Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support google_sql_database_instance replica with settings.backup_configuration.binary_log_enabled=true #9371

Closed
ivanavguston-oviva opened this issue Jun 15, 2021 · 11 comments · Fixed by GoogleCloudPlatform/magic-modules#4907, #9428 or hashicorp/terraform-provider-google-beta#3379
Closed

Support google_sql_database_instance replica with settings.backup_configuration.binary_log_enabled=true #9371

ivanavguston-oviva opened this issue Jun 15, 2021 · 11 comments · Fixed by GoogleCloudPlatform/magic-modules#4907, #9428 or hashicorp/terraform-provider-google-beta#3379
Assignees
@ScottSuarez
Labels
bug

Comments

@ivanavguston-oviva
Copy link

Expected

Create a replica with enabled binary log

Terraform Version

Terraform v1.0.0

Affected Resource(s)

  • google_sql_database_instance

Steps to Reproduce

resource "google_sql_database_instance" "replica_database" {
       database_version = "MYSQL_8_0"
       master_instance_name = "master instance name"
       settings {
             backup_configuration {
                     binary_log_enabled = "true"
             }
       }
}

References

#7922
#6121

The reference issues were opened for more than a year and are you guys going to fix them?

The issue is I can't create a replica instance with binary_log_enabled=true it raises an exception
Error: Error, failed to update instance settings for : googleapi: Error 400: Invalid request: Binary log must be disabled when backup is disabled or the instance must be a replica instance with a MySQL 5.7 or above version., invalid
But backups backup_configuration.enabled can't be enabled on a replica by google API restriction, as far google API allows enabling binary logs binary_log_enabled=true

Backups cannot be enabled on replica instances, but binary logging can be enabled on a replica even when backups are disabled, unlike the primary.

My suggestion this happens because through the API you create by POST for a replica instance

curl -X POST \
-H "Authorization: Bearer "$(gcloud auth print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
-d "masterInstanceName"="primary-instance-name" \
-d  "project": "project-id" \
-d  "databaseVersion": "database-version" \
-d  "name": "replica-name" \
-d  "region": "replica-region" \
-d  "settings"='{"tier": "machine-type", "settingsVersion": 0} \
https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances

PATCH request is not sent to update the replica instance with "binaryLogEnabled": true

curl -X PATCH \
-H "Authorization: Bearer "$(gcloud auth print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
-d  "settings"='{"backupConfiguration": {"binaryLogEnabled": true}}' \
https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id
@edwardmedia edwardmedia self-assigned this Jun 15, 2021
@edwardmedia
Copy link
Contributor

@ivan-avguston can you share the debug log?

@ivanavguston-oviva
Copy link
Author

@edwardmedia with pleasure

2021-06-15T15:43:40.016+0200 [DEBUG] Adding temp file log sink: /var/folders/6f/lq7__6155h19l_f9pmmmhzcr0000gn/T/terraform-log247790162
2021-06-15T15:43:40.016+0200 [INFO]  Terraform version: 1.0.0
2021-06-15T15:43:40.017+0200 [INFO]  Go runtime version: go1.16.4
2021-06-15T15:43:40.017+0200 [INFO]  CLI args: []string{"/usr/local/bin/terraform", "apply"}
2021-06-15T15:43:40.017+0200 [DEBUG] Attempting to open CLI config file: /Users/XXXX-username-XXX/.terraformrc
2021-06-15T15:43:40.017+0200 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-06-15T15:43:40.017+0200 [INFO]  Loading CLI configuration from /Users/XXXX-username-XXX/.terraform.d/credentials.tfrc.json
2021-06-15T15:43:40.017+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-06-15T15:43:40.017+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/.terraform.d/plugins
2021-06-15T15:43:40.017+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/Library/Application Support/io.terraform/plugins
2021-06-15T15:43:40.017+0200 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2021-06-15T15:43:40.018+0200 [INFO]  CLI command args: []string{"apply"}
2021-06-15T15:43:40.023+0200 [DEBUG] Service discovery for app.terraform.io at https://app.terraform.io/.well-known/terraform.json
2021-06-15T15:43:40.598+0200 [DEBUG] Retrieve version constraints for service tfe.v2.1 and product terraform
2021-06-15T15:43:41.856+0200 [DEBUG] checking for provisioner in "."
2021-06-15T15:43:41.858+0200 [DEBUG] checking for provisioner in "/usr/local/bin"
2021-06-15T15:43:41.859+0200 [INFO]  Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-06-15T15:43:42.021+0200 [INFO]  backend/remote: starting Apply operation
Running apply in the remote backend. Output will stream here. Pressing Ctrl-C
will cancel the remote apply if it's still pending. If the apply started it
will stop streaming the logs, but will not stop the apply running remotely.

