google_sql_database_instance inconsistent private_network value

[joe-a-t]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform version 0.15.3
Google provider version 3.84.0

Affected Resource(s)

• google_sql_database_instance

Terraform Configuration Files

# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection
resource "google_compute_network" "network" {
  name = "default"
}

resource "google_compute_global_address" "private_ip_alloc" {
  name          = "private-ip-alloc"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = google_compute_network.network.id
}

resource "google_service_networking_connection" "this" {
  network                 = google_compute_network.network.id
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
}

# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
resource "google_sql_database_instance" "master" {
  name                = "master-instance"
  database_version    = "POSTGRES_11"
  region              = "us-central1"
  deletion_protection = false

  settings {
    ip_configuration {
      ipv4_enabled    = false
      private_network = google_compute_network.network.self_link
    }
    tier = "db-f1-micro"
  }

  depends_on = [
    google_service_networking_connection.this
  ]
}

resource "google_sql_database" "database" {
  name     = "my-database"
  instance = google_sql_database_instance.master.name
}

resource "google_sql_database_instance" "replica" {
  name                 = "replica-instance"
  database_version     = google_sql_database_instance.master.database_version
  region               = google_sql_database_instance.master.region
  master_instance_name = google_sql_database_instance.master.name
  deletion_protection  = false

  settings {
    ip_configuration {
      ipv4_enabled    = false
      private_network = google_sql_database_instance.master.settings[0].ip_configuration[0].private_network
    }
    tier = google_sql_database_instance.master.settings[0].tier
  }
}

Expected Behavior

All resources should have been properly created

Actual Behavior

...
google_sql_database_instance.master: Creation complete after 13m33s [id=master-instance]
google_sql_database.database: Creating...
google_sql_database.database: Creation complete after 8s [id=projects/FOO/instances/master-instance/databases/my-database]
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for google_sql_database_instance.replica to include
│ new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/google" produced an invalid new value for
│ .settings[0].ip_configuration[0].private_network: was
│ cty.StringVal("https://www.googleapis.com/compute/v1/projects/FOO/global/networks/default"),
│ but now
│ cty.StringVal("projects/FOO/global/networks/default").
│ 
│ This is a bug in the provider, which should be reported in the provider's own
│ issue tracker.

Steps to Reproduce

1. terraform apply that creates both the master and replica instance in the same apply. If the master instance already exists, the replica will successfully create.

Important Factoids

I think this traces back to private_network = google_compute_network.network.self_link on the master instance. It looks like private_network accepts both self_link and id for the network but once the DB instance is created, it will always export the network by its id. Is this simply a situation where we should use private_network = google_compute_network.network.id instead and avoid the self_link or should the provider handle this use case?

[edwardmedia]

@joe-a-t can you share the debug log that capture all the api calls?

[joe-a-t]

I censored some of the relevant fields with FOO/BAR/BAZ but this the plan then the relevant final couple of steps of the debug from applying the snippet I put in the initial issue (in case you want to reproduce or look at some of the earlier steps).

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_sql_database.database will be created
  + resource "google_sql_database" "database" {
      + charset   = (known after apply)
      + collation = (known after apply)
      + id        = (known after apply)
      + instance  = "master-instance-2"
      + name      = "my-database"
      + project   = (known after apply)
      + self_link = (known after apply)
    }

  # google_sql_database_instance.master will be created
  + resource "google_sql_database_instance" "master" {
      + connection_name               = (known after apply)
      + database_version              = "POSTGRES_11"
      + deletion_protection           = false
      + first_ip_address              = (known after apply)
      + id                            = (known after apply)
      + ip_address                    = (known after apply)
      + master_instance_name          = (known after apply)
      + name                          = "master-instance-2"
      + private_ip_address            = (known after apply)
      + project                       = (known after apply)
      + public_ip_address             = (known after apply)
      + region                        = "us-central1"
      + self_link                     = (known after apply)
      + server_ca_cert                = (known after apply)
      + service_account_email_address = (known after apply)

