search

terraform-google-modules / terraform-google-sql-db

Creates a Cloud SQL database instance
https://registry.terraform.io/modules/terraform-google-modules/sql-db/google
Apache License 2.0
263 stars 422 forks source link

Every run reports resource must be replaced even with no changes #603

Closed mmllc-jsilverman closed 1 month ago

mmllc-jsilverman commented 4 months ago

TL;DR

Every run, the private_service_access submodule wants to destroy and recreate the PSA. Previously this was fine (albeit annoying) but now I'm having race condition type issues where the IP address is not deleted before being recreated.

Expected behavior

No changes to this module implementation means Terraform should report no changes need to be made

Observed behavior

+/- resource "google_service_networking_connection" "private_service_access" {
      ~ id                      = "https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Fmy-proj-dev%2Fglobal%2Fnetworks%2Fdev-12:servicenetworking.googleapis.com" -> (known after apply)
      ~ network                 = "https://www.googleapis.com/compute/v1/projects/my-proj-dev/global/networks/dev-12" -> (known after apply) # forces replacement
      ~ peering                 = "servicenetworking-googleapis-com" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Terraform Configuration

"private-service-access-gke" {
  source  = "GoogleCloudPlatform/sql-db/google//modules/private_service_access"
  version = "~>20"
  project_id  = var.project_id
  vpc_network = module.gke-private-cluster-0.network_name
  depends_on = [
    module.gke-private-cluster-0,
  ]
}

Terraform Version

Terraform v1.7.5

Additional information

This is just one example of this issue; I use this submodule extensively, though, and the "forces replacement" notice happens on every run, for every implementation, for versions of this module from 0.13 thru 0.20

imrannayer commented 4 months ago

Can you pass vpc_network directly or some other way instead of getting it from GKE module? Following line is causing it to recreate private service access. Private service access module is working fine. 

vpc_network = module.gke-private-cluster-0.network_name
mmllc-jsilverman commented 4 months ago

Can you pass vpc_network directly or some other way instead of getting it from GKE module? Following line is causing it to recreate private service access. Private service access module is working fine.

vpc_network = module.gke-private-cluster-0.network_name

thank you, I'll try this and report back

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

mmllc-jsilverman commented 1 month ago

sorry for my delayed response! I have tried, as advised, to simplify the network name being provided and I still constantly have terraform want to delete and recreate private service access connections. I am unsure what I am doing wrong. I've even tried a hard-coded string for the var.vpc_network value. For example:

module "private-service-access-backend" {
  depends_on  = [module.services-backend]
  source      = "GoogleCloudPlatform/sql-db/google//modules/private_service_access"
  version     = "~> 20.0"
  project_id  = local.project
  vpc_network = "my-network-name"
}

This still has terraform trying to delete and recreate this resource. This is extra bad now because I've upgraded other modules and providers and now I'm hitting this bug as well: https://github.com/hashicorp/terraform-provider-google/issues/16275 (which is supposed to be resolved but doesn't seem to be)

I'm going to see what happens when I just create the underlying resources directly and skip the use of this module.

mmllc-jsilverman commented 1 month ago

and as a follow up to the follow up: when I implement the resources individually, terraform no longer wants to recreate them. I do not know why this module fails in my environment.