terraform fmt

derrickaw · derrickaw · commit c86bc2c2d7d2 · 2026-06-18T18:28:59.000Z
diff --git a/v2/spanner-common/terraform/samples/infra-setup/README.md b/v2/spanner-common/terraform/samples/infra-setup/README.md
@@ -1,179 +1,88 @@
 # Source Database & Spanner Target Setup for Migration Testing
 
-This folder contains Terraform configuration files to automatically set up, configure, and clean up database resources on Google Cloud Platform (GCP).
-
-This setup is designed to help you prepare and test database migration pipelines. It automatically creates:
-1. One or more **source database instances** using Google Cloud SQL (either MySQL or PostgreSQL).
-2. Inside those database instances, it creates multiple **logical databases (shards)**.
-3. It imports a database table structure (your SQL schema) from a local file into all created logical databases.
-4. A **target Cloud Spanner database instance**.
-5. Two **sharding configuration files** (`shard-config.json` and `bulk-config.json`) that list the host IP, database name, and credentials for all created database shards. You can pass either file directly as an input parameter to your Dataflow migration jobs.
-
----
-
-## Prerequisites
+## Sample Scenario: Sharded Database Infra Setup for Spanner Migrations
+
+> **_SCENARIO:_** This Terraform example illustrates automatically setting up source database instances (MySQL or PostgreSQL) with multiple sharded logical databases and target Cloud Spanner instances for testing migration pipelines.
+
+## Terraform permissions
+
+In order to create the resources in this sample, the service account being used to run Terraform should have the required permissions.
+
+### Using custom role and granular permissions (recommended)
+
+Following permissions are required -
+
+```shell
+- cloudsql.instances.create
+- cloudsql.instances.delete
+- cloudsql.instances.update
+- cloudsql.users.create
+- cloudsql.databases.create
+- spanner.databases.create
+- spanner.instances.create
+- spanner.instances.delete
+- compute.networks.create
+- compute.networks.delete
+- compute.subnetworks.create
+- compute.subnetworks.delete
+- compute.globalAddresses.create
+- secretmanager.versions.add
+- storage.buckets.create
+- storage.buckets.delete
+- resourcemanager.projects.get
+```
 
-Before you begin, make sure your computer has the following installed and configured:
+## Assumptions
 
-1. **Terraform CLI** (Version 1.2.0 or newer)
-2. **Google Cloud SDK (`gcloud` CLI)**: Installed, logged in, and set up with your project:
-   ```bash
-   gcloud auth login
-   gcloud auth application-default login
-   ```
-3. **Python 3** (installed and accessible from your command line)
-4. **Google Cloud Project** with billing enabled.
+1. Service account used for running Terraform can be granted the above permissions.
+2. Google Cloud SDK (`gcloud`) and Python 3 are installed on the machine executing Terraform.
 
----
+## Resources Created
 
-## How the Automated Scripts Work
+Given these assumptions, it uses the supplied variable configuration and creates the following resources -
 
-This setup includes several helper scripts in the `scripts/` folder to handle database loading, cleanup, and state reconciliation.
+1. **Source Database Instances** - One or more Google Cloud SQL (MySQL or PostgreSQL) instances.
+2. **Logical Databases (Shards)** - Multiple logical databases across the created physical instances.
+3. **Target Spanner Instance** - A target Cloud Spanner database instance.
+4. **Networking & Secrets** - VPC network peering and Secret Manager credentials for shard connection configs (`shard-config.json` and `bulk-config.json`).
 
-### 1. Database Schema Loader (`scripts/import_schema.sh`)
-Once the Cloud SQL database instances are created, Terraform runs this bash script **once per physical instance** (the import step uses `for_each`), so a failure on one instance only re-imports that instance on the next apply instead of all of them. Each run reads your local SQL structure file (like `schema.sql`) and imports it sequentially into that instance's logical databases (Cloud SQL allows only one import at a time per instance); Terraform runs the instances in parallel.
-* **Why the retries are needed:** The bucket grants each Cloud SQL instance's service account read access just before the import runs, but IAM changes take a few seconds to propagate across Google Cloud. An import attempted in that window fails with a permission error. To handle this, the script retries each import up to 6 times (waiting 10 seconds between attempts) until the permission propagates and the schema loads successfully.
+## Description
 
