Closed nicolamarangoni closed 4 months ago
Hi @nicolamarangoni ,
Sorry for the late reply, if you still have this issue, it's not a provider bug but you simply need to configure dependencies between resources correctly in your code.
In your code example, you provide role name in postgresql_default_privileges
directly with the variable where you should actually reference the postgresql_role
resource instead (same for database
, owner
, etc...) , e.g.:
resource "postgresql_database" "airflow" {
name = var.aws_rds_database
owner = postgresql_role.airflow.name
}
resource "postgresql_role" "airflow" {
name = var.aws_rds_username
login = true
password = random_password.airflow_rds.result
}
resource "postgresql_role" "airflow_ro" {
name = var.aws_rds_username_ro
login = true
password = random_password.airflow_rds_ro.result
}
resource "postgresql_default_privileges" "airflow_ro" {
database = postgresql_database.airflow.name
owner = postgresql_role.airflow.name
role = postgresql_role.airflow_ro.name
schema = "public"
object_type = "table"
privileges = ["SELECT"]
}
Thanks to that, Terraform will now that your postgresql_default_privileges
depends on the other resources and will destroy it before trying to destroy the roles & database.
Also, you don't need to define the depends_on
for the database anymore.
I allow myself to close this issue but feel free to open it back if needed.
Hi @cyrilgdn , thank you for the answer. Indeed I came to the same conclusion in December and corrected my deployment. Best regards,
Hi there,
I added default privileges on a schema for a specific role. Now I need to execute
terragrunt destroy
twice to really destroy the deployment.Thanks, Nicola
Terraform Version
1.6.5
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
First
terragrunt destroy
successfulActual Behavior
After the first destroy I get the error:
could not delete role role_name: pq: role "role_name" cannot be dropped because some objects depend on it
However, the terragrunt/terraform output of the first execution says that thepostgresql_default_privileges
resource has been successfully destroyed:postgresql_default_privileges.airflow_ro: Destruction complete after 5s
Actually the second attempt just destroypostgresql_role.airflow_ro
, that was the only resource left by the first attempt.Steps to Reproduce
postgresql_role
andpostgresql_default_privileges
that assigns some default privileges to the role.Important Factoids
We only use terraform with terragrunt.