hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.33k stars 1.74k forks source link

google_sql_database_instance accepts user_labels and not labels #19450

Open tibers opened 1 month ago

tibers commented 1 month ago

Community Note

Terraform Version & Provider Version(s)

Terraform cloud latest on

Affected Resource(s)

google_sql_database_instance accepts user_labels and not labels

Why is this a problem? If we write a sentinel policy which requires labels on things, I have one single resource which uses user_labels and not the standard labels.

See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance#user_labels

Terraform Configuration

Debug Output

No response

Expected Behavior

No response

Actual Behavior

No response

Steps to reproduce

  1. terraform apply

Important Factoids

No response

References

No response

ggtisc commented 1 month ago

Hi @tibers!

I tried to replicate this issue with the next code based on this example but the result was successful without errors:

resource "google_sql_database_instance" "sql_db_instance_19450" {
  name             = "sql-db-instance-19450"
  database_version = "MYSQL_8_0_31"
  deletion_protection = false
  settings {
    tier    = "db-perf-optimized-N-2"
    edition = "ENTERPRISE_PLUS"
    data_cache_config {
        data_cache_enabled = true
    }
    user_labels = {
      "foo" : "bar"
    }
  }
}

I suggest you to check the terraform registry and API documentation. But if you still continue with issues share your full code to check out what is happening.

SarahFrench commented 1 month ago

Hi @tibers - Thanks for opening this issue and I appreciate this resource being an outlier is irritating!

We discussed this internally and decided that we won't alter this resource to make the labels field be called 'labels' or be located at the top-level. Our reasoning is that we prefer to make resources in the provider resemble the resources in the API, and not deviate from that except when absolutely necessary. Unfortunately the SQL API is an old GCP API that predates the standards that make other APIs look so alike, hence the labels field being handled differently.

Are you able to write your Sentinel policy in a way that accommodates this resource as it currently behaves?