Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dropping a role failes if objects were created #39

Open
stephanpelikan opened this issue Oct 23, 2024 · 2 comments
Open

Dropping a role failes if objects were created #39

stephanpelikan opened this issue Oct 23, 2024 · 2 comments

Comments

@stephanpelikan
Copy link
Contributor

As part of my CDK script I deploy applications which creates tables, etc. For each application I've created a separate role. Undeploying the application does not remove those tables. However, on destroying via CDK the RDS cluster, the role needs to be deleted as well which causes this error which prevents from destroying the cluster:

Could not drop the role. ERROR: role "[username]" cannot be dropped because some objects depend on it DETAIL: [#] objects in database [dbname]

I had to connect to each database using the respective role created and run the command

drop owned by "[username]";

After doing so, the role could be deleted by CDK. I think it would be great if cdk-rds-sql executes this command as part of destroying the Role.

@berenddeboer
Copy link
Owner

I think that could be a significant surprise :-) What about attaching some sql to a role which gets run on delete or the role? Then you can include this behaviour.

@stephanpelikan
Copy link
Contributor Author

You're right. If one has more than one role or wants to keep data, then this is a bad idea.

What about attaching some sql to a role which gets run on delete or the role?

Yes and no. I'm not able to guess any quotas, but I think may use-case is not a rare one. How many people like me will run into the same problem since they are not aware of that situation? For important use-cases I would prefer a separate property like onDeleteDropObjectsOwnedByRole. If there is only a property sqlToRunOnDelete someone might not think that they will encounter a problem when deleting. On the other hand, there cannot be a separate property for each use-case. Maybe, if the documentation lists examples for typical use-cases (as mine) then it is fine. How do you rate the importance of this use case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants