https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
l
What does the Pulumi resource diff say? You can use 
pulumi preview --diff
to see this, or the interactive 
pulumi up
has a Details option.
It is possible that you have an unusual setting that the code generation code doesn't know about.
c
Thanks for the reply @little-cartoon-10569. 
import
gave me this code:
Copy code
const development = new gcp.sql.DatabaseInstance("development", {
    databaseVersion: "MYSQL_5_7",
    instanceType: "CLOUD_SQL_INSTANCE",
    maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00",
    name: "development",
    project: "job-manager-1313",
    region: "australia-southeast1",
    settings: {
        backupConfiguration: {
            backupRetentionSettings: {
                retainedBackups: 7,
            },
            startTime: "12:00",
            transactionLogRetentionDays: 7,
        },
        connectorEnforcement: "NOT_REQUIRED",
        databaseFlags: [{
            name: "sql_mode",
            value: "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES",
        }],
        deletionProtectionEnabled: true,
        diskSize: 20,
        ipConfiguration: {
            authorizedNetworks: [
                {
                    name: "metabase",
                    value: "18.207.81.126",
                },
                {
                    name: "metabase",
                    value: "3.211.20.157",
                },
                {
                    name: "metabase",
                    value: "50.17.234.169",
                },
            ],
        },
        locationPreference: {
            zone: "australia-southeast1-b",
        },
        tier: "db-g1-small",
    },
}, {
    protect: true,
});
And the diff shows:
Copy code
pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:prod::jm-infrastructure::pulumi:pulumi:Stack::jm-infrastructure-prod]
    ~ gcp:sql/databaseInstance:DatabaseInstance: (update) 🔒
        [id=development]
        [urn=urn:pulumi:prod::jm-infrastructure::gcp:sql/databaseInstance:DatabaseInstance::development]
        [provider=urn:pulumi:prod::jm-infrastructure::pulumi:providers:gcp::default_7_0_0::de106a4d-ada5-46c5-bd0c-93c589ccd16b]
        databaseVersion   : "MYSQL_5_7"
        instanceType      : "CLOUD_SQL_INSTANCE"
        maintenanceVersion: "MYSQL_5_7_44.R20231105.01_00"
        name              : "development"
        project           : "job-manager-1313"
        region            : "australia-southeast1"
        settings          : {
            backupConfiguration      : {
                backupRetentionSettings    : {
                    retainedBackups: 7
                }
                startTime                  : "12:00"
                transactionLogRetentionDays: 7
            }
            connectorEnforcement     : "NOT_REQUIRED"
            databaseFlags            : [
                [0]: {
                    name      : "sql_mode"
                    value     : "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"
                }
            ]
            deletionProtectionEnabled: true
            diskSize                 : 20
            ipConfiguration          : {
                authorizedNetworks: [
                    [0]: {
                        name      : "metabase"
                        value     : "18.207.81.126"
                    }
                    [1]: {
                        name      : "metabase"
                        value     : "3.211.20.157"
                    }
                    [2]: {
                        name      : "metabase"
                        value     : "50.17.234.169"
                    }
                ]
            }
            locationPreference       : {
                zone      : "australia-southeast1-b"
            }
            tier                     : "db-g1-small"
        }
l
I don't see a diff there. A change line would be preceded by a 
+
, 
-
or 
~
. No property will be changed. Maybe the diff will be in the opts? Perhaps you've turned on 
protect
or changed the provider to an explicit one?
At a guess, you've turned on the 
protect
opt.
You could export the stack and see if the resource has protect on in the state already. You have protect on in the code; if it's not on in the state, then that's the change (probably).
c
Thanks @little-cartoon-10569 In the diff the only highlighted line was near the top: ~ gcpsql/databaseInstanceDatabaseInstance: (update) 🔒 followed by all the detail. The 
protect
opt was added by 
pulumi import
, which said:
Please note that the imported resources are marked as protected. To destroy them you will need to remove the 
protect
option and run 
pulumi update
before the destroy will take effect.
This though just protects the resource from being deleted in pulumi, and doesn't map to GCP's understanding of a "protected" database instance, I would assume?
Ah so maybe post-import there is still an "update" required, as the new 
protect
opt added by the import doesn't get initially saved to state..?
l
Hmm.. No, probably not. Though it's easy to check by exporting the state. However, it looks like there's no actual update: if there is an update, it will be only from code to state, not from state to GCP.
