diff --git a/postgresql/resource_postgresql_default_privileges_test.go b/postgresql/resource_postgresql_default_privileges_test.go index 9dbff2ea..58b6b109 100644 --- a/postgresql/resource_postgresql_default_privileges_test.go +++ b/postgresql/resource_postgresql_default_privileges_test.go @@ -26,7 +26,7 @@ func TestAccPostgresqlDefaultPrivileges(t *testing.T) { database = "%s" owner = "%s" role = "%s" - schema = "public" + schema = "test_schema" object_type = "table" privileges = ["SELECT"] } @@ -43,7 +43,7 @@ func TestAccPostgresqlDefaultPrivileges(t *testing.T) { Config: testDPSelect, Check: resource.ComposeTestCheckFunc( func(*terraform.State) error { - tables := []string{"test_table"} + tables := []string{"test_schema.test_table"} // To test default privileges, we need to create a table // after having apply the state. dropFunc := createTestTables(t, dbSuffix, tables) diff --git a/postgresql/resource_postgresql_grant.go b/postgresql/resource_postgresql_grant.go index eab27ec0..be3b9fbb 100644 --- a/postgresql/resource_postgresql_grant.go +++ b/postgresql/resource_postgresql_grant.go @@ -304,7 +304,7 @@ func checkRoleDBSchemaExists(client *Client, d *schema.ResourceData) (bool, erro // Check the schema exists (the SQL connection needs to be on the right database) pgSchema := d.Get("schema").(string) - exists, err = schemaExists(txn, pgSchema) + exists, err = schemaExists(dbTxn, pgSchema) if err != nil { return false, err } diff --git a/postgresql/resource_postgresql_grant_test.go b/postgresql/resource_postgresql_grant_test.go index 3add5b3f..b8132683 100644 --- a/postgresql/resource_postgresql_grant_test.go +++ b/postgresql/resource_postgresql_grant_test.go @@ -17,25 +17,25 @@ func TestAccPostgresqlGrant(t *testing.T) { dbSuffix, teardown := setupTestDatabase(t, true, true) defer teardown() - testTables := []string{"test_table", "test_table2"} + testTables := []string{"test_schema.test_table", "test_schema.test_table2"} createTestTables(t, dbSuffix, testTables) dbName, roleName := getTestDBNames(dbSuffix) var testGrantSelect = fmt.Sprintf(` - resource "postgresql_grant" "test_ro" { + resource "postgresql_grant" "test" { database = "%s" role = "%s" - schema = "public" + schema = "test_schema" object_type = "table" privileges = ["SELECT"] } `, dbName, roleName) var testGrantSelectInsertUpdate = fmt.Sprintf(` - resource "postgresql_grant" "test_ro" { + resource "postgresql_grant" "test" { database = "%s" role = "%s" - schema = "public" + schema = "test_schema" object_type = "table" privileges = ["SELECT", "INSERT", "UPDATE"] } @@ -51,8 +51,8 @@ func TestAccPostgresqlGrant(t *testing.T) { { Config: testGrantSelect, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.#", "1"), - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.3138006342", "SELECT"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.#", "1"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.3138006342", "SELECT"), func(*terraform.State) error { return testCheckTablesPrivileges(t, dbSuffix, testTables, []string{"SELECT"}) }, @@ -61,15 +61,26 @@ func TestAccPostgresqlGrant(t *testing.T) { { Config: testGrantSelectInsertUpdate, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.#", "3"), - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.3138006342", "SELECT"), - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.892623219", "INSERT"), - resource.TestCheckResourceAttr("postgresql_grant.test_ro", "privileges.1759376126", "UPDATE"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.#", "3"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.3138006342", "SELECT"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.892623219", "INSERT"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.1759376126", "UPDATE"), func(*terraform.State) error { return testCheckTablesPrivileges(t, dbSuffix, testTables, []string{"SELECT", "INSERT", "UPDATE"}) }, ), }, + // Finally reapply the first step to be sure that extra privileges are correctly granted. + { + Config: testGrantSelect, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.#", "1"), + resource.TestCheckResourceAttr("postgresql_grant.test", "privileges.3138006342", "SELECT"), + func(*terraform.State) error { + return testCheckTablesPrivileges(t, dbSuffix, testTables, []string{"SELECT"}) + }, + ), + }, }, }) } diff --git a/postgresql/utils_test.go b/postgresql/utils_test.go index da99ebd0..f175a36a 100644 --- a/postgresql/utils_test.go +++ b/postgresql/utils_test.go @@ -87,9 +87,6 @@ func setupTestDatabase(t *testing.T, createDB, createRole bool) (string, func()) dbName, roleName := getTestDBNames(suffix) - if createDB { - dbExecute(t, config.connStr("postgres"), fmt.Sprintf("CREATE DATABASE %s", dbName)) - } if createRole { dbExecute(t, config.connStr("postgres"), fmt.Sprintf( "CREATE ROLE %s LOGIN ENCRYPTED PASSWORD '%s'", @@ -97,6 +94,13 @@ func setupTestDatabase(t *testing.T, createDB, createRole bool) (string, func()) )) } + if createDB { + dbExecute(t, config.connStr("postgres"), fmt.Sprintf("CREATE DATABASE %s", dbName)) + // Create a test schema in this new database and grant usage to rolName + dbExecute(t, config.connStr(dbName), "CREATE SCHEMA test_schema") + dbExecute(t, config.connStr(dbName), fmt.Sprintf("GRANT usage ON SCHEMA test_schema to %s", roleName)) + } + return suffix, func() { dbExecute(t, config.connStr("postgres"), fmt.Sprintf("DROP DATABASE IF EXISTS %s", dbName)) dbExecute(t, config.connStr("postgres"), fmt.Sprintf("DROP ROLE IF EXISTS %s", roleName))