Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / refs/heads/main / . / v6.2.0 / website / docs / r / alloydb_cluster.html.markdown
blob: a8c369239d1dcf7e10ff52bdcfff7d86d566a594 [file] [log] [blame] [edit]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "AlloyDB"
description: |-
A managed alloydb cluster.
---
# google_alloydb_cluster
A managed alloydb cluster.
To get more information about Cluster, see:
* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters/create)
* How-to Guides
* [AlloyDB](https://cloud.google.com/alloydb/docs/)
~> **Note:** Users can promote a secondary cluster to a primary cluster with the help of `cluster_type`.
To promote, users have to set the `cluster_type` property as `PRIMARY` and remove the `secondary_config` field from cluster configuration.
[See Example](https://github.com/hashicorp/terraform-provider-google/pull/16413).
Switchover is supported in terraform by refreshing the state of the terraform configurations.
The switchover operation still needs to be called outside of terraform.
After the switchover operation is completed successfully:
1. Refresh the state of the AlloyDB resources by running `terraform apply -refresh-only --auto-approve` .
2. Manually update the terraform configuration file(s) to match the actual state of the resources by modifying the `cluster_type` and `secondary_config` fields.
3. Verify the sync of terraform state by running `terraform plan` and ensure that the infrastructure matches the configuration and no changes are required.
~> **Warning:** All arguments including the following potentially sensitive
values will be stored in the raw state as plain text: `initial_user.password`.
[Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=alloydb_cluster_basic&open_in_editor=main.tf" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Alloydb Cluster Basic
```hcl
resource "google_alloydb_cluster" "default" {
cluster_id = "alloydb-cluster"
location = "us-central1"
network_config {
network = google_compute_network.default.id
}
}
data "google_project" "project" {}
resource "google_compute_network" "default" {
name = "alloydb-cluster"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=alloydb_cluster_full&open_in_editor=main.tf" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Alloydb Cluster Full
```hcl
resource "google_alloydb_cluster" "full" {
cluster_id = "alloydb-cluster-full"
location = "us-central1"
network_config {
network = google_compute_network.default.id
}
database_version = "POSTGRES_15"
initial_user {
user = "alloydb-cluster-full"
password = "alloydb-cluster-full"
}
continuous_backup_config {
enabled = true
recovery_window_days = 14
}
automated_backup_policy {
location = "us-central1"
backup_window = "1800s"
enabled = true
weekly_schedule {
days_of_week = ["MONDAY"]
start_times {
hours = 23
minutes = 0
seconds = 0
nanos = 0
}
}
quantity_based_retention {
count = 1
}
labels = {
test = "alloydb-cluster-full"
}
}
labels = {
test = "alloydb-cluster-full"
}
}
data "google_project" "project" {}
resource "google_compute_network" "default" {
name = "alloydb-cluster-full"
}
```
## Example Usage - Alloydb Cluster Restore
```hcl
resource "google_alloydb_cluster" "source" {
cluster_id = "alloydb-source-cluster"
location = "us-central1"
network = data.google_compute_network.default.id
initial_user {
password = "alloydb-source-cluster"
}
}
resource "google_alloydb_instance" "source" {
cluster = google_alloydb_cluster.source.name
instance_id = "alloydb-instance"
instance_type = "PRIMARY"
machine_config {
cpu_count = 2
}
depends_on = [google_service_networking_connection.vpc_connection]
}
resource "google_alloydb_backup" "source" {
backup_id = "alloydb-backup"
location = "us-central1"
cluster_name = google_alloydb_cluster.source.name
depends_on = [google_alloydb_instance.source]
}
resource "google_alloydb_cluster" "restored_from_backup" {
cluster_id = "alloydb-backup-restored"
location = "us-central1"
network_config {
network = data.google_compute_network.default.id
}
restore_backup_source {
backup_name = google_alloydb_backup.source.name
}
}
resource "google_alloydb_cluster" "restored_via_pitr" {
cluster_id = "alloydb-pitr-restored"
location = "us-central1"
network_config {
network = data.google_compute_network.default.id
}
restore_continuous_backup_source {
cluster = google_alloydb_cluster.source.name
point_in_time = "2023-08-03T19:19:00.094Z"
}
}
data "google_project" "project" {}
data "google_compute_network" "default" {
name = "alloydb-network"
}
resource "google_compute_global_address" "private_ip_alloc" {
name = "alloydb-source-cluster"
address_type = "INTERNAL"
purpose = "VPC_PEERING"
prefix_length = 16