Preparing the remote apply...

To view this run in a browser, visit:
https://app.terraform.io/app/XXXX-organization-XXX/it_kubernetes/runs/run-rBhnVZiGZzKe1JTF

Waiting for the plan to start...

Terraform v0.14.8
Configuring remote state backend...
Initializing Terraform configuration...
module.cloud-nat.random_string.name_suffix: Refreshing state... [id=tvtoeq]
random_id.node_pool_id: Refreshing state... [id=v4LXlg]
google_project_iam_member.XXXXorganization-iamXXX: Refreshing state... [id=XXXXorganizationXXX/roles/container.viewer/group:root@localhost.com]
google_project_iam_member.XXXXorganization-iam-XXX: Refreshing state... [id=XXXXorganizationXXX/roles/container.viewer/group:root@localhost.com]
google_service_account.gh-actions-sa: Refreshing state... [id=projects/XXXXorganizationXXX/serviceAccounts/gh-actions-sa@XXXXorganizationXXX.iam.gserviceaccount.com]
google_project_iam_member.XXXXorganization-dev-log-access: Refreshing state... [id=XXXXorganizationXXX/roles/logging.viewer/group:root@localhost.com]
google_storage_bucket.storage-bucket: Refreshing state... [id=XXXXorganization-it-storage-bucket]
module.XXXXorganization-io-dns.google_dns_managed_zone.public[0]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io]
google_compute_network.vpc: Refreshing state... [id=projects/XXXXorganizationXXX/global/networks/XXXXorganizationXXX-vpc]
google_compute_global_address.dilithium: Refreshing state... [id=projects/XXXXorganizationXXX/global/addresses/dilithium-ingress]
google_project_iam_member.XXXXorganization-google-group-access: Refreshing state... [id=XXXXorganizationXXX/roles/container.clusterViewer/group:root@localhost.com]
google_service_account.cluster-to-gcp-account: Refreshing state... [id=projects/XXXXorganizationXXX/serviceAccounts/cluster-to-gcp-account@XXXXorganizationXXX.iam.gserviceaccount.com]
google_compute_address.aqa-proxy: Refreshing state... [id=projects/XXXXorganizationXXX/regions/europe-west3/addresses/aqa-proxy-loadbalancer]
google_compute_address.edge-access: Refreshing state... [id=projects/XXXXorganizationXXX/regions/europe-west3/addresses/edge-access-loadbalancer]
google_project_iam_member.XXXXorganization-infra-log-access: Refreshing state... [id=XXXXorganizationXXX/roles/logging.viewer/group:root@localhost.com]
google_project_iam_member.storage-access-binding: Refreshing state... [id=XXXXorganizationXXX/roles/storage.objectViewer/serviceaccount:cluster-to-gcp-account@XXXXorganizationXXX.iam.gserviceaccount.com]
google_service_account_iam_binding.gsa_ksa_binding: Refreshing state... [id=projects/XXXXorganizationXXX/serviceAccounts/cluster-to-gcp-account@XXXXorganizationXXX.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.storage-write-binding: Refreshing state... [id=XXXXorganizationXXX/roles/storage.objectCreator/serviceaccount:cluster-to-gcp-account@XXXXorganizationXXX.iam.gserviceaccount.com]
google_project_iam_member.sql-access-binding: Refreshing state... [id=XXXXorganizationXXX/roles/cloudsql.client/serviceaccount:cluster-to-gcp-account@XXXXorganizationXXX.iam.gserviceaccount.com]
google_project_iam_member.gke-admin-access-binding: Refreshing state... [id=XXXXorganizationXXX/roles/container.admin/serviceaccount:gh-actions-sa@XXXXorganizationXXX.iam.gserviceaccount.com]
google_compute_global_address.private_ip_block: Refreshing state... [id=projects/XXXXorganizationXXX/global/addresses/private-ip-block]
google_compute_subnetwork.subnet: Refreshing state... [id=projects/XXXXorganizationXXX/regions/europe-west3/subnetworks/XXXXorganizationXXX-subnet]
