You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
Provider 5.33.0 introduced a deprecation warning for the use of require_ssl and to set ssl_mode and require_ssl together until require_ssl is removed in a future release.
If you follow those instructions, and set both ssl_mode and require_ssl (as in the code example) you still get the warning. If you try and remove require_ssl then the code fails, which is something that #17443 discusses.
As a result this generates a warning that I am unable to resolve by making changes to my terraform code.
Following the documented practice should remove the warning.
Actual Behavior
Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Warning: Argument is deprecated
│
│ with google_sql_database_instance.testdb,
│ on db.tf line 24, in resource "google_sql_database_instance" "testdb":
│ 24: require_ssl = true
│
│ `require_ssl` will be fully deprecated in a future major release. For now, please use `ssl_mode` with a compatible `require_ssl` value instead.
│
│ (and one more similar warning elsewhere)
╵
According to terraform registryrequire_ssl is optional, but after creating the resource, and then when we attempt to remove the field it results on an error 400:
Error, failed to update instance settings for : googleapi: Error 400: Invalid request: For a Postgres instance, sslMode value TRUSTED_CLIENT_CERTIFICATE_REQUIRED and requireSsl value false are conflicting. When sslMode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED, requireSsl must be true. When requireSsl=false, sslMode must be ALLOW_UNENCRYPTED_AND_ENCRYPTED or ENCRYPTED_ONLY. It's recommended that you only set sslMode.
I have the same issue with CloudSQL MySQL while using Terraform 1.8.2 while using sslMode only:
Error: Error, failed to update instance settings for : googleapi: Error 400: Invalid request: For a MySQL instance, sslMode value TRUSTED_CLIENT_CERTIFICATE_REQUIRED and requireSsl value false are conflicting. When sslMode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED, requireSsl must be true. When requireSsl=false, sslMode must be ALLOW_UNENCRYPTED_AND_ENCRYPTED or ENCRYPTED_ONLY. It's recommended that you only set sslMode., invalid
and while using sslMode with require_ssl I got a warning:
require_ssl will be fully deprecated in a future major release. For now, please use ssl_mode with a compatible require_ssl value instead.
Community Note
Terraform Version & Provider Version(s)
Terraform v1.8.4
on
Affected Resource(s)
google_sql_database_instance
Terraform Configuration
Debug Output
No response
Expected Behavior
Provider 5.33.0 introduced a deprecation warning for the use of
require_ssl
and to setssl_mode
andrequire_ssl
together untilrequire_ssl
is removed in a future release.If you follow those instructions, and set both
ssl_mode
andrequire_ssl
(as in the code example) you still get the warning. If you try and removerequire_ssl
then the code fails, which is something that #17443 discusses.As a result this generates a warning that I am unable to resolve by making changes to my terraform code.
Following the documented practice should remove the warning.
Actual Behavior
Steps to reproduce
terraform apply
Important Factoids
No response
References
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance#ssl_mode
#17443
b/348529672
The text was updated successfully, but these errors were encountered: