search

petoju / terraform-provider-mysql

Terraform MySQL provider – unofficial fork
https://registry.terraform.io/providers/petoju/mysql
Mozilla Public License 2.0
63 stars 40 forks source link

mysql_grant imported ok, but still asks to create a resource which fails. #72

Closed holms closed 2 months ago

holms commented 1 year ago

After importing mysql_grant resource successfully it's still asking to create new resource

$  terraform import mysql_grant.api_scriptgenerator_useraccess_pbs_accounts api_scriptgenerator@%@pbs_accounts@@

mysql_grant.api_scriptgenerator_useraccess_pbs_accounts: Importing from ID "api_scriptgenerator@%@pbs_accounts@"...
mysql_grant.api_scriptgenerator_useraccess_pbs_accounts: Import prepared!
Import successful!
$ terraform apply

Terraform will perform the following actions:

  # mysql_grant.api_scriptgenerator_useraccess_pbs_accounts will be created
  + resource "mysql_grant" "api_scriptgenerator_useraccess_pbs_accounts" {
      + database   = "pbs_accounts"
      + grant      = false
      + host       = "%"
      + id         = (known after apply)
      + privileges = [
          + "ALL",
        ]
      + table      = "*"
      + tls_option = "NONE"
      + user       = "api_scriptgenerator"
    }

mysql_grant.api_scriptgenerator_useraccess_pbs_accounts: Creating...
╷
│ Error: user/role 'api_scriptgenerator'@'%' already has unmanaged grant to pbs_accounts.* - import it first
│ 
│   with mysql_grant.api_scriptgenerator_useraccess_pbs_accounts,
│   on azure-mysql-northeurope.tf line 26, in resource "mysql_grant" "api_scriptgenerator_useraccess_pbs_accounts":
│   26: resource "mysql_grant" "api_scriptgenerator_useraccess_pbs_accounts" {
│

Terraform Version

holms@holms ~/D/s/t/p/infra (master)> terraform -v
Terraform v1.3.9
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.29.0
+ provider registry.terraform.io/digitalocean/digitalocean v2.25.2
+ provider registry.terraform.io/hashicorp/azuread v2.30.0
+ provider registry.terraform.io/hashicorp/azurerm v3.33.0
+ provider registry.terraform.io/hashicorp/google-beta v4.44.1
+ provider registry.terraform.io/petoju/mysql v3.0.31

Your version of Terraform is out of date! The latest version
is 1.4.2. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

Terraform Configuration Files

resource "mysql_grant" "api_scriptgenerator_useraccess_pbs_accounts" {
  user       = "api_scriptgenerator"
  host       = "%"
  database   = "pbs_accounts"
  privileges = ["ALL"]
}

Expected Behavior

After import it shouldn't create new resource

Actual Behavior

Asks to create new resource despite import been successful

Steps to Reproduce

  1. Add code above to mysq.tf
  2. terraform import mysql_grant.api_scriptgenerator_useraccess_pbs_accounts api_scriptgenerator@%@pbs_accounts@@
  3. terraform apply
petoju commented 1 year ago

I believe the issue is with refresh and your DB version. Consider running with -refresh=false temporarily to verify.

And logs from provider (created as a part of other logs) would also help - see https://developer.hashicorp.com/terraform/internals/debugging for detail on how to enable them.

jungm commented 1 year ago

I've ran into the same issue as well. I believe the docs are just a bit misleading here as they claim For grants without explicit database or tables, leave these fields empty. but the code appears to always exactly match db/table when importing, thus leaving fields blank doesn't work. This is also a bit confusing because terraform claims the import was successful. But when taking a look into the state file (or running terraform state list) nothing really happened

Running terraform import mysql_grant.testgrant testuser@%@testdb@* seems to have worked perfectly fine for me to import grants