terraform-provider-postgresql
terraform-provider-postgresql copied to clipboard
Published
20 hours ago •
cyrilgdn
cyrilgdn
postgres_grant confused?
I'm trying to grant a permission to a role. I'm getting a confusing error message that's unrelated to the role I'm trying to modify. I've simplified the terraform to isolate the problem, which is listed below.
Terraform Version
Terraform v1.10.1
on darwin_arm64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.25.0
Affected Resource(s)
- postgresql_grant
Terraform Configuration Files
terraform {
required_providers {
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.25.0"
}
}
}
provider "postgresql" {
host = "hostname.postgres.database.azure.com"
port = 5432
database = "postgres"
username = "someadmin"
password = "..."
sslmode = "require"
superuser = false
}
resource "postgresql_grant" "someuser-somedatabase" {
database = "somedatabase"
object_type = "table"
objects = ["sometable"]
privileges = ["UPDATE"]
role = "someuser"
schema = "public"
}
Debug Output
postgresql_grant.someuser-somedatabase: Creating...
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [INFO] Starting apply for postgresql_grant.someuser-somedatabase
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [DEBUG] postgresql_grant.someuser-somedatabase: applying the planned Create change
2024-12-12T10:13:59.236+0100 [TRACE] GRPCProvider: ApplyResourceChange
2024-12-12T10:13:59.236+0100 [TRACE] GRPCProvider: GetProviderSchema
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Received request: @caller=github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:805 @module=sdk.proto tf_proto_version=5.3 tf_rpc=ApplyResourceChange tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Sending request downstream: @module=sdk.proto tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 tf_rpc=ApplyResourceChange tf_proto_version=5.3 timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Calling downstream: @module=sdk.helper_schema tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:836 timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:14:00.424+0100 [INFO] provider.terraform-provider-postgresql_v1.25.0: 2024/12/12 10:14:00 grantRoleMembership: granting myusername to someadmin: timestamp="2024-12-12T10:14:00.423+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Called downstream: tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:838 @module=sdk.helper_schema tf_provider_addr=provider tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Received downstream response: @module=sdk.proto diagnostic_warning_count=0 tf_resource_type=postgresql_grant tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 diagnostic_error_count=1 tf_proto_version=5.3 tf_provider_addr=provider tf_req_duration_ms=1221 tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [ERROR] provider.terraform-provider-postgresql_v1.25.0: Response contains error diagnostic: tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=postgresql_grant diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="Error granting role myusername to someadmin: pq: permission denied to grant role \"myusername\"" @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Served request: tf_proto_version=5.3 tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:831 @module=sdk.proto tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"
Panic Output
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.
Expected Behavior
The grant to be granted to the specified user; or an error why it couldn't do that.
Actual Behavior
It seems to try and grant a role of my username (no idea where it got that) to the current user, not the target role.
╷
│ Error: Error granting role myusername to someadmin: pq: permission denied to grant role "myusername"
│
│ with postgresql_grant.someuser-somedatabase,
│ on main.tf line 19, in resource "postgresql_grant" "someuser-somedatabase":
│ 19: resource "postgresql_grant" "someuser-somedatabase" {
│
╵
Steps to Reproduce
-
terraform apply
Important Factoids
I'm logged in to the azure cli, but I haven't specified that the provider should use the azure auth.
References
N/A.
