google_sql_database_instance inconsistent defaulting for ipv4_enabled

[jcanseco]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.12.24

Affected Resource(s)

• google_sql_database_instance

Terraform Configuration Files

SQL instance with unspecified settings.ip_configuration; works just fine:

resource "google_sql_database_instance" "sqlinstance-test" {
  name             = "sqlinstance-test"
  database_version = "MYSQL_5_7"
  region           = "us-central1"

  settings {
    tier = "db-f1-micro"
  }
}

SQL instance with a partially specified settings.ip_configuration (partial in the sense that not all fields nested within ip_configuration are specified); fails on terraform apply:

resource "google_sql_database_instance" "sqlinstance-test" {
  name             = "sqlinstance-test"
  database_version = "MYSQL_5_7"
  region           = "us-central1"

  settings {
    tier = "db-f1-micro"
    ip_configuration {
      require_ssl = "true"
    }
  }
}

Debug Output

https://gist.github.com/jcanseco/93d49f98950a0131f891d49db4445dff

Expected Behavior

Should be able to terraform apply the second provided configuration as well.

Actual Behavior

Applying second provided configuration fails with the following error:

Error: Error, failed to create instance sqlinstance-test: googleapi: Error 400: Invalid request: At least one of Public IP or Private IP connectivity must be enabled.., invalid

  on main.tf line 7, in resource "google_sql_database_instance" "sqlinstance-test":
   7: resource "google_sql_database_instance" "sqlinstance-test" {

It seems that the Terraform provider lets GCP default settings.ip_configuration.ipv4_enabled if settings.ip_configuration is unspecified, and that the value of ipv4_enabled will depend on whether the instance is a 1st gen or 2nd gen instance (source).

However, if ip_configuration is specified at all, then if ipv4_enabled is not specified, Terraform sets it to false, which is then rejected by GCP if the instance is 2nd gen since the IPv4 address cannot be disabled for 2nd gen instances (source: see docs for ipConfiguration field here). It seems that either ipv4_enabled must be set to true or a private_network must be specified in this case (source).

It seems surprising that you can successfully create a 2nd gen instance without specifying ipv4_enabled or private_network, but then fail to do so the moment ip_configuration is specified at all even if ipv4_enabled and private_network remain unspecified. Moreover, this experience is inconsistent with 1st gen instances, which (I believe) can be created in both scenarios (specified or unspecified ip_configuration with no ipv4_enabled and private_network).

Do you think it would be possible for Terraform to not set these fields at all and let GCP default them as long as they are not set by the user?

Steps to Reproduce

1. terraform apply the second configuration provided.

[venkykuberan]

I am able to repro the error behavior and i see provider is defaulting to false for ipv4_enabled when its not in the config.
However i verified that API accepts the ip_configuration block without ipv4_enabled or private_network attributes. So i think provider should be able not set those fields in the request.

API - https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances/insert

request_body
{
  "databaseVersion": "MYSQL_5_7",
  "name": "sqlinstance-test-v3",
  "region": "us-central1",
  "settings": {
    "ipConfiguration": {
      "requireSsl": true
    },
    "pricingPlan": "PER_USE",
    "replicationType": "SYNCHRONOUS",
    "storageAutoResize": true,
    "tier": "db-f1-micro"
  }
}

response 
{
  "kind": "sql#operation",
  "targetLink": "https://content-sqladmin.googleapis.com/sql/v1beta4/projects/xxxx/instances/sqlinstance-test-v3",
  "status": "PENDING",
  "user": "xxx",
  "insertTime": "2020-03-31T21:56:32.037Z",
  "operationType": "CREATE",
  "name": "1788619f-41f5-49e9-92e6-c5376131a892",
  "targetId": "sqlinstance-test-v3",
  "selfLink": "https://content-sqladmin.googleapis.com/sql/v1beta4/projects/xxx/operations/1788619f-41f5-49e9-92e6-c5376131a892",
  "targetProject": "xxx"
}

@danawillow what are your thoughts on this ?

[danawillow]

Sounds like a bug to me! Will prepare a fix.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!