Skip to content
This repository was archived by the owner on Nov 14, 2020. It is now read-only.
This repository was archived by the owner on Nov 14, 2020. It is now read-only.

Postgres provider does not fix schema policies #172

Open
Open
Postgres provider does not fix schema policies#172
@fboula

Description

@fboula
fboula
opened on Sep 1, 2020

Context

The PostgreSQL provider does not seems to catch configuration drift on schema policies.

For some tests I manually changed the policy of a schema created by the PostgreSQL provider and performed a terraform plan and it returned:

No changes. Infrastructure is up-to-date.

Using terraform refresh does not change the outcome.

Terraform Version

Terraform v0.12.21
+ provider.postgresql v1.7.1

Affected Resource(s)

Please list the resources as a list, for example:

  • postgresql_schema

Terraform Configuration Files

resource "postgresql_role" "manager" {
  name                      = "usr_rw"
  bypass_row_level_security = false
  create_database           = false
  create_role               = false
  inherit                   = false
  login                     = false
  skip_drop_role            = false
  skip_reassign_owned       = false
  replication               = false
  superuser                 = false
}

resource "postgresql_role" "read_only" {
  name                      = "usr_ro"
  bypass_row_level_security = false
  create_database           = false
  create_role               = false
  inherit                   = false
  login                     = false
  skip_drop_role            = false
  skip_reassign_owned       = false
  replication               = false
  superuser                 = false
}

resource "postgresql_schema" "schema" {
  name          = "my_schema"
  database      = "my_db"
  owner         = postgresql_role.read_only.name
  if_not_exists = true
  drop_cascade  = false

  policy {
    role              = postgresql_role.manager.name
    create            = true
    create_with_grant = false
    usage             = true
    usage_with_grant  = false
  }

  policy {
    role              = postgresql_role.read_only.name
    create            = false
    create_with_grant = false
    usage             = true
    usage_with_grant  = false
  }
}

Expected Behavior

The provider should have picked up the change and fixed the schema policy to the usr_ro role.

Actual Behavior

The provider does not pick up the change and is not fixing the schema policy.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

  2. Revoke schema usage to the created role

    REVOKE USAGE on schema my_schema from usr_ro;

  3. terraform apply

Important Factoids

  • All tests were ran on docker container postgres:9.6.15
  • Schema have multiples policies

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions