我有一个用于配置Cloud SQL实例的tf脚本,以及几个数据库和一个管理员用户。我已将实例重命名,因此创建了一个新实例,但是在删除旧实例时,terraform遇到了问题。
Error: Error, failed to delete instance because deletion_protection is set to true. Set it to false to proceed with instance deletion
我尝试将deletion_protection设置为false,但是我仍然遇到相同的错误。有没有一种方法可以检查哪些资源需要将deletion_protection设置为false才能删除?
我只是将其添加到google_sql_database_instance资源中。
我的tf脚本:
// Provision the Cloud SQL Instance
resource "google_sql_database_instance" "instance-master" {
name = "instance-db-${random_id.random_suffix_id.hex}"
region = var.region
database_version = "POSTGRES_12"
project = var.project_id
settings {
availability_type = "REGIONAL"
tier = "db-f1-micro"
activation_policy = "ALWAYS"
disk_type = "PD_SSD"
ip_configuration {
ipv4_enabled = var.is_public ? true : false
private_network = var.network_self_link
require_ssl = true
dynamic "authorized_networks" {
for_each = toset(var.is_public ? [1] : [])
content {
name = "Public Internet"
value = "0.0.0.0/0"
}
}
}
backup_configuration {
enabled = true
}
maintenance_window {
day = 2
hour = 4
update_track = "stable"
}
dynamic "database_flags" {
iterator = flag
for_each = var.database_flags
content {
name = flag.key
value = flag.value
}
}
user_labels = var.default_labels
}
deletion_protection = false
depends_on = [google_service_networking_connection.cloudsql-peering-connection, google_project_service.enable-sqladmin-api]
}
// Provision the databases
resource "google_sql_database" "db" {
name = "orders-placement"
instance = google_sql_database_instance.instance-master.name
project = var.project_id
}
// Provision a super user
resource "google_sql_user" "admin-user" {
name = "admin-user"
instance = google_sql_database_instance.instance-master.name
password = random_password.user-password.result
project = var.project_id
}
// Get latest CA certificate
locals {
furthest_expiration_time = reverse(sort([for k, v in google_sql_database_instance.instance-master.server_ca_cert : v.expiration_time]))[0]
latest_ca_cert = [for v in google_sql_database_instance.instance-master.server_ca_cert : v.cert if v.expiration_time == local.furthest_expiration_time]
}
// Get SSL certificate
resource "google_sql_ssl_cert" "client_cert" {
common_name = "instance-master-client"
instance = google_sql_database_instance.instance-master.name
}
答案 0 :(得分:2)
似乎您的代码将重新创建此sql-instance。但是您当前的tfstate文件包含实例代码,该实例代码的参数true的值为deletion_protection。在这种情况下,您首先需要在tfstate文件中手动将此参数的值更改为false,或者在此之后通过运行deletion_protection = true命令在代码中添加terraform apply(注意:您的代码不应该重新创建实例)。经过这种操作后,您可以使用SQL实例执行任何操作
答案 1 :(得分:-1)
如果在创建数据库实例后将deletion_protection添加到google_sql_database_instance,则需要先运行terraform apply,然后再运行terraform destroy,以便设置deletion_protection在数据库实例上为false。