GCP Cloud SQL删除实例失败，因为`deletion_protection`设置为true

Question

我有一个配置Cloud SQL实例的tf脚本，以及几个数据库和一个管理员用户。我已经重命名了实例，因此创建了一个新实例，但terraform在删除旧实例时遇到了问题。

Error: Error, failed to delete instance because deletion_protection is set to true. Set it to false to proceed with instance deletion

我曾尝试将deletion_protection设置为false，但一直收到相同的错误。有没有办法检查哪些资源需要将deletion_protection设置为false才能删除？我只将它添加到了google_sql_database_instance资源中。

我的tf脚本：

// Provision the Cloud SQL Instance
resource "google_sql_database_instance" "instance-master" {
  name             = "instance-db-${random_id.random_suffix_id.hex}"
  region           = var.region
  database_version = "POSTGRES_12"

  project = var.project_id

  settings {
    availability_type = "REGIONAL"
    tier              = "db-f1-micro"
    activation_policy = "ALWAYS"
    disk_type         = "PD_SSD"

    ip_configuration {
      ipv4_enabled    = var.is_public ? true : false
      private_network = var.network_self_link
      require_ssl     = true

      dynamic "authorized_networks" {
        for_each = toset(var.is_public ? [1] : [])

        content {
          name  = "Public Internet"
          value = "0.0.0.0/0"
        }
      }
    }

    backup_configuration {
      enabled = true
    }

    maintenance_window {
      day  = 2
      hour = 4

      update_track = "stable"
    }

    dynamic "database_flags" {
      iterator = flag
      for_each = var.database_flags

      content {
        name  = flag.key
        value = flag.value
      }
    }

    user_labels = var.default_labels
  }

  deletion_protection = false
  depends_on          = [google_service_networking_connection.cloudsql-peering-connection, google_project_service.enable-sqladmin-api]
}

// Provision the databases
resource "google_sql_database" "db" {
  name     = "orders-placement"
  instance = google_sql_database_instance.instance-master.name
  project  = var.project_id
}

// Provision a super user
resource "google_sql_user" "admin-user" {
  name     = "admin-user"
  instance = google_sql_database_instance.instance-master.name
  password = random_password.user-password.result
  project  = var.project_id
}

// Get latest CA certificate
locals {
  furthest_expiration_time = reverse(sort([for k, v in google_sql_database_instance.instance-master.server_ca_cert : v.expiration_time]))[0]
  latest_ca_cert           = [for v in google_sql_database_instance.instance-master.server_ca_cert : v.cert if v.expiration_time == local.furthest_expiration_time]
}

// Get SSL certificate
resource "google_sql_ssl_cert" "client_cert" {
  common_name = "instance-master-client"
  instance    = google_sql_database_instance.instance-master.name
}

Answer 1

您的代码似乎要重新创建这个sql实例。但是您当前的tfstate文件包含一个带有deletion_protection参数的true值的实例代码。在这种情况下，您首先需要在tfstate文件中手动将此参数的值更改为false，或者在代码中添加deletion_protection = true，然后运行terraform apply命令(注意:您的代码不应该重新创建实例)。完成这些操作之后，您可以对SQL实例执行任何操作

Answer 2

如果在创建数据库实例之后将deletion_protection添加到google_sql_database_instance，则需要在运行terraform destroy之前运行terraform apply，以便在数据库实例上将deletion_protection设置为false。