-
Notifications
You must be signed in to change notification settings - Fork 79
Implement grants on database #123
Implement grants on database #123
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for your work 👍
Nice to have created the dedicated function for the queries.
Could you quickly add a test like TestAccPostgresqlGrant
for database.
You can make it simple with just one privilege and create a function which check that the role has the privilege (like testCheckTablesPrivileges
but simpler, like just checking that the role can create a table if you give him this right)
"role": roleName, | ||
}), | ||
privileges: []string{"SELECT"}, | ||
expected: fmt.Sprintf("GRANT SELECT ON ALL TABLES IN SCHEMA %s TO %s", pq.QuoteIdentifier(databaseName), pq.QuoteIdentifier(roleName)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would have even set the generated string as expected value, but as you prefer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean not using fmt.Sprintf
and pq.QuoteIdentifier
, and hardcoding the string ?
I was just looking for this. Great work :)! |
@cyrilgdn I tried to add an acceptance test, however I'm even less fluent with that kind of tests than with Golang. Take a deep breath before reading :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeromepin Sorry for the response delay.
Your acceptance test was actually not testing anything 😄
(and should have failed but you didn't check the error of the query you executed)
As I understand that these tests are really not easy to understand and to dive in, I allowed myself to write it for you and to push on your branch.
Basically I check that if we add CREATE
privilege for a role on a database, this role will be able to create a schema in this database (and will not be able to do it if this privilege has not been set).
When writing this test (and testing manually too), I find out a couple a problems that I fixed too.
Mainly:
- the
readRolePrivileges
was not working for database, it needs a different query schema
parameter needs to be optional now as it doesn't make sense for database.
Would you mind reviewing my code (and if someone else sees this message and want to review, feel free :) ), so we can approve and merge ?
Thank you!
Oh... I knew testing wasn't my strong suit, but I didn't knew I was that bad 😄 🤦♂ Sorry for that !
Thank you very much for taking the time ! 👍
No problem, I'll review it. But since I wasn't able to write a proper acceptance test, I'm not sure I'm the most qualified to review your work 😂 |
@cyrilgdn Looks good to me ! 👍 |
I'll let you known here when it's released. |
@cyrilgdn Any ETA on the release date for this? Not being able to allow a user to connect to a database is a huge hole in functionality for this provider, and I would really love for this to be released. Thanks! Edit: # Install latest plugin from master
go get -u github.com/terraform-providers/terraform-provider-postgresql
# Add as "custom" plugin with obviously fake version
mkdir -p ~/.terraform.d/plugins
ln -s $GOPATH/bin/terraform-provider-postgresql ~/.terraform.d/plugins/terraform-provider-postgresql_v999.0.0 Then specify the fake version in your provider block provider "postgresql" {
version = "999.0.0
...
} Reinitializing with |
@stefan2718 Sorry for the delay, As I explained here #138 , v1.6.0 will be released during the week (next Monday at the latest). |
Hi, This feature has been released in v1.6.0 last Friday. |
I've created this merge request to update the provider documentation to reflect the changes made in this MR. |
I'm following @tgermain's comment (we work together) regarding the proposal to handle
GRANT
on databases (in addition to sequences and tables).I took the liberty to move the query string creation (for both grant and revoke queries) into two dedicated functions and write unit test for them (although I'm a test newbie). Feel free to discard that if you find it irrelevant.