mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-02 12:17:39 -06:00
7630a585a2
* Improve influxdb provider
- reduce public funcs. We should not make things public that don't need to be public
- improve tests by verifying remote state
- add influxdb_user resource
allows you to manage influxdb users:
```
resource "influxdb_user" "admin" {
name = "administrator"
password = "super-secret"
admin = true
}
```
and also database specific grants:
```
resource "influxdb_user" "ro" {
name = "read-only"
password = "read-only"
grant {
database = "a"
privilege = "read"
}
}
```
* Grant/ revoke admin access properly
* Add continuous_query resource
see
https://docs.influxdata.com/influxdb/v0.13/query_language/continuous_queries/
for the details about continuous queries:
```
resource "influxdb_database" "test" {
name = "terraform-test"
}
resource "influxdb_continuous_query" "minnie" {
name = "minnie"
database = "${influxdb_database.test.name}"
query = "SELECT min(mouse) INTO min_mouse FROM zoo GROUP BY time(30m)"
}
```
350 lines
8.1 KiB
Go
350 lines
8.1 KiB
Go
package influxdb
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
"github.com/influxdata/influxdb/client"
|
|
)
|
|
|
|
func TestAccInfluxDBUser_admin(t *testing.T) {
|
|
resource.Test(t, resource.TestCase{
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_admin,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserExists("influxdb_user.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "true",
|
|
),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_revoke,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserExists("influxdb_user.test"),
|
|
testAccCheckUserNoAdmin("influxdb_user.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "false",
|
|
),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccInfluxDBUser_grant(t *testing.T) {
|
|
resource.Test(t, resource.TestCase{
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_grant,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserExists("influxdb_user.test"),
|
|
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "READ"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "false",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "grant.#", "1",
|
|
),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_grantUpdate,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "WRITE"),
|
|
testAccCheckUserGrants("influxdb_user.test", "terraform-blue", "READ"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "false",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "grant.#", "2",
|
|
),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccInfluxDBUser_revoke(t *testing.T) {
|
|
resource.Test(t, resource.TestCase{
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_grant,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserExists("influxdb_user.test"),
|
|
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "READ"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "false",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "grant.#", "1",
|
|
),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccUserConfig_revoke,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckUserGrantsEmpty("influxdb_user.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "name", "terraform_test",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "password", "terraform",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "admin", "false",
|
|
),
|
|
resource.TestCheckResourceAttr(
|
|
"influxdb_user.test", "grant.#", "0",
|
|
),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckUserExists(n string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No user id set")
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*client.Client)
|
|
|
|
query := client.Query{
|
|
Command: "SHOW USERS",
|
|
}
|
|
|
|
resp, err := conn.Query(query)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if resp.Err != nil {
|
|
return resp.Err
|
|
}
|
|
|
|
for _, result := range resp.Results[0].Series[0].Values {
|
|
if result[0] == rs.Primary.Attributes["name"] {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return fmt.Errorf("User %q does not exist", rs.Primary.Attributes["name"])
|
|
}
|
|
}
|
|
|
|
func testAccCheckUserNoAdmin(n string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No user id set")
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*client.Client)
|
|
|
|
query := client.Query{
|
|
Command: "SHOW USERS",
|
|
}
|
|
|
|
resp, err := conn.Query(query)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if resp.Err != nil {
|
|
return resp.Err
|
|
}
|
|
|
|
for _, result := range resp.Results[0].Series[0].Values {
|
|
if result[0] == rs.Primary.Attributes["name"] {
|
|
if result[1].(bool) == true {
|
|
return fmt.Errorf("User %q is admin", rs.Primary.ID)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return fmt.Errorf("User %q does not exist", rs.Primary.Attributes["name"])
|
|
}
|
|
}
|
|
|
|
func testAccCheckUserGrantsEmpty(n string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No user id set")
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*client.Client)
|
|
|
|
query := client.Query{
|
|
Command: fmt.Sprintf("SHOW GRANTS FOR %s", rs.Primary.Attributes["name"]),
|
|
}
|
|
|
|
resp, err := conn.Query(query)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if resp.Err != nil {
|
|
return resp.Err
|
|
}
|
|
|
|
for _, result := range resp.Results[0].Series[0].Values {
|
|
if result[1].(string) != "NO PRIVILEGES" {
|
|
return fmt.Errorf("User %q still has grants: %#v", rs.Primary.ID, resp.Results[0].Series[0].Values)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testAccCheckUserGrants(n, database, privilege string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No user id set")
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*client.Client)
|
|
|
|
query := client.Query{
|
|
Command: fmt.Sprintf("SHOW GRANTS FOR %s", rs.Primary.Attributes["name"]),
|
|
}
|
|
|
|
resp, err := conn.Query(query)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if resp.Err != nil {
|
|
return resp.Err
|
|
}
|
|
|
|
for _, result := range resp.Results[0].Series[0].Values {
|
|
if result[0].(string) == database && result[1].(string) == privilege {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return fmt.Errorf("Privilege %q on %q for %q does not exist", privilege, database, rs.Primary.Attributes["name"])
|
|
}
|
|
}
|
|
|
|
var testAccUserConfig_admin = `
|
|
resource "influxdb_user" "test" {
|
|
name = "terraform_test"
|
|
password = "terraform"
|
|
admin = true
|
|
}
|
|
`
|
|
|
|
var testAccUserConfig_grant = `
|
|
resource "influxdb_database" "green" {
|
|
name = "terraform-green"
|
|
}
|
|
|
|
resource "influxdb_user" "test" {
|
|
name = "terraform_test"
|
|
password = "terraform"
|
|
|
|
grant {
|
|
database = "${influxdb_database.green.name}"
|
|
privilege = "read"
|
|
}
|
|
}
|
|
`
|
|
|
|
var testAccUserConfig_revoke = `
|
|
resource "influxdb_database" "green" {
|
|
name = "terraform-green"
|
|
}
|
|
|
|
resource "influxdb_user" "test" {
|
|
name = "terraform_test"
|
|
password = "terraform"
|
|
admin = false
|
|
}
|
|
`
|
|
|
|
var testAccUserConfig_grantUpdate = `
|
|
resource "influxdb_database" "green" {
|
|
name = "terraform-green"
|
|
}
|
|
|
|
resource "influxdb_database" "blue" {
|
|
name = "terraform-blue"
|
|
}
|
|
|
|
resource "influxdb_user" "test" {
|
|
name = "terraform_test"
|
|
password = "terraform"
|
|
|
|
grant {
|
|
database = "${influxdb_database.green.name}"
|
|
privilege = "write"
|
|
}
|
|
|
|
grant {
|
|
database = "${influxdb_database.blue.name}"
|
|
privilege = "read"
|
|
}
|
|
}
|
|
`
|