      + replica_configuration {
          + ca_certificate            = (known after apply)
          + client_certificate        = (known after apply)
          + client_key                = (known after apply)
          + connect_retry_interval    = (known after apply)
          + dump_file_path            = (known after apply)
          + failover_target           = (known after apply)
          + master_heartbeat_period   = (known after apply)
          + password                  = (sensitive value)
          + ssl_cipher                = (known after apply)
          + username                  = (known after apply)
          + verify_server_certificate = (known after apply)
        }

      + settings {
          + activation_policy           = (known after apply)
          + authorized_gae_applications = (known after apply)
          + availability_type           = (known after apply)
          + crash_safe_replication      = (known after apply)
          + disk_autoresize             = true
          + disk_autoresize_limit       = 0
          + disk_size                   = (known after apply)
          + disk_type                   = (known after apply)
          + pricing_plan                = "PER_USE"
          + replication_type            = (known after apply)
          + tier                        = "db-f1-micro"
          + user_labels                 = (known after apply)
          + version                     = (known after apply)

          + backup_configuration {
              + binary_log_enabled             = (known after apply)
              + enabled                        = (known after apply)
              + location                       = (known after apply)
              + point_in_time_recovery_enabled = (known after apply)
              + start_time                     = (known after apply)
              + transaction_log_retention_days = (known after apply)

              + backup_retention_settings {
                  + retained_backups = (known after apply)
                  + retention_unit   = (known after apply)
                }
            }

          + ip_configuration {
              + ipv4_enabled    = false
              + private_network = "https://www.googleapis.com/compute/v1/projects/FOO/global/networks/default"
            }

          + location_preference {
              + follow_gae_application = (known after apply)
              + zone                   = (known after apply)
            }
        }
    }

  # google_sql_database_instance.replica will be created
  + resource "google_sql_database_instance" "replica" {
      + connection_name               = (known after apply)
      + database_version              = "POSTGRES_11"
      + deletion_protection           = false
      + first_ip_address              = (known after apply)
      + id                            = (known after apply)
      + ip_address                    = (known after apply)
      + master_instance_name          = "master-instance-2"
      + name                          = "replica-instance-2"
      + private_ip_address            = (known after apply)
      + project                       = (known after apply)
      + public_ip_address             = (known after apply)
      + region                        = "us-central1"
      + self_link                     = (known after apply)
      + server_ca_cert                = (known after apply)
      + service_account_email_address = (known after apply)

      + replica_configuration {
          + ca_certificate            = (known after apply)
          + client_certificate        = (known after apply)
          + client_key                = (known after apply)
          + connect_retry_interval    = (known after apply)
          + dump_file_path            = (known after apply)
          + failover_target           = (known after apply)
          + master_heartbeat_period   = (known after apply)
          + password                  = (sensitive value)
          + ssl_cipher                = (known after apply)
          + username                  = (known after apply)
          + verify_server_certificate = (known after apply)
        }

      + settings {
          + activation_policy           = (known after apply)
          + authorized_gae_applications = (known after apply)
          + availability_type           = (known after apply)
          + crash_safe_replication      = (known after apply)
          + disk_autoresize             = true
          + disk_autoresize_limit       = 0
          + disk_size                   = (known after apply)
          + disk_type                   = (known after apply)
          + pricing_plan                = "PER_USE"
          + replication_type            = (known after apply)
          + tier                        = "db-f1-micro"
          + user_labels                 = (known after apply)
          + version                     = (known after apply)

          + backup_configuration {
              + binary_log_enabled             = (known after apply)
              + enabled                        = (known after apply)
              + location                       = (known after apply)
              + point_in_time_recovery_enabled = (known after apply)
              + start_time                     = (known after apply)
              + transaction_log_retention_days = (known after apply)

              + backup_retention_settings {
                  + retained_backups = (known after apply)
                  + retention_unit   = (known after apply)
                }
            }

          + ip_configuration {
              + ipv4_enabled    = false
              + private_network = "https://www.googleapis.com/compute/v1/projects/FOO/global/networks/default"
            }

          + location_preference {
              + follow_gae_application = (known after apply)
              + zone                   = (known after apply)
            }
        }
    }

Plan: 3 to add, 0 to change, 0 to destroy.
...

