Error while creating AlloyDB cluster using PITR for postgres user

david.linares1 · August 5, 2024, 3:48pm

I am currently working on creating a new AlloyDB cluster and primary instance using the Point-In-Time Recovery (PITR) option via Terraform. However, I am encountering an error when running terraform apply . Below are the details:

Error Message:

module.gcp_alloydb2.google_alloydb_instance.primary_instance: Creating...

Error: Error creating Instance: googleapi: Error 400: The request was invalid: password can not contain username as a substring

Details:
[
 {
  "@type": "type.googleapis.com/google.rpc.BadRequest",
  "fieldViolations": [
   {
    "field": "cluster.initial_user.password"
   }
  ]
 },
 {
  "@type": "type.googleapis.com/google.rpc.RequestInfo",
  "requestId": "73c509ada3fbbccc"
 }
]

with module.gcp_alloydb2.google_alloydb_instance.primary_instance,
on ..\..\..\main.tf line 263, in resource "google_alloydb_instance" "primary_instance":
263: resource "google_alloydb_instance" "primary_instance" {

Context:

We use a module to provision an AlloyDB cluster, and inside the primary instance, we have the following configuration:

initial_user {
  user     = "postgres"
  password = random_password.root_password.result
}

Random Password Resource:

# Random temporary password 
resource "random_password" "root_password" {
  length            = 16
  special           = true
  override_special  = "_%@"
}

PITR Block Code:

resource "google_alloydb_cluster" "restored_via_pitr" {
  count       = var.restore_pitr == true ? 1 : 0
  depends_on  = [google_project_service.my_enabled_api]
  cluster_id  = var.cluster_id-newcluster
  location    = var.location
  network_config {
    network = data.google_compute_network.vpc.id
  }

  initial_user {
    user     = "postgres"
    password = random_password.root_password.result
  }

  restore_continuous_backup_source {
    cluster       = var.cluster-src
    point_in_time = var.point_in_time
  }
}

Additional Information:

This error started occurring after we enabled Public IP on the instance and set the following flag, which is required for Public IP enablement:

"password.enforce_password_does_not_contain_username" = "on"

Versions:

Using previously-installed hashicorp/google v5.38.0
Using previously-installed hashicorp/random v3.6.2

Request for Assistance:

Has anyone encountered a similar issue with the password.enforce_password_does_not_contain_username flag in Terraform? Any guidance on how to resolve this would be greatly appreciated.

Thank you in advance for your assistance!

Topic		Replies	Views
Creating a new database on AlloyDB using terraform Google	0	330	November 1, 2023
Error while creating cluster when using username/password in master_auth section (resource google_container_cluster) Google	0	506	March 21, 2022
Terraform init for a PostgreSQL (remote backend for state file) giving me a "invalid userinfo" Terraform	3	248	April 8, 2024
Error when trying to create google_storage_bucket with dots in name Terraform	0	308	July 20, 2021
Error when trying to create Multiple users on a Cloud SQL Instance Terraform	14	2839	October 7, 2020