terraform-provider-postgresql icon indicating copy to clipboard operation
terraform-provider-postgresql copied to clipboard

Published 20 hours ago verified publisher icon cyrilgdn

Removing a grant on a dropped table fails

Open TPXP opened this issue 1 year ago • 3 comments

Hi there,

Thank you for opening an issue. Please provide the following information:

Terraform Version

 terraform -v
Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.21.0

Your version of Terraform is out of date! The latest version
is 1.6.1. You can update by downloading from https://www.terraform.io/downloads.html

Upgrading to the latest terraform version does not fix my issue

Affected Resource(s)

  • postgresql_grant
  • (possibly others, haven't checked)

Terraform Configuration Files

terraform {
  required_providers {
    postgresql = {
      source = "cyrilgdn/postgresql"
      version = "~> 1.21.0"
    }
  }
}

provider "postgresql" {
  host            = "127.0.0.1"
  port            = 5432
  database        = "postgres"
  username        = "postgres"
  password        = "postgres"
  connect_timeout = 15
  sslmode         = "disable"
}

resource "postgresql_role" "test" {
    name = "test"
    login = true
    password = "test"
}

# Drop lines below after dropping the "test" table
resource "postgresql_grant" "test" {
    database = "postgres"
    role = "test"
    schema = "public"
    object_type = "table"
    objects = ["test"]
    privileges = ["SELECT"]
}

Debug Output

https://pastebin.com/pt5V9ube

Panic Output

No panic

Expected Behavior

I expect the provider to silently ignore the resource removal since the ressource has already been removed when I dropped the table.

Actual Behavior

The module tried to remove the resource anyway and raised an error.

Error: could not execute revoke query: pq: relation "public.test" does not exist

Steps to Reproduce

  1. Start the database in a docker container and create the "test" table
docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=postgres postgres
# In another shell
psql -h 127.0.0.1 -p 5432 -U postgres
# password is postgres
create table test(id int);
\d
\q
terraform init
terraform apply
  1. Now, drop the "test" table and remove the "test" grant from the main.tf file
psql -h 127.0.0.1 -p 5432 -U postgres
# password is postgres
drop table test;
\q
terraform apply

Important Factoids

I was able to reproduce this on a docker instance as well as on RDS

References

None, I looked for the error message

TPXP avatar Oct 12 '23 15:10 TPXP

I encounted this issue that can be avoided by terraform state rm & terraform apply.

aibou avatar May 17 '24 09:05 aibou

Indeed, state rm will work around the issue, but I'd prefer the terraform module to realize this grant does not exist anymore automatically

TPXP avatar May 20 '24 14:05 TPXP

This would be really useful if provider handle this automatically

dhruvatee avatar Sep 03 '24 14:09 dhruvatee