Changes to modify the google_sql_database_instance resource behavior to prevent Terraform from managing the settings.0.backup_configuration block when an instance is managed by GCBDR. (#15710)

Co-authored-by: Stephen Lewis (Burrows) <[email protected]>

Author: aditikumarii-google

mmv1/third_party/terraform/services/sql/resource_sql_database_instance.go.tmpl

@@ -70,6 +70,7 @@ var (
 		"settings.0.backup_configuration.0.point_in_time_recovery_enabled",
 		"settings.0.backup_configuration.0.backup_retention_settings",
 		"settings.0.backup_configuration.0.transaction_log_retention_days",
+		"settings.0.backup_configuration.0.backup_tier",
 	}
 
 	connectionPoolConfigKeys = []string{
@@ -163,7 +164,7 @@ func nodeCountCustomDiff(ctx context.Context, d *schema.ResourceDiff, meta inter
 	// Otherwise when autoscaling is enabled, ignore the node count in config.
 	return d.Clear("node_count")
 }
- 
+
 func diskSizeCutomizeDiff(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
 	key := "settings.0.disk_size"
 
@@ -415,12 +416,14 @@ API (for read pools, effective_availability_type may differ from availability_ty
 										Type:         schema.TypeBool,
 										Optional:     true,
 										AtLeastOneOf: backupConfigurationKeys,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										Description:  `True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.`,
 									},
 									"enabled": {
 										Type:         schema.TypeBool,
 										Optional:     true,
 										AtLeastOneOf: backupConfigurationKeys,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										Description:  `True if backup configuration is enabled.`,
 									},
 									"start_time": {
@@ -429,6 +432,7 @@ API (for read pools, effective_availability_type may differ from availability_ty
 										// start_time is randomly assigned if not set
 										Computed:     true,
 										AtLeastOneOf: backupConfigurationKeys,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										Description:  `HH:MM format time indicating when backup configuration starts.`,
 									},
 									"location": {
@@ -441,20 +445,23 @@ API (for read pools, effective_availability_type may differ from availability_ty
 										Type:         schema.TypeBool,
 										Optional:     true,
 										AtLeastOneOf: backupConfigurationKeys,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										Description:  `True if Point-in-time recovery is enabled.`,
 									},
 									"transaction_log_retention_days": {
 										Type:         schema.TypeInt,
 										Computed:     true,
 										Optional:     true,
 										AtLeastOneOf: backupConfigurationKeys,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										Description:  `The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)`,
 									},
 									"backup_retention_settings": {
 										Type:         schema.TypeList,
 										Optional:     true,
 										AtLeastOneOf: backupConfigurationKeys,
 										Computed:     true,
+										DiffSuppressFunc: EnhancedBackupManagerDiffSuppressFunc,
 										MaxItems:     1,
 										Elem: &schema.Resource{
 											Schema: map[string]*schema.Schema{
@@ -472,6 +479,11 @@ API (for read pools, effective_availability_type may differ from availability_ty
 											},
 										},
 									},
+									"backup_tier": {
+    									Type:         schema.TypeString,
+										Computed:     true,
+										Description:  `Backup tier that manages the backups for the instance.`,
+									},
 								},
 							},
 						},
@@ -1982,6 +1994,7 @@ func expandBackupConfiguration(configured []interface{}) *sqladmin.BackupConfigu
 		Location:                    _backupConfiguration["location"].(string),
 		TransactionLogRetentionDays: int64(_backupConfiguration["transaction_log_retention_days"].(int)),
 		PointInTimeRecoveryEnabled:  _backupConfiguration["point_in_time_recovery_enabled"].(bool),
+		BackupTier:                 _backupConfiguration["backup_tier"].(string),
 		ForceSendFields:             []string{"BinaryLogEnabled", "Enabled", "PointInTimeRecoveryEnabled"},
 	}
 }
@@ -2661,6 +2674,25 @@ func maintenanceVersionDiffSuppress(_, old, new string, _ *schema.ResourceData)
 	}
 }
 
