The customer has reported that after they use Terraform script to drop and recreate keyspace cssservice, their admin user admin-ocp-p-p-uspd-css-cass-01 loses access to the recreated keyspace.
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# module.ds-astra-cluster.astra_keyspace.this["dekms"] will be created
+ resource "astra_keyspace" "this" {
+ database_id = "51a23389-1499-4d64-b73a-c958f96e79a0"
+ id = (known after apply)
+ name = "dekms"
}
# module.ds-astra-cluster.astra_role.admin will be updated in-place
~ resource "astra_role" "admin" {
id = "d031a210-7a6b-4310-a993-fdf05409c3ed"
~ resources = [
"drn:astra:org:aa277a78-b6d6-495a-a67f-3715f6a9524a:db:51a23389-1499-4d64-b73a-c958f96e79a0:keyspace:default_unused",
+ "drn:astra:org:aa277a78-b6d6-495a-a67f-3715f6a9524a:db:51a23389-1499-4d64-b73a-c958f96e79a0:keyspace:dekms",
]
# (5 unchanged attributes hidden)
}
Plan: 1 to add, 1 to change, 0 to destroy.
Below is the output from Terraform:
147 # module.ds-astra-cluster.astra_role.admin will be updated in-place
148 ~ resource "astra_role" "admin" {
149 ~ description = "admin-ocp-p-p-uspd-css-cass-01" -> "Admin role"
150 id = "5d19d90a-7cee-4d1f-abaa-d4b11eaf28eb"
...
164Plan: 0 to add, 1 to change, 1 to destroy.
165module.ds-astra-cluster.astra_keyspace.this["cssservice"]: Destroying... [id=c2db6b6d-844c-4963-a225-58b9f91550dd/keyspace/cssservice]
166module.ds-astra-cluster.astra_role.admin: Modifying... [id=5d19d90a-7cee-4d1f-abaa-d4b11eaf28eb]
167module.ds-astra-cluster.astra_keyspace.this["cssservice"]: Destruction complete after 0s
168module.ds-astra-cluster.astra_role.admin: Modifications complete after 1s [id=5d19d90a-7cee-4d1f-abaa-d4b11eaf28eb]
...
it appears the astra_role.admin table is modified when a keyspace is dropped, does terraform modify the user roles when removing a keyspace? if so, does it add the correct access for the role back when the keyspace is recreated?
The customer has reported that after they use Terraform script to drop and recreate keyspace
cssservice, their admin useradmin-ocp-p-p-uspd-css-cass-01loses access to the recreated keyspace.Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
Below is the output from Terraform:
it appears the
astra_role.admintable is modified when a keyspace is dropped, does terraform modify the user roles when removing a keyspace? if so, does it add the correct access for the role back when the keyspace is recreated?