Closed luismacosta closed 1 year ago
I'm also seeing this issue.
I'm also seeing this issue.
Hi, Thanks you for opening this issue.
Do you have any other element to mention? I've just tested your simple example but it does not trigger this error.
Are you on a cloud managed database?
Hi,
Yes, I'm using AWS RDS postgresql 15.2 With any postgresql_grant resource, I'm getting this error
Hi, also having this issue.
Terraform v1.3.7 cyrilgdn/postgresql 1.19.0 Postgres instance created with aws provider 3.65.0. Resource: aws_db_instance (engine=postgres, engine_version=15.2.)
Hello @cyrilgdn,
I'm also using AWS RDS Postgres 15.2.
I have this error instead, but same situation which is after upgrading to postgres 15.2
Error: error detecting capabilities: error PostgreSQL version: pq: permission denied for database
I think it's more like an issue with postgres 15: https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
We found the fix. After connecting to Aurora RDS with postgres user, you will need to grant all permissions on your database to postgres. Somehow the permissions were removed after migration. So if you are using postgres user to config this provider, it might not work.
GRANT ALL PRIVILEGES ON DATABASE <your-database> TO postgres;
There's indeed a hint in https://www.postgresql.org/about/news/postgresql-15-released-2526/ : PostgreSQL 15 also revokes the CREATE permission from all users except a database owner from the public (or default) schema
.
So nothing specific to RDS or the terraform provider.
Hi @mfournier
Indeed, thanks. Looking into v15 release notes, there are some changes related to schema public. I've created a new schema using resource postgresql_schema After that, changed resource postgresql_grant to use the new schema and all resources were successfully created. Hint.
Hi @luismacosta, thanks for providing a solution. Would it be possible to show a short example on how you roll your own schema? When we apply our own schema we get a new class of problems, but we are not very familiar with the postgres permission system. More specific, when we apply successfully a schema we cannot use it in a postgres_grant. We get this error:
could not find schema 'perfana' while looking for owner
While the schema does exist:
postgres=> SELECT rolname
FROM pg_namespace
JOIN pg_roles ON nspowner = pg_roles.oid
WHERE nspname = 'perfana';
rolname
---------------
rds_superuser
(1 row)
It would be much appreciated if you could provide a short example.
Hi @dmoll1974
db_name = schema_name = test owner is the role that will be created with privileges defined using postgres_grant
locals {
schemas = [
{
name = test
owner = "su-test-test"
db_name = test
},
]
}
resource "postgresql_schema" "test" {
for_each = {
for schema in local.schemas :
schema.name => schema
}
name = each.value.name
database = each.value.db_name
owner = each.value.owner
}
@luismacosta Thanks that worked for us!
Hi there,
Thank you for opening an issue. Please provide the following information:
Terraform Version
Terraform v1.4.0 on darwin_amd64
Affected Resource(s)
postgresql_grant
Terraform Configuration Files
Actual Behavior
│ Error: Error granting role pg_database_owner to masteruser: pq: role "pg_database_owner" cannot have explicit members │ │ with module.postgresql_roles.postgresql_grant.su_schema, │ on .terraform/modules/postgresql_roles/postgresql/role/roles.su.tf line 5, in resource "postgresql_grant" "su_schema": │ 5: resource "postgresql_grant" "su_schema" {
Steps to Reproduce
db version 15.2
terraform apply