Day 1 of trying to adopt Pulumi: 1. Attempt to imp...
# general
c
Day 1 of trying to adopt Pulumi: 1. Attempt to import a simple Database Instance from GCP as a test run 2.
pulumi import
imports resource and generates code for me to paste in to src 3. Paste code in verbatim. Supposedly "Not doing so will cause Pulumi to report that an update will happen on the next update command." 4. Run
pulumi up
5. Pulumi says resource needs to be updated.... diff shows no change between what is in my code and what was imported 😖
l
What does the Pulumi resource diff say? You can use
pulumi preview --diff
to see this, or the interactive
pulumi up
has a Details option.
It is possible that you have an unusual setting that the code generation code doesn't know about.
c
Thanks for the reply @little-cartoon-10569.
import
gave me this code:
Copy code
const development = new gcp.sql.DatabaseInstance("development", {
    databaseVersion: "MYSQL_5_7",
    instanceType: "CLOUD_SQL_INSTANCE",
    maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00",
    name: "development",
    project: "job-manager-1313",
    region: "australia-southeast1",
    settings: {
        backupConfiguration: {
            backupRetentionSettings: {
                retainedBackups: 7,
            },
            startTime: "12:00",
            transactionLogRetentionDays: 7,
        },
        connectorEnforcement: "NOT_REQUIRED",
        databaseFlags: [{
            name: "sql_mode",
            value: "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES",
        }],
        deletionProtectionEnabled: true,
        diskSize: 20,
        ipConfiguration: {
            authorizedNetworks: [
                {
                    name: "metabase",
                    value: "18.207.81.126",
                },
                {
                    name: "metabase",
                    value: "3.211.20.157",
                },
                {
                    name: "metabase",
                    value: "50.17.234.169",
                },
            ],
        },
        locationPreference: {
            zone: "australia-southeast1-b",
        },
        tier: "db-g1-small",
    },
}, {
    protect: true,
});
And the diff shows:
Copy code
pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:prod::jm-infrastructure::pulumi:pulumi:Stack::jm-infrastructure-prod]
    ~ gcp:sql/databaseInstance:DatabaseInstance: (update) 🔒
        [id=development]
        [urn=urn:pulumi:prod::jm-infrastructure::gcp:sql/databaseInstance:DatabaseInstance::development]
        [provider=urn:pulumi:prod::jm-infrastructure::pulumi:providers:gcp::default_7_0_0::de106a4d-ada5-46c5-bd0c-93c589ccd16b]
        databaseVersion   : "MYSQL_5_7"
        instanceType      : "CLOUD_SQL_INSTANCE"
        maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00"
        name              : "development"
        project           : "job-manager-1313"
        region            : "australia-southeast1"
        settings          : {
            backupConfiguration      : {
                backupRetentionSettings    : {
                    retainedBackups: 7
                }
                startTime                  : "12:00"
                transactionLogRetentionDays: 7
            }
            connectorEnforcement     : "NOT_REQUIRED"
            databaseFlags            : [
                [0]: {
                    name      : "sql_mode"
                    value     : "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"
                }
            ]
            deletionProtectionEnabled: true
            diskSize                 : 20
            ipConfiguration          : {
                authorizedNetworks: [
                    [0]: {
                        name      : "metabase"
                        value     : "18.207.81.126"
                    }
                    [1]: {
                        name      : "metabase"
                        value     : "3.211.20.157"
                    }
                    [2]: {
                        name      : "metabase"
                        value     : "50.17.234.169"
                    }
                ]
            }
            locationPreference       : {
                zone      : "australia-southeast1-b"
            }
            tier                     : "db-g1-small"
        }
l
I don't see a diff there. A change line would be preceded by a
+
,
-
or
~
. No property will be changed. Maybe the diff will be in the opts? Perhaps you've turned on
protect
or changed the provider to an explicit one?
At a guess, you've turned on the
protect
opt.
You could export the stack and see if the resource has protect on in the state already. You have protect on in the code; if it's not on in the state, then that's the change (probably).
c
Thanks @little-cartoon-10569 In the diff the only highlighted line was near the top: ~ gcpsql/databaseInstanceDatabaseInstance: (update) 🔒 followed by all the detail. The
protect
opt was added by
pulumi import
, which said:
Please note that the imported resources are marked as protected. To destroy them you will need to remove the
protect
option and run
pulumi update
before the destroy will take effect.
This though just protects the resource from being deleted in pulumi, and doesn't map to GCP's understanding of a "protected" database instance, I would assume?
