setting cloudsql.logical_decoding flag fails

villesau commented 1 year ago

TL;DR

I'm getting:

│ Error: Error, failed to update instance settings for : googleapi: Error 400: Value requested is not valid. Cannot change flag cloudsql.logical_decoding to value [default] on replica (asdasd) when value is on on primary (dsadsa)., invalidFlagValue

on second terraform apply when setting: database_flags = [{ name = "cloudsql.iam_authentication", value = "on" }, { name = "cloudsql.logical_decoding", value = "on" }] First run succeeds.

Expected behavior

It should consistently succeed.

Observed behavior

When running terraform apply first time when setting the flag, everything goes as expected. When running for the second time, the replica database detects changes and tries to apply changes to replica db:

  ~ resource "google_sql_database_instance" "replicas" {
        id                             = "replica-db"
        name                           = "replica-db"
        # (14 unchanged attributes hidden)

      ~ settings {
            # (11 unchanged attributes hidden)

          ~ database_flags {
              ~ name  = "cloudsql.logical_decoding" -> "cloudsql.iam_authentication"
                # (1 unchanged attribute hidden)
            }
          - database_flags {
              - name  = "cloudsql.iam_authentication" -> null
              - value = "on" -> null
            }

            # (4 unchanged blocks hidden)
        }

        # (2 unchanged blocks hidden)
    }

Terraform Configuration

module "pg" {
  source               = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
  version              = "13.0.1"
  name                 = var.name
  random_instance_name = true
  project_id           = var.project_id
  database_version     = var.database_version
  region               = var.region

  tier                            = var.tier
  zone                            = var.zone
  availability_type               = var.availability_type
  maintenance_window_day          = 7
  maintenance_window_hour         = 3
  maintenance_window_update_track = "stable"

  deletion_protection = true

  database_flags = [{ name = "cloudsql.iam_authentication", value = "on" }, { name = "cloudsql.logical_decoding", value = "on" }]

  ip_configuration = {
    ipv4_enabled        = false
    require_ssl         = false
    private_network     = var.network_self_link
    authorized_networks = []
    allocated_ip_range  = null
  }

  enable_default_user = false
  enable_default_db   = true
  db_name             = local.database_name
  read_replicas = [{
    name              = "-0"
    tier              = var.tier
    zone              = var.replica_zone
    availability_type = "ZONAL"
    # https://cloud.google.com/sql/docs/postgres/replication/create-replica#configure_iam_replicas
    database_flags = [{ name = "cloudsql.iam_authentication", value = "on" }]
    disk_type      = "PD_HDD"
    user_labels    = {}
  }]
}

Terraform Version

v1.0.11

Additional information

No response

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

villesau commented 1 year ago

This apparently happens when there's a discrepancy between replica and primary db flags. However, it is not clear from the error message, and if replica and primary needs the same flags, those should be duplicated in the background rather than setting explicitly for the instances.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

villesau commented 1 year ago

Still valid.

github-actions[bot] commented 11 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

terraform-google-modules / terraform-google-sql-db