Question
Terraform backup_restore without trusted sources
- Posted on July 27, 2023
- DigitalOcean App PlatformDigitalOcean Managed PostgreSQL DatabaseTerraform
Asked by Felix Pieper
Currently we are working on a feature-level preview infrastructure for our application using the digitalocean terrafom provider (https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs). In doing so, we’d like to spin up the testable version of our digitalocean app as well as a new database cluster based on the backup of of one of our existing clusters to be able to test with real data. As per the docs this should not be an issue if we use the backup_restore feature: https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/database_cluster
However, we are running into the issue, that the database is created successfully from the backup but the new database includes the trusted sources config of the existing database cluster which causes the app deployment to fail as it cannot access the db.
As such we’d need to be able to spin up the db cluster from backup without the trusted sources which would be added separately for our new instance. Has anyone experienced something similar or come up with a solution for this?
the config we’re using is
resource "digitalocean_database_cluster" "db_cluster" {
name = <our-db-name>
engine = "pg"
version = "14"
size = "db-s-1vcpu-1gb"
region = "fra1"
node_count = 1
depends_on = [
"<our-existing-db-cluster>"
]
}
resource "digitalocean_app" "our-app" {
spec {
... our working app spec
}
depends_on = [ digitalocean_database_cluster.db_cluster ]
}
resource "digitalocean_database_firewall" "db_firewall" {
cluster_id = digitalocean_database_cluster.db_cluster.id
rule {
type = "app"
value = digitalocean_app.our-app.id
}
depends_on = [ digitalocean_app.our-app ]
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hey!
I believe that this might indeed not be possible, but what I could suggest here is to request this as a feature via the DigitalOcean Terraform repo:
A potential workaround to solve this issue would be to do the following:
digitalocean_database_firewallconfiguration. This would involve removing the unwanted trusted sources and adding the new ones relevant to your test environment:null_resourcewithlocal-execorremote-execprovisioner to run a script or a set of commands to modify the trusted sources directly via DigitalOcean’s API or CLI after the database is created. This is more of a workaround and can introduce complexity and potential points of failure in your infrastructure code.Best,
Bobby