Add support for `sql_network_architecture` in CloudSQL instances

mbrancato commented 5 months ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

Creating a CloudSQL instance on an older VPC will result in the CloudSQL instance getting the "old" network architecture. This prevents using the database instance with other Google cloud services such as Vertex AI, Looker, etc. There is a process to upgrade the network architecture using gcloud, but it can also be set via the REST API.

The API uses the enum values:

OLD_NETWORK_ARCHITECTURE
NEW_NETWORK_ARCHITECTURE

All of this is described in the following documentation: https://cloud.google.com/sql/docs/postgres/upgrade-cloud-sql-instance-new-network-architecture

New or Affected Resource(s)

google_sql_database_instance

Potential Terraform Configuration

resource "google_sql_database_instance" "my_old_db" {
  name                = "olddb"
  deletion_protection = true
  database_version    = "POSTGRES_15"

  settings {
    tier = "db-custom-2-13312"
    ip_configuration {
      private_network          = "my-network"
      sql_network_architecture = "OLD_NETWORK_ARCHITECTURE"
    }
  }
}

resource "google_sql_database_instance" "my_new_db" {
  name                = "newdb"
  deletion_protection = true
  database_version    = "POSTGRES_15"

  settings {
    tier = "db-custom-2-13312"
    ip_configuration {
      private_network          = "my-network"
      sql_network_architecture = "NEW_NETWORK_ARCHITECTURE"
    }
  }
}

References

No response

b/329495078

roaks3 commented 5 months ago

Based on the API, this appears to be something that can be accomplished simply with a new field. There could be additional considerations needed for handling the upgrade without recreating the instance, but I can't quite tell from the API alone.

marblejenka commented 1 month ago

I have tried to implement what this issue would expect, but it seems that it is not possible to create a Cloud SQL instance with the old network architecture. This is a blocker for implementing this feature from a testability perspective.

roaks3 commented 1 month ago

@marblejenka purely for testing the behavior, you may be able to use one of the networks in our test environment that are older (for example, the default network is from 2017; let me know if you need another option though). However, it does look like a test like this would eventually begin failing (at some point), so I would probably recommend writing a test that is skipped. That way, we know what it should be doing and how it can be tested, but we don't need to rely on old networks being kept around in our continuous test environments.

hashicorp / terraform-provider-google