Unable to reflect the change in cloudsql using the terraform refresh but terraform plan identity the changes in between remote state and the terraform state file

[ops18]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.12.25

• provider.google v2.18.1

Affected Resource(s)

• google_XXXXX
  resource "google_sql_database_instance" "master"

Terraform Configuration Files

main.tf
resource "google_sql_database_instance" "default" {
provider = google
project = var.project_id
name = var.name
database_version = var.database_version
region = var.region

settings {
tier = var.tier
activation_policy = var.activation_policy
availability_type = var.availability_type
authorized_gae_applications = var.authorized_gae_applications
dynamic "backup_configuration" {
for_each = [var.backup_configuration]
content {
binary_log_enabled = false
enabled = lookup(backup_configuration.value, "enabled", null)
start_time = lookup(backup_configuration.value, "start_time", null)
}
}
dynamic "ip_configuration" {
for_each = [local.ip_configurations[local.ip_configuration_enabled ? "enabled" : "disabled"]]
content {
ipv4_enabled = lookup(ip_configuration.value, "ipv4_enabled", null)
private_network = lookup(ip_configuration.value, "private_network", null)
require_ssl = lookup(ip_configuration.value, "require_ssl", null)

    dynamic "authorized_networks" {
      for_each = lookup(ip_configuration.value, "authorized_networks", [])
      content {
        name            = lookup(authorized_networks.value, "name", null)
        value           = lookup(authorized_networks.value, "value", null)
      }
    }
  }
}

var.tf
variable "project_id" {
type = string
description = "The project ID to manage the Cloud SQL resources"
default = "test-proj"
}

variable "name" {
type = string
description = "The name of the Cloud SQL resources"
default = "shpsqll2"
}

// required
variable "database_version" {
description = "The database version to use"
type = string
default = "POSTGRES_9_6"
}

// required
variable "region" {
type = string
description = "The region of the Cloud SQL resources"
default = "europe-west4"
}

variable "tier" {
description = "The tier for the master instance."
type = string
default = "db-f1-micro"

version.tf
terraform {
required_version = "> 0.12.6"
required_providers {
google = "> 2.18.0"
}
}

# Copy-paste your Terraform configurations here.
#
# For large Terraform configs, please use a service like Dropbox and share a link to the ZIP file.
# For security, you can also encrypt the files using our GPG public key:
#    https://www.hashicorp.com/security
#
# If reproducing the bug involves modifying the config file (e.g., apply a config,
# change a value, apply the config again, see the bug), then please include both:
# * the version of the config before the change, and
# * the version of the config after the change.

Debug Output

Panic Output

Expected Behavior

As the terraform is configure with the tier: db-f1-micro
Change the configureation from cloud console to db-custom-2-7680 and when run the terraform plan
a terraform plan should pick up the out of band change:
~ settings {
activation_policy = "ALWAYS"
authorized_gae_applications = []
availability_type = "REGIONAL"
crash_safe_replication = false
disk_autoresize = true
disk_size = 10
disk_type = "PD_SSD"
pricing_plan = "PER_USE"
replication_type = "SYNCHRONOUS"
~ tier = "db-custom-2-7680" -> "db-f1-micro"

Actual Behavior

But The terraform refresh does not pick up the out of band change:
test# terraform refresh
random_id.instance_name_suffix: Refreshing state... [id=9paedzw]
module.postgresql-db.null_resource.module_depends_on: Refreshing state... [id=3423931886575952786]
module.postgresql-db.google_sql_database_instance.default: Refreshing state... [id=tf-ha-sh-f6969e773c]
module.postgresql-db.random_id.user-password: Refreshing state... [id=BVaFKJvthfA]
module.postgresql-db.google_sql_database.default: Refreshing state... [id=tf-ha-sh-f6969e773c:tf-ha-sh]
module.postgresql-db.google_sql_user.default: Refreshing state... [id=tftest//tf-ha-sh-f6969e773c]

Outputs:

private_ip_address = 172.22.32.29
psql_conn = xxxxxx:europe-west4:tf-ha-sh-f6969e773c

It should not refresh the state with remote state and terraform statefile.
terraform plan pick up the changes but when run the terraform refresh to Update local state file against real resources it shoes nothings has been
test# terraform refresh
module.postgresql-db.null_resource.module_depends_on: Refreshing state... [id=3423931886575952786]
random_id.instance_name_suffix: Refreshing state... [id=9paedzw]
module.postgresql-db.google_sql_database_instance.default: Refreshing state... [id=tf-ha-sh-f6969e773c]
module.postgresql-db.google_sql_database.default: Refreshing state... [id=tf-ha-sh-f6969e773c:tf-ha-sh]
module.postgresql-db.random_id.user-password: Refreshing state... [id=BVaFKJvthfA]
module.postgresql-db.google_sql_user.default: Refreshing state... [id=tftest//tf-ha-sh-f6969e773c]

Outputs:

private_ip_address = 172.22.32.xx
psql_conn = xxxxxxxx:europe-west4:tf-ha-sh-f6969e773c

Steps to Reproduce

Create a New CloudSQL DB Instnace with the HCL conf provided above.
upgrade the instance's tier to any custom configuration like "db-custom-2-7680" through the Google Cloud console or gcloud CLI.
run terraform plan on the same HCL configuration.

1. terraform apply
   Enter a value: yes

module.postgresql-db.google_sql_database_instance.default: Modifying... [id=tf-ha-sh-f6969e773c]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 10s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 20s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 30s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 40s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 50s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m0s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m10s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m20s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m30s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m40s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 1m50s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 2m0s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 2m10s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 2m20s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 2m30s elapsed]
module.postgresql-db.google_sql_database_instance.default: Still modifying... [id=tf-ha-sh-f6969e773c, 2m40s elapsed]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Outputs:

private_ip_address = 172.22.32.29
psql_conn = xxxxxx:europe-west4:tf-ha-sh-f6969e773c

Important Factoids

References

• #0000

[megan07]

Hi @ops18! Thanks for reporting this issue. Can you clarify where the issue you're seeing is?
I ran through the steps to reproduce, and I think I'm seeing it working as I'd expect.

I created the instance with terraform tier='db-f1-micro' then update the tier to db-custom-2-7680 outside of terraform.

When I come back to look at the plan it shows ~ tier = "db-custom-2-7680" -> "db-f1-micro" which I would expect, since re-running my configuration would change the current value ("db-custom-2-7680") to the value in my initial configuration ("db-f1-micro")

It's possible I'm misunderstanding the steps to reproduce or your expected behavior, if so, please let me know and I can re-run and re-test.
Thanks again!

[ops18]

Yah its working fine with change the tier but I am warried about when I am running the terraform refresh it is not idenity the changes between the remote state and the terraform state file.
you can try the same. But before run terraform plan run the terraform refresh , and in refresh I am getting problem.

1. Create instance using the terraform resource
2. Change the configuration from Google cloud console to some other configuration
3. Once the instance is up then run the terraform refresh to check the status between the remote state with terraform state file
4. Here I am getting issue , but It working fine if I run the terraform plan it is identify the change and when I apply its creating the resource properly, but only terraform refresh is not idenity the changes .

(just check the terraform refresh)

Coreect me If I am missing any steps or configuration

[megan07]

Hi @ops18! Thank you for clarifying your steps. I've done the same steps and saw that terraform refresh updated the state file to db-custom-2-7680 right away. My understanding is that after refresh you are still seeing db-f1-micro? Have you seen terraform refresh not work for any other resources?

[ops18]

yes, it works now, its due to custom-tier for database, now when i changed the configuration it works.
Thanks for your time

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!