Ah so maybe post-import there is still an "update" required, as the new
protect
opt added by the import doesn't get initially saved to state..?
l
Hmm.. No, probably not. Though it's easy to check by exporting the state. However, it looks like there's no actual update: if there is an update, it will be only from code to state, not from state to GCP.
If there was a change to GCP, you'd see a property with a changing value (or a delete or an add).
c
Unfortunately GCP logs showed an update occurred on the db instance when I ran
pulumi up
with this update 😕
l
What changed?
c
No idea. I can see the request body sent to the gcp api from pulumi, but it just looks like a full configuration object was sent that matches my pulumi code:
{
"protoPayload": {
"@type": "<http://type.googleapis.com/google.cloud.audit.AuditLog|type.googleapis.com/google.cloud.audit.AuditLog>",
"status": {},
"authenticationInfo": {
"principalEmail": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",
"serviceAccountDelegationInfo": [
{
"firstPartyPrincipal": {
"principalEmail": "<mailto:service-208387598303@compute-system.iam.gserviceaccount.com|service-208387598303@compute-system.iam.gserviceaccount.com>"
}
}
],
"principalSubject": "serviceAccount:<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>"
},
"requestMetadata": {
"callerIp": "35.244.123.212",
"requestAttributes": {
"time": "2023-11-14T22:16:16.607688Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",
"methodName": "cloudsql.instances.update",
"authorizationInfo": [
{
"resource": "projects/job-manager-1313/instances/development",
"permission": "cloudsql.instances.update",
"granted": true,
"resourceAttributes": {
"service": "<http://sqladmin.googleapis.com|sqladmin.googleapis.com>",
"name": "projects/job-manager-1313/instances/development",
"type": "<http://sqladmin.googleapis.com/Instance|sqladmin.googleapis.com/Instance>"
}
}
],
"resourceName": "projects/job-manager-1313/instances/development",
"request": {
"instance": "development",
"project": "job-manager-1313",
"body": {
"settings": {
"settingsVersion": "55",
"tier": "db-g1-small",
"availabilityType": "ZONAL",
"pricingPlan": "PER_USE",
"activationPolicy": "ALWAYS",
"ipConfiguration": {
"ipv4Enabled": true,
"requireSsl": false,
"authorizedNetworks": [
{
"value": "18.207.81.126",
"name": "metabase"
},
{
"value": "3.211.20.157",
"name": "metabase"
},
{
"value": "50.17.234.169",
"name": "metabase"
}
],
"enablePrivatePathForGoogleCloudServices": false
},
"storageAutoResize": true,
"locationPreference": {
"zone": "australia-southeast1-b"
},
"databaseFlags": [
{
"name": "sql_mode",
"value": "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"
}
],
"dataDiskType": "PD_SSD",
"backupConfiguration": {
"startTime": "12:00",
"enabled": false,
"binaryLogEnabled": false,
"pointInTimeRecoveryEnabled": false,
"transactionLogRetentionDays": 7,
"backupRetentionSettings": {
"retentionUnit": "COUNT",
"retainedBackups": 7
}
},
"dataDiskSizeGb": "20",
"connectorEnforcement": "NOT_REQUIRED",
"deletionProtectionEnabled": true
},
"instanceType": "CLOUD_SQL_INSTANCE"
},
"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest|type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest>"
},
"response": {
"insertTime": "2023-11-14T22:16:16.546Z",
"targetId": "development",
"kind": "sql#operation",
"targetLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/instances/development>",
"name": "9e6e9052-e2d7-4f10-81a7-c45b00000034",
"operationType": "UPDATE",
"targetProject": "job-manager-1313",
"user": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",
"instanceUid": "13-384018da-a400-488c-adee-3d00424a31da",
"status": "PENDING",
"selfLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/operations/9e6e9052-e2d7-4f10-81a7-c45b00000034>",
"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.Operation|type.googleapis.com/google.cloud.sql.v1beta4.Operation>"
}
},
"insertId": "-qmoxkld8rqd",
"resource": {
"type": "cloudsql_database",
"labels": {
"region": "australia-southeast1",
"project_id": "job-manager-1313",
"database_id": "job-manager-1313:development"
}
},
"timestamp": "2023-11-14T22:16:15.845761Z",
"severity": "NOTICE",
"logName": "projects/job-manager-1313/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "9e6e9052-e2d7-4f10-81a7-c45b00000034",
"producer": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",
"first": true
},
"receiveTimestamp": "2023-11-14T22:16:17.268862614Z"
}
l
That's weird. No change should mean, no change. Maybe someone over in #google-cloud would have a better idea?