search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.27k stars 1.72k forks source link

Invalid Cloud SQL flag name on provider document #16941

Open gszzzzzz opened 7 months ago

gszzzzzz commented 7 months ago

The google_sql_user resource in the provider document explains the example of using the Cloud SQL IAM database authentication as following:

...

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "POSTGRES_15"

  settings {
    tier = "db-f1-micro"

    database_flags {
      name  = "cloudsql.iam_authentication" # <-- Here
      value = "on"
    }
  }
}

...

According to the documentation, the database flag name should be cloudsql_iam_authentication, not cloudsql.iam_authentication (notice the dot after 'cloudsql').

b/322961672

slevenick commented 7 months ago

It looks like we use these values in tests, and the tests are passing. Is there a reason you think that the shown value is invalid?

gszzzzzz commented 7 months ago

Hello. I actually didn't realized that the flag name is different for each database vendor. And as you said the part I mentioned (PostgreSQL) actually contains correct information, but MySQL example still points invalid flag name according to the documentation.

The official Cloud SQL MySQL document mentions this part:

You can enable IAM database authentication on an instance using the cloudsql_iam_authentication flag. Once you enable this flag, the instance enables logins from accounts that are configured for IAM database authentication.

And here's the PostgreSQL:

You can enable IAM database authentication on an instance using the cloudsql.iam_authentication flag. Once you enable this flag, the instance enables logins from accounts that are configured for IAM database authentication.

As we can see the document said we should be using the cloudsql_iam_authentication flag for the MySQL, and cloudsql.iam_authentication for PostgreSQL. But the google_sql_user guide says:

Example using Cloud SQL IAM Group authentication.

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "MYSQL_8_0"

  settings {
    tier = "db-f1-micro"

    database_flags {
      name  = "cloudsql.iam_authentication"
      value = "on"
    }
  }
}

I think it should be cloudsql_iam_authentication when the database is MySQL.

gszzzzzz commented 7 months ago

I guess the test were passed as it uses correct flag name:

func testGoogleSqlUser_iamGroupUser(instance string) string {
    return fmt.Sprintf(`
resource "google_sql_database_instance" "instance" {
  name                = "%s"
  region              = "us-central1"
  database_version    = "MYSQL_8_0"
  deletion_protection = false
  settings {
    tier = "db-f1-micro"
    database_flags {
      name  = "cloudsql_iam_authentication"
      value = "on"
    }
  }
}

resource "google_sql_user" "user" {
  name     = "iam-group-auth-test-group@google.com"
  instance = google_sql_database_instance.instance.name
  type     = "CLOUD_IAM_GROUP"
}
`, instance)
}

But the document had a typo:

resource "random_id" "db_name_suffix" {
  byte_length = 4
}

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "MYSQL_8_0"

  settings {
    tier = "db-f1-micro"

    database_flags {
      name  = "cloudsql.iam_authentication" # <-- Wrong!
      value = "on"
    }
  }
}

resource "google_sql_user" "iam_group_user" {
  name     = "iam_group@example.com"
  instance = google_sql_database_instance.main.name
  type     = "CLOUD_IAM_GROUP"
}
slevenick commented 7 months ago

Ok, feel free to open a PR correcting that!