Skip to content
This repository has been archived by the owner on Nov 14, 2020. It is now read-only.

bug: postgresql_default_privileges not idempotent #72

Open
zytek opened this issue Apr 2, 2019 · 6 comments
Open

bug: postgresql_default_privileges not idempotent #72

zytek opened this issue Apr 2, 2019 · 6 comments
Labels
bug

Comments

@zytek
Copy link
Contributor

zytek commented Apr 2, 2019

Affected resources

  • postgresql_default_privileges

Description

When used with priviledges = ["ALL"] the resource is not idempotent


resource "postgresql_default_privileges" "priv-sequence-for-user" {
  database    = "${var.db}"
  owner       = "${var.db}_owner"
  role        = "${var.db}_user"
  schema      = "public"
  object_type = "sequence"
  privileges  = ["ALL"]
  depends_on  = ["postgresql_database.db"]
}
resource "postgresql_default_privileges" "priv-table-for-user" {
  database    = "${var.db}"
  owner       = "${var.db}_owner"
  role        = "${var.db}_user"
  schema      = "public"
  object_type = "table"
  privileges  = ["ALL"]
  depends_on  = ["postgresql_database.db"]
}

On each plan/apply run it shows that it plans to make this modifications:

  ~ postgresql_default_privileges.priv-sequence-owner
      privileges.#:          "3" => "1"
      privileges.1759376126: "UPDATE" => ""
      privileges.2914988887: "" => "ALL"
      privileges.3138006342: "SELECT" => ""
      privileges.666868928:  "USAGE" => ""

  ~ postgresql_default_privileges.priv-table-for-user
      privileges.#:          "7" => "1"
      privileges.1759376126: "UPDATE" => ""
      privileges.2491494563: "REFERENCES" => ""
      privileges.2602342604: "TRUNCATE" => ""
      privileges.2914988887: "" => "ALL"
      privileges.3138006342: "SELECT" => ""
      privileges.3404380929: "DELETE" => ""
      privileges.623833415:  "TRIGGER" => ""
      privileges.892623219:  "INSERT" => ""

Version

Terraform v0.11.13
provider from current HEAD
@cyrilgdn
Copy link
Contributor

Thanks for raising this issue @zytek .
Indeed I never tested/used it with ALL privileges. I'll try to take a look as soon as I can.

@cyrilgdn cyrilgdn added the bug label Apr 16, 2019
@solarmosaic-kflorence
Copy link

FYI this also happens on postgresql_grant:

  # module.db_postgres.postgresql_grant.admin will be updated in-place
  ~ resource "postgresql_grant" "admin" {
        database    = "x"
        id          = "x"
        object_type = "table"
      ~ privileges  = [
          + "ALL",
        ]
        role        = "x"
        schema      = "public"
    }

@cyrilgdn cyrilgdn mentioned this issue Feb 3, 2020
Open
@cyrilgdn cyrilgdn mentioned this issue Mar 11, 2020
Merged
@Vince-Chenal Vince-Chenal mentioned this issue Apr 29, 2020
Merged
@jonasneves
Copy link

Do we have any updates on this issue? I'm using the version v1.6.0 and I still see the problem.

@realsby
Copy link

realsby commented Jul 1, 2020

+1

1 similar comment
@ghost
Copy link

ghost commented Jul 16, 2020

+1

@seuf
Copy link
Contributor

seuf commented Jul 20, 2020

same issue with 1.7.0 version

@cyrilgdn cyrilgdn mentioned this issue Jan 10, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jonasneves @realsby @seuf @zytek @cyrilgdn @solarmosaic-kflorence