mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-15 19:22:46 -06:00
419 lines
17 KiB
Go
419 lines
17 KiB
Go
package postgresql
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestAccPostgresqlSchema_Basic(t *testing.T) {
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckPostgresqlSchemaDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccPostgresqlSchemaConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckPostgresqlSchemaExists("postgresql_schema.test1", "foo"),
|
|
resource.TestCheckResourceAttr("postgresql_role.role_all_without_grant", "name", "role_all_without_grant"),
|
|
resource.TestCheckResourceAttr("postgresql_role.role_all_without_grant", "login", "true"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_role.role_all_with_grant", "name", "role_all_with_grant"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_schema.test1", "name", "foo"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "name", "bar"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "owner", "role_all_without_grant"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "if_not_exists", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.#", "1"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.1948480595.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.1948480595.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.1948480595.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.1948480595.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test2", "policy.1948480595.role", "role_all_without_grant"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "name", "baz"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "owner", "role_all_without_grant"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "if_not_exists", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.#", "2"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1013320538.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1013320538.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1013320538.role", "role_all_with_grant"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1948480595.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1948480595.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test3", "policy.1948480595.role", "role_all_without_grant"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckPostgresqlSchemaDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccPostgresqlSchemaGrant1,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckPostgresqlSchemaExists("postgresql_schema.test4", "test4"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_role.all_without_grant_stay", "name", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_role.all_without_grant_drop", "name", "all_without_grant_drop"),
|
|
resource.TestCheckResourceAttr("postgresql_role.policy_compose", "name", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
|
|
resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "7"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1417738359.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1417738359.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1417738359.role", "policy_move"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1417738359.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1417738359.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1762357194.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1762357194.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1762357194.role", "all_without_grant_drop"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1762357194.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.1762357194.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.role", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.usage_with_grant", "false"),
|
|
),
|
|
},
|
|
{
|
|
Config: testAccPostgresqlSchemaGrant2,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckPostgresqlSchemaExists("postgresql_schema.test4", "test4"),
|
|
resource.TestCheckResourceAttr("postgresql_role.all_without_grant_stay", "name", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_role.all_without_grant_drop", "name", "all_without_grant_drop"),
|
|
resource.TestCheckResourceAttr("postgresql_role.policy_compose", "name", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
|
|
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "6"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.role", "all_without_grant_stay"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.2524457447.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3831594020.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3831594020.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3831594020.role", "policy_move"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3831594020.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3831594020.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.create", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.create_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.468685299.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.468685299.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.468685299.role", "policy_new"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.468685299.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.468685299.usage_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.usage", "true"),
