mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-30 10:47:14 -06:00
Dept of second thoughts: remove authorization support before 0.8
releases. When postgresql_schema_policy lands this attribute should be removed in order to provide a single way of accomplishing setting permissions on schema objects.
This commit is contained in:
parent
7cda9e8c74
commit
56a193f228
@ -13,8 +13,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
schemaNameAttr = "name"
|
||||
schemaAuthorizationAttr = "authorization"
|
||||
schemaNameAttr = "name"
|
||||
)
|
||||
|
||||
func resourcePostgreSQLSchema() *schema.Resource {
|
||||
@ -33,12 +32,6 @@ func resourcePostgreSQLSchema() *schema.Resource {
|
||||
Required: true,
|
||||
Description: "The name of the schema",
|
||||
},
|
||||
schemaAuthorizationAttr: {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Computed: true,
|
||||
Description: "The role name of the owner of the schema",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -55,10 +48,6 @@ func resourcePostgreSQLSchemaCreate(d *schema.ResourceData, meta interface{}) er
|
||||
b := bytes.NewBufferString("CREATE SCHEMA ")
|
||||
fmt.Fprintf(b, pq.QuoteIdentifier(schemaName))
|
||||
|
||||
if v, ok := d.GetOk(schemaAuthorizationAttr); ok {
|
||||
fmt.Fprint(b, " AUTHORIZATION ", pq.QuoteIdentifier(v.(string)))
|
||||
}
|
||||
|
||||
query := b.String()
|
||||
_, err = conn.Query(query)
|
||||
if err != nil {
|
||||
@ -99,8 +88,8 @@ func resourcePostgreSQLSchemaRead(d *schema.ResourceData, meta interface{}) erro
|
||||
defer conn.Close()
|
||||
|
||||
schemaId := d.Id()
|
||||
var schemaName, schemaAuthorization string
|
||||
err = conn.QueryRow("SELECT nspname, pg_catalog.pg_get_userbyid(nspowner) FROM pg_catalog.pg_namespace WHERE nspname=$1", schemaId).Scan(&schemaName, &schemaAuthorization)
|
||||
var schemaName string
|
||||
err = conn.QueryRow("SELECT nspname FROM pg_catalog.pg_namespace WHERE nspname=$1", schemaId).Scan(&schemaName)
|
||||
switch {
|
||||
case err == sql.ErrNoRows:
|
||||
log.Printf("[WARN] PostgreSQL schema (%s) not found", schemaId)
|
||||
@ -110,7 +99,6 @@ func resourcePostgreSQLSchemaRead(d *schema.ResourceData, meta interface{}) erro
|
||||
return errwrap.Wrapf("Error reading schema: {{err}}", err)
|
||||
default:
|
||||
d.Set(schemaNameAttr, schemaName)
|
||||
d.Set(schemaAuthorizationAttr, schemaAuthorization)
|
||||
d.SetId(schemaName)
|
||||
return nil
|
||||
}
|
||||
@ -128,10 +116,6 @@ func resourcePostgreSQLSchemaUpdate(d *schema.ResourceData, meta interface{}) er
|
||||
return err
|
||||
}
|
||||
|
||||
if err := setSchemaAuthorization(conn, d); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return resourcePostgreSQLSchemaRead(d, meta)
|
||||
}
|
||||
|
||||
@ -155,23 +139,3 @@ func setSchemaName(conn *sql.DB, d *schema.ResourceData) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func setSchemaAuthorization(conn *sql.DB, d *schema.ResourceData) error {
|
||||
if !d.HasChange(schemaAuthorizationAttr) {
|
||||
return nil
|
||||
}
|
||||
|
||||
schemaAuthorization := d.Get(schemaAuthorizationAttr).(string)
|
||||
if schemaAuthorization == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
schemaName := d.Get(schemaNameAttr).(string)
|
||||
query := fmt.Sprintf("ALTER SCHEMA %s OWNER TO %s", pq.QuoteIdentifier(schemaName), pq.QuoteIdentifier(schemaAuthorization))
|
||||
|
||||
if _, err := conn.Query(query); err != nil {
|
||||
return errwrap.Wrapf("Error updating schema AUTHORIZATION: {{err}}", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -26,34 +26,6 @@ func TestAccPostgresqlSchema_Basic(t *testing.T) {
|
||||
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_schema.test1", "name", "foo"),
|
||||
// `postgres` is a calculated value
|
||||
// based on the username used in the
|
||||
// provider
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_schema.test1", "authorization", "postgres"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckPostgresqlSchemaDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testAccPostgresqlSchemaAuthConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckPostgresqlSchemaExists("postgresql_schema.test2", "foo2"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_role.myrole4", "name", "myrole4"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_role.myrole4", "login", "true"),
|
||||
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_schema.test2", "name", "foo2"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"postgresql_schema.test2", "authorization", "myrole4"),
|
||||
),
|
||||
},
|
||||
},
|
||||
@ -141,15 +113,3 @@ resource "postgresql_schema" "test1" {
|
||||
name = "foo"
|
||||
}
|
||||
`
|
||||
|
||||
var testAccPostgresqlSchemaAuthConfig = `
|
||||
resource "postgresql_role" "myrole4" {
|
||||
name = "myrole4"
|
||||
login = true
|
||||
}
|
||||
|
||||
resource "postgresql_schema" "test2" {
|
||||
name = "foo2"
|
||||
authorization = "${postgresql_role.myrole4.name}"
|
||||
}
|
||||
`
|
||||
|
@ -17,7 +17,6 @@ PostgreSQL database.
|
||||
```
|
||||
resource "postgresql_schema" "my_schema" {
|
||||
name = "my_schema"
|
||||
authorization = "my_role"
|
||||
}
|
||||
```
|
||||
|
||||
@ -26,9 +25,6 @@ resource "postgresql_schema" "my_schema" {
|
||||
* `name` - (Required) The name of the schema. Must be unique in the PostgreSQL
|
||||
database instance where it is configured.
|
||||
|
||||
* `authorization` - (Optional) The owner of the schema. Defaults to the
|
||||
username configured in the schema's provider.
|
||||
|
||||
## Import Example
|
||||
|
||||
`postgresql_schema` supports importing resources. Supposing the following
|
||||
|
Loading…
Reference in New Issue
Block a user