network = data.google_compute_network.default.id
}
resource "google_service_networking_connection" "vpc_connection" {
network = data.google_compute_network.default.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
}
```
## Example Usage - Alloydb Secondary Cluster Basic
```hcl
resource "google_alloydb_cluster" "primary" {
cluster_id = "alloydb-primary-cluster"
location = "us-central1"
network_config {
network = google_compute_network.default.id
}
}
resource "google_alloydb_instance" "primary" {
cluster = google_alloydb_cluster.primary.name
instance_id = "alloydb-primary-instance"
instance_type = "PRIMARY"
machine_config {
cpu_count = 2
}
depends_on = [google_service_networking_connection.vpc_connection]
}
resource "google_alloydb_cluster" "secondary" {
cluster_id = "alloydb-secondary-cluster"
location = "us-east1"
network_config {
network = google_compute_network.default.id
}
cluster_type = "SECONDARY"
continuous_backup_config {
enabled = false
}
secondary_config {
primary_cluster_name = google_alloydb_cluster.primary.name
}
depends_on = [google_alloydb_instance.primary]
}
data "google_project" "project" {}
resource "google_compute_network" "default" {
name = "alloydb-secondary-cluster"
}
resource "google_compute_global_address" "private_ip_alloc" {
name = "alloydb-secondary-cluster"
address_type = "INTERNAL"
purpose = "VPC_PEERING"
prefix_length = 16
network = google_compute_network.default.id
}
resource "google_service_networking_connection" "vpc_connection" {
network = google_compute_network.default.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
}
```
## Argument Reference
The following arguments are supported:
* `cluster_id` -
(Required)
The ID of the alloydb cluster.
* `location` -
(Required)
The location where the alloydb cluster should reside.
- - -
* `labels` -
(Optional)
User-defined labels for the alloydb cluster.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `encryption_config` -
(Optional)
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).
Structure is [documented below](#nested_encryption_config).
* `network_config` -
(Optional)
Metadata related to network configuration.
Structure is [documented below](#nested_network_config).
* `display_name` -
(Optional)
User-settable and human-readable display name for the Cluster.
* `etag` -
(Optional)
For Resource freshness validation (https://google.aip.dev/154)
* `annotations` -
(Optional)
Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
Please refer to the field `effective_annotations` for all of the annotations present on the resource.
* `database_version` -
(Optional)
The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.
* `psc_config` -
(Optional)
Configuration for Private Service Connect (PSC) for the cluster.
Structure is [documented below](#nested_psc_config).
* `initial_user` -
(Optional)
Initial user to setup during cluster creation.
Structure is [documented below](#nested_initial_user).
* `restore_backup_source` -
(Optional)
The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.
Structure is [documented below](#nested_restore_backup_source).
* `restore_continuous_backup_source` -
(Optional)
The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.
Structure is [documented below](#nested_restore_continuous_backup_source).
* `continuous_backup_config` -
(Optional)
The continuous backup config for this cluster.
If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.
Structure is [documented below](#nested_continuous_backup_config).
* `automated_backup_policy` -
(Optional)
The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.
Structure is [documented below](#nested_automated_backup_policy).
* `cluster_type` -
(Optional)
The type of cluster. If not set, defaults to PRIMARY.
Default value is `PRIMARY`.
Possible values are: `PRIMARY`, `SECONDARY`.
* `secondary_config` -
(Optional)
Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.
Structure is [documented below](#nested_secondary_config).
* `maintenance_update_policy` -
(Optional)
MaintenanceUpdatePolicy defines the policy for system updates.
Structure is [documented below](#nested_maintenance_update_policy).
* `subscription_type` -
(Optional)
The subscrition type of cluster.
Possible values are: `TRIAL`, `STANDARD`.
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
* `deletion_policy` - (Optional) Policy to determine if the cluster should be deleted forcefully.
Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.
Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.
Possible values: DEFAULT, FORCE
<a name="nested_encryption_config"></a>The `encryption_config` block supports:
* `kms_key_name` -
(Optional)
The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].
