Skip to content
This repository has been archived by the owner on Nov 14, 2020. It is now read-only.

Postgres provider does not fix schema policies #172

Open
fboula opened this issue Sep 1, 2020 · 1 comment
Open

Postgres provider does not fix schema policies #172

fboula opened this issue Sep 1, 2020 · 1 comment

Comments

@fboula
Copy link

fboula commented Sep 1, 2020
edited
Loading

Context

The PostgreSQL provider does not seems to catch configuration drift on schema policies.

For some tests I manually changed the policy of a schema created by the PostgreSQL provider and performed a terraform plan and it returned:

No changes. Infrastructure is up-to-date.

Using terraform refresh does not change the outcome.

Terraform Version

Terraform v0.12.21
+ provider.postgresql v1.7.1

Affected Resource(s)

Please list the resources as a list, for example:

  • postgresql_schema

Terraform Configuration Files

resource "postgresql_role" "manager" {
  name                      = "usr_rw"
  bypass_row_level_security = false
  create_database           = false
  create_role               = false
  inherit                   = false
  login                     = false
  skip_drop_role            = false
  skip_reassign_owned       = false
  replication               = false
  superuser                 = false
}

resource "postgresql_role" "read_only" {
  name                      = "usr_ro"
  bypass_row_level_security = false
  create_database           = false
  create_role               = false
  inherit                   = false
  login                     = false
  skip_drop_role            = false
  skip_reassign_owned       = false
  replication               = false
  superuser                 = false
}

resource "postgresql_schema" "schema" {
  name          = "my_schema"
  database      = "my_db"
  owner         = postgresql_role.read_only.name
  if_not_exists = true
  drop_cascade  = false

  policy {
    role              = postgresql_role.manager.name
    create            = true
    create_with_grant = false
    usage             = true
    usage_with_grant  = false
  }

  policy {
    role              = postgresql_role.read_only.name
    create            = false
    create_with_grant = false
    usage             = true
    usage_with_grant  = false
  }
}

Expected Behavior

The provider should have picked up the change and fixed the schema policy to the usr_ro role.

Actual Behavior

The provider does not pick up the change and is not fixing the schema policy.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

  2. Revoke schema usage to the created role

    REVOKE USAGE on schema my_schema from usr_ro;

  3. terraform apply

Important Factoids

  • All tests were ran on docker container postgres:9.6.15
  • Schema have multiples policies
@marianoogimenez
Copy link

I'm experimenting the same problem

@kamil-rogon-dragon kamil-rogon-dragon mentioned this issue Oct 27, 2020
Draft
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fboula @marianoogimenez