search

terraform-google-modules / terraform-google-sql-db

Creates a Cloud SQL database instance
https://registry.terraform.io/modules/terraform-google-modules/sql-db/google
Apache License 2.0
265 stars 427 forks source link

Infinite drift on `insights_config` #623

Closed lra closed 2 months ago

lra commented 3 months ago

TL;DR

Some of our servers without insights_config enabled started showing a drift when planning. We have no way to remove this drift.

We have no way to have a clean plan anymore because the module cannot let us set a disabled insights_config block like:

          insights_config {
              query_insights_enabled  = false
              query_plans_per_minute  = 0
              query_string_length     = 0
              record_application_tags = false
              record_client_address   = false
          }

Expected behavior

Plan should be empty on google_sql_database_instance.

Observed behavior

We get the following plan:

Terraform will perform the following actions:

  # module.stack.module.postgresql["zoom-queue"].module.postgres.google_sql_database_instance.default will be updated in-place
  ~ resource "google_sql_database_instance" "default" {
        id                             = "zoom-queue"
        name                           = "zoom-queue"
        # (18 unchanged attributes hidden)

      ~ settings {
            # (16 unchanged attributes hidden)

          - insights_config {
              - query_insights_enabled  = false -> null
              - query_plans_per_minute  = 0 -> null
              - query_string_length     = 0 -> null
              - record_application_tags = false -> null
              - record_client_address   = false -> null
            }

            # (5 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Terraform Configuration

module "postgres" {
  source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
  version = "~> 20.2"

  name                 = var.pg_server_name
  random_instance_name = false
  project_id           = var.project_id
  database_version     = var.database_version
  region               = var.region
  tier                 = var.primary_tier
  zone                 = var.primary_zone
  availability_type               = var.primary_availability_type
  maintenance_window_day          = 7
  maintenance_window_hour         = 9
  maintenance_window_update_track = "stable"
  database_flags                  = var.database_flags
  ip_configuration = {
    ipv4_enabled        = true
    require_ssl         = var.ssl_mode == "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" ? true : false
    ssl_mode            = var.ssl_mode
    private_network     = var.private_network == "" ? null : var.private_network
    authorized_networks = var.ip_allow_list
    allocated_ip_range  = null
  }
  backup_configuration = {
    enabled                        = var.enable_backup
    start_time                     = "20:55"
    point_in_time_recovery_enabled = var.enable_backup
    retained_backups               = 30
    retention_unit                 = "COUNT"
    transaction_log_retention_days = 7
  }
  db_name              = var.pg_db_name
  db_charset           = "UTF8"
  db_collation         = "en_US.UTF8"
  deletion_protection  = false
  user_name            = var.username
  user_password        = module.postgres_passwords.secret
  additional_users     = [for u in var.additional_users : { name = u, password = random_id.user_passwords[u].hex, random_password = false }]
  additional_databases = [for db in var.additional_databases : { name = db, charset = "UTF8", collation = "en_US.UTF8" }]
}

Terraform Version

Terraform v1.9.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v5.38.0
+ provider registry.terraform.io/hashicorp/google-beta v5.38.0

Additional information

The weird part is that we have multiple projects, and it only happens on 50+ databases of 1 project. The same databases on different project without insights_config is not returning this query_insights_enabled = false block. So this must be the google API returning inconsistant results.

The only workaround we found so far is to enable query_insights_enabled on every server, even when we don't need it.

eliranw commented 3 months ago

+1

imrannayer commented 2 months ago

@lra It seems like a provider issue. There is already a bug open for the provider. Can all of you plz upvote this issue. If you have any additional information plz add it to the provider bug.

https://github.com/hashicorp/terraform-provider-google/issues/18918

lra commented 2 months ago

Ok, I'll follow the other issue, thanks!