-### 2. Spanner Backup Cleanup (`scripts/delete_spanner_backups.sh`)
-When you run `terraform destroy` to delete your setup, Google Cloud Spanner will refuse to delete the database instance if there are any automatic database backups present. This script automatically finds and deletes all backups for the Spanner instance right before Terraform deletes the instance.
+This sample contains the following files -
 
-### 3. Private Connection Cleanup (`scripts/teardown_vpc_peering.sh`)
-If you configure your databases to use private IPs instead of public IPs, Google Cloud creates private networking connections between your network and Cloud SQL. When deleting this infrastructure, Google Cloud occasionally takes time to release these connections. This script cleanly deletes the private network connection using the `gcloud` tool, or safely bypasses it if there are other active resources still using the connection.
+1. `main.tf` - This contains the Terraform resources which will be created.
+2. `outputs.tf` - This declares the outputs that will be output as part of running this terraform example.
+3. `variables.tf` - This declares the input variables that are required to configure the resources.
+4. `terraform.tf` - This contains the required providers and APIs/project configurations for this sample.
+5. `terraform.tfvars` - This contains the comprehensive dummy inputs that need to be populated to run this example.
+6. `terraform_simple.tfvars` - This contains the minimal list of dummy inputs that need to be populated to run this example.
+7. `scripts/` - Helper scripts for schema importing and resource cleanup.
 
+## How to run
 
----
+1. Clone this repository locally.
+2. Create a local SQL file named `schema.sql` defining your tables and columns.
+3. Edit `terraform_simple.tfvars` and replace placeholders with real values.
 
-## Step-by-Step Guide to Deploying
+### Initialise Terraform
 
-### Step 1: Prepare Your Local Database Structure
-Create a local SQL file named `schema.sql` in this folder. Define the tables and columns you want to load into your source databases. For example:
-```sql
-CREATE TABLE users (
-    id INT PRIMARY KEY,
-    name VARCHAR(100),
-    email VARCHAR(100)
-);
+```shell
+terraform init
 ```
 
-### Step 2: Configure Your Variables
-There are two variable sample files provided:
-1. **`terraform_simple.tfvars` (Recommended for beginners)**: A simple, minimal configuration containing only the most important variables. It leverages the automated prefix generation.
-2. **`terraform.tfvars`**: A comprehensive variable template containing all available settings (such as database user, password, network CIDRs, tags, Spanner processing units).
+### Run `plan` and `apply`
 
-#### Key Naming Variables:
-* **`instance_prefix` (Optional)**: A string prefixed to physical database instances and target Spanner instances. If not provided, a unique random pet name of the form `smt-<word>-<word>` (e.g. `smt-clever-mongoose`) is generated automatically.
-* **`migration_prefix` (Optional)**: A string prefixed to other resources like VPC networks, subnets, Secret Manager secrets, and GCS schema buckets. If not provided, a unique random pet name of the form `smt-<word>-<word>` is generated automatically.
-* **`spanner_instance_name` / `spanner_database_name` (Optional)**: Overrides the target Spanner instance and database names completely. If left blank, they are dynamically derived from your `instance_prefix` and `migration_prefix` respectively.
-
-Open `terraform_simple.tfvars` or `terraform.tfvars`, replace the placeholders (like `<PROJECT_ID>`) with your actual values, and save the file.
-
-### Step 3: Initialize and Deploy
-
-Run the following commands in your terminal:
-
-```bash
-# 1. Download necessary Terraform providers and plugins
-terraform init
-
-# 2. Deploy the databases and generate the configuration
-# Note: For large scale deployments (e.g., 128 shards), you MUST use the -parallelism flag
-# for faster resource creation (default is 10).
+```shell
+terraform plan --var-file=terraform_simple.tfvars
 terraform apply -parallelism=100 --var-file=terraform_simple.tfvars
 ```
 
