google_sql_user has no privileges

[YaraMohammed]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

v0.11.11

Affected Resource(s)

• google_sql_user

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://www.hashicorp.com/security
# If reproducing the bug involves modifying the config file (e.g., apply a config,
# change a value, apply the config again, see the bug) then please include both the
# version of the config before the change, and the version of the config after the change.
resource "google_sql_database_instance" "master" {
    
  provider      = "google"

  depends_on = ["google_service_networking_connection.private_vpc_connection"]

  name = "${var.instanse_name}"
  database_version = "${var.database_version}"

  settings {
    tier = "${var.tier}"
    ip_configuration {
            private_network = "${var.internal_network_selflink}"
        }
  }
}

resource "google_sql_database" "db" {
  provider      = "google"
  name      = "${var.db_name}"
  instance  = "${google_sql_database_instance.master.name}"
}

resource "random_id" "user-password" {
  byte_length = 8
}

resource "google_sql_user" "db-user" {
  provider      = "google"
  name     = "${var.user_name}"
  instance = "${google_sql_database_instance.master.name}"
  password = "${var.user_password == "" ? random_id.user-password.hex : var.user_password}"
}

Debug Output

Access denied for user

All resources are created but the cloudsql user has no privileges
from gcp cloud shell ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'

Panic Output

Expected Behavior

Generated user has privileges as the user created from UI or add option to the resource to grant privileges

Actual Behavior

User has no privileges at all

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[Chupaka]

Did you try to add host = '%' to google_sql_user resource?

[YaraMohammed]

@Chupaka Yes that solved the problem, Thank you

[YaraMohammed]

@Chupaka I'm using private IP in an associated network for google_sql_database_instance but the public IP is created anyway and I can't find an argument to disable it in the resource documentation, Is there is a way to disable the creation of the public IP if there is a private one? Sorry I'm a bit new to terraform

[Chupaka]

@YaraMohammed sorry, have no idea about public IP

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!