mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-17 12:12:59 -06:00
Merge pull request #10707 from hashicorp/b-postgresql-schema-auth
Dept of second thoughts: remove authorization support ASAP.
This commit is contained in:
commit
60658fdfbc
@ -13,8 +13,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
schemaNameAttr = "name"
|
schemaNameAttr = "name"
|
||||||
schemaAuthorizationAttr = "authorization"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func resourcePostgreSQLSchema() *schema.Resource {
|
func resourcePostgreSQLSchema() *schema.Resource {
|
||||||
@ -33,12 +32,6 @@ func resourcePostgreSQLSchema() *schema.Resource {
|
|||||||
Required: true,
|
Required: true,
|
||||||
Description: "The name of the schema",
|
Description: "The name of the schema",
|
||||||
},
|
},
|
||||||
schemaAuthorizationAttr: {
|
|
||||||
Type: schema.TypeString,
|
|
||||||
Optional: true,
|
|
||||||
Computed: true,
|
|
||||||
Description: "The role name of the owner of the schema",
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -55,10 +48,6 @@ func resourcePostgreSQLSchemaCreate(d *schema.ResourceData, meta interface{}) er
|
|||||||
b := bytes.NewBufferString("CREATE SCHEMA ")
|
b := bytes.NewBufferString("CREATE SCHEMA ")
|
||||||
fmt.Fprintf(b, pq.QuoteIdentifier(schemaName))
|
fmt.Fprintf(b, pq.QuoteIdentifier(schemaName))
|
||||||
|
|
||||||
if v, ok := d.GetOk(schemaAuthorizationAttr); ok {
|
|
||||||
fmt.Fprint(b, " AUTHORIZATION ", pq.QuoteIdentifier(v.(string)))
|
|
||||||
}
|
|
||||||
|
|
||||||
query := b.String()
|
query := b.String()
|
||||||
_, err = conn.Query(query)
|
_, err = conn.Query(query)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -99,8 +88,8 @@ func resourcePostgreSQLSchemaRead(d *schema.ResourceData, meta interface{}) erro
|
|||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
|
|
||||||
schemaId := d.Id()
|
schemaId := d.Id()
|
||||||
var schemaName, schemaAuthorization string
|
var schemaName string
|
||||||
err = conn.QueryRow("SELECT nspname, pg_catalog.pg_get_userbyid(nspowner) FROM pg_catalog.pg_namespace WHERE nspname=$1", schemaId).Scan(&schemaName, &schemaAuthorization)
|
err = conn.QueryRow("SELECT nspname FROM pg_catalog.pg_namespace WHERE nspname=$1", schemaId).Scan(&schemaName)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
log.Printf("[WARN] PostgreSQL schema (%s) not found", schemaId)
|
log.Printf("[WARN] PostgreSQL schema (%s) not found", schemaId)
|
||||||
@ -110,7 +99,6 @@ func resourcePostgreSQLSchemaRead(d *schema.ResourceData, meta interface{}) erro
|
|||||||
return errwrap.Wrapf("Error reading schema: {{err}}", err)
|
return errwrap.Wrapf("Error reading schema: {{err}}", err)
|
||||||
default:
|
default:
|
||||||
d.Set(schemaNameAttr, schemaName)
|
d.Set(schemaNameAttr, schemaName)
|
||||||
d.Set(schemaAuthorizationAttr, schemaAuthorization)
|
|
||||||
d.SetId(schemaName)
|
d.SetId(schemaName)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -128,10 +116,6 @@ func resourcePostgreSQLSchemaUpdate(d *schema.ResourceData, meta interface{}) er
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := setSchemaAuthorization(conn, d); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return resourcePostgreSQLSchemaRead(d, meta)
|
return resourcePostgreSQLSchemaRead(d, meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -155,23 +139,3 @@ func setSchemaName(conn *sql.DB, d *schema.ResourceData) error {
|
|||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func setSchemaAuthorization(conn *sql.DB, d *schema.ResourceData) error {
