Closed aloks2019 closed 2 months ago
This is actually the intended behaviour.
mysql_grant
enumerates all roles (in your use case; or all grants) that the user should be given. All extra roles are removed, that helps both with auditing and in some edge cases after incomplete apply. That's why we don't allow more grant resources per user.
If you want to give user more roles, you are free to do so using roles = ["db1_app_deploy_role", "db2_app_deploy_role"]
. The list can be easily generated dynamically.
I get error when I tried to grant multiple roles using different resources. My end goal is to use gor_each to generate roles dynamically. But existing solution in not working
Expected Behavior
Success execution
Actual Behavior
mysql_grant.r_grants_roles1: Creating... ╷ │ Error: user/role {app_deploy %} already has grant &{[db2_app_deploy_role] false {app_deploy %} NONE} - │ │ with mysql_grant.r_grants_roles1, │ on main.tf line 297, in resource “mysql_grant” “r_grants_roles1": │ 297: resource “mysql_grant” “r_grants_roles1" { │ ╵