|
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.usage_with_grant", "false"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckPostgresqlSchemaDestroy(s *terraform.State) error {
|
|
client := testAccProvider.Meta().(*Client)
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "postgresql_schema" {
|
|
continue
|
|
}
|
|
|
|
exists, err := checkSchemaExists(client, rs.Primary.ID)
|
|
if err != nil {
|
|
return fmt.Errorf("Error checking schema %s", err)
|
|
}
|
|
|
|
if exists {
|
|
return fmt.Errorf("Schema still exists after destroy")
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testAccCheckPostgresqlSchemaExists(n string, schemaName string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Resource not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No ID is set")
|
|
}
|
|
|
|
actualSchemaName := rs.Primary.Attributes["name"]
|
|
if actualSchemaName != schemaName {
|
|
return fmt.Errorf("Wrong value for schema name expected %s got %s", schemaName, actualSchemaName)
|
|
}
|
|
|
|
client := testAccProvider.Meta().(*Client)
|
|
exists, err := checkSchemaExists(client, rs.Primary.ID)
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("Error checking schema %s", err)
|
|
}
|
|
|
|
if !exists {
|
|
return fmt.Errorf("Schema not found")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func checkSchemaExists(client *Client, schemaName string) (bool, error) {
|
|
conn, err := client.Connect()
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
defer conn.Close()
|
|
|
|
var _rez string
|
|
err = conn.QueryRow("SELECT nspname FROM pg_catalog.pg_namespace WHERE nspname=$1", schemaName).Scan(&_rez)
|
|
switch {
|
|
case err == sql.ErrNoRows:
|
|
return false, nil
|
|
case err != nil:
|
|
return false, fmt.Errorf("Error reading info about schema: %s", err)
|
|
default:
|
|
return true, nil
|
|
}
|
|
}
|
|
|
|
const testAccPostgresqlSchemaConfig = `
|
|
resource "postgresql_role" "role_all_without_grant" {
|
|
name = "role_all_without_grant"
|
|
login = true
|
|
}
|
|
|
|
resource "postgresql_role" "role_all_with_grant" {
|
|
name = "role_all_with_grant"
|
|
}
|
|
|
|
resource "postgresql_schema" "test1" {
|
|
name = "foo"
|
|
}
|
|
|
|
resource "postgresql_schema" "test2" {
|
|
name = "bar"
|
|
owner = "${postgresql_role.role_all_without_grant.name}"
|
|
if_not_exists = false
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.role_all_without_grant.name}"
|
|
}
|
|
}
|
|
|
|
resource "postgresql_schema" "test3" {
|
|
name = "baz"
|
|
owner = "${postgresql_role.role_all_without_grant.name}"
|
|
if_not_exists = true
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.role_all_with_grant.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.role_all_without_grant.name}"
|
|
}
|
|
}
|
|
`
|
|
|
|
const testAccPostgresqlSchemaGrant1 = `
|
|
resource "postgresql_role" "all_without_grant_stay" {
|
|
name = "all_without_grant_stay"
|
|
}
|
|
|
|
resource "postgresql_role" "all_without_grant_drop" {
|
|
name = "all_without_grant_drop"
|
|
}
|
|
|
|
resource "postgresql_role" "policy_compose" {
|
|
name = "policy_compose"
|
|
}
|
|
|
|
resource "postgresql_role" "policy_move" {
|
|
name = "policy_move"
|
|
}
|
|
|
|
resource "postgresql_role" "all_with_grantstay" {
|
|
name = "all_with_grantstay"
|
|
}
|
|
|
|
resource "postgresql_role" "all_with_grantdrop" {
|
|
name = "all_with_grantdrop"
|
|
}
|
|
|
|
resource "postgresql_schema" "test4" {
|
|
name = "test4"
|
|
owner = "${postgresql_role.all_without_grant_stay.name}"
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.all_without_grant_stay.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.all_without_grant_drop.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.policy_compose.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.policy_move.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.all_with_grantstay.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.all_with_grantdrop.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.policy_compose.name}"
|
|
}
|
|
}
|
|
`
|
|
|
|
const testAccPostgresqlSchemaGrant2 = `
|
|
resource "postgresql_role" "all_without_grant_stay" {
|
|
name = "all_without_grant_stay"
|
|
}
|
|
|
|
resource "postgresql_role" "all_without_grant_drop" {
|
|
name = "all_without_grant_drop"
|
|
}
|
|
|
|
resource "postgresql_role" "policy_compose" {
|
|
name = "policy_compose"
|
|
}
|
|
|
|
resource "postgresql_role" "policy_move" {
|
|
name = "policy_move"
|
|
}
|
|
|
|
resource "postgresql_role" "all_with_grantstay" {
|
|
name = "all_with_grantstay"
|
|
}
|
|
|
|
resource "postgresql_role" "policy_new" {
|
|
name = "policy_new"
|
|
}
|
|
|
|
resource "postgresql_schema" "test4" {
|
|
name = "test4"
|
|
owner = "${postgresql_role.all_without_grant_stay.name}"
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.all_without_grant_stay.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.policy_compose.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.all_with_grantstay.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.policy_compose.name}"
|
|
}
|
|
|
|
policy {
|
|
create_with_grant = true
|
|
usage_with_grant = true
|
|
role = "${postgresql_role.policy_move.name}"
|
|
}
|
|
|
|
policy {
|
|
create = true
|
|
usage = true
|
|
role = "${postgresql_role.policy_new.name}"
|
|
}
|
|
}
|
|
`
|