-----------------------------------------------------: timestamp=2021-09-20T14:10:55.901-0500
2021-09-20T14:10:55.902-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:10:55 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:10:55.901-0500
2021-09-20T14:10:55.902-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:10:55 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:10:55.901-0500
2021-09-20T14:10:55.902-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:10:55 [DEBUG] Got RUNNING while polling for operation dd724737-0192-45e5-baa3-ef272ad77778's status: timestamp=2021-09-20T14:10:55.901-0500
2021-09-20T14:10:55.902-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:10:55 [TRACE] Waiting 10s before next try: timestamp=2021-09-20T14:10:55.902-0500
google_sql_database_instance.master: Still creating... [11m11s elapsed]
2021-09-20T14:11:05.904-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Waiting for state to become: [success]: timestamp=2021-09-20T14:11:05.904-0500
2021-09-20T14:11:05.904-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-09-20T14:11:05.904-0500
2021-09-20T14:11:05.904-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-09-20T14:11:05.904-0500
2021-09-20T14:11:05.904-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /sql/v1beta4/projects/FOO/operations/dd724737-0192-45e5-baa3-ef272ad77778?alt=json&prettyPrint=false HTTP/1.1
Host: sqladmin.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/0.15.3 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.84.0
X-Goog-Api-Client: gl-go/1.16.2 gdcl/20210606
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-09-20T14:11:05.904-0500
2021-09-20T14:11:05.967-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Mon, 20 Sep 2021 19:11:06 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
 "kind": "sql#operation",
 "targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/instances/master-instance-2",
 "status": "DONE",
 "user": "BAR",
 "insertTime": "2021-09-20T18:59:50.997Z",
 "startTime": "2021-09-20T18:59:52.220Z",
 "endTime": "2021-09-20T19:11:04.041Z",
 "operationType": "CREATE",
 "name": "dd724737-0192-45e5-baa3-ef272ad77778",
 "targetId": "master-instance-2",
 "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/operations/dd724737-0192-45e5-baa3-ef272ad77778",
 "targetProject": "FOO"
}
-----------------------------------------------------: timestamp=2021-09-20T14:11:05.967-0500
2021-09-20T14:11:05.967-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:11:05.967-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:11:05.967-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Got DONE while polling for operation dd724737-0192-45e5-baa3-ef272ad77778's status: timestamp=2021-09-20T14:11:05.967-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Waiting for state to become: [success]: timestamp=2021-09-20T14:11:05.967-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [INFO] Instantiating Google SqlAdmin client for path https://sqladmin.googleapis.com/: timestamp=2021-09-20T14:11:05.968-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-09-20T14:11:05.968-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-09-20T14:11:05.968-0500
2021-09-20T14:11:05.968-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:05 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /sql/v1beta4/projects/FOO/instances/master-instance-2?alt=json&prettyPrint=false HTTP/1.1
Host: sqladmin.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/0.15.3 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.84.0
X-Goog-Api-Client: gl-go/1.16.2 gdcl/20210606
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-09-20T14:11:05.968-0500
2021-09-20T14:11:06.047-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Mon, 20 Sep 2021 19:11:06 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
 "kind": "sql#instance",
 "state": "RUNNABLE",
 "databaseVersion": "POSTGRES_11",
 "settings": {
  "authorizedGaeApplications": [],
  "tier": "db-f1-micro",
  "kind": "sql#settings",
  "availabilityType": "ZONAL",
  "pricingPlan": "PER_USE",
  "replicationType": "SYNCHRONOUS",
  "activationPolicy": "ALWAYS",
  "ipConfiguration": {
   "privateNetwork": "projects/FOO/global/networks/default",
   "authorizedNetworks": [],
   "ipv4Enabled": false,
   "requireSsl": false
  },
  "locationPreference": {
   "zone": "us-central1-f",
   "kind": "sql#locationPreference"
  },
  "dataDiskType": "PD_SSD",
  "backupConfiguration": {
   "startTime": "02:00",
   "kind": "sql#backupConfiguration",
   "backupRetentionSettings": {
    "retentionUnit": "COUNT",
    "retainedBackups": 7
   },
   "enabled": false,
   "transactionLogRetentionDays": 7
  },
  "settingsVersion": "1",
  "storageAutoResizeLimit": "0",
  "storageAutoResize": true,
  "dataDiskSizeGb": "10"
 },
