This repository was archived by the owner on Nov 14, 2020. It is now read-only.
This repository was archived by the owner on Nov 14, 2020. It is now read-only.
Provider is using up all PG connections and erroring out the plan #160
Open
Description
Terraform Version
Terraform v0.13.0-beta2
- provider registry.terraform.io/terraform-providers/postgresql v1.6.0
Affected Resource(s)
Various postgresql resources... usually gets stuck on a postgresql_role
Terraform Configuration Files
This is the main roles module we use, which is instantiated for each database on each server (so about 15 times or so per plan/apply)
# The Schema Admin role (for each database) is specifically a way to allow other users permission to alter
# tables in the given database, which, currently, are all owned by 'postgres'.
resource "postgresql_role" "schema_admins" {
for_each = var.databases
name = "ss_${each.key}_schema_admins"
inherit = false
roles = ["postgres"]
}
# The Admin Role (for each database) grants read and write access to all tables in the public schema of the given database
resource "postgresql_role" "admins" {
for_each = var.databases
name = "ss_${each.key}_admins"
}
# The Reader Role (for each database) grands read-only access to all tables in the public schema of the given database
resource "postgresql_role" "readers" {
for_each = var.databases
name = "ss_${each.key}_readers"
}
# Grants Section (enables the access described above)
resource "postgresql_grant" "admin_tables" {
for_each = var.databases
database = each.value
role = postgresql_role.admins[each.key].name
schema = "public"
object_type = "table"
privileges = ["SELECT", "INSERT", "DELETE", "UPDATE"]
}
resource "postgresql_grant" "admin_sequences" {
for_each = var.databases
database = each.value
role = postgresql_role.admins[each.key].name
schema = "public"
object_type = "sequence"
privileges = ["USAGE", "SELECT", "UPDATE"]
}
resource "postgresql_grant" "read_tables" {
for_each = var.databases
database = each.value
role = postgresql_role.readers[each.key].name
schema = "public"
object_type = "table"
privileges = ["SELECT"]
}
# This section defines default privileges for the 'postgres' user, so that admins and readers have access
# to read/write any new tables/sequences created by the 'postgres' user
resource "postgresql_default_privileges" "root_admin_tables" {
for_each = var.databases
database = each.value
role = postgresql_role.admins[each.key].name
schema = "public"
owner = var.username
object_type = "table"
privileges = ["SELECT", "INSERT", "DELETE", "UPDATE"]
}
resource "postgresql_default_privileges" "root_admin_sequences" {
for_each = var.databases
database = each.value
role = postgresql_role.admins[each.key].name
schema = "public"
owner = var.username
object_type = "sequence"
privileges = ["SELECT", "UPDATE", "USAGE"]
}
resource "postgresql_default_privileges" "root_read_tables" {
for_each = var.databases
database = each.value
role = postgresql_role.readers[each.key].name
schema = "public"
owner = var.username
object_type = "table"
privileges = ["SELECT"]
}And then we also have some individual resources that look like this:
resource "postgresql_role" "ss_dbs_user" {
provider = postgresql.ss_dbs
for_each = local.permissions.ss_dbs
name = local.users[each.key].username
login = true
password = local.users[each.key].password
roles = each.value
}Debug Output
Expected Behavior
It should connect to all my databases in an efficient, logical way, without using up all the connections
Actual Behavior
It seems like it failed to finish the plan due to some error from the database saying that all remaining connections are reserved for superuser accounts.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
- `cloud_sql_proxy -instances=...=tcp:5404 # setup cloud_sql_proxy for databases
terraform plan
Important Factoids
We're running the database on Google Cloud, and have to connect through cloud_sql_proxy (which I always start locally before running terraform)
References
None that I know of
Metadata
Metadata
Assignees
Labels
No labels