module.cloud_router.google_compute_router.router: Refreshing state... [id=projects/XXXXorganizationXXX/regions/europe-west3/routers/test-router]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["openapi/CNAME"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./CNAME]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["docs/TXT"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./TXT]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["www/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["aqa-proxy/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["lithium/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["dilithium/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
module.XXXXorganization-io-dns.google_dns_record_set.cloud-static-records["docs/A"]: Refreshing state... [id=projects/XXXXorganizationXXX/managedZones/XXXXorganization-io/rrsets/localhost.io./A]
google_container_cluster.primary: Refreshing state... [id=projects/XXXXorganizationXXX/locations/europe-west3-b/clusters/XXXXorganizationXXX-gke]
google_service_networking_connection.private_vpc_connection: Refreshing state... [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2FXXXXorganizationXXX%2Fglobal%2Fnetworks%2FXXXXorganizationXXX-vpc:servicenetworking.googleapis.com]
module.cloud-nat.google_compute_router_nat.main: Refreshing state... [id=XXXXorganizationXXX/europe-west3/test-router/cloud-nat-tvtoeq]
google_sql_database_instance.main_database: Refreshing state... [id=terraform-20212345678900001]
google_sql_database.timer-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/timer]
google_sql_user.db_user_core: Refreshing state... [id=root//terraform-20212345678900001]
google_sql_database.mailer-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/mailer]
google_sql_database.medical_reporting-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/medical_reporting]
google_sql_database.note_taker-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/note_taker]
google_sql_database_instance.replica_database: Refreshing state... [id=terraform-20212345678900001]
google_sql_database.digasignup-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/digasignup]
google_sql_database.storeleads-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/storeleads]
google_sql_database.core_cdc-schema: Refreshing state... [id=projects/XXXXorganizationXXX/instances/terraform-20212345678900001/databases/core_cdc]
google_container_node_pool.primary_nodes: Refreshing state... [id=projects/XXXXorganizationXXX/locations/europe-west3-b/clusters/XXXXorganizationXXX-gke/nodePools/XXXXorganizationXXX-gke-node-pool-bf82d796]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # google_sql_database_instance.replica_database will be updated in-place
  ~ resource "google_sql_database_instance" "replica_database" {
        id                            = "terraform-20212345678900001"
        name                          = "terraform-20212345678900001
        # (12 unchanged attributes hidden)


      ~ settings {
            # (13 unchanged attributes hidden)

          ~ backup_configuration {
              ~ binary_log_enabled             = false -> true
                # (4 unchanged attributes hidden)

                # (1 unchanged block hidden)
            }



            # (3 unchanged blocks hidden)
        }
        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
2021-06-15T15:46:14.768+0200 [DEBUG] command: asking for input: "\nDo you want to perform these actions in workspace \"it_kubernetes\"?"

