search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.66k stars 9.55k forks source link

backend pg: env PGUSER used for PG_SCHEMA_NAME #35502

Closed onefourfive closed 2 weeks ago

onefourfive commented 3 months ago

Terraform Version

Terraform v1.7.2-dev
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v3.65.0
+ provider registry.terraform.io/hashicorp/vault v4.3.0

Your version of Terraform is out of date! The latest version
is 1.9.3. You can update by downloading from https://www.terraform.io/downloads.html

Terraform Configuration Files

terraform {
  backend "pg" {
  }
}

Debug Output

2024-07-24T21:23:17.291Z [INFO]  Terraform version: 1.7.2 dev
2024-07-24T21:23:17.291Z [DEBUG] using github.com/hashicorp/go-tfe v1.41.0
2024-07-24T21:23:17.291Z [DEBUG] using github.com/hashicorp/hcl/v2 v2.19.1
2024-07-24T21:23:17.291Z [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2024-07-24T21:23:17.291Z [DEBUG] using github.com/zclconf/go-cty v1.14.1
2024-07-24T21:23:17.291Z [INFO]  Go runtime version: go1.22.4
2024-07-24T21:23:17.291Z [INFO]  CLI args: []string{"terraform", "plan"}
2024-07-24T21:23:17.291Z [TRACE] Stdout is a terminal of width 85
2024-07-24T21:23:17.291Z [TRACE] Stderr is a terminal of width 85
2024-07-24T21:23:17.291Z [TRACE] Stdin is a terminal
2024-07-24T21:23:17.291Z [DEBUG] Attempting to open CLI config file: /root/.terraformrc
2024-07-24T21:23:17.291Z [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2024-07-24T21:23:17.292Z [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2024-07-24T21:23:17.292Z [DEBUG] ignoring non-existing provider search directory /root/.terraform.d/plugins
2024-07-24T21:23:17.292Z [DEBUG] ignoring non-existing provider search directory /root/.local/share/terraform/plugins
2024-07-24T21:23:17.292Z [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2024-07-24T21:23:17.292Z [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2024-07-24T21:23:17.293Z [INFO]  CLI command args: []string{"plan"}
2024-07-24T21:23:17.456Z [TRACE] Meta.Backend: built configuration for "pg" backend with hash value 1949691007
2024-07-24T21:23:17.456Z [TRACE] Preserving existing state lineage "7bc0a3b1-67e1-c7a6-ada4-ade3040d13ae"
2024-07-24T21:23:17.456Z [TRACE] Preserving existing state lineage "7bc0a3b1-67e1-c7a6-ada4-ade3040d13ae"
2024-07-24T21:23:17.457Z [TRACE] Meta.Backend: working directory was previously initialized for "pg" backend
2024-07-24T21:23:17.457Z [TRACE] Meta.Backend: using already-initialized, unchanged "pg" backend configuration

Expected Behavior

Terraform should read PG_SCHEMA_NAME as specified in documentation

Actual Behavior

Terraform reuses the value of PGUSER for schema, leading to error

│ Error: pq: no pg_hba.conf entry for host "192.168.202.151", user "pg_user", database "pg_user", SSL encryption

Steps to Reproduce

  1. Use a postgres backend
  2. Set env vars according to documentation:
    • PGUSER
    • PGPASSWORD
    • PG_SCHEMA_NAME
    • PGHOST
  3. Run terraform init or terraform plan.

Additional Context

Setting these all inPG_CONN_STR works fine, but this is not deemed required by the documentation. I'd prefer to use the separate variables for cleaner templating.

References

No response

crw commented 3 months ago

Thanks for raising this issue! FYI @remilapeyre.

xykkong commented 2 months ago

Hi @onefourfive,

It seems like everything is working as intended. I believe you might be confusing schema with database. To change the database name, you can use the PGDATABASE variable instead.

The pg backend supports the standard libpq environment variables.

From documentation:

dbname The database name. Defaults to be the same as the user name.

jbardin commented 2 weeks ago

Since we have not heard back in a while I'm going to close the issue. If you have any updates regarding the issue, feel free to open a new issue with the requested information. If you have more questions, you can also use the community forum where there are more people ready to help.

Thanks!