Cloud SQL Terraform crash

[dcloud9]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

terraform core: 0.12.26
google provider: 3.25.0

Affected Resource(s)

• google_sql_database_instance

Terraform Configuration Files

resource "google_sql_database_instance" "db" {
  count   = var.db_instance_count
  project = var.google_project_id
  region  = var.region
  name    = var.db_instance_name //https://cloud.google.com/sql/docs/postgres/delete-instance

  database_version = var.db_instance_version

  settings {
    tier              = var.db_instance_machine_type
    availability_type = var.db_instance_availability_type
    disk_autoresize   = var.db_instance_disk_autoresize
    disk_size         = var.db_instance_disk_size_gb
    disk_type         = var.db_instance_disk_type
    user_labels       = var.db_instance_user_labels

    dynamic "database_flags" {
      for_each = var.database_flags_map
      iterator = flags
      content {
        name  = flags.key
        value = flags.value
      }
    }
    backup_configuration {
      enabled    = var.db_instance_automated_backup
      start_time = var.db_instance_automated_backup_start_time
    }

    ip_configuration {
      private_network = var.db_instance_shared_vpc_network_name
      ipv4_enabled    = false
      require_ssl     = var.db_instance_require_ssl
    }
  }
  lifecycle {
    # Cannot variablize as tf bug
    prevent_destroy = true
  }
}

resource "google_sql_user" "user" {
  count    = var.db_instance_count
  name     = var.db_user_name
  instance = google_sql_database_instance.db.0.name
  password = var.db_user_password
}

resource "google_sql_ssl_cert" "client" {
  for_each    = var.db_ssl_client_names
  common_name = each.value
  instance    = google_sql_database_instance.db.0.name
}

// Variables
variable "google_project_id" {}
variable "region" {}
variable "db_instance_name" {}
variable "db_instance_version" {}
variable "db_instance_machine_type" {}
variable "db_instance_disk_size_gb" {}
variable "db_instance_disk_type" {}
variable "db_instance_shared_vpc_network_name" {}
variable "db_user_name" {}
variable "db_user_password" {}
variable "db_instance_automated_backup" {}
variable "db_instance_automated_backup_start_time" {
  default = ""
}
variable "db_instance_availability_type" {
  default = "ZONAL" //REGIONAL or ZONAL
}
variable "db_instance_disk_autoresize" {
  default = true
}
variable "db_instance_user_labels" {
  type    = map(string)
  default = {}
}
variable "db_instance_require_ssl" {
  default = false
}
variable "db_instance_count" {
  type    = number
  default = 1
}
variable "database_flags_map" {
  type        = map(string)
  default     = {}
  description = "Refer to cloud.google.com/sql/docs/<mysql|postgres|sqlserver>/docs for supported DB flags"
}
variable "prevent_destroy" {
  default = false
}

// SSL cert
variable "db_ssl_client_names" {
  type    = set(string)
  default = []
}



// Outputs
output "cloud_sql_private_ip_address" {
  value = var.db_instance_count > 0 ? google_sql_database_instance.db.0.private_ip_address : ""
}

output "instance_name" {
  value = var.db_instance_count > 0 ? google_sql_database_instance.db.0.name : ""
}

output "ssl_cert_client_private_key" {
  value = {
    for key in var.db_ssl_client_names : key => google_sql_ssl_cert.client[key].private_key
  }
  sensitive = true
}

output "ssl_cert_client_cert" {
  value = {
    for cert in var.db_ssl_client_names : cert => google_sql_ssl_cert.client[cert].cert
  }
}

Debug Output

https://gist.github.com/dcloud9/db99767f50df668b058470af6837d763

Panic Output

https://gist.github.com/dcloud9/7417c82d0582ea08d1db9cdeaadeaf5d

Expected Behavior

terraform should not crash

Actual Behavior

terraform crashes even running terraform plan

Steps to Reproduce

1. terraform apply

Important Factoids

With or without using -target=module.cloud-sql-instance, terraform crashes

References

[emilymye]

This is a weird crash I didn't get around to figuring out, passing to this weeks on-duty

[nat-henderson]

Hi,

Sorry, but with terraform 0.12.24 I can't reproduce. I'm going to try again with 0.12.28. Are you getting this 100% of the time? If so, can you share the variables you're using or anything else I ought to know about your environment?

[nat-henderson]

I also can't reproduce with 0.12.28. The variables I am using are the defaults listed here:

// Variables
variable "google_project_id" {
  default = "<my project>"
}
variable "region" { default = "us-central1" }
variable "db_instance_name" {default = "testsqlcrashv28" }
variable "db_instance_version" { default = "POSTGRES_11"}
variable "db_instance_machine_type" { default = "db-f1-micro" }
variable "db_instance_disk_size_gb" { default = 50}
variable "db_instance_disk_type" { default = "PD_SSD" }
variable "db_instance_shared_vpc_network_name" { default = "projects/<my project>/global/networks/default" }
variable "db_user_name" { default = "nathan" }
variable "db_user_password" { default = "PaS@@W0r1D"}
variable "db_instance_automated_backup" { default = true}
variable "db_instance_automated_backup_start_time" {
        default = "20:00"
}
variable "db_instance_availability_type" {
  default = "ZONAL" //REGIONAL or ZONAL
}
variable "db_instance_disk_autoresize" {
  default = true
}
variable "db_instance_user_labels" {
  type    = map(string)
  default = {}
}
variable "db_instance_require_ssl" {
  default = false
}
variable "db_instance_count" {
  type    = number
  default = 1
}
variable "database_flags_map" {
  type        = map(string)
  default     = {}
  description = "Refer to cloud.google.com/sql/docs/<mysql|postgres|sqlserver>/docs for supported DB flags"
}
variable "prevent_destroy" {
  default = false
}

// SSL cert
variable "db_ssl_client_names" {
  type    = set(string)
  default = []
}

[nat-henderson]

Since I can't reproduce, I'm going to close this - please let me know if you still have this issue - and what variables it happens with - and I'll reopen.

[dcloud9]

Apologies for late reply.
Here are the tfvars we provide to out nonprod env. This crash is not happening in PostgreSQL engine of CloudSQL if we target that module -target=module.cloud-sql-instance-postgresql.
Another difference from our prod env is there are lesser resources and modules instantiated compared to prod, hence crash is not happening (yet). Could it be the google-provider is hitting upper limits in terms of number of resources then reading the tfstate and loading in-memory during plan, but then again it's only crashing in MySQL engine.

region = "europe-west1"
db_instance_automated_backup        = true
db_instance_disk_type               = "PD_SSD"
db_instance_disk_size_gb            = "10"
db_instance_machine_type            = "db-n1-standard-1"
db_instance_name                    = "nonprod-cloud-sql-instance"
db_instance_version                 = "MYSQL_5_7"
db_instance_shared_vpc_network_name = "projects/<obfuscated>"

[nat-henderson]

I see, interesting. I think then that it is extremely likely that this is an issue with Terraform core - I'm going to have to refer you to github.com/hashicorp/terraform, because I think that's where the issue is. You will need to refile the issue over there - they might attempt to send you back here, so make sure you say in the issue that you have already had us look into it. :)

That said, I cannot reproduce it on my end, unfortunately, so I'm not able to fix it in this provider. If you are ever able to construct a minimum repro case - that is, if I can cause this issue without spinning up your entire infrastructure - I'd be happy to look back into it. Otherwise, I hope you are able to get this addressed in Terraform core!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!