search

cyrilgdn / terraform-provider-postgresql

Terraform PostgreSQL provider
https://www.terraform.io/docs/providers/postgresql/
Mozilla Public License 2.0
356 stars 181 forks source link

Removing a grant on a dropped table fails #362

Open TPXP opened 8 months ago

TPXP commented 8 months ago

Hi there,

Thank you for opening an issue. Please provide the following information:

Terraform Version

 terraform -v
Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.21.0

Your version of Terraform is out of date! The latest version
is 1.6.1. You can update by downloading from https://www.terraform.io/downloads.html

Upgrading to the latest terraform version does not fix my issue

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_providers {
    postgresql = {
      source = "cyrilgdn/postgresql"
      version = "~> 1.21.0"
    }
  }
}

provider "postgresql" {
  host            = "127.0.0.1"
  port            = 5432
  database        = "postgres"
  username        = "postgres"
  password        = "postgres"
  connect_timeout = 15
  sslmode         = "disable"
}

resource "postgresql_role" "test" {
    name = "test"
    login = true
    password = "test"
}

# Drop lines below after dropping the "test" table
resource "postgresql_grant" "test" {
    database = "postgres"
    role = "test"
    schema = "public"
    object_type = "table"
    objects = ["test"]
    privileges = ["SELECT"]
}

Debug Output

https://pastebin.com/pt5V9ube

Panic Output

No panic

Expected Behavior

I expect the provider to silently ignore the resource removal since the ressource has already been removed when I dropped the table.

Actual Behavior

The module tried to remove the resource anyway and raised an error.

Error: could not execute revoke query: pq: relation "public.test" does not exist

Steps to Reproduce

  1. Start the database in a docker container and create the "test" table

    docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=postgres postgres
# In another shell
psql -h 127.0.0.1 -p 5432 -U postgres
# password is postgres
create table test(id int);
\d
\q
terraform init
terraform apply

  2. Now, drop the "test" table and remove the "test" grant from the main.tf file

    psql -h 127.0.0.1 -p 5432 -U postgres
# password is postgres
drop table test;
\q
terraform apply

Important Factoids

I was able to reproduce this on a docker instance as well as on RDS

References

None, I looked for the error message

aibou commented 1 month ago

I encounted this issue that can be avoided by terraform state rm & terraform apply.

TPXP commented 1 month ago

Indeed, state rm will work around the issue, but I'd prefer the terraform module to realize this grant does not exist anymore automatically