You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/resources/rdb_privilege.md
+44-1Lines changed: 44 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,7 +51,7 @@ The following arguments are supported:
51
51
52
52
-`database_name` - (Required) Name of the database (e.g. `my-db-name`).
53
53
54
-
-`permission` - (Required) Permission to set. Valid values are `readonly`, `readwrite`, `all`, `custom` and `none`.
54
+
-`permission` - (Required) Desired permission level. Valid values are `readonly`, `readwrite`, `all`, `custom` and `none`.
55
55
56
56
-`region` - (Defaults to [provider](../index.md#region)`region`) The [region](../guides/regions_and_zones.md#regions) in which the resource exists.
57
57
@@ -61,6 +61,49 @@ In addition to all arguments above, the following attributes are exported:
61
61
62
62
-`id` - The ID of the user privileges, which is of the form `{region}/{instance_id}/{database_name}/{user_name}`, e.g. `fr-par/11111111-1111-1111-1111-111111111111/database_name/foo`
63
63
64
+
-`effective_permission` - The actual permission currently set in Scaleway. May differ from `permission` after database schema changes (new tables, views, or sequences created).
65
+
66
+
-`permission_status` - Permission synchronization status. Possible values:
67
+
-`synced`: The effective permission matches the desired permission
68
+
-`drifted`: The effective permission differs from the desired permission (requires `terraform apply` to resync)
69
+
70
+
## Permission Drift Management
71
+
72
+
### Understanding Permission Drift
73
+
74
+
When you configure a privilege (e.g., `readwrite`), Scaleway applies it to **database objects that exist at that moment**. If new tables, views, or sequences are created later, they won't automatically inherit these permissions. In that case, the API may return `custom`.
75
+
76
+
**Example:**
77
+
78
+
```terraform
79
+
resource "scaleway_rdb_privilege" "app" {
80
+
instance_id = scaleway_rdb_instance.main.id
81
+
user_name = "app_user"
82
+
database_name = "mydb"
83
+
permission = "readwrite"
84
+
85
+
# Later, after new objects are created externally:
86
+
# effective_permission = "custom" (computed)
87
+
# permission_status = "drifted" (computed)
88
+
}
89
+
```
90
+
91
+
### Handling Permission Drift
92
+
93
+
Run `terraform apply` to reapply the configured permission to all objects (existing and new):
94
+
95
+
```bash
96
+
terraform apply
97
+
```
98
+
99
+
The plan will typically show:
100
+
101
+
```diff
102
+
~ resource "scaleway_rdb_privilege" "app" {
103
+
~ permission = "custom" -> "readwrite"
104
+
}
105
+
```
106
+
64
107
## Import
65
108
66
109
The user privileges can be imported using the `{region}/{instance_id}/{database_name}/{user_name}`, e.g.
Copy file name to clipboardExpand all lines: templates/resources/rdb_privilege.md.tmpl
+44-1Lines changed: 44 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,7 @@ The following arguments are supported:
52
52
53
53
- `database_name` - (Required) Name of the database (e.g. `my-db-name`).
54
54
55
-
- `permission` - (Required) Permission to set. Valid values are `readonly`, `readwrite`, `all`, `custom` and `none`.
55
+
- `permission` - (Required) Desired permission level. Valid values are `readonly`, `readwrite`, `all`, `custom` and `none`.
56
56
57
57
- `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions) in which the resource exists.
58
58
@@ -62,6 +62,49 @@ In addition to all arguments above, the following attributes are exported:
62
62
63
63
- `id` - The ID of the user privileges, which is of the form `{region}/{instance_id}/{database_name}/{user_name}`, e.g. `fr-par/11111111-1111-1111-1111-111111111111/database_name/foo`
64
64
65
+
- `effective_permission` - The actual permission currently set in Scaleway. May differ from `permission` after database schema changes (new tables, views, or sequences created).
66
+
67
+
- `permission_status` - Permission synchronization status. Possible values:
68
+
- `synced`: The effective permission matches the desired permission
69
+
- `drifted`: The effective permission differs from the desired permission (requires `terraform apply` to resync)
70
+
71
+
## Permission Drift Management
72
+
73
+
### Understanding Permission Drift
74
+
75
+
When you configure a privilege (e.g., `readwrite`), Scaleway applies it to **database objects that exist at that moment**. If new tables, views, or sequences are created later, they won't automatically inherit these permissions. In that case, the API may return `custom`.
76
+
77
+
**Example:**
78
+
79
+
```terraform
80
+
resource "scaleway_rdb_privilege" "app" {
81
+
instance_id = scaleway_rdb_instance.main.id
82
+
user_name = "app_user"
83
+
database_name = "mydb"
84
+
permission = "readwrite"
85
+
86
+
# Later, after new objects are created externally:
87
+
# effective_permission = "custom" (computed)
88
+
# permission_status = "drifted" (computed)
89
+
}
90
+
```
91
+
92
+
### Handling Permission Drift
93
+
94
+
Run `terraform apply` to reapply the configured permission to all objects (existing and new):
95
+
96
+
```bash
97
+
terraform apply
98
+
```
99
+
100
+
The plan will typically show:
101
+
102
+
```diff
103
+
~ resource "scaleway_rdb_privilege" "app" {
104
+
~ permission = "custom" -> "readwrite"
105
+
}
106
+
```
107
+
65
108
## Import
66
109
67
110
The user privileges can be imported using the `{region}/{instance_id}/{database_name}/{user_name}`, e.g.
0 commit comments