Do you want to perform these actions in workspace "it_kubernetes"?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes


Error: Error, failed to update instance settings for : googleapi: Error 400: Invalid request: Binary log must be disabled when backup is disabled or the instance must be a replica instance with a MySQL 5.7 or above version., invalid

  on database.tf line 11, in resource "google_sql_database_instance" "replica_database":
  11: resource "google_sql_database_instance" "replica_database" {

@edwardmedia
Copy link
Contributor

@ivan-avguston do you see if below config works for you?

resource "google_sql_database_instance" "replica_database" {
       database_version = "MYSQL_8_0"
       master_instance_name = "master instance name"
       settings {
             backup_configuration {
                    binary_log_enabled = true
                     enabled = true
             }
       }
}

@ivanavguston-oviva
Copy link
Author

No, it does not work for me.

Terraform will perform the following actions:

  # google_sql_database_instance.replica_database will be updated in-place
  ~ resource "google_sql_database_instance" "replica_database" {
        id                            = "terraform-20212345678900001"
        name                          = "terraform-20212345678900001"
        # (12 unchanged attributes hidden)


      ~ settings {
            # (13 unchanged attributes hidden)

          ~ backup_configuration {
              ~ binary_log_enabled             = false -> true
              ~ enabled                        = false -> true
                # (3 unchanged attributes hidden)

                # (1 unchanged block hidden)
            }



            # (3 unchanged blocks hidden)
        }
        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
2021-06-16T08:11:45.864+0200 [DEBUG] command: asking for input: "\nDo you want to perform these actions in workspace \"it_kubernetes\"?"

Do you want to perform these actions in workspace "it_kubernetes"?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes


Error: Error, failed to update instance settings for : googleapi: Error 400: Invalid request: Invalid flag for instance role: Backups cannot be enabled for read replica instance.., invalid

on database.tf line 11, in resource "google_sql_database_instance" "replica_database":
  11: resource "google_sql_database_instance" "replica_database" {

This is expected behavior as described in the Google API documentation. As I aforementioned

Backups cannot be enabled on replica instances, but binary logging can be enabled on a replica even when backups are disabled, unlike the primary.

As I said, the problem is in the request. Only one possibility for a replica to enable binary logs is sent a PATCH* for the existing instance with "settings"='{"backupConfiguration": {"binaryLogEnabled": true}}' BUT if try to send in a POST request it's not going to work

@edwardmedia
Copy link
Contributor

@ivan-avguston using the example , how did you reach to that error? Can you specify the detailed steps?

@ivanavguston-oviva
Copy link
Author

ivanavguston-oviva commented Jun 18, 2021
edited
Loading

Does that example work for you guys? Did you check and it works? You can create mysql replica database with enabled binlogs and you're astonished why it does not work for me, can't you?

I meticulously replayed your example and it does not work for me

terraform# grep -A11 replica_database_test database.tf && TF_LOG=DEBUG terraform apply
resource "google_sql_database_instance" "replica_database_test" {
  database_version = "MYSQL_8_0"
  master_instance_name = google_sql_database_instance.main_database.name

  settings {
    backup_configuration {
      binary_log_enabled = "true"
      enabled = "true"
    }
  }
}
2021-06-18T09:28:08.187+0200 [DEBUG] Adding temp file log sink: /var/folders/6f/lq7__6155h19l_f9pmmmhzcr0000gn/T/terraform-log163291038
2021-06-18T09:28:08.187+0200 [INFO]  Terraform version: 1.0.0
2021-06-18T09:28:08.187+0200 [INFO]  Go runtime version: go1.16.4
2021-06-18T09:28:08.187+0200 [INFO]  CLI args: []string{"/usr/local/bin/terraform", "apply"}
2021-06-18T09:28:08.187+0200 [DEBUG] Attempting to open CLI config file: /Users/XXXX-username-XXX/.terraformrc
2021-06-18T09:28:08.187+0200 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-06-18T09:28:08.188+0200 [INFO]  Loading CLI configuration from /Users/XXXX-username-XXX/.terraform.d/credentials.tfrc.json
2021-06-18T09:28:08.188+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-06-18T09:28:08.188+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/.terraform.d/plugins
2021-06-18T09:28:08.188+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/Library/Application Support/io.terraform/plugins
2021-06-18T09:28:08.188+0200 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2021-06-18T09:28:08.188+0200 [INFO]  CLI command args: []string{"apply"}
2021-06-18T09:28:08.196+0200 [DEBUG] Service discovery for app.terraform.io at https://app.terraform.io/.well-known/terraform.json
2021-06-18T09:28:08.855+0200 [DEBUG] Retrieve version constraints for service tfe.v2.1 and product terraform
2021-06-18T09:28:10.687+0200 [DEBUG] checking for provisioner in "."
2021-06-18T09:28:10.688+0200 [DEBUG] checking for provisioner in "/usr/local/bin"
2021-06-18T09:28:10.689+0200 [INFO]  Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-06-18T09:28:10.876+0200 [INFO]  backend/remote: starting Apply operation
Running apply in the remote backend. Output will stream here. Pressing Ctrl-C
will cancel the remote apply if it's still pending. If the apply started it
will stop streaming the logs, but will not stop the apply running remotely.