|
|
||||||
if !d.HasChange(schemaAuthorizationAttr) {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
schemaAuthorization := d.Get(schemaAuthorizationAttr).(string)
|
|
||||||
if schemaAuthorization == "" {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
schemaName := d.Get(schemaNameAttr).(string)
|
|
||||||
query := fmt.Sprintf("ALTER SCHEMA %s OWNER TO %s", pq.QuoteIdentifier(schemaName), pq.QuoteIdentifier(schemaAuthorization))
|
|
||||||
|
|
||||||
if _, err := conn.Query(query); err != nil {
|
|
||||||
return errwrap.Wrapf("Error updating schema AUTHORIZATION: {{err}}", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
@ -26,34 +26,6 @@ func TestAccPostgresqlSchema_Basic(t *testing.T) {
|
|||||||
|
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"postgresql_schema.test1", "name", "foo"),
|
"postgresql_schema.test1", "name", "foo"),
|
||||||
// `postgres` is a calculated value
|
|
||||||
// based on the username used in the
|
|
||||||
// provider
|
|
||||||
resource.TestCheckResourceAttr(
|
|
||||||
"postgresql_schema.test1", "authorization", "postgres"),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
|
||||||
Providers: testAccProviders,
|
|
||||||
CheckDestroy: testAccCheckPostgresqlSchemaDestroy,
|
|
||||||
Steps: []resource.TestStep{
|
|
||||||
{
|
|
||||||
Config: testAccPostgresqlSchemaAuthConfig,
|
|
||||||
Check: resource.ComposeTestCheckFunc(
|
|
||||||
testAccCheckPostgresqlSchemaExists("postgresql_schema.test2", "foo2"),
|
|
||||||
resource.TestCheckResourceAttr(
|
|
||||||
"postgresql_role.myrole4", "name", "myrole4"),
|
|
||||||
resource.TestCheckResourceAttr(
|
|
||||||
"postgresql_role.myrole4", "login", "true"),
|
|
||||||
|
|
||||||
resource.TestCheckResourceAttr(
|
|
||||||
"postgresql_schema.test2", "name", "foo2"),
|
|
||||||
resource.TestCheckResourceAttr(
|
|
||||||
"postgresql_schema.test2", "authorization", "myrole4"),
|
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -141,15 +113,3 @@ resource "postgresql_schema" "test1" {
|
|||||||
name = "foo"
|
name = "foo"
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
var testAccPostgresqlSchemaAuthConfig = `
|
|
||||||
resource "postgresql_role" "myrole4" {
|
|
||||||
name = "myrole4"
|
|
||||||
login = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "postgresql_schema" "test2" {
|
|
||||||
name = "foo2"
|
|
||||||
authorization = "${postgresql_role.myrole4.name}"
|
|
||||||
}
|
|
||||||
`
|
|
||||||
|
@ -17,7 +17,6 @@ PostgreSQL database.
|
|||||||
```
|
```
|
||||||
resource "postgresql_schema" "my_schema" {
|
resource "postgresql_schema" "my_schema" {
|
||||||
name = "my_schema"
|
name = "my_schema"
|
||||||
authorization = "my_role"
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -26,9 +25,6 @@ resource "postgresql_schema" "my_schema" {
|
|||||||
* `name` - (Required) The name of the schema. Must be unique in the PostgreSQL
|
* `name` - (Required) The name of the schema. Must be unique in the PostgreSQL
|
||||||
database instance where it is configured.
|
database instance where it is configured.
|
||||||
|
|
||||||
* `authorization` - (Optional) The owner of the schema. Defaults to the
|
|
||||||
username configured in the schema's provider.
|
|
||||||
|
|
||||||
## Import Example
|
## Import Example
|
||||||
|
|
||||||
`postgresql_schema` supports importing resources. Supposing the following
|
`postgresql_schema` supports importing resources. Supposing the following
|
||||||
|
Loading…
Reference in New Issue
Block a user