terraform-provider-postgresql: "tuple concurrently updated" error on concurrent GRANT statements

Terraform Version

1.1.1

Affected Resource(s)

postgresql_grant

Terraform Configuration Files


provider "postgresql" {
  host             = var.postgres_host
  port             = var.postgres_port
  username         = var.root_user_name
  password         = var.root_user_password
  expected_version = "12.3"
  superuser        = false
}

resource "postgresql_grant" "connect_db" {
  database    = postgresql_database.db.name
  object_type = "database"
  privileges  = ["CREATE", "CONNECT"]
  role        = postgresql_role.svc_admin.name
}

resource "postgresql_grant" "use_schema" {
  database    = postgresql_database.db.name
  object_type = "schema"
  privileges  = ["CREATE", "USAGE"]
  role        = postgresql_role.svc_admin.name
  schema      = "public"
}

Panic Output

╷
│ Error: could not execute revoke query: pq: tuple concurrently updated
│ 
│   with module.svc.postgresql_grant.use_schema,
│   on .terraform/modules/svc/main.tf line 118, in resource "postgresql_grant" "use_schema":
│  118: resource "postgresql_grant" "use_schema" {
│ 
╵

Expected Behavior

Multiple GRANT statements should get executed correctly.

Actual Behavior

terraform apply fails intermittently when multiple GRANT statements are involved.

Steps to Reproduce

terraform apply with multiple grant statements. You can also try a large number of statements with a for_each to make it more likely that the error will happen.

Important Factoids

Found this threads on postgres/terraform mailing lists:

The “solution” seems to be to run things sequentially. However, ideally, we should be able to handle this at the provider level. For ex. by either locking the table appropriately, or by retrying after a backoff period perhaps before failing.

One interesting thing that happened was that with my terraform apply, when TF exited, it didn’t save the state. So, it created some resources, but they weren’t tracked in the state. That could be a Terraform bug, but I thought I should at least mention it here.

About this issue

Original URL
State: open
Created 2 years ago
Reactions: 45
Comments: 19 (1 by maintainers)

Commits related to this issue

Add initial test coverage for https://github.com/cyrilgdn/terraform-provider-postgresql/issues/178 — committed to cyrilgdn/terraform-provider-postgresql by kylejohnson 9 months ago
Remove test coverage for https://github.com/cyrilgdn/terraform-provider-postgresql/issues/178 * Using terratest just wasn't working out - it isn't designed for testing a provider * github.com/hashico... — committed to cyrilgdn/terraform-provider-postgresql by kylejohnson 8 months ago
upgrade to cyrilgdn/postgresql 1.21.1-beta.1 this prevents errors like: could not execute revoke query: pq: tuple concurrently updated error see https://github.com/cyrilgdn/terraform-provider-postg... — committed to rgl/terraform-postgres by rgl 7 months ago

Most upvoted comments

This really needs to be fixed, -parallelism=1 makes Terraform runs take hours…

philip-harvey on Jul 25, 2022

bump. I have many resources in additional to postgres grants in the same workspace. I dont want to have to set -parallelism=1

red8888 on May 2, 2022

Hi everyone,

I went ahead and released a beta version which targets the tuple-concurrently-updated branch used in #352.

Using this beta release, the tuple concurrently updated error has been fixed 100% of the time in my internal usage at $dayjob.

I’d appreciate it if anyone else could test and confirm these results as well.

terraform {
  required_providers {
    postgresql = {
      source  = "cyrilgdn/postgresql"
      version = "1.21.1-beta.1"
    }
  }
}

kylejohnson on Nov 1, 2023

We were able to fix the issue by setting TF_CLI_ARGS_apply=“-parallelism=1” (on provider version 1.15.0), but this certainly isn’t ideal. I would love a fix as described above.

phclark on Mar 23, 2022

Would love to see this fixed. A retry approach for this specific error would be sweet!

marcneander on Sep 12, 2022