<a name="nested_network_config"></a>The `network_config` block supports:
* `network` -
(Optional)
The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.
It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}".
* `allocated_ip_range` -
(Optional)
The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default".
If set, the instance IPs for this cluster will be created in the allocated range.
<a name="nested_psc_config"></a>The `psc_config` block supports:
* `psc_enabled` -
(Optional)
Create an instance that allows connections from Private Service Connect endpoints to the instance.
<a name="nested_initial_user"></a>The `initial_user` block supports:
* `user` -
(Optional)
The database username.
* `password` -
(Required)
The initial password for the user.
**Note**: This property is sensitive and will not be displayed in the plan.
<a name="nested_restore_backup_source"></a>The `restore_backup_source` block supports:
* `backup_name` -
(Required)
The name of the backup that this cluster is restored from.
<a name="nested_restore_continuous_backup_source"></a>The `restore_continuous_backup_source` block supports:
* `cluster` -
(Required)
The name of the source cluster that this cluster is restored from.
* `point_in_time` -
(Required)
The point in time that this cluster is restored to, in RFC 3339 format.
<a name="nested_continuous_backup_config"></a>The `continuous_backup_config` block supports:
* `enabled` -
(Optional)
Whether continuous backup recovery is enabled. If not set, defaults to true.
* `recovery_window_days` -
(Optional)
The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.
If not set, defaults to 14 days.
* `encryption_config` -
(Optional)
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).
Structure is [documented below](#nested_encryption_config).
<a name="nested_encryption_config"></a>The `encryption_config` block supports:
* `kms_key_name` -
(Optional)
The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].
<a name="nested_automated_backup_policy"></a>The `automated_backup_policy` block supports:
* `backup_window` -
(Optional)
The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.
The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.
A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
* `location` -
(Optional)
The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.
* `labels` -
(Optional)
Labels to apply to backups created using this configuration.
* `encryption_config` -
(Optional)
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).
Structure is [documented below](#nested_encryption_config).
* `weekly_schedule` -
(Optional)
Weekly schedule for the Backup.
Structure is [documented below](#nested_weekly_schedule).
* `time_based_retention` -
(Optional)
Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.
Structure is [documented below](#nested_time_based_retention).
* `quantity_based_retention` -
(Optional)
Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.
Structure is [documented below](#nested_quantity_based_retention).
* `enabled` -
(Optional)
Whether automated backups are enabled.
<a name="nested_encryption_config"></a>The `encryption_config` block supports:
* `kms_key_name` -
(Optional)
The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].
<a name="nested_weekly_schedule"></a>The `weekly_schedule` block supports:
* `days_of_week` -
(Optional)
The days of the week to perform a backup. At least one day of the week must be provided.
Each value may be one of: `MONDAY`, `TUESDAY`, `WEDNESDAY`, `THURSDAY`, `FRIDAY`, `SATURDAY`, `SUNDAY`.
* `start_times` -
(Required)
The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).
Structure is [documented below](#nested_start_times).
<a name="nested_start_times"></a>The `start_times` block supports:
* `hours` -
(Optional)
Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
* `minutes` -
(Optional)
Minutes of hour of day. Currently, only the value 0 is supported.
* `seconds` -
(Optional)
Seconds of minutes of the time. Currently, only the value 0 is supported.
* `nanos` -
(Optional)
Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.
<a name="nested_time_based_retention"></a>The `time_based_retention` block supports:
* `retention_period` -
(Optional)
The retention period.
A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
<a name="nested_quantity_based_retention"></a>The `quantity_based_retention` block supports:
* `count` -
(Optional)
The number of backups to retain.
<a name="nested_secondary_config"></a>The `secondary_config` block supports:
* `primary_cluster_name` -
(Required)
Name of the primary cluster must be in the format
'projects/{project}/locations/{location}/clusters/{cluster_id}'
<a name="nested_maintenance_update_policy"></a>The `maintenance_update_policy` block supports:
* `maintenance_windows` -
(Optional)
Preferred windows to perform maintenance. Currently limited to 1.
Structure is [documented below](#nested_maintenance_windows).
<a name="nested_maintenance_windows"></a>The `maintenance_windows` block supports:
* `day` -
(Required)
Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc.
Possible values are: `MONDAY`, `TUESDAY`, `WEDNESDAY`, `THURSDAY`, `FRIDAY`, `SATURDAY`, `SUNDAY`.
* `start_time` -
(Required)
Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time.
Structure is [documented below](#nested_start_time).
<a name="nested_start_time"></a>The `start_time` block supports:
* `hours` -
(Required)
Hours of day in 24 hour format. Should be from 0 to 23.
* `minutes` -
(Optional)
Minutes of hour of day. Currently, only the value 0 is supported.
* `seconds` -
(Optional)
Seconds of minutes of the time. Currently, only the value 0 is supported.
* `nanos` -
(Optional)
Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`
* `name` -
The name of the cluster resource.
* `uid` -
The system-generated UID of the resource.
* `encryption_info` -
EncryptionInfo describes the encryption information of a cluster or a backup.
Structure is [documented below](#nested_encryption_info).
* `continuous_backup_info` -
ContinuousBackupInfo describes the continuous backup properties of a cluster.
Structure is [documented below](#nested_continuous_backup_info).
* `reconciling` -
Output only. Reconciling (https://google.aip.dev/128#reconciliation).
Set to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.
This can happen due to user-triggered updates or system actions like failover or maintenance.
* `state` -
Output only. The current serving state of the cluster.
* `backup_source` -
Cluster created from backup.
Structure is [documented below](#nested_backup_source).
* `migration_source` -
Cluster created via DMS migration.
Structure is [documented below](#nested_migration_source).
* `trial_metadata` -
Contains information and all metadata related to TRIAL clusters.
Structure is [documented below](#nested_trial_metadata).
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
* `effective_annotations` -
All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
<a name="nested_encryption_info"></a>The `encryption_info` block contains:
* `encryption_type` -
(Output)
Output only. Type of encryption.
* `kms_key_versions` -
(Output)
Output only. Cloud KMS key versions that are being used to protect the database or the backup.
<a name="nested_continuous_backup_info"></a>The `continuous_backup_info` block contains:
* `enabled_time` -
(Output)
When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled.
* `schedule` -
(Output)
Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request.
* `earliest_restorable_time` -
(Output)
The earliest restorable time that can be restored to. Output only field.
* `encryption_info` -
(Output)
Output only. The encryption information for the WALs and backups required for ContinuousBackup.
Structure is [documented below](#nested_encryption_info).
<a name="nested_encryption_info"></a>The `encryption_info` block contains:
* `encryption_type` -
(Output)
Output only. Type of encryption.
* `kms_key_versions` -
(Output)
Output only. Cloud KMS key versions that are being used to protect the database or the backup.
<a name="nested_backup_source"></a>The `backup_source` block contains:
* `backup_name` -
(Optional)
The name of the backup resource.
<a name="nested_migration_source"></a>The `migration_source` block contains:
* `host_port` -
(Optional)
The host and port of the on-premises instance in host:port format
* `reference_id` -
(Optional)
Place holder for the external source identifier(e.g DMS job name) that created the cluster.
* `source_type` -
(Optional)
Type of migration source.
<a name="nested_trial_metadata"></a>The `trial_metadata` block contains:
* `start_time` -
(Optional)
Start time of the trial cluster.
* `end_time` -
(Optional)
End time of the trial cluster.
* `upgrade_time` -
(Optional)
Upgrade time of the trial cluster to standard cluster.
* `grace_end_time` -
(Optional)
Grace end time of the trial cluster.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 30 minutes.
- `update` - Default is 30 minutes.
- `delete` - Default is 30 minutes.
## Import
Cluster can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`
* `{{project}}/{{location}}/{{cluster_id}}`
* `{{location}}/{{cluster_id}}`
* `{{cluster_id}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Cluster using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}"
to = google_alloydb_cluster.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Cluster can be imported using one of the formats above. For example:
```
$ terraform import google_alloydb_cluster.default projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}
$ terraform import google_alloydb_cluster.default {{project}}/{{location}}/{{cluster_id}}
$ terraform import google_alloydb_cluster.default {{location}}/{{cluster_id}}
$ terraform import google_alloydb_cluster.default {{cluster_id}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).