opentofu/builtin/providers/postgresql/resource_postgresql_role_test.go

201 lines
5.8 KiB
Go

package postgresql
import (
"database/sql"
"fmt"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccPostgresqlRole_Basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckPostgresqlRoleDestroy,
Steps: []resource.TestStep{
{
Config: testAccPostgresqlRoleConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckPostgresqlRoleExists("postgresql_role.myrole2", "true"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "name", "testing_role_with_defaults"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "superuser", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_database", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_role", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "inherit", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "replication", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "bypass_row_level_security", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "connection_limit", "-1"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "encrypted_password", "true"),
resource.TestCheckNoResourceAttr("postgresql_role.role_with_defaults", "password"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "valid_until", "infinity"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_drop_role", "false"),
resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_reassign_owned", "false"),
),
},
},
})
}
func TestAccPostgresqlRole_Update(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckPostgresqlRoleDestroy,
Steps: []resource.TestStep{
{
Config: testAccPostgresqlRoleUpdate1Config,
Check: resource.ComposeTestCheckFunc(
testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "-1"),
),
},
{
Config: testAccPostgresqlRoleUpdate2Config,
Check: resource.ComposeTestCheckFunc(
testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role2"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),
resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "5"),
),
},
},
})
}
func testAccCheckPostgresqlRoleDestroy(s *terraform.State) error {
client := testAccProvider.Meta().(*Client)
for _, rs := range s.RootModule().Resources {
if rs.Type != "postgresql_role" {
continue
}
exists, err := checkRoleExists(client, rs.Primary.ID)
if err != nil {
return fmt.Errorf("Error checking role %s", err)
}
if exists {
return fmt.Errorf("Role still exists after destroy")
}
}
return nil
}
func testAccCheckPostgresqlRoleExists(n string, canLogin string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Resource not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
actualCanLogin := rs.Primary.Attributes["login"]
if actualCanLogin != canLogin {
return fmt.Errorf("Wrong value for login expected %s got %s", canLogin, actualCanLogin)
}
client := testAccProvider.Meta().(*Client)
exists, err := checkRoleExists(client, rs.Primary.ID)
if err != nil {
return fmt.Errorf("Error checking role %s", err)
}
if !exists {
return fmt.Errorf("Role not found")
}
return nil
}
}
func checkRoleExists(client *Client, roleName string) (bool, error) {
conn, err := client.Connect()
if err != nil {
return false, err
}
defer conn.Close()
var _rez int
err = conn.QueryRow("SELECT 1 from pg_roles d WHERE rolname=$1", roleName).Scan(&_rez)
switch {
case err == sql.ErrNoRows:
return false, nil
case err != nil:
return false, fmt.Errorf("Error reading info about role: %s", err)
default:
return true, nil
}
}
var testAccPostgresqlRoleConfig = `
resource "postgresql_role" "myrole2" {
name = "myrole2"
login = true
}
resource "postgresql_role" "role_with_pwd" {
name = "role_with_pwd"
login = true
password = "mypass"
}
resource "postgresql_role" "role_with_pwd_encr" {
name = "role_with_pwd_encr"
login = true
password = "mypass"
encrypted = true
}
resource "postgresql_role" "role_with_pwd_no_login" {
name = "role_with_pwd_no_login"
password = "mypass"
}
resource "postgresql_role" "role_simple" {
name = "role_simple"
}
resource "postgresql_role" "role_with_defaults" {
name = "testing_role_with_defaults"
superuser = false
create_database = false
create_role = false
inherit = false
login = false
replication = false
bypass_row_level_security = false
connection_limit = -1
encrypted_password = true
password = ""
skip_drop_role = false
skip_reassign_owned = false
valid_until = "infinity"
}
`
var testAccPostgresqlRoleUpdate1Config = `
resource "postgresql_role" "update_role" {
name = "update_role"
login = true
}
`
var testAccPostgresqlRoleUpdate2Config = `
resource "postgresql_role" "update_role" {
name = "update_role2"
login = true
connection_limit = 5
}
`