 "etag": "6187ba4503defc3bac37669888ec5a00c0e3b7edf0d744f9de3e20fbff003d75",
 "ipAddresses": [
  {
   "type": "PRIVATE",
   "ipAddress": "10.20.0.9"
  }
 ],
 "serverCaCert": {
  "kind": "sql#sslCert",
  "certSerialNumber": "0",
  "cert": "-----BEGIN CERTIFICATE-----\BAZ\n-----END CERTIFICATE-----",
  "commonName": "C=US,O=Google\\, Inc,CN=Google Cloud SQL Server CA,dnQualifier=BAZ",
  "sha1Fingerprint": "BAZ",
  "instance": "master-instance-2",
  "createTime": "2021-09-20T19:00:50.780Z",
  "expirationTime": "2031-09-18T19:01:50.780Z"
 },
 "instanceType": "CLOUD_SQL_INSTANCE",
 "project": "FOO",
 "serviceAccountEmailAddress": "[email protected]",
 "backendType": "SECOND_GEN",
 "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/instances/master-instance-2",
 "connectionName": "FOO:us-central1:master-instance-2",
 "name": "master-instance-2",
 "region": "us-central1",
 "gceZone": "us-central1-f",
 "createTime": "2021-09-20T18:59:50.180Z"
}
-----------------------------------------------------: timestamp=2021-09-20T14:11:06.046-0500
2021-09-20T14:11:06.047-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:11:06.046-0500
2021-09-20T14:11:06.047-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:11:06.046-0500
2021-09-20T14:11:06.047-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Waiting for state to become: [success]: timestamp=2021-09-20T14:11:06.047-0500
2021-09-20T14:11:06.047-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [INFO] Instantiating Google SqlAdmin client for path https://sqladmin.googleapis.com/: timestamp=2021-09-20T14:11:06.047-0500
2021-09-20T14:11:06.048-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-09-20T14:11:06.048-0500
2021-09-20T14:11:06.048-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-09-20T14:11:06.048-0500
2021-09-20T14:11:06.048-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:06 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /sql/v1beta4/projects/FOO/instances/master-instance-2/users?alt=json&prettyPrint=false HTTP/1.1
Host: sqladmin.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/0.15.3 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.84.0
X-Goog-Api-Client: gl-go/1.16.2 gdcl/20210606
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-09-20T14:11:06.048-0500
google_sql_database_instance.master: Still creating... [11m21s elapsed]
2021-09-20T14:11:13.224-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Mon, 20 Sep 2021 19:11:13 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
 "kind": "sql#usersList",
 "items": [
  {
   "kind": "sql#user",
   "etag": "2032138c74a184e2c55ff9e7baae6314710a4de35ffb47021a5794ad80b52961",
   "name": "postgres",
   "host": "",
   "instance": "master-instance-2",
   "project": "FOO"
  }
 ]
}
-----------------------------------------------------: timestamp=2021-09-20T14:11:13.224-0500
2021-09-20T14:11:13.224-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:11:13.224-0500
2021-09-20T14:11:13.224-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:11:13.224-0500
2021-09-20T14:11:13.225-0500 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/google\"]" produced an unexpected new value for google_sql_database_instance.master, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .settings[0].collation: was null, but now cty.StringVal("")
      - .settings[0].ip_configuration[0].require_ssl: was null, but now cty.False
      - .settings[0].ip_configuration[0].private_network: was cty.StringVal("https://www.googleapis.com/compute/v1/projects/FOO/global/networks/default"), but now cty.StringVal("projects/FOO/global/networks/default")
google_sql_database_instance.master: Creation complete after 11m24s [id=master-instance-2]
google_sql_database.database: Creating...
2021-09-20T14:11:13.253-0500 [INFO]  Starting apply for google_sql_database.database
2021-09-20T14:11:13.254-0500 [DEBUG] google_sql_database.database: applying the planned Create change
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Locking "google-sql-database-instance-FOO-master-instance-2": timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Locked "google-sql-database-instance-FOO-master-instance-2": timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Creating new Database: map[string]interface {}{"instance":"master-instance-2", "name":"my-database"}: timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Waiting for state to become: [success]: timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.255-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:13 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
POST /sql/v1beta4/projects/FOO/instances/master-instance-2/databases?alt=json HTTP/1.1
Host: sqladmin.googleapis.com
User-Agent: Terraform/0.15.3 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.84.0
Content-Length: 54
Content-Type: application/json
Accept-Encoding: gzip

{
 "instance": "master-instance-2",
 "name": "my-database"
}

-----------------------------------------------------: timestamp=2021-09-20T14:11:13.255-0500
2021-09-20T14:11:13.261-0500 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an invalid plan for google_sql_database_instance.replica, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .replica_configuration: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
      - .settings[0].pricing_plan: planned value cty.StringVal("PER_USE") for a non-computed attribute
      - .settings[0].disk_autoresize: planned value cty.True for a non-computed attribute
      - .settings[0].disk_autoresize_limit: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .settings[0].backup_configuration: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
      - .settings[0].location_preference: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Mon, 20 Sep 2021 19:11:17 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "kind": "sql#operation",
  "targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/instances/master-instance-2/databases/my-database",
  "status": "DONE",
  "user": "BAR",
  "insertTime": "2021-09-20T19:11:13.471Z",
  "startTime": "2021-09-20T19:11:13.486Z",
  "endTime": "2021-09-20T19:11:17.782Z",
  "operationType": "CREATE_DATABASE",
  "name": "4134f2e8-e0a3-4b1f-9a86-1962438da87f",
  "targetId": "master-instance-2",
  "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/operations/4134f2e8-e0a3-4b1f-9a86-1962438da87f",
  "targetProject": "FOO"
}

-----------------------------------------------------: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [INFO] Instantiating Google SqlAdmin client for path https://sqladmin.googleapis.com/: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Finished creating Database "projects/FOO/instances/master-instance-2/databases/my-database": map[string]interface {}{"endTime":"2021-09-20T19:11:17.782Z", "insertTime":"2021-09-20T19:11:13.471Z", "kind":"sql#operation", "name":"4134f2e8-e0a3-4b1f-9a86-1962438da87f", "operationType":"CREATE_DATABASE", "selfLink":"https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/operations/4134f2e8-e0a3-4b1f-9a86-1962438da87f", "startTime":"2021-09-20T19:11:13.486Z", "status":"DONE", "targetId":"master-instance-2", "targetLink":"https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/instances/master-instance-2/databases/my-database", "targetProject":"FOO", "user":"BAR"}: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Waiting for state to become: [success]: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.744-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.746-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:17.746-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:17 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /sql/v1beta4/projects/FOO/instances/master-instance-2/databases/my-database?alt=json HTTP/1.1
Host: sqladmin.googleapis.com
User-Agent: Terraform/0.15.3 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.84.0
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-09-20T14:11:17.744-0500
2021-09-20T14:11:20.460-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:20 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Mon, 20 Sep 2021 19:11:20 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "kind": "sql#database",
  "charset": "UTF8",
  "collation": "en_US.UTF8",
  "etag": "229ca4394b173a23e7d69e04fc1eff974646088367085c7c49c6c29e19a83108",
  "name": "my-database",
  "instance": "master-instance-2",
  "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/FOO/instances/master-instance-2/databases/my-database",
  "project": "FOO"
}

