postgres_grant confused?

[Bouke]

I'm trying to grant a permission to a role. I'm getting a confusing error message that's unrelated to the role I'm trying to modify. I've simplified the terraform to isolate the problem, which is listed below.

Terraform Version

Terraform v1.10.1
on darwin_arm64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.25.0

Affected Resource(s)

• postgresql_grant

Terraform Configuration Files

terraform {
  required_providers {
    postgresql = {
      source  = "cyrilgdn/postgresql"
      version = "1.25.0"
    }
  }
}
provider "postgresql" {
  host      = "hostname.postgres.database.azure.com"
  port      = 5432
  database  = "postgres"
  username  = "someadmin"
  password  = "..."
  sslmode   = "require"
  superuser = false
}
resource "postgresql_grant" "someuser-somedatabase" {
  database    = "somedatabase"
  object_type = "table"
  objects = ["sometable"]
  privileges = ["UPDATE"]
  role        = "someuser"
  schema      = "public"
}

Debug Output

postgresql_grant.someuser-somedatabase: Creating...
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [INFO]  Starting apply for postgresql_grant.someuser-somedatabase
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/cyrilgdn/postgresql" is in the global cache
2024-12-12T10:13:59.236+0100 [DEBUG] postgresql_grant.someuser-somedatabase: applying the planned Create change
2024-12-12T10:13:59.236+0100 [TRACE] GRPCProvider: ApplyResourceChange
2024-12-12T10:13:59.236+0100 [TRACE] GRPCProvider: GetProviderSchema
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Received request: @caller=github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:805 @module=sdk.proto tf_proto_version=5.3 tf_rpc=ApplyResourceChange tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Sending request downstream: @module=sdk.proto tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 tf_rpc=ApplyResourceChange tf_proto_version=5.3 timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:13:59.236+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Calling downstream: @module=sdk.helper_schema tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:836 timestamp="2024-12-12T10:13:59.236+0100"
2024-12-12T10:14:00.424+0100 [INFO]  provider.terraform-provider-postgresql_v1.25.0: 2024/12/12 10:14:00 grantRoleMembership: granting myusername to someadmin: timestamp="2024-12-12T10:14:00.423+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Called downstream: tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:838 @module=sdk.helper_schema tf_provider_addr=provider tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Received downstream response: @module=sdk.proto diagnostic_warning_count=0 tf_resource_type=postgresql_grant tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 diagnostic_error_count=1 tf_proto_version=5.3 tf_provider_addr=provider tf_req_duration_ms=1221 tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [ERROR] provider.terraform-provider-postgresql_v1.25.0: Response contains error diagnostic: tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=postgresql_grant diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="Error granting role myusername to someadmin: pq: permission denied to grant role \"myusername\"" @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"
2024-12-12T10:14:00.457+0100 [TRACE] provider.terraform-provider-postgresql_v1.25.0: Served request: tf_proto_version=5.3 tf_provider_addr=provider tf_req_id=23c66b4a-f9cd-31e5-1d4e-5eeb11e7ce9b tf_resource_type=postgresql_grant @caller=github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:831 @module=sdk.proto tf_rpc=ApplyResourceChange timestamp="2024-12-12T10:14:00.457+0100"

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.

Expected Behavior

The grant to be granted to the specified user; or an error why it couldn't do that.

Actual Behavior

It seems to try and grant a role of my username (no idea where it got that) to the current user, not the target role.

╷
│ Error: Error granting role myusername to someadmin: pq: permission denied to grant role "myusername"
│ 
│   with postgresql_grant.someuser-somedatabase,
│   on main.tf line 19, in resource "postgresql_grant" "someuser-somedatabase":
│   19: resource "postgresql_grant" "someuser-somedatabase" {
│ 
╵

Steps to Reproduce

1. terraform apply

Important Factoids

I'm logged in to the azure cli, but I haven't specified that the provider should use the azure auth.

References

N/A.