Open hargut opened 4 months ago
Hey @hargut ,
Thanks for opening the issue. I'm able to reproduce this problem. Indeed, apparently there's many changes in PG 16 about roles.
It's mainly linked to: https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-CREATEROLE-SELF-GRANT
Even with this option disable (default value), the role will now appear in anyway pg_auth_members
that the provider is checking but with all flag, but the admin
one (because as mentioned by the doc above Since a CREATEROLE user is always implicitly granted ADMIN OPTION on created roles
, disabled)
So as a quick fix we need to adapt the requests that check the members, but these new features will probably imply more changes :scream: (it could simplify a lot some part of the provider though, as managing the case of non-superuser admin like in AWS/Azure/GCP is the biggest pain point in this provider :sweat_smile: )
I allow myself to rename the issue to Postgres v16 compatibility so I can pin it on top.
Hey, is there any movement on this issue?
also interested in this issue
just ran into this this morning... when i run my terraform with a <v16 Azure Database for PostgreSQL flexible server, i can create a postgresql_role and assign it as the owner of a postgresql_database
if i run it with a v16 database service i get the following terraform error:
postgresql_database.test_db: Creating...
Error: Error creating database "test": pq: must be able to SET ROLE "testDbo"
Hi @cyrilgdn ,
Would be nice if we know some plan about provider postgresql
will support Postgresql 16 compatible version ?
Thanks so much.
Affected Resource(s)
provider version:
1.21.0
The issue is likely related to Postgres 16 Permission/Grant changes.
Terraform Configuration Files
Expected Behavior
Database should be created.
Actual Behavior
Error: Error creating database "<name>": pq: must be able to SET ROLE "<name>"
Postgres 16 Release and Documentation References
Details related to permission in Postgres 16 Changelog: https://www.postgresql.org/docs/16/release-16.html
https://www.postgresql.fastware.com/blog/discussing-postgresql-what-changes-in-version-16
https://www.postgresql.org/docs/current/sql-grant.html Section:
It looks like that this permission is not applied to the db admin user when creating the role. Assume changes would be needed in the
postgresql_role
to be able to grant this option to the according user or implicitly always grant it to the creating user (provider connection).Important Factoids
Azure PostgreSQL flexible server version 16