[SOLVED] Create CloudSQL instance without public IP

Create CloudSQL instance without public IP

I have a program that creates a CloudSQL instance into our project. My organization has recently introduced a Policy that prevents the creation of CloudSQL instances with a Public IP (https://cloud.google.com/sql/docs/mysql/org-policy/org-policy#connection_organization_policies) Restrict public IP access on Cloud SQL instances

My code however, should not be adding a public IP on the instance anyway, since the setting Ipv4Enabled is false.

Here is how I create the instance:

    scannerInstance := &sqladmin.DatabaseInstance{
        DatabaseVersion: targetInstance.DatabaseVersion,
        Settings: &sqladmin.Settings{
            IpConfiguration: &sqladmin.IpConfiguration{
                RequireSsl:     true,
                Ipv4Enabled:    false,
                PrivateNetwork: cloudSqlRequest.VpcNetwork,
            },
            Kind: "sql#settings",
            AvailabilityType:           "ZONAL",
            DatabaseFlags:              targetInstance.Settings.DatabaseFlags,
            BackupConfiguration:        &sqladmin.BackupConfiguration{Enabled: false},
            DatabaseReplicationEnabled: false,
            DataDiskSizeGb:             targetInstance.Settings.DataDiskSizeGb,
            Tier:                       targetInstance.Settings.Tier,
            TimeZone:                   targetInstance.Settings.TimeZone,
        },
        Name:         InstanceName,
        InstanceType: "CLOUD_SQL_INSTANCE",
        Project:      cloudSqlRequest.ProjectId,
        Region:       targetInstance.Region,
        RootPassword: rootPassword,
    }

    _, err = scannerClient.SqlService.Instances.Insert(cloudSqlRequest.ScannerProjectId, scannerInstance).Context(ctx).Do()

However, when this code runs, I get this error:

googleapi: Error 400: Invalid request: Organization Policy check failure: the external IP of this instance violates the constraints/sql.restrictPublicIp enforced at the XXX project

From the documentation Ipv4Enabled is what determines whether a public IP is attached to the instance or not. How can I create this instance without triggering this policy?

Solution

So the actual solution is that sqladmin.IPConfiguration has an extra field ForceSendFields where you can pass fields that would be dropped otherwise because fields with the value false are dropped. The following works:

    scannerInstance := &sqladmin.DatabaseInstance{
        DatabaseVersion: targetInstance.DatabaseVersion,
        Settings: &sqladmin.Settings{
            IpConfiguration: &sqladmin.IpConfiguration{
                RequireSsl:     true,
                Ipv4Enabled:    false,
                ForceSendFields: []string{"Ipv4Enabled"},  // relevant part
            },
            ...
        ...
    }