Add delete_protection to SQL Instances + Service Networking Pre Create Checks

[upodroid]

Fixes: hashicorp/terraform-provider-google#7072
Fixes: hashicorp/terraform-provider-google#7154

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

Added `deletion_protection` to `google_sql_database_instance`, which defaults to true. SQL instances can no longer be destroyed without setting `deletion_protection = false`.

sql: added a check to `google_sql_database_instance` to catch failures early by seeing if Service Networking Connections already exists for the private network of the instance.

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review.

Thanks for your contribution! A human will be with you soon.

@ndmckinley, please review this PR or find an appropriate assignee.

[upodroid]

So, tests are failing for the deletion_protection but the service networking check is passing.

 REDACTED  MCW0CDP3YY  ~  go  …  github.com  hashicorp  terraform-provider-google-beta   master  39⬇  5✎  USAGE  $    make testacc TEST=./google-beta TESTARGS='-run=TestAccSqlDatabaseInstance_settings_checkServiceNetworking'
==> Checking source code against gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 TF_SCHEMA_PANIC_ON_ERROR=1 go test ./google-beta -v -run=TestAccSqlDatabaseInstance_settings_checkServiceNetworking -timeout 240m -ldflags="-X=github.com/hashicorp/terraform-provider-google-beta/version.ProviderVersion=acc"
=== RUN   TestAccSqlDatabaseInstance_settings_checkServiceNetworking
=== PAUSE TestAccSqlDatabaseInstance_settings_checkServiceNetworking
=== CONT  TestAccSqlDatabaseInstance_settings_checkServiceNetworking
--- PASS: TestAccSqlDatabaseInstance_settings_checkServiceNetworking (121.22s)
PASS
ok      github.com/hashicorp/terraform-provider-google-beta/google-beta 123.765s

The other test is complaining of non empty plan but my approach is similar to #3450 so not sure what is going on.

make test is also returning a long stack trace that starts with this. Seen it in #3917 as well.

2020/09/06 23:06:11 [TRACE] Waiting 500ms before next try
2020/09/06 23:06:12 [WARN] Composer version didn't match regexp: composer-1.4-airflow-1.9.0
fatal error: concurrent map writes

goroutine 371 [running]:
runtime.throw(0x3d33d64, 0x15)
	/usr/local/Cellar/go/1.14.4/libexec/src/runtime/panic.go:1116 +0x72 fp=0xc000b3eb38 sp=0xc000b3eb08 pc=0x1036672
runtime.mapassign_faststr(0x383c480, 0xc0002fc450, 0x3d754c3, 0x26, 0x5a30740)
	/usr/local/Cellar/go/1.14.4/libexec/src/runtime/map_faststr.go:211 +0x3f7 fp=0xc000b3eba0 sp=0xc000b3eb38 pc=0x1015997

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[nat-henderson]

Were you able to figure out the make test stacktrace? I'm not getting that on my end.

[nat-henderson]

/gcbrun

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[nat-henderson]

Yeah, still looks good on my end. I'm running the affected integration tests on our CI now.

[nat-henderson]

Almost there! You didn't update the regex for your error checker in the integration test:

TestAccSqlDatabaseInstance_settings_checkServiceNetworking: testing.go:667: Step 0, expected error:
errors during apply: Error, failed to create instance because the network doesn't have at least 1 private services connection. Please see https://cloud.google.com/sql/docs/mysql/private-ip#network_requirements for how to create this connection.
To match:
Error, failed to create instance because the network doesn't have atleast 1 private services connections. Please review the docs on how to create this connection.
--- FAIL: TestAccSqlDatabaseInstance_settings_checkServiceNetworking (89.08s)

[nat-henderson]

Ah, this also breaks all the other SQL tests, because it introduces a permadiff - if deletion_protection is unset, it will always show a diff.

[upodroid]

:( I have updated the regex, any ideas on the permadiff?

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[nat-henderson]

Aha. I think it's probably an odd manifestation of the fact that you have the type set to TypeString when it should be a boolean.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 140 insertions(+), 1 deletion(-))

[nat-henderson]

Looks good, running the tests again now.

