Add CMEK option in this module for cluster and automayer backup.

Currently the module does not support configuration for query insights, so any manual enabling of query insights on a primary or read instance results in a terraform plan that wants to revert those settings.

example except from plan with a primary instance that has had query insights enabled

~ resource "google_alloydb_instance" "primary" {
    ...
      - query_insights_config {
          - query_plans_per_minute  = 5 -> null
          - query_string_length     = 1024 -> null
          - record_application_tags = false -> null
          - record_client_address   = false -> null
        }
    ...
    }

If you omit the optional cluster_initial_user what are the default credentials? 🤔 seeing as how it's optional I didn't add it and now I'm having issues authenticating. Any idea? Thanks! Great work btw

Hi Team,

We're using this module to provision a primary and a secondary AlloyDB cluster. Everything works well but we're facing a weird issue with DB flags in the secondary cluster. These flags are replicated into secondary from the primary but a subsequent Terraform apply is trying to remove them from the secondary cluster. I believe this is expected from the Terraform's side because DB flags were never part of the its state for the secondary cluster.

Here is the plan

// us-west1 is our secondary cluster

# module.alloydb["us-west1"].module.this.google_alloydb_instance.primary will be updated in-place
  ~ resource "google_alloydb_instance" "primary" {
      ~ database_flags        = {
          - "alloydb.enable_pgaudit"     = "on" -> null
          - "alloydb.iam_authentication" = "on" -> null
          - "log_connections"            = "on" -> null
          - "log_disconnections"         = "on" -> null
          - "log_replication_commands"   = "on" -> null
          - "log_statement"              = "all" -> null
          - "log_timezone"               = "CET" -> null
          - "pgaudit.log"                = "ddl,write" -> null
        }
        # (20 unchanged attributes hidden)
        # (3 unchanged blocks hidden)
    }

TF version - Terraform v1.9.0
Module version - ~> 2.0

Are we doing something wrong here? Any help or pointers will be highly appreciated. Thanks in advance.

Hi,
I was using this alloy-db module but seems like there is no output variable configured for private IP address of alloydb instance.
May I know any way to fetch it out in the same terraform configuration

Currently it is not possible to define the database_version for the AlloyDB cluster.
By default POSTGRES_14 is used, however there are cases when POSTGRES_15 may be needed. Additionally to be future-proof it makes sense to add the database_version variable to set the version.

The network_self_link attribute actually will not accept a network's self_link. If a self link is provided, an error like the below is seen:

Error: Error creating Cluster: googleapi: Error 499: malformed network path: "https://www.googleapis.com/compute/v1/projects/myproject123/global/networks/mynetworkname"

The usage example in the main README.md composes the value as below:

  network_self_link = "projects/${project_id}/global/networks/${network_name}"

I believe that format is known as a resource's id. In my experience, the convention is to pass self_links around, so ideally the module internals would be changed to support accepting an actual self_link (perhaps falling back to accepting an id if possible).

Add support for continuous backup. TPG version 4.77

AlloyDB now provides an ability to configure various SSL enforcement modes.
Public docs: instance-ssl

Terraform AlloyDB instance resource is already supporting SSL. Document

Currently we have to manually enable it from web interface.
Please can we have this issue resolved ?

Following this read_pool_instance example leads to an invalid configuration.

Specifically, machine_cpu_count = 1 is invalid, and leads to this error in terraform apply:

module.alloy-db.google_alloydb_instance.read_pool["read-instance-1"]: Creating...
╷
│ Error: Error creating Instance: googleapi: Error 400: The request was invalid: Invalid machine (CPU) config: cpu_count must be one of [2 4 8 16 32 64 96 128]: got 1
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.BadRequest",
│     "fieldViolations": [
│       {
│         "field": "machineConfig"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.RequestInfo",
│     "requestId": "b201b76e23f334d7"
│   }
│ ]
│ 
│   with module.alloy-db.google_alloydb_instance.read_pool["read-instance-1"],
│   on .terraform/modules/alloy-db/main.tf line 177, in resource "google_alloydb_instance" "read_pool":
│  177: resource "google_alloydb_instance" "read_pool" {

The multiple read_pool example will also have this error.

Suggestion:

• fix examples with valid configuration
• add validation in the module to check for valid configurations

When using the module, the primary instance is always showing as 'Objects have changed outside of Terraform' due to the update_time attribute on the instance.

Versions:
google provider v5.26.0
Terraform v1.8.4

module "alloydb" {
  source  = "GoogleCloudPlatform/alloy-db/google"
  version = "~> 2.0"

  project_id       = var.project_id
  cluster_id       = var.product
  cluster_location = "europe-west2"

  network_self_link = data.google_compute_network.default.id

  database_version = "POSTGRES_15"

  primary_instance = {
    instance_id = "primary"
    database_flags = {
      "alloydb.iam_authentication" = "on"
    }
    ssl_mode          = "ENCRYPTED_ONLY"
    machine_cpu_count = var.alloydb_cpu_count
    availability_type = var.alloydb_availability_type
    gce_zone          = var.alloydb_gce_zone
  }

  depends_on = [google_service_networking_connection.vpc_connection, google_compute_global_address.alloydb_private_ip_alloc]
  
}

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.chatbot_product.module.alloydb.google_alloydb_instance.primary has changed
  ~ resource "google_alloydb_instance" "primary" {
        id                    = "projects/my-project/locations/europe-west2/clusters/my-cluster/instances/primary"
        name                  = "projects/my-project/locations/europe-west2/clusters/my-cluster/instances/primary"
      ~ update_time           = "2024-05-30T14:05:05.6364540[19]Z" -> "2024-06-03T09:46:08.658064797Z"
        # (15 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

I can't seem to find any indication as to what is causing the update or what the update was. We can't ignore the attribute because the module wraps the creation of the resource.

I'm using the PSC example, run terraform apply, and it applies perfectly. PSC attachment is created and I can access the cluster using the internal IP.

When I run terraform plan again, it tries to change the cluster network_config parameter:

Terraform will perform the following actions:

  # module.alloydb_main["REDACTED"].google_alloydb_cluster.default will be updated in-place
  ~ resource "google_alloydb_cluster" "default" {
        id                     = "projects/REDACTED/locations/europe-west1/clusters/REDACTED"
        name                   = "projects/REDACTED/locations/europe-west1/clusters/REDACTED"
        # (18 unchanged attributes hidden)

      + network_config {}

        # (3 unchanged blocks hidden)
    }

let me know if I can do something to help, I'm still trying to find the root cause

Any possible way to get the ip_address of the primary instance? 🤔
I know the outputs are not part of the module but just wanted to see if that was possible

Not an issue but a question. I would like to start using this module but I don't see it published in Terraform Modules.
Thanks

I was trying to pass in a variable to control CPU count on read instance but doesn't work. It appears the resource doesn't take in a machine_cpu_count like the primary resource

resource "google_alloydb_instance" "read_pool" {
  for_each      = local.read_pool_instance
  cluster       = google_alloydb_cluster.default.name
  instance_id   = each.key
  instance_type = each.value.instance_type

  read_pool_config {
    node_count = each.value.node_count
  }

  database_flags = each.value.database_flags

  depends_on = [google_alloydb_instance.primary]
}

Description

With the current version of the module, we can't create public read instances.

I've created a PR to add all the needed options: #90

Can anyone review this and release a new version please ?

Hi,

I'm having trouble using v2.0.0 release. We are using this module on terragrunt latest with terraform 1.6.6

󰀵  tf --version
Terraform v1.6.6
on darwin_arm64

󰀵  tg --version
terragrunt version v0.54.12

To reproduce:

#versions.tf
terraform {
  required_version = ">= 1.6.6"
    google = {
      source  = "hashicorp/google"
      version = ">= 5.5, < 6"
    }
  }
}

#alloydb.tf
module "alloy-db" {
  for_each         = local.alloydb_primary_instances
  source           = "GoogleCloudPlatform/alloy-db/google"
  version = "~> 2.0"
  project_id       = var.project_id
  cluster_location = var.region
  cluster_id       = local.cluster_id
  cluster_labels   = local.cluster_labels

  cluster_initial_user = local.cluster_initial_user

  network_self_link = local.network_self_link

  automated_backup_policy = null


  primary_instance = {
    .
    .
    .  
}

  read_pool_instance = local.read_pool_instances
}

ERROR:

│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider
│ hashicorp/google: no available releases match the given constraints >=
│ 3.43.0, >= 3.53.0, >= 4.38.0, >= 4.42.0, != 4.65.0, != 4.65.1, >= 4.74.0,
│ >= 4.76.0, < 5.0.0, >= 5.5.0, < 6.0.0

Trouble seems to come with the google-beta - Installing hashicorp/google-beta v4.84.0

Using module version v1.0.0 has no problem. Any suggestion?

Hi all,

I think that this line:

Needs to be updated to:

 gce_zone          = each.value.availability_type == "ZONAL" ? each.value.gce_zone : null 

Currently when I try to use the module this error occurs:

╷
│ Error: Unsupported attribute
│ 
│   on terraform-google-alloy-db/main.tf line 147, in resource "google_alloydb_instance" "read_pool":
│  147:   gce_zone          = each.value.availability_type == "ZONAL" ? each.value.availability_type.gce_zone : null
│     ├────────────────
│     │ each.value.availability_type is "ZONAL"
│ 
│ Can't access attributes on a primitive-typed value (string).

These are the provider versions I'm using:

$ terraform version

Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v5.5.0
+ provider registry.terraform.io/hashicorp/google-beta v5.5.0
+ provider registry.terraform.io/hashicorp/random v3.5.1

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): Update dependency go to v1.22.6
• chore(deps): Update Terraform GoogleCloudPlatform/alloy-db/google to v3
• chore(deps): Update Terraform terraform-google-modules/project-factory/google to v16
• feat(deps): Update Terraform google to v6
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Please enable network_config and authorized_external_networks blocks with their respective variables in google_alloydb_instance.

More information: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/alloydb_instance#nested_network_config

Ty.

It looks like creation of a basic (zonal) AlloyDB instance is now GA (https://cloud.google.com/alloydb/docs/basic-instance#gcloud)

Can we add Terraform Support for creating this type of AlloyDB instance?