-----------------------------------------------------: timestamp=2021-09-20T14:11:20.460-0500
2021-09-20T14:11:20.461-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:20 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-09-20T14:11:20.460-0500
2021-09-20T14:11:20.461-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:20 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-09-20T14:11:20.460-0500
2021-09-20T14:11:20.461-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:20 [DEBUG] Unlocking "google-sql-database-instance-FOO-master-instance-2": timestamp=2021-09-20T14:11:20.461-0500
2021-09-20T14:11:20.461-0500 [INFO]  provider.terraform-provider-google_v3.84.0_x5: 2021/09/20 14:11:20 [DEBUG] Unlocked "google-sql-database-instance-FOO-master-instance-2": timestamp=2021-09-20T14:11:20.461-0500
google_sql_database.database: Creation complete after 7s [id=projects/FOO/instances/master-instance-2/databases/my-database]
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for google_sql_database_instance.replica to include
│ new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/google" produced an invalid new value for
│ .settings[0].ip_configuration[0].private_network: was
│ cty.StringVal("https://www.googleapis.com/compute/v1/projects/FOO/global/networks/default"),
│ but now
│ cty.StringVal("projects/FOO/global/networks/default").
│ 
│ This is a bug in the provider, which should be reported in the provider's own
│ issue tracker.
╵
2021-09-20T14:11:20.509-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-09-20T14:11:20.512-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/google/3.84.0/darwin_amd64/terraform-provider-google_v3.84.0_x5 pid=80829
2021-09-20T14:11:20.530-0500 [DEBUG] provider: plugin exited

[edwardmedia]

@joe-a-t what do you see if you use the same format for the private_network?

resource "google_sql_database_instance" "replica" {
  name                 = "replica-instance"
  database_version     = google_sql_database_instance.master.database_version
  region               = google_sql_database_instance.master.region
  master_instance_name = google_sql_database_instance.master.name
  deletion_protection  = false

  settings {
    ip_configuration {
      ipv4_enabled    = false
      private_network = google_compute_network.network.self_link
    }
    tier = google_sql_database_instance.master.settings[0].tier
  }
}

[joe-a-t]

Either explicitly passing the network to the replica as you suggest (not ideal in our situation since the replica is wrapped inside of a separate module so it would require an extra module input) or using .id on the master instead of .self_link both work. I'm mainly asking for guidance on should we be using .id on the master instead of .self_link (and should there be guidance published on this) or do you as the provider maintainers expect that (and plan to make changes so that) the provider will smooth out .id and .self_link differences so that they get treated the same and that we can avoid hitting this edge case using the snippet I opened the ticket with.

resource "google_sql_database_instance" "master" {
  name                = "master-instance"
  database_version    = "POSTGRES_11"
  region              = "us-central1"
  deletion_protection = false

  settings {
    ip_configuration {
      ipv4_enabled    = false
      private_network = google_compute_network.network.id
    }
    tier = "db-f1-micro"
  }

  depends_on = [
    google_service_networking_connection.this
  ]
}

[edwardmedia]

@joe-a-t yes. You are right. Setting both to .id is another way for this issue. There was an initiative in the provider so that using .id is actually recommended across the board.
Sometimes, .id is the same as self_link and other times they are different. For the google_compute_network, they are different. In your case, it creates difference for this field from plan to the apply when the replica is being created. That behavior is controlled at SDK Core. Does this make sense?

[joe-a-t]

Yep, that all makes sense. I think we had missed the memo that .id was recommended instead of .self_link (not sure if there's a better way to elevate that in the docs or not). So is my take away that we should switch our usage to .id and there will likely not be work on the provider side to solve the .self_link edge case here? If so, that's completely fine, just wanted clarity.

[edwardmedia]

@joe-a-t you are right. I don't think there will be a solution in the provider side. Please switch to .id. Sorry about the inconvenience. Closing the issue then

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.