search

cyrilgdn / terraform-provider-postgresql

Terraform PostgreSQL provider
https://www.terraform.io/docs/providers/postgresql/
Mozilla Public License 2.0
376 stars 194 forks source link

Lifecycle create_before_destroy is harmful when on postgresql_grant #282

Open mattthaber opened 1 year ago

mattthaber commented 1 year ago

Hi there,

Thank you for opening an issue. Please provide the following information:

Terraform Version

Terraform v1.2.5
on darwin_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.17.1
+ provider registry.terraform.io/hashicorp/aws v4.46.0
+ provider registry.terraform.io/hashicorp/external v2.2.3
+ provider registry.terraform.io/hashicorp/random v3.4.3

Your version of Terraform is out of date! The latest version
is 1.3.7. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Expected Behavior

As ways to test ways around this issue: https://github.com/cyrilgdn/terraform-provider-postgresql/issues/208 I added create_before_destroy on postgres_grant i expected changed grants to occur before revoking.

Actual Behavior

The new grants are applied, but then ALL grants are revoked. This means create_before_destroy is actively harmful when being added to postgresql_grant

Steps to Reproduce

  1. Create user with plugin and give it a grant to a single table
  2. run bash script that loops DB and does a select on a table with that created user
  3. Update the grant and terraform apply
  4. You will see the user lose access and never get it back

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: