From 27f56b4229ef93227c813f7bb284a911b4231817 Mon Sep 17 00:00:00 2001 From: Damien Gustave Date: Tue, 15 Oct 2024 09:18:24 +0200 Subject: [PATCH 1/2] fix(external-backup): after some changes in GCP export methods, new permissions are required for exporting dumps --- modules/backup/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backup/main.tf b/modules/backup/main.tf index a682bcfb..d590738d 100644 --- a/modules/backup/main.tf +++ b/modules/backup/main.tf @@ -196,7 +196,7 @@ resource "google_storage_bucket_iam_member" "sql_instance_account" { count = var.enable_export_backup ? 1 : 0 bucket = split("/", var.export_uri)[2] #Get the name of the bucket out of the URI member = "serviceAccount:${data.google_sql_database_instance.backup_instance.service_account_email_address}" - role = "roles/storage.objectCreator" + role = "roles/storage.objectAdmin" } # We want to get notified if there hasn't been at least one successful backup in a day From 43b48e6d2ef4889aa207a7a76b8f35f39d0de22c Mon Sep 17 00:00:00 2001 From: Damien Gustave Date: Tue, 15 Oct 2024 19:48:41 +0200 Subject: [PATCH 2/2] chore(external-backup): missing documentation --- docs/upgrading_to_sql_db_23.0.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/upgrading_to_sql_db_23.0.md diff --git a/docs/upgrading_to_sql_db_23.0.md b/docs/upgrading_to_sql_db_23.0.md new file mode 100644 index 00000000..0ac27837 --- /dev/null +++ b/docs/upgrading_to_sql_db_23.0.md @@ -0,0 +1,7 @@ +# Upgrading to SQL DB 23.0 + +The 23.0 release of SQL DB is a backward incompatible release. + +# Cloud SQL Service Account role update + +Changed `storage.objectCreator` role to `storage.objectAdmin` for Cloud SQL Service Account on the bucket used for exporting the database, due to GCP internal changes in the export process.