+// enhancedBackupManagerDiffSuppressFunc suppresses diff changes to settings.backup_configuration
+// when the SQL instance is managed by Google Cloud Backup and Disaster Recovery (DR) Service.
+func EnhancedBackupManagerDiffSuppressFunc(k, old, new string, d *schema.ResourceData) bool {
+    // If the API marks this instance as ENHANCED-managed, suppress diffs for backup config fields.
+    tier, _ := d.Get("settings.0.backup_configuration.0.backup_tier").(string)
+    if tier == "" {
+        return false
+    }
+    if strings.EqualFold(tier, "ENHANCED") {
+	    log.Printf(
+				"[INFO] Instance %s is managed by Google Cloud Backup and Disaster Recovery (BackupDR). "+
+					"Terraform will not manage the '%s' field. "+
+					"Any changes to this field in your Terraform configuration will be ignored.", d.Get("name"), k,
+		)
+        return true
+    }
+    return false
+}
+
 func databaseVersionDiffSuppress(_, oldVersion, newVersion string, _ *schema.ResourceData) bool {
 	// Suppress diff when newVersion is MYSQL_8_0 and oldVersion is >= MYSQL_8_0_35 for MySQL version auto-upgrade cases.
 	if newVersion == "MYSQL_8_0" && strings.HasPrefix(oldVersion, "MYSQL_8_0_") {
@@ -2897,6 +2929,7 @@ func flattenBackupConfiguration(backupConfiguration *sqladmin.BackupConfiguratio
 		"point_in_time_recovery_enabled": backupConfiguration.PointInTimeRecoveryEnabled,
 		"backup_retention_settings":      flattenBackupRetentionSettings(backupConfiguration.BackupRetentionSettings),
 		"transaction_log_retention_days": backupConfiguration.TransactionLogRetentionDays,
+		"backup_tier":                    backupConfiguration.BackupTier,
 	}
 
 	return []map[string]interface{}{data}

mmv1/third_party/terraform/services/sql/resource_sql_database_instance_test.go.tmpl

@@ -18,6 +18,7 @@ import (
 {{- end }}
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	sqladmin "google.golang.org/api/sqladmin/v1beta4"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 // Fields that should be ignored in import tests because they aren't returned
@@ -3925,6 +3926,262 @@ func TestAccSqlDatabaseInstance_DiskSizeAutoResizeWithDiskSize(t *testing.T) {
 	})
 }
 
+func TestEnhancedBackupManagerDiffSuppressFunc(t *testing.T) {
+    cases := map[string]struct {
+        key            string
+        old            string
+        new            string
+        backupTier     string
+        expectSuppress bool
+        description    string
+    }{
+        "suppress enabled diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.enabled",
+            old:            "true",
+            new:            "false",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "enabled should be suppressed when ENHANCED",
+        },
+        "suppress start_time diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.start_time",
+            old:            "03:00",
+            new:            "05:00",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "start_time should be suppressed when ENHANCED",
+        },
+        "suppress binary_log_enabled diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.binary_log_enabled",
+            old:            "true",
+            new:            "false",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "binary_log_enabled should be suppressed when ENHANCED",
+        },
+        "suppress point_in_time_recovery_enabled diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.point_in_time_recovery_enabled",
+            old:            "false",
+            new:            "true",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "point_in_time_recovery_enabled should be suppressed when ENHANCED",
+        },
+        "suppress transaction_log_retention_days diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.transaction_log_retention_days",
+            old:            "7",
+            new:            "14",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "transaction_log_retention_days should be suppressed when ENHANCED",
+        },
+        "suppress retained_backups diff when backup tier is enhanced": {
+            key:            "settings.0.backup_configuration.0.backup_retention_settings.0.retained_backups",
+            old:            "7",
+            new:            "14",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "retained_backups should be suppressed when ENHANCED",
+        },
+        "do not suppress diff when backup tier is standard": {
+            key:            "settings.0.backup_configuration.0.enabled",
+            old:            "true",
+            new:            "false",
+            backupTier:     "STANDARD",
+            expectSuppress: false,
+            description:    "enabled should NOT be suppressed when STANDARD",
+        },
+        "do not suppress diff when backup tier is empty": {
+            key:            "settings.0.backup_configuration.0.enabled",
+            old:            "true",
+            new:            "false",
+            backupTier:     "",
+            expectSuppress: false,
+            description:    "enabled should NOT be suppressed when backup_tier is empty",
+        },
+        "do not suppress when old and new are same": {
+            key:            "settings.0.backup_configuration.0.enabled",
+            old:            "true",
+            new:            "true",
+            backupTier:     "ENHANCED",
+            expectSuppress: true,
+            description:    "no diff to suppress when old and new are same",
+        },
+    }
+
+    for name, tc := range cases {
+        t.Run(name, func(t *testing.T) {
+            // Build real *schema.ResourceData using the resource schema and TestResourceDataRaw
+            // Put backup_tier into the nested settings->backup_configuration block (state)
+            rd := schema.TestResourceDataRaw(t, sql.ResourceSqlDatabaseInstance().Schema, map[string]interface{}{
+                "name": "test-instance",
+                "settings": []interface{}{
+                    map[string]interface{}{
+                        "backup_configuration": []interface{}{
+                            map[string]interface{}{
+                                "backup_tier": tc.backupTier,
+                            },
+                        },
+                    },
+                },
+            })
+
+            suppressed := sql.EnhancedBackupManagerDiffSuppressFunc(tc.key, tc.old, tc.new, rd)
+
+            if suppressed != tc.expectSuppress {
+                t.Errorf("expected suppressed to be %v but got %v. Desc: %s", tc.expectSuppress, suppressed, tc.description)
+            }
+        })
+    }
+}
+
+func TestAccSqlDatabaseInstance_updateInstanceTierForEnhancedBackupTierInstance(t *testing.T) {
+    t.Parallel()
+
+    backupVaultID := "bv-test"
+    location := "us-central1"
+    project := envvar.GetTestProjectFromEnv()
+    backupVault := acctest.BootstrapBackupDRVault(t, backupVaultID, location)
+
+    context := map[string]interface{}{
+        "random_suffix":     acctest.RandString(t, 10),
+        "project":           project,
+        "backup_vault_id":   backupVaultID,
+        "backup_vault":      backupVault,
+        "db_version":        "MYSQL_8_0_41",
+    }
+
+    acctest.VcrTest(t, resource.TestCase{
