postgresql_role trying to revoke when it shouldn't, and failing

[waynejnicklin]

I'm trying to add roles to the postgresql admin user that is created when the postgresql server is created in Azure.

The "plan" step looks correct:

~ roles = [
"azure_pg_admin",
+ "gfp_aiq_adm",
+ "gfp_attributemanager_adm",
+ "gfp_gfdmmanager_adm",
+ "gfp_lightspark_adm",
+ "gfp_mdmrelay_adm",
+ "gfp_rcs_adm",
"gfp_ruleservice_adm",
]
So the plan is to leave the azure_pg_admin role untouched, and the gfp_ruleservice_adm role... correctly... and to add the additional roles that I specified in the Terraform.

However, when the "apply" step is run, the following error occurs:

2020-09-16T09:14:08.6061271Z �[1m�[31mError: �[0m�[0m�[1mcould not revoke role azure_pg_admin from postgresqldev: pq: must be superuser to perform revoke role azure_pg_admin on server owner�[0m

So the issue is that the "apply" is doing something different to what the "plan" is saying. It's trying to revoke a role (and failing because it's not a superuser), but it shouldn't be trying to revoke that role as there is no change for that role in the "plan" file.

[alisdair]

This appears to be an issue related to the PostgreSQL provider, so I've asked Hashibot to move it over there.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.