[nat-henderson]

Okay, all the integration tests still fail with

Test ended in panic.
------- Stdout: -------
=== RUN   TestAccSqlDatabaseInstance_settings_basic
=== PAUSE TestAccSqlDatabaseInstance_settings_basic
=== CONT  TestAccSqlDatabaseInstance_settings_basic
------- Stderr: -------
panic: settings.0.deletion_protection: can only set full list
goroutine 937 [running]:

[danawillow]

Apologies for the detailed drive-by- I happened to notice this PR and since I wrote the other deletion_protection one, I have some Opinions on what the right approach is :)

[danawillow]

How useful is this field with a false default? The reason why we added it to bigtable was to prevent people from accidentally destroying their instances because they didn't realize they should do a lifecycle prevent_destroy. If the default is false, wouldn't that just be equivalent to the prevent_destroy behavior?

[upodroid]

I didn't consider that. I assumed that the users would set this true if they wanted to avoid terraform deleting their data. I never understood how the OP in 7072 blindly ran a plan that marked the instance for destruction and asked for more guardrails.

I'll set it to true.

[upodroid]

In fairness, Google doesn't stop the instance from being deleted if a database already exists on it which is strange considering Google requires dependant resource to be deleted before the parent resource is deleted. ie DNS Records in DNS Zones, VPC Networks, GCE Disk, etc

[danawillow]

This change is completely unrelated to the deletion protection one. In the future, changes like these two should be in separate PRs so they can be easily reviewed independently.

[nat-henderson]

Rerunning the tests now.

[nat-henderson]

The following tests still fail:

TestAccSqlUser_mysql
TestAccSqlClientCert_postgres
TestAccSqlUser_postgres
TestAccSqlClientCert_mysql
TestAccSqlDatabase_update
TestAccSqlDatabase_basic

As well as two that are already failing:

TestAccSqlDatabaseInstance_basicInferredName
TestAccSqlDatabaseInstance_PointInTimeRecoveryEnabled

[upodroid]

I forgot about the other resources linked to it. I'll push a commit now

[upodroid]

I think i got them all

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 6 files changed, 270 insertions(+), 77 deletions(-))
Terraform Beta: Diff ( 6 files changed, 275 insertions(+), 80 deletions(-))

[nat-henderson]

Okay, I will run the tests overnight.

[nat-henderson]

Tests all pass. I updated the release notes as well.

[nat-henderson]

Ah, one last thing:

==> Checking source code against linters...
google/resource_sql_database_instance.go:1062:7: Error return value of `d.Set` is not checked (errcheck)
	d.Set("deletion_protection", true)
	     ^
make: *** [lint] Error 1

[upodroid]

it is fixed now

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 6 files changed, 272 insertions(+), 77 deletions(-))
Terraform Beta: Diff ( 6 files changed, 277 insertions(+), 80 deletions(-))

[nat-henderson]

@danawillow - are your requested changes made? GH wants all reviewers to approve before submitting - can you approve or dismiss your review if we're good to merge? :)

[danawillow]

FYI I updated the changelog message to use the correct resource and field names.

[upodroid]

I think we are ready to go.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 6 files changed, 272 insertions(+), 77 deletions(-))
Terraform Beta: Diff ( 6 files changed, 277 insertions(+), 80 deletions(-))

[nat-henderson]

Not sure what changed, but make test now reports

# github.com/hashicorp/terraform-provider-google-beta/google-beta
google-beta/resource_sql_database_instance.go:666:76: not enough arguments in call to retrieveServiceNetworkingNetworkName
	have (*schema.ResourceData, *Config, string)
	want (*schema.ResourceData, *Config, string, string)
note: module requires Go 1.14
make: *** [build] Error 2
GNUmakefile:9: recipe for target 'build' failed

[upodroid]

something snuck in when i merged master in to the branch, i'll fix it now

[upodroid]

i think we are good now. 😌

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 6 files changed, 273 insertions(+), 77 deletions(-))
Terraform Beta: Diff ( 6 files changed, 278 insertions(+), 80 deletions(-))