+        PreCheck:     func() { acctest.AccTestPreCheck(t) },
+        ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+        CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t),
+        Steps: []resource.TestStep{
+            {
+                // Create backup plan and associate with instance
+                Config: testGoogleSqlDatabaseInstance_attachGCBDR(context),
+                Check: resource.ComposeAggregateTestCheckFunc(
+                    resource.TestCheckResourceAttrSet("google_backup_dr_backup_plan_association.backup_association", "id"),
+                ),
+            },
+            {
+                // Update instance backup tier to ENHANCED, which should ignore backup_configuration settings
+				Config: testGoogleSqlDatabaseInstance_updateTierForGcbdrManagedInstance(context),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("google_sql_database_instance.instance", "settings.0.tier", "db-g1-small"),
+				),
+            },
+        },
+    })
+}
+
+func testGoogleSqlDatabaseInstance_attachGCBDR(context map[string]interface{}) string {
+    return acctest.Nprintf(`
+data "google_project" "project" {}
+
+resource "google_sql_database_instance" "instance" {
+  name             = "tf-test-instance-%{random_suffix}"
+  database_version = "%{db_version}"
+  region           = "us-central1"
+
+  settings {
+    tier = "db-f1-micro"
+  }
+    deletion_protection = false
+}
+
+resource "google_backup_dr_backup_plan" "plan" {
+  location       = "us-central1"
+  backup_plan_id = "tf-test-bp-test-%{random_suffix}"
+  resource_type  = "sqladmin.googleapis.com/Instance"
+  backup_vault   = "%{backup_vault}"
+
+  backup_rules {
+    rule_id                = "rule-1"
+    backup_retention_days  = 7
+
+    standard_schedule {
+      recurrence_type     = "DAILY"
+      hourly_frequency    = 6
+      time_zone           = "UTC"
+
+      backup_window {
+        start_hour_of_day = 0
+        end_hour_of_day   = 23
+      }
+    }
+  }
+}
+
+resource "google_backup_dr_backup_plan_association" "backup_association" {
+  location                      = "us-central1" 
+  backup_plan_association_id    = "tf-test-bpa-test-%{random_suffix}"
+  resource                      = "projects/${data.google_project.project.project_id}/instances/${google_sql_database_instance.instance.name}"
+  resource_type                 = "sqladmin.googleapis.com/Instance"
+  backup_plan                   = google_backup_dr_backup_plan.plan.name
+}
+`, context)
+}
+
+func testGoogleSqlDatabaseInstance_updateTierForGcbdrManagedInstance(context map[string]interface{}) string {
+    return acctest.Nprintf(`
+data "google_project" "project" {}
+
+resource "google_sql_database_instance" "instance" {
+  name             = "tf-test-instance-%{random_suffix}"
+  database_version = "%{db_version}"
+  region           = "us-central1"
+
+  settings {
+    tier = "db-g1-small"
+
+    backup_configuration {
+      enabled            = false
+      binary_log_enabled = false
+      start_time         = "05:00"
+      
+      backup_retention_settings {
+        retained_backups = 8
+		retention_unit   = "COUNT"
+      }
+    }
+  }
+	deletion_protection = false
+}
+
+resource "google_backup_dr_backup_plan" "plan" {
+  location       = "us-central1"
+  backup_plan_id = "tf-test-bp-test-%{random_suffix}"
+  resource_type  = "sqladmin.googleapis.com/Instance"
+  backup_vault   = "%{backup_vault}"
+
+  backup_rules {
+    rule_id                = "rule-1"
+    backup_retention_days  = 7
+
+    standard_schedule {
+      recurrence_type     = "DAILY"
+      hourly_frequency    = 6
+      time_zone           = "UTC"
+
+      backup_window {
+        start_hour_of_day = 0
+        end_hour_of_day   = 23
+      }
+    }
+  }
+}
+
+resource "google_backup_dr_backup_plan_association" "backup_association" {
+  location                      = "us-central1" 
+  backup_plan_association_id    = "tf-test-bpa-test-%{random_suffix}"
+  resource                      = "projects/${data.google_project.project.project_id}/instances/${google_sql_database_instance.instance.name}"
+  resource_type                 = "sqladmin.googleapis.com/Instance"
+  backup_plan                   = google_backup_dr_backup_plan.plan.name
+}
+`, context)
+}
+
+
 func testGoogleSqlDatabaseInstance_setCustomSubjectAlternateName(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 data "google_project" "project" {

mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown

@@ -457,6 +457,8 @@ The optional `settings.backup_configuration` subblock supports:
 
 * `enabled` - (Optional) True if backup configuration is enabled.
 
+* `backup_tier` - (Computed) The backup tier that manages the backups for the instance.
+
 * `start_time` - (Optional) `HH:MM` format time indicating when backup
     configuration starts.
 * `point_in_time_recovery_enabled` - (Optional) True if Point-in-time recovery is enabled. Will restart database if enabled after instance creation. Valid only for PostgreSQL and SQL Server instances. Enabled by default for PostgreSQL Enterprise Plus and SQL Server Enterprise Plus instances.