Preparing the remote apply...

To view this run in a browser, visit:
https://app.terraform.io/app/XXXX-organization-XXX/it_kubernetes/runs/run-L4hFXiiFuCZPwDqV

Waiting for the plan to start...

Terraform v1.0.0
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
╷
│ Error: Missing required argument
│
│   on database.tf line 88, in resource "google_sql_database_instance" "replica_database_test":
│   88:   settings {
│
│ The argument "tier" is required, but no definition was found.

The same example with tier = "db-f1-micro" does not work either

by aforementionted reasons.

terraform# grep -A11 replica_database_test database.tf && TF_LOG=DEBUG terraform apply
resource "google_sql_database_instance" "replica_database_test" {
  database_version = "MYSQL_8_0"
  master_instance_name = google_sql_database_instance.main_database.name

  settings {
    tier = "db-f1-micro"
    backup_configuration {
      binary_log_enabled = "true"
      enabled = "true"
    }
  }
}
2021-06-18T09:33:21.390+0200 [DEBUG] Adding temp file log sink: /var/folders/6f/lq7__6155h19l_f9pmmmhzcr0000gn/T/terraform-log815568645
2021-06-18T09:33:21.390+0200 [INFO]  Terraform version: 1.0.0
2021-06-18T09:33:21.390+0200 [INFO]  Go runtime version: go1.16.4
2021-06-18T09:33:21.390+0200 [INFO]  CLI args: []string{"/usr/local/bin/terraform", "apply"}
2021-06-18T09:33:21.390+0200 [DEBUG] Attempting to open CLI config file: /Users/XXXX-username-XXX/.terraformrc
2021-06-18T09:33:21.390+0200 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021-06-18T09:33:21.390+0200 [INFO]  Loading CLI configuration from /Users/XXXX-username-XXX/.terraform.d/credentials.tfrc.json
2021-06-18T09:33:21.391+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021-06-18T09:33:21.391+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/.terraform.d/plugins
2021-06-18T09:33:21.391+0200 [DEBUG] ignoring non-existing provider search directory /Users/XXXX-username-XXX/Library/Application Support/io.terraform/plugins
2021-06-18T09:33:21.391+0200 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2021-06-18T09:33:21.391+0200 [INFO]  CLI command args: []string{"apply"}
2021-06-18T09:33:21.400+0200 [DEBUG] Service discovery for app.terraform.io at https://app.terraform.io/.well-known/terraform.json
2021-06-18T09:33:21.978+0200 [DEBUG] Retrieve version constraints for service tfe.v2.1 and product terraform
2021-06-18T09:33:23.922+0200 [DEBUG] checking for provisioner in "."
2021-06-18T09:33:23.925+0200 [DEBUG] checking for provisioner in "/usr/local/bin"
2021-06-18T09:33:23.925+0200 [INFO]  Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-06-18T09:33:24.192+0200 [INFO]  backend/remote: starting Apply operation
Running apply in the remote backend. Output will stream here. Pressing Ctrl-C
will cancel the remote apply if it's still pending. If the apply started it
will stop streaming the logs, but will not stop the apply running remotely.

Preparing the remote apply...

To view this run in a browser, visit:
https://app.terraform.io/app/XXXX-organization-XXX/it_kubernetes/runs/run-f36Zoqf2Wg9r5GZS

Waiting for the plan to start...

Terraform v1.0.0
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
module.cloud-nat.random_string.name_suffix: Refreshing state... [id=tvtoeq]
random_id.node_pool_id: Refreshing state... [id=v4LXlg]
google_project_iam_member.org-dev-log-access: Refreshing state... [id=organizationk/roles/logging.viewer/group:root@localhost]
module.org-io-dns.google_dns_managed_zone.public[0]: Refreshing state... [id=projects/organizationk/managedZones/org-io]
google_project_iam_member.org-dev-view-access: Refreshing state... [id=organizationk/roles/container.viewer/group:root@localhost]
google_storage_bucket.storage-bucket: Refreshing state... [id=org-it-storage-bucket]
google_compute_global_address.dilithium: Refreshing state... [id=projects/organizationk/global/addresses/dilithium-ingress]
google_service_account.db-gcp-api-access-account: Refreshing state... [id=projects/organizationk/serviceAccounts/db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_project_iam_member.org-google-group-access: Refreshing state... [id=organizationk/roles/container.clusterViewer/group:root@localhost]
google_project_iam_member.org-infra-log-access: Refreshing state... [id=organizationk/roles/logging.viewer/group:root@localhost]
google_compute_address.edge-access: Refreshing state... [id=projects/organizationk/regions/europe-west3/addresses/edge-access-loadbalancer]
google_compute_network.vpc: Refreshing state... [id=projects/organizationk/global/networks/organizationk-vpc]
google_compute_address.aqa-proxy: Refreshing state... [id=projects/organizationk/regions/europe-west3/addresses/aqa-proxy-loadbalancer]
google_service_account.gcp-api-access-account: Refreshing state... [id=projects/organizationk/serviceAccounts/gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_project_iam_member.org-infra-view-access: Refreshing state... [id=organizationk/roles/container.viewer/group:root@localhost]
google_service_account.gh-actions-sa: Refreshing state... [id=projects/organizationk/serviceAccounts/gh-actions-sa@organizationk.iam.gserviceaccount.com]
google_service_account.storage-db-gcp-api-access-account: Refreshing state... [id=projects/organizationk/serviceAccounts/storage-db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_project_iam_member.db-account-sql-access-binding: Refreshing state... [id=organizationk/roles/cloudsql.client/serviceAccount:db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_service_account_iam_binding.db-gsa-ksa-binding: Refreshing state... [id=projects/organizationk/serviceAccounts/db-gcp-api-access-it@organizationk.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_compute_global_address.private_ip_block: Refreshing state... [id=projects/organizationk/global/addresses/private-ip-block]
google_compute_subnetwork.subnet: Refreshing state... [id=projects/organizationk/regions/europe-west3/subnetworks/organizationk-subnet]
google_service_account_iam_binding.gsa-ksa-binding: Refreshing state... [id=projects/organizationk/serviceAccounts/gcp-api-access-it@organizationk.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
module.cloud_router.google_compute_router.router: Refreshing state... [id=projects/organizationk/regions/europe-west3/routers/test-router]
google_project_iam_member.gke-admin-access-binding: Refreshing state... [id=organizationk/roles/container.admin/serviceaccount:gh-actions-sa@organizationk.iam.gserviceaccount.com]
