day (0-23) maintenance window for the Cloud SQL maintenance. | `number` | `23` | no |
@@ -97,6 +97,7 @@ module "mssql" {
 | instance\_connection\_name | The connection name of the master instance to be used in connection strings |
 | instance\_first\_ip\_address | The first IPv4 address of the addresses assigned. |
 | instance\_name | The instance name for the master instance |
+| instance\_psc\_attachment | The psc\_service\_attachment\_link created for the master instance |
 | instance\_self\_link | The URI of the master instance |
 | instance\_server\_ca\_cert | The CA certificate information used to connect to the SQL instance via SSL |
 | instance\_service\_account\_email\_address | The service account email address assigned to the master instance |
diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf
index c5756c6a..218cdb12 100644
--- a/modules/mssql/main.tf
+++ b/modules/mssql/main.tf
@@ -113,6 +113,13 @@ resource "google_sql_database_instance" "default" {
             value           = lookup(authorized_networks.value, "value", null)
           }
         }
+        dynamic "psc_config" {
+          for_each = ip_configuration.value.psc_enabled ? ["psc_enabled"] : []
+          content {
+            psc_enabled               = ip_configuration.value.psc_enabled
+            allowed_consumer_projects = ip_configuration.value.psc_allowed_consumer_projects
+          }
+        }
       }
     }
 
diff --git a/modules/mssql/outputs.tf b/modules/mssql/outputs.tf
index 4a143876..9633ae02 100644
--- a/modules/mssql/outputs.tf
+++ b/modules/mssql/outputs.tf
@@ -79,6 +79,11 @@ output "root_password" {
   sensitive   = true
 }
 
+output "instance_psc_attachment" {
+  value       = google_sql_database_instance.default.psc_service_attachment_link
+  description = "The psc_service_attachment_link created for the master instance"
+}
+
 // Resources
 output "primary" {
   value       = google_sql_database_instance.default
diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf
index fb1ddf98..2c511d5f 100644
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
@@ -209,6 +209,8 @@ variable "ip_configuration" {
     private_network     = optional(string)
     allocated_ip_range  = optional(string)
     ssl_mode            = optional(string)
+    psc_enabled         = optional(bool, false)
+    psc_allowed_consumer_projects = optional(list(string), [])
   })
   default = {
     authorized_networks = []
@@ -216,6 +218,8 @@ variable "ip_configuration" {
     private_network     = null
     allocated_ip_range  = null
     ssl_mode            = null
+    psc_enabled         = false
+    psc_allowed_consumer_projects = []
   }
 }
 

From 7de9356086e795073a9acc45abcf881b4f9c92f1 Mon Sep 17 00:00:00 2001
From: Matthew Sharkey <matthew.sharkey@buildertrend.com>
Date: Thu, 9 Oct 2025 12:55:45 -0500
Subject: [PATCH 2/3] fix whitespace

---
 modules/mssql/variables.tf | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf
index 2c511d5f..4b373e1e 100644
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
@@ -204,21 +204,21 @@ variable "user_labels" {
 variable "ip_configuration" {
   description = "The ip configuration for the Cloud SQL instances."
   type = object({
-    authorized_networks = optional(list(map(string)), [])
-    ipv4_enabled        = optional(bool)
-    private_network     = optional(string)
-    allocated_ip_range  = optional(string)
-    ssl_mode            = optional(string)
-    psc_enabled         = optional(bool, false)
+    authorized_networks           = optional(list(map(string)), [])
+    ipv4_enabled                  = optional(bool)
+    private_network               = optional(string)
+    allocated_ip_range            = optional(string)
+    ssl_mode                      = optional(string)
+    psc_enabled                   = optional(bool, false)
     psc_allowed_consumer_projects = optional(list(string), [])
   })
   default = {
     authorized_networks = []
-    ipv4_enabled        = true
-    private_network     = null
-    allocated_ip_range  = null
-    ssl_mode            = null
-    psc_enabled         = false
+    ipv4_enabled                  = true
+    private_network               = null
+    allocated_ip_range            = null
+    ssl_mode                      = null
+    psc_enabled                   = false
     psc_allowed_consumer_projects = []
   }
 }

From ae5b7d10d62a77fd7d4260fa6e67144ee4eb5031 Mon Sep 17 00:00:00 2001
From: Matthew Sharkey <matthew.sharkey@buildertrend.com>
Date: Thu, 9 Oct 2025 14:32:52 -0500
Subject: [PATCH 3/3] removed unintended changes

---
 .gitignore  |  2 --
 chefignore  |  2 --
 kitchen.yml | 15 ---------------
 3 files changed, 19 deletions(-)
 delete mode 100644 chefignore
 delete mode 100644 kitchen.yml

diff --git a/.gitignore b/.gitignore
index c4bdb9e4..921728e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,5 +7,3 @@
 .idea
 .kitchen
 credentials.json
-.kitchen/
-.kitchen.local.yml
diff --git a/chefignore b/chefignore
deleted file mode 100644
index 77924ab1..00000000
--- a/chefignore
+++ /dev/null
@@ -1,2 +0,0 @@
-.kitchen
-kitchen*.yml
\ No newline at end of file
diff --git a/kitchen.yml b/kitchen.yml
deleted file mode 100644
index cf5444bc..00000000
--- a/kitchen.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-driver:
-  name: vagrant
-
-provisioner:
-  name: chef_solo
-
-platforms:
-  - name: ubuntu-20.04
-  - name: centos-8
-
-suites:
-  - name: default
-    run_list:
-    attributes: