Fix sql_database_instance creation to remove root user earlier #6922
Conversation
…is no longer needed
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 2 files changed, 159 insertions(+), 27 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccLoggingBucketConfigProject_cmekSettings|TestAccFirebaserulesRelease_BasicRelease |
|
@roaks3: You don't get a reviewer assigned by the Magician anymore, btw! You can assign @GoogleCloudPlatform/terraform-team to roll one. |
roaks3
requested review from
a team and
shuyama1
and removed request for
a team
There was a problem hiding this comment.
Only a small nitpick. The code looks good assuming test passes: https://ci-oss.hashicorp.engineering/buildConfiguration/GoogleCloudBeta_ProviderGoogleCloudBetaMmUpstream/359834
| tier = "db-f1-micro" | ||
| backup_configuration { | ||
| enabled = false | ||
| } |
There was a problem hiding this comment.
Only nit: spacing is bit off here -- should be spaces instead of tabs
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 2 files changed, 159 insertions(+), 27 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccLoggingBucketConfigProject_cmekSettings |
|
https://ci-oss.hashicorp.engineering/buildConfiguration/GoogleCloudBeta_ProviderGoogleCloudBetaMmUpstream/359847 |
|
Yea, this test passes locally, but we are hitting an issue in CI with a number of these related tests (like |
|
I did some investigating on this test failure and captured my work in hashicorp/terraform-provider-google#12902. I will hold off on merging this momentarily to see if we can resolve the root issue before adding to it with this new test, but if it looks like a long-term fix I will go ahead and move this through. |
|
It looks like the other issue could take some time, so merging this change now. |
…eCloudPlatform#6922) * Fix sql_database_instance creation to remove root user as soon as it is no longer needed * Fix spacing in test config
b/254877908
This fixes a bug where a root user without a password would sometimes remain on an
sql_database_instanceafter creation, creating a security risk. The logic in the provider is meant to remove this root user at the end of the creation function, but if there is a failure before then, the instance is still created but the root user remains.The fix here simply performs the root user removal earlier, so that it is done as soon as it is not longer needed. This eliminates a subset of failure modes that would have left the root user on the instance. I believe this is the best we can do for now, short of more elaborate retry logic.
For testing, it was very difficult to come up with a test that would verify this problem has been resolved, because triggering arbitrary errors is nontrivial, and our test harness does not offer a clean way to check the state of the environment after an error occurs. I've come up with work-arounds to produce a test that I believe is adequate here.
If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)