google_service_account_iam_binding.storage-db-gsa-ksa-binding: Refreshing state... [id=projects/organizationk/serviceAccounts/storage-db-gcp-api-access-it@organizationk.iam.gserviceaccount.com/roles/iam.workloadIdentityUser]
google_project_iam_member.storage-db-account-storage-access-binding: Refreshing state... [id=organizationk/roles/storage.objectViewer/serviceAccount:storage-db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_project_iam_member.storage-db-account-sql-access-binding: Refreshing state... [id=organizationk/roles/cloudsql.client/serviceAccount:storage-db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_project_iam_member.storage-db-account-storage-write-binding: Refreshing state... [id=organizationk/roles/storage.objectCreator/serviceAccount:storage-db-gcp-api-access-it@organizationk.iam.gserviceaccount.com]
google_service_networking_connection.private_vpc_connection: Refreshing state... [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Forganizationk%2Fglobal%2Fnetworks%2Forganizationk-vpc:servicenetworking.googleapis.com]
module.org-io-dns.google_dns_record_set.cloud-static-records["docs/TXT"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/docs.localhost.org./TXT]
module.org-io-dns.google_dns_record_set.cloud-static-records["lithium/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/lithium.localhost.org./A]
module.org-io-dns.google_dns_record_set.cloud-static-records["aqa-proxy/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/aqa-proxy.localhost.org./A]
module.org-io-dns.google_dns_record_set.cloud-static-records["www/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/www.localhost.org./A]
module.org-io-dns.google_dns_record_set.cloud-static-records["docs/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/docs.localhost.org./A]
module.org-io-dns.google_dns_record_set.cloud-static-records["openapi/CNAME"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/openapi.localhost.org./CNAME]
module.org-io-dns.google_dns_record_set.cloud-static-records["dilithium/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/dilithium.localhost.org./A]
module.org-io-dns.google_dns_record_set.cloud-static-records["/A"]: Refreshing state... [id=projects/organizationk/managedZones/org-io/rrsets/localhost.org./A]
google_container_cluster.primary: Refreshing state... [id=projects/organizationk/locations/europe-west3-b/clusters/organizationk-gke]
module.cloud-nat.google_compute_router_nat.main: Refreshing state... [id=organizationk/europe-west3/test-router/cloud-nat-tvtoeq]
google_sql_database_instance.main_database: Refreshing state... [id=terraform-20212345678900001]
google_sql_database.core_cdc-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/core_cdc]
google_sql_database.note_taker-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/note_taker]
google_sql_database.storeleads-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/storeleads]
google_sql_database.timer-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/timer]
google_sql_database.mailer-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/mailer]
google_sql_database.salesforce_gateway-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/salesforce_gateway]
google_sql_user.db_user_core: Refreshing state... [id=root//terraform-20212345678900001]
google_sql_database.digasignup-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/digasignup]
google_sql_database.medical_reporting-schema: Refreshing state... [id=projects/organizationk/instances/terraform-20212345678900001/databases/medical_reporting]
google_container_node_pool.primary_nodes: Refreshing state... [id=projects/organizationk/locations/europe-west3-b/clusters/organizationk-gke/nodePools/organizationk-gke-node-pool-bf82d796]

