main.tf:
provider "google" {
project = "PROJECT_ID"
}
resource "google_sql_database_instance" "test-sql" {
# deletion_protection = false
name = "test-sql"
database_version = "POSTGRES_15"
region = "europe-central2"
settings {
tier = "db-f1-micro"
}
}
resource "google_sql_user" "test-sql" {
name = regex("(.*)\\.gserviceaccount\\.com$", google_service_account.test-sql.email)[0]
instance = google_sql_database_instance.test-sql.name
type = "CLOUD_IAM_SERVICE_ACCOUNT"
# depends_on = [time_sleep.test-sql]
}
# resource "time_sleep" "test-sql" {
# depends_on = [google_sql_database_instance.test-sql]
# create_duration = "60s"
# }
resource "google_service_account" "test-sql" {
account_id = "test-sql"
}// replace PROJECT_ID
$ docker run --rm -itv "$PWD:/app" -w /app google/cloud-sdk:457.0.0-alpine
/app # gcloud auth login --update-adc
/app # apk add terraform
/app # terraform init
/app # terraform apply
...
google_sql_user.test-sql: Creating...
╷
│ Error: Error, failed to insert user test-sql@PROJECT_ID.iam into instance test-sql: googleapi: Error 400: Invalid request: failed to create user "test-sql@PROJECT_ID.iam": role "cloudsqliamserviceaccount" does not exist., invalid
│
│ with google_sql_user.test-sql,
│ on test-sql.tf line 15, in resource "google_sql_user" "test-sql":
│ 15: resource "google_sql_user" "test-sql" {
│
╵