----
-
-## Outputs & Results
-
-Once the deployment completes successfully, Terraform will print the resource details on your screen and generate two sharding configuration files in this directory:
-
-### 1. Regular Shard Config Format (`shard-config.json`) *(Sample output)*
-```json
-[
-  {
-    "logicalShardId": "shard-0",
-    "host": "198.51.100.5",
-    "port": "3306",
-    "user": "migration_user",
-    "password": null,
-    "dbName": "shard_db_0",
-    "namespace": "public",
-    "secretManagerUri": "projects/my-gcp-project/secrets/smt_clever_mongoose_db_password/versions/latest",
-    "connectionProperties": "jdbcCompliantTruncation=true"
-  }
-]
-```
+## FAQ
 
-### 2. Bulk Shard Config Format (`bulk-config.json`) *(Sample output)*
-```json
-{
-  "shardConfigurationBulk": {
-    "dataShards": [
-      {
-        "host": "198.51.100.5",
-        "port": 3306,
-        "user": "migration_user",
-        "password": null,
-        "secretManagerUri": "projects/my-gcp-project/secrets/smt_clever_mongoose_db_password/versions/latest",
-        "connectionProperties": "jdbcCompliantTruncation=true",
-        "namespace": "public",
-        "databases": [
-          {
-            "dbName": "shard_db_0",
-            "databaseId": "shard-0"
-          },
-          {
-            "dbName": "shard_db_1",
-            "databaseId": "shard-1"
-          }
-        ]
-      }
-    ]
-  }
-}
-```
+### Handling creation timeouts
 
----
+When deploying a high number of physical database instances concurrently (e.g., 128 shards), Google Cloud schedules creation asynchronously. If the client times out, import missing instances using `terraform import`.
 
-## Troubleshooting
+### Cleaning up resources
 
-### Handling Creation Timeouts & Operation Dropouts
-When deploying a high number of physical database instances concurrently (e.g., 128 shards), you may occasionally encounter a transient timeout or polling connection dropout error from the Google Cloud API:
-```
-Error: Error waiting for Create Instance: ...
-```
-Or when running `terraform apply` again after a timeout:
-```
-Error: Error, failed to create instance ...: googleapi: Error 409: The Cloud SQL instance already exists., instanceAlreadyExists
-```
-
-#### Why this happens:
-When Terraform requests the creation of 100+ databases, Google Cloud schedules their creation asynchronously in the background. If the local Terraform process loses connection to the GCP Operation API or hits a client-side wait timeout, Terraform aborts the command and **fails to save those specific instances to your local `terraform.tfstate` file**, even though the creation continues successfully in the background on Google's servers.
-
-#### How to resolve this:
-1. **Verify creation in GCP**: Run this CLI command to confirm that the instances are active and running on Google Cloud:
-   ```bash
-   gcloud sql instances list --project="<YOUR_PROJECT_ID>" --filter="name~smt-sharded"
-   ```
-2. **Import the affected instances into Terraform State**: For any instances that were successfully created on GCP but are missing from your local state file (causing `409 Already Exists` errors), import them manually back into Terraform. The instances use `for_each`, so the resource address is keyed by the shard index **as a quoted string** (e.g. `["18"]`, not `[18]`):
-   ```bash
-   terraform import --var-file=terraform_simple.tfvars 'google_sql_database_instance.instances["<INDEX>"]' "projects/<YOUR_PROJECT_ID>/instances/<INSTANCE_NAME>"
-   ```
-   *Example:*
-   ```bash
-   terraform import --var-file=terraform_simple.tfvars 'google_sql_database_instance.instances["18"]' "projects/my-gcp-project/instances/smt-sharded-demo-new-physical-shard-18"
-   ```
-3. **Resume the Deployment**: Once all missing instances are imported, simply rerun the deployment command with controlled parallelism:
-   ```bash
-   terraform apply -parallelism=30 --var-file=terraform_simple.tfvars
-   ```
-   Terraform will successfully refresh the state and complete the configuration setup in minutes!
-
----
-
-### Cleaning Up Resources
-To delete all created Google Cloud resources and avoid ongoing charges, run:
-```bash
-terraform destroy --var-file=terraform_simple.tfvars
-```
-All Cloud SQL databases, target Spanner databases, Secret Manager secrets, and networking links will be cleanly removed.
+Run `terraform destroy --var-file=terraform_simple.tfvars` to delete all created infrastructure.
diff --git a/v2/spanner-common/terraform/samples/infra-setup/main.tf b/v2/spanner-common/terraform/samples/infra-setup/main.tf
@@ -35,13 +35,13 @@ locals {
       default_version = "8_0"
       default_port    = 3306
       # MySQL binds users to connection origins; "%" allows external access.
-      user_host       = "%"
+      user_host = "%"
     }
     POSTGRES = {
       default_version = "14"
       default_port    = 5432
       # PostgreSQL does not support host-bound users in the GCP API; must be null.
-      user_host       = null
+      user_host = null
     }
   }
 