...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_sql_database_instance.replica_database_test will be created
  + resource "google_sql_database_instance" "replica_database_test" {
      + connection_name               = (known after apply)
      + database_version              = "MYSQL_8_0"
      + deletion_protection           = true
      + first_ip_address              = (known after apply)
      + id                            = (known after apply)
      + ip_address                    = (known after apply)
      + master_instance_name          = "terraform-20212345678900001"
      + name                          = (known after apply)
      + private_ip_address            = (known after apply)
      + project                       = (known after apply)
      + public_ip_address             = (known after apply)
      + region                        = (known after apply)
      + self_link                     = (known after apply)
      + server_ca_cert                = (known after apply)
      + service_account_email_address = (known after apply)

      + replica_configuration {
          + ca_certificate            = (known after apply)
          + client_certificate        = (known after apply)
          + client_key                = (known after apply)
          + connect_retry_interval    = (known after apply)
          + dump_file_path            = (known after apply)
          + failover_target           = (known after apply)
          + master_heartbeat_period   = (known after apply)
          + password                  = (sensitive value)
          + ssl_cipher                = (known after apply)
          + username                  = (known after apply)
          + verify_server_certificate = (known after apply)
        }

      + settings {
          + activation_policy           = (known after apply)
          + authorized_gae_applications = (known after apply)
          + availability_type           = (known after apply)
          + crash_safe_replication      = (known after apply)
          + disk_autoresize             = true
          + disk_size                   = (known after apply)
          + disk_type                   = (known after apply)
          + pricing_plan                = "PER_USE"
          + replication_type            = (known after apply)
          + tier                        = "db-f1-micro"
          + user_labels                 = (known after apply)
          + version                     = (known after apply)

          + backup_configuration {
              + binary_log_enabled             = true
              + enabled                        = true
              + start_time                     = (known after apply)
              + transaction_log_retention_days = (known after apply)

              + backup_retention_settings {
                  + retained_backups = (known after apply)
                  + retention_unit   = (known after apply)
                }
            }

          + ip_configuration {
              + ipv4_enabled    = (known after apply)
              + private_network = (known after apply)
              + require_ssl     = (known after apply)

              + authorized_networks {
                  + expiration_time = (known after apply)
                  + name            = (known after apply)
                  + value           = (known after apply)
                }
            }

          + location_preference {
              + follow_gae_application = (known after apply)
              + zone                   = (known after apply)
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

2021-06-18T09:34:48.081+0200 [DEBUG] command: asking for input: "\nDo you want to perform these actions in workspace \"it_kubernetes\"?"

Do you want to perform these actions in workspace "it_kubernetes"?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_sql_database_instance.replica_database_test: Creating...
╷
│ Error: Error, failed to create instance terraform-20212345678900001: googleapi: Error 400: Invalid request: Invalid flag for instance role: Backups cannot be enabled for read replica instance.., invalid
│
│   with google_sql_database_instance.replica_database_test,
│   on database.tf line 84, in resource "google_sql_database_instance" "replica_database_test":
│   84: resource "google_sql_database_instance" "replica_database_test" {
│
╵

@edwardmedia
Copy link
Contributor

edwardmedia commented Jun 18, 2021
edited
Loading

@ivan-avguston I see what you mean now. Below call needs to be added in the provider in order to handle this feature. It can't be set in the initial apply. Keep in mind Backups cannot be enabled for read replica instance..

PATCH /sql/v1beta4/projects/myproject/instances/replicainstance
Host: sqladmin.googleapis.com
{
 "settings": {"backupConfiguration": {"binaryLogEnabled": true}}
}

@edwardmedia
Copy link
Contributor

This appears to be an enhancement. Updating label accordingly

@edwardmedia edwardmedia changed the title can't create or modify google_sql_database_instance replica with settings.backup_configuration.binary_log_enabled=true Support google_sql_database_instance replica with settings.backup_configuration.binary_log_enabled=true Jun 18, 2021
@megan07 megan07 added bug and removed enhancement labels Jun 21, 2021
@ScottSuarez ScottSuarez mentioned this issue Jun 22, 2021
Merged
5 tasks
@ScottSuarez
Copy link
Collaborator

ScottSuarez commented Jun 22, 2021
edited
Loading

I was able to reproduce and have implemented the fix. It's unfortunate that the api is not smart enough to figure out the instance type prior to creation. The fix should be live in 3.75.0 at the latest

@ivanavguston-oviva
Copy link
Author

ivanavguston-oviva commented Jun 23, 2021
edited
Loading

thank you a lot it's a really good piece of news. "Not smart enough" - I'd like to say it's awkward and silly to send twice a request to get a working instance. Google squad is aware of this topic and perhaps they give a positive answer

This was referenced Jun 24, 2021
Merged
Merged
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ScottSuarez ScottSuarez

Labels
bug
Projects
None yet
Milestone
No milestone
4 participants
@megan07 @ScottSuarez @edwardmedia @ivanavguston-oviva