Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant configuration drift on Grant being shown and Grants are deleted #233

Closed
PierreBeucher opened this issue Jun 23, 2023 · 1 comment · Fixed by #235
Closed

Constant configuration drift on Grant being shown and Grants are deleted #233

PierreBeucher opened this issue Jun 23, 2023 · 1 comment · Fixed by #235
Assignees
@AaronFriel
Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@PierreBeucher
Copy link

What happened?

Pulumi shows a constant diff for Grant resources. This is likely an issue already documented on Terraform provider: cyrilgdn/terraform-provider-postgresql#303

However, as Pulumi default behaviour is to create THEN delete, it ends-up deleting Grant altogether:

  • Pulumi "creates" new resource - in fact applying an already existing Grant
  • Then it "deletes" old resource, resulting in original Grant being deleted

End result: Grant is deleted

Expected Behavior

Pulumi detects diff normally. Grant is not deleted.

Steps to reproduce

Create a Grant like:

new postgresql.Grant(`my-grant`,
			{
				database: "database",
				objectType: "table",
				role: "role",
				privileges: ["SELECT", "UPDATE", "INSERT", "DELETE"],
				objects: [],
				schema: "schema"
			}
		)

Up a first time: Grant is created OK
Up a second time: Pulumi shows diff, deleting original Grant

Pulumi (automation API) shows output like this, clearly indicating deletion at the end:

 ++ postgresql:index:Grant RdsMigrationUserTablePrivileges creating replacement [diff: ~privileges]
 ++ postgresql:index:Grant RdsMigrationUserTablePrivileges created replacement [diff: ~privileges]
 +- postgresql:index:Grant RdsMigrationUserTablePrivileges replacing [diff: ~privileges]
 +- postgresql:index:Grant RdsMigrationUserTablePrivileges replaced [diff: ~privileges]
 -- postgresql:index:Grant RdsMigrationUserTablePrivileges deleting original [diff: ~privileges]
 -- postgresql:index:Grant RdsMigrationUserTablePrivileges deleted original [diff: ~privileges]

Output of pulumi about

 pulumi about
CLI          
Version      3.54.0
Go Version   go1.19.5
Go Compiler  gc

Host     
OS       nixos
Version  22.11 (Raccoon)
Arch     x86_64

Additional context

We implemented a workaround with deleteBeforeReplace: true, causing Grants to be deleted then recreated (so actually deleted for a few seconds, which is better than permanently)

new postgresql.Grant(`my-grant`,
			{
				database: "database",
				objectType: "table",
				role: "role",
				privileges: ["SELECT", "UPDATE", "INSERT", "DELETE"],
				objects: [],
				schema: "schema"
			},{ 
				deleteBeforeReplace: true
			}
		)

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@PierreBeucher PierreBeucher added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Jun 23, 2023
@AaronFriel
Copy link
Contributor

@PierreBeucher Thanks for flagging this! We can override the TF provider's behavior here to delete before replacing. It looks like there are two bugs though; the constant diff & the order of operations.

@AaronFriel AaronFriel self-assigned this Jun 27, 2023
AaronFriel added a commit that referenced this issue Jun 27, 2023
@AaronFriel
Fix order of replacement in postgresql.Grant
5d4d39b 
Create and then delete is invalid, as the physical ID of the resource is fixed.
When replacing, we must delete-before-replace.

Fixes #233.
@AaronFriel AaronFriel mentioned this issue Jun 27, 2023
Merged
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Jun 27, 2023
@aq17 aq17 removed the needs-triage Needs attention from the triage team label Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AaronFriel AaronFriel

Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix order of replacement in postgresql.Grant pulumi/pulumi-postgresql
4 participants
@AaronFriel @PierreBeucher @pulumi-bot @aq17