@@ -127,7 +127,7 @@ resource "null_resource" "private_vpc_connection" {
   }
 
   provisioner "local-exec" {
-    when    = destroy
+    when = destroy
     environment = {
       NETWORK_NAME = self.triggers.network_name
       PROJECT_ID   = self.triggers.project_id
@@ -245,8 +245,8 @@ resource "google_storage_bucket_object" "schema_file" {
 
 # Grant IAM permissions to all Cloud SQL service accounts to read schema from the GCS bucket in a single API call to prevent ETag lock collision delays
 resource "google_storage_bucket_iam_binding" "sql_gcs_reader" {
-  bucket  = google_storage_bucket.schema_bucket.name
-  role    = "roles/storage.objectViewer"
+  bucket = google_storage_bucket.schema_bucket.name
+  role   = "roles/storage.objectViewer"
   members = [
     for inst in google_sql_database_instance.instances :
     "serviceAccount:${inst.service_account_email_address}"
@@ -307,7 +307,7 @@ resource "google_spanner_instance" "spanner_instance" {
 
   # Automated teardown of Spanner backups to prevent destroy failures
   provisioner "local-exec" {
-    when    = destroy
+    when = destroy
     environment = {
       INSTANCE_NAME = self.name
       PROJECT_ID    = self.project
diff --git a/v2/spanner-common/terraform/samples/infra-setup/terraform.tfvars b/v2/spanner-common/terraform/samples/infra-setup/terraform.tfvars
@@ -22,7 +22,7 @@ local_schema_file_path = "./schema.sql" # Local SQL schema imported into every s
 # ------------------------------------------------------------------------------
 # SOURCE DATABASE (Cloud SQL)
 # ------------------------------------------------------------------------------
-database_provider     = "MYSQL"          # MYSQL or POSTGRES
+database_provider = "MYSQL" # MYSQL or POSTGRES
 # database_version      = "8_0"            # Set specific version (e.g., "14" for Postgres) or leave commented for module default
 physical_shards_count = 1                # Number of physical Cloud SQL instances
 logical_shards_count  = 2                # Logical databases per physical instance
@@ -57,7 +57,7 @@ connection_properties = "jdbcCompliantTruncation=true"
 # ------------------------------------------------------------------------------
 # spanner_config           = "regional-<REGION>" # e.g. "regional-us-central1"; defaults to regional-${var.region}
 spanner_display_name     = "SMT Spanner Instance"
-spanner_processing_units = 100                  # Positive multiple of 100 (100 = 0.1 node)
+spanner_processing_units = 100                   # Positive multiple of 100 (100 = 0.1 node)
 spanner_database_dialect = "GOOGLE_STANDARD_SQL" # GOOGLE_STANDARD_SQL or POSTGRESQL
 # spanner_instance_name  = "my-spanner"         # Optional. Unset -> derived from instance_prefix
 # spanner_database_name  = "my-db"              # Optional. Unset -> derived from migration_prefix
diff --git a/v2/spanner-common/terraform/samples/infra-setup/terraform_simple.tfvars b/v2/spanner-common/terraform/samples/infra-setup/terraform_simple.tfvars
@@ -15,7 +15,7 @@ migration_prefix = "<MIGRATION_PREFIX>"
 local_schema_file_path = "./schema.sql"
 
 # Cloud SQL Database Setup
-database_provider     = "MYSQL"
+database_provider = "MYSQL"
 # database_version      = "8_0"
 physical_shards_count = 1
 logical_shards_count  = 2