If there was a change to GCP, you'd see a property with a changing value (or a delete or an add).
c
Unfortunately GCP logs showed an update occurred on the db instance when I ran 
pulumi up
with this update 😕
l
What changed?
c
No idea. I can see the request body sent to the gcp api from pulumi, but it just looks like a full configuration object was sent that matches my pulumi code: 
{
"protoPayload": {
"@type": "<http://type.googleapis.com/google.cloud.audit.AuditLog|type.googleapis.com/google.cloud.audit.AuditLog>",
"status": {},
"authenticationInfo": {
"principalEmail": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",
"serviceAccountDelegationInfo": [
{
"firstPartyPrincipal": {
"principalEmail": "<mailto:service-208387598303@compute-system.iam.gserviceaccount.com|service-208387598303@compute-system.iam.gserviceaccount.com>"
}
}
],
"principalSubject": "serviceAccount:<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>"
},
"requestMetadata": {
"callerIp": "35.244.123.212",
"requestAttributes": {
"time": "2023-11-14T22:16:16.607688Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",
"methodName": "cloudsql.instances.update",
"authorizationInfo": [
{
"resource": "projects/job-manager-1313/instances/development",
"permission": "cloudsql.instances.update",
"granted": true,
"resourceAttributes": {
"service": "<http://sqladmin.googleapis.com|sqladmin.googleapis.com>",
"name": "projects/job-manager-1313/instances/development",
"type": "<http://sqladmin.googleapis.com/Instance|sqladmin.googleapis.com/Instance>"
}
}
],
"resourceName": "projects/job-manager-1313/instances/development",
"request": {
"instance": "development",
"project": "job-manager-1313",
"body": {
"settings": {
"settingsVersion": "55",
"tier": "db-g1-small",
"availabilityType": "ZONAL",
"pricingPlan": "PER_USE",
"activationPolicy": "ALWAYS",
"ipConfiguration": {
"ipv4Enabled": true,
"requireSsl": false,
"authorizedNetworks": [
{
"value": "18.207.81.126",
"name": "metabase"
},
{
"value": "3.211.20.157",
"name": "metabase"
},
{
"value": "50.17.234.169",
"name": "metabase"
}
],
"enablePrivatePathForGoogleCloudServices": false
},
"storageAutoResize": true,
"locationPreference": {
"zone": "australia-southeast1-b"
},
"databaseFlags": [
{
"name": "sql_mode",
"value": "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_TRANS_TABLES"
}
],
"dataDiskType": "PD_SSD",
"backupConfiguration": {
"startTime": "12:00",
"enabled": false,
"binaryLogEnabled": false,
"pointInTimeRecoveryEnabled": false,
"transactionLogRetentionDays": 7,
"backupRetentionSettings": {
"retentionUnit": "COUNT",
"retainedBackups": 7
}
},
"dataDiskSizeGb": "20",
"connectorEnforcement": "NOT_REQUIRED",
"deletionProtectionEnabled": true
},
"instanceType": "CLOUD_SQL_INSTANCE"
},
"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest|type.googleapis.com/google.cloud.sql.v1beta4.SqlInstancesUpdateRequest>"
},
"response": {
"insertTime": "2023-11-14T22:16:16.546Z",
"targetId": "development",
"kind": "sql#operation",
"targetLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/instances/development>",
"name": "9e6e9052-e2d7-4f10-81a7-c45b00000034",
"operationType": "UPDATE",
"targetProject": "job-manager-1313",
"user": "<mailto:208387598303-compute@developer.gserviceaccount.com|208387598303-compute@developer.gserviceaccount.com>",
"instanceUid": "13-384018da-a400-488c-adee-3d00424a31da",
"status": "PENDING",
"selfLink": "<https://sqladmin.googleapis.com/sql/v1beta4/projects/job-manager-1313/operations/9e6e9052-e2d7-4f10-81a7-c45b00000034>",
"@type": "<http://type.googleapis.com/google.cloud.sql.v1beta4.Operation|type.googleapis.com/google.cloud.sql.v1beta4.Operation>"
}
},
"insertId": "-qmoxkld8rqd",
"resource": {
"type": "cloudsql_database",
"labels": {
"region": "australia-southeast1",
"project_id": "job-manager-1313",
"database_id": "job-manager-1313:development"
}
},
"timestamp": "2023-11-14T22:16:15.845761Z",
"severity": "NOTICE",
"logName": "projects/job-manager-1313/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "9e6e9052-e2d7-4f10-81a7-c45b00000034",
"producer": "<http://cloudsql.googleapis.com|cloudsql.googleapis.com>",
"first": true
},
"receiveTimestamp": "2023-11-14T22:16:17.268862614Z"
}
l
That's weird. No change should mean, no change. Maybe someone over in #CRFUR2DGB would have a better idea?
4 Views
Open in Slack
PreviousNext
Powered by