Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

postgresql_role destroy error "role cannot be dropped because some objects depend on it" #435

Open
jpo-tu opened this issue Apr 29, 2024 · 2 comments
Open

postgresql_role destroy error "role cannot be dropped because some objects depend on it" #435

jpo-tu opened this issue Apr 29, 2024 · 2 comments

Comments

@jpo-tu
Copy link

jpo-tu commented Apr 29, 2024
edited
Loading

Given a postgresql_role and a resource dependent on that role, an error is thrown when removing the dependency and destroying the role, as Terraform attempts to perform the destroy before the update. This only occurs if the database of the provider block is different than the database containing the resource.

Terraform Version

$ terraform -v
Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.22.0

Affected Resource(s)

  • postgresql_role

Terraform Configuration Files

terraform {
  required_version = ">= 1.0"
  required_providers {
    postgresql = {
      source  = "cyrilgdn/postgresql"
      version = "~> 1"
    }
  }
}

provider "postgresql" {
  host      = "host.docker.internal"
  port      = 54321
  username  = "postgres"
  password  = ""
  database  = "postgres"
  superuser = false
  sslmode   = "disable"
}

resource "postgresql_database" "db" {
  name = "delete_before_update"
}

resource "postgresql_role" "publication_owner" {
  name = "${postgresql_database.db.name}_publication_owner"
}

resource "postgresql_publication" "pub" {
  database = postgresql_database.db.name
  name = "my_publication"
  owner = postgresql_role.publication_owner.name
}

What that terraform does:
a) creates a database
2) creates a role
d) makes the role owner of something (in this example, a publication). This creates a dependency between the something and the role

Steps to Reproduce

  1. start a local postgresql instance listening on port 54321: 
    docker run -it --rm -e POSTGRES_HOST_AUTH_METHOD=trust -p 54321:5432 postgres:15-alpine
  2. terraform init && terraform apply the above terraform
  3. remove the role from the code and update the owner (this removes the dependency on the role): 
    # destroy the role by (say) commenting out the terraform
#resource "postgresql_role" "publication_owner" {
#  name = "${postgresql_database.db.name}_publication_owner"
#}

# update the owner to no longer reference the role
resource "postgresql_publication" "pub" {
  database = postgresql_database.db.name
  name = "my_publication"
  owner = "postgres" # HERE
}
  4. terraform apply

Expected Behavior

owner should be updated and role destroyed

Actual Behavior

Error: could not delete role delete_before_update_publication_owner: pq: role "delete_before_update_publication_owner" cannot be dropped because some objects depend on it

Important Factoids

  • issue originally discovered on AWS RDS Aurora Postgresql 15, and reproduced locally
  • if the provider specifies the same database as the thing dependent on the role, the error does not occur. That is, the role is destroyed without issue and the publication owner updated.
@k3yss
Copy link

k3yss commented Aug 7, 2024

@jpo-tu Did you find a solution for this?

@soupdiver
Copy link

Yea, having the same issue here or at least something that looks similar.
Have a few schemas with users and terraform seems stuck with some kind of cyclic dependency issue... nothin can be removed because always some object depends on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@soupdiver @k3yss @jpo-tu