Day 1 of trying to adopt Pulumi: 1. Attempt to import a simple Database Instance from GCP as a test run 2.

pulumi import

imports resource and generates code for me to paste in to src 3. Paste code in verbatim. Supposedly "Not doing so will cause Pulumi to report that an update will happen on the next update command." 4. Run

pulumi up

5. Pulumi says resource needs to be updated.... diff shows no change between what is in my code and what was imported 😖

What does the Pulumi resource diff say? You can use

pulumi preview --diff

to see this, or the interactive

pulumi up

has a Details option.

Thanks for the reply @little-cartoon-10569.

import

gave me this code:

const development = new gcp.sql.DatabaseInstance("development", {
    databaseVersion: "MYSQL_5_7",
    instanceType: "CLOUD_SQL_INSTANCE",
    maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00",
    name: "development",
    project: "job-manager-1313",
    region: "australia-southeast1",
    settings: {
        backupConfiguration: {
            backupRetentionSettings: {
                retainedBackups: 7,
            },
            startTime: "12:00",
            transactionLogRetentionDays: 7,
        },
        connectorEnforcement: "NOT_REQUIRED",
        databaseFlags: [{
            name: "sql_mode",
            value: "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES",
        }],
        deletionProtectionEnabled: true,
        diskSize: 20,
        ipConfiguration: {
            authorizedNetworks: [
                {
                    name: "metabase",
                    value: "18.207.81.126",
                },
                {
                    name: "metabase",
                    value: "3.211.20.157",
                },
                {
                    name: "metabase",
                    value: "50.17.234.169",
                },
            ],
        },
        locationPreference: {
            zone: "australia-southeast1-b",
        },
        tier: "db-g1-small",
    },
}, {
    protect: true,
});

And the diff shows:

pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:prod::jm-infrastructure::pulumi:pulumi:Stack::jm-infrastructure-prod]
    ~ gcp:sql/databaseInstance:DatabaseInstance: (update) 🔒
        [id=development]
        [urn=urn:pulumi:prod::jm-infrastructure::gcp:sql/databaseInstance:DatabaseInstance::development]
        [provider=urn:pulumi:prod::jm-infrastructure::pulumi:providers:gcp::default_7_0_0::de106a4d-ada5-46c5-bd0c-93c589ccd16b]
        databaseVersion   : "MYSQL_5_7"
        instanceType      : "CLOUD_SQL_INSTANCE"
        maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00"
        name              : "development"
        project           : "job-manager-1313"
        region            : "australia-southeast1"
        settings          : {
            backupConfiguration      : {
                backupRetentionSettings    : {
                    retainedBackups: 7
                }
                startTime                  : "12:00"
                transactionLogRetentionDays: 7
            }
            connectorEnforcement     : "NOT_REQUIRED"
            databaseFlags            : [
                [0]: {
                    name      : "sql_mode"
                    value     : "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"
                }
            ]
            deletionProtectionEnabled: true
            diskSize                 : 20
            ipConfiguration          : {
                authorizedNetworks: [
                    [0]: {
                        name      : "metabase"
                        value     : "18.207.81.126"
                    }
                    [1]: {
                        name      : "metabase"
                        value     : "3.211.20.157"
                    }
                    [2]: {
                        name      : "metabase"
                        value     : "50.17.234.169"
                    }
                ]
            }
            locationPreference       : {
                zone      : "australia-southeast1-b"
            }
            tier                     : "db-g1-small"
        }

I don't see a diff there. A change line would be preceded by a

+

,

-

or

~

. No property will be changed. Maybe the diff will be in the opts? Perhaps you've turned on

protect

or changed the provider to an explicit one?

Thanks @little-cartoon-10569 In the diff the only highlighted line was near the top: ~ gcpsql/databaseInstanceDatabaseInstance: (update) 🔒 followed by all the detail. The

protect

opt was added by

pulumi import

, which said:

Please note that the imported resources are marked as protected. To destroy them you will need to remove the

protect

option and run

pulumi update

before the destroy will take effect.

This though just protects the resource from being deleted in pulumi, and doesn't map to GCP's understanding of a "protected" database instance, I would assume?

Hmm.. No, probably not. Though it's easy to check by exporting the state. However, it looks like there's no actual update: if there is an update, it will be only from code to state, not from state to GCP.

Unfortunately GCP logs showed an update occurred on the db instance when I ran

pulumi up

with this update 😕

What changed?

No idea. I can see the request body sent to the gcp api from pulumi, but it just looks like a full configuration object was sent that matches my pulumi code:

{

"protoPayload": {

"@type": "<http://type.googleapis.com/google.cloud.audit.AuditLog|type.googleapis.com/google.cloud.audit.AuditLog>",

"status": {},

"authenticationInfo": {

"principalEmail": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",

"serviceAccountDelegationInfo": [

{

"firstPartyPrincipal": {

"principalEmail": "<mailto:service-208387598303@compute-system.iam.gserviceaccount.com|service-208387598303@compute-system.iam.gserviceaccount.com>"

}

}

],

"principalSubject": "serviceAccount:<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>"

},

"requestMetadata": {

"callerIp": "35.244.123.212",

"requestAttributes": {

"time": "2023-11-14T22:16:16.607688Z",

"auth": {}

},

"destinationAttributes": {}

},

"serviceName": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",

"methodName": "cloudsql.instances.update",

"authorizationInfo": [

{

"resource": "projects/job-manager-1313/instances/development",

"permission": "cloudsql.instances.update",

"granted": true,

"resourceAttributes": {

"service": "<http://sqladmin.googleapis.com|sqladmin.googleapis.com>",

"name": "projects/job-manager-1313/instances/development",

"type": "<http://sqladmin.googleapis.com/Instance|sqladmin.googleapis.com/Instance>"

}

}

],

"resourceName": "projects/job-manager-1313/instances/development",

"request": {

"instance": "development",

"project": "job-manager-1313",

"body": {

"settings": {

"settingsVersion": "55",

"tier": "db-g1-small",

"availabilityType": "ZONAL",

"pricingPlan": "PER_USE",

"activationPolicy": "ALWAYS",

"ipConfiguration": {

"ipv4Enabled": true,

"requireSsl": false,

"authorizedNetworks": [

{

"value": "18.207.81.126",

"name": "metabase"

},

{

"value": "3.211.20.157",

"name": "metabase"

},

{

"value": "50.17.234.169",

"name": "metabase"

}

],

"enablePrivatePathForGoogleCloudServices": false

},

"storageAutoResize": true,

"locationPreference": {

"zone": "australia-southeast1-b"

},

"databaseFlags": [

{

"name": "sql_mode",

"value": "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"

}

],

"dataDiskType": "PD_SSD",

"backupConfiguration": {

"startTime": "12:00",

"enabled": false,

"binaryLogEnabled": false,

"pointInTimeRecoveryEnabled": false,

"transactionLogRetentionDays": 7,

"backupRetentionSettings": {

"retentionUnit": "COUNT",

"retainedBackups": 7

}

},

"dataDiskSizeGb": "20",

"connectorEnforcement": "NOT_REQUIRED",

"deletionProtectionEnabled": true

},

"instanceType": "CLOUD_SQL_INSTANCE"

},

"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest|type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest>"

},

"response": {

"insertTime": "2023-11-14T22:16:16.546Z",

"targetId": "development",

"kind": "sql#operation",

"targetLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/instances/development>",

"name": "9e6e9052-e2d7-4f10-81a7-c45b00000034",

"operationType": "UPDATE",

"targetProject": "job-manager-1313",

"user": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",

"instanceUid": "13-384018da-a400-488c-adee-3d00424a31da",

"status": "PENDING",

"selfLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/operations/9e6e9052-e2d7-4f10-81a7-c45b00000034>",

"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.Operation|type.googleapis.com/google.cloud.sql.v1beta4.Operation>"

}

},

"insertId": "-qmoxkld8rqd",

"resource": {

"type": "cloudsql_database",

"labels": {

"region": "australia-southeast1",

"project_id": "job-manager-1313",

"database_id": "job-manager-1313:development"

}

},

"timestamp": "2023-11-14T22:16:15.845761Z",

"severity": "NOTICE",

"logName": "projects/job-manager-1313/logs/cloudaudit.googleapis.com%2Factivity",

"operation": {

"id": "9e6e9052-e2d7-4f10-81a7-c45b00000034",

"producer": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",

"first": true

},

"receiveTimestamp": "2023-11-14T22:16:17.268862614Z"

}

That's weird. No change should mean, no change. Maybe someone over in #google-cloud would have a better idea?