terraform/builtin/providers/postgresql/resource_postgresql_role_te...

package postgresql

import (
	"database/sql"
	"fmt"
	"testing"

	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"
)

func TestAccPostgresqlRole_Basic(t *testing.T) {
	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckPostgresqlRoleDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccPostgresqlRoleConfig,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckPostgresqlRoleExists("postgresql_role.myrole2", "true"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "name", "testing_role_with_defaults"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "superuser", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_database", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_role", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "inherit", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "replication", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "bypass_row_level_security", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "connection_limit", "-1"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "encrypted_password", "true"),
					resource.TestCheckNoResourceAttr("postgresql_role.role_with_defaults", "password"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "valid_until", "infinity"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_drop_role", "false"),
					resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_reassign_owned", "false"),
				),
			},
		},
	})
}

func TestAccPostgresqlRole_Update(t *testing.T) {
	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckPostgresqlRoleDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccPostgresqlRoleUpdate1Config,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "-1"),
				),
			},
			{
				Config: testAccPostgresqlRoleUpdate2Config,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role2"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),
					resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "5"),
				),
			},
		},
	})
}

func testAccCheckPostgresqlRoleDestroy(s *terraform.State) error {
	client := testAccProvider.Meta().(*Client)

	for _, rs := range s.RootModule().Resources {
		if rs.Type != "postgresql_role" {
			continue
		}

		exists, err := checkRoleExists(client, rs.Primary.ID)

		if err != nil {
			return fmt.Errorf("Error checking role %s", err)
		}

		if exists {
			return fmt.Errorf("Role still exists after destroy")
		}
	}

	return nil
}

func testAccCheckPostgresqlRoleExists(n string, canLogin string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[n]
		if !ok {
			return fmt.Errorf("Resource not found: %s", n)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No ID is set")
		}

		actualCanLogin := rs.Primary.Attributes["login"]
		if actualCanLogin != canLogin {
			return fmt.Errorf("Wrong value for login expected %s got %s", canLogin, actualCanLogin)
		}

		client := testAccProvider.Meta().(*Client)
		exists, err := checkRoleExists(client, rs.Primary.ID)

		if err != nil {
			return fmt.Errorf("Error checking role %s", err)
		}

		if !exists {
			return fmt.Errorf("Role not found")
		}

		return nil
	}
}

func checkRoleExists(client *Client, roleName string) (bool, error) {
	conn, err := client.Connect()
	if err != nil {
		return false, err
	}
	defer conn.Close()

	var _rez int
	err = conn.QueryRow("SELECT 1 from pg_roles d WHERE rolname=$1", roleName).Scan(&_rez)
	switch {
	case err == sql.ErrNoRows:
		return false, nil
	case err != nil:
		return false, fmt.Errorf("Error reading info about role: %s", err)
	default:
		return true, nil
	}
}

var testAccPostgresqlRoleConfig = `
resource "postgresql_role" "myrole2" {
  name = "myrole2"
  login = true
}

resource "postgresql_role" "role_with_pwd" {
  name = "role_with_pwd"
  login = true
  password = "mypass"
}

resource "postgresql_role" "role_with_pwd_encr" {
  name = "role_with_pwd_encr"
  login = true
  password = "mypass"
  encrypted = true
}

resource "postgresql_role" "role_with_pwd_no_login" {
  name = "role_with_pwd_no_login"
  password = "mypass"
}

resource "postgresql_role" "role_simple" {
  name = "role_simple"
}

resource "postgresql_role" "role_with_defaults" {
  name = "testing_role_with_defaults"
  superuser = false
  create_database = false
  create_role = false
  inherit = false
  login = false
  replication = false
  bypass_row_level_security = false
  connection_limit = -1
  encrypted_password = true
  password = ""
  skip_drop_role = false
  skip_reassign_owned = false
  valid_until = "infinity"
}
`

var testAccPostgresqlRoleUpdate1Config = `
resource "postgresql_role" "update_role" {
  name = "update_role"
  login = true
}
`

var testAccPostgresqlRoleUpdate2Config = `
resource "postgresql_role" "update_role" {
  name = "update_role2"
  login = true
  connection_limit = 5
}
`
postgresql provider with "database" and "role" resources 2015-10-27 11:04:19 +01:00			`package postgresql`

			`import (`
			`"database/sql"`
			`"fmt"`
			`"testing"`

			`"github.com/hashicorp/terraform/helper/resource"`
			`"github.com/hashicorp/terraform/terraform"`
			`)`

			`func TestAccPostgresqlRole_Basic(t *testing.T) {`
			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckPostgresqlRoleDestroy,`
			`Steps: []resource.TestStep{`
provider/postgres: Clean up definitions and errors This commit brings the Postgres provider up to "new" standards for error wrapping and nested structure definitions. 2016-09-05 23:46:40 +02:00			`{`
postgresql provider with "database" and "role" resources 2015-10-27 11:04:19 +01:00			`Config: testAccPostgresqlRoleConfig,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckPostgresqlRoleExists("postgresql_role.myrole2", "true"),`
Add a test to make sure the implied `connection_limit` default of `-1` is always set. Covers: #11161 2017-01-12 00:21:17 +01:00			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "name", "testing_role_with_defaults"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "superuser", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_database", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "create_role", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "inherit", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "replication", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "bypass_row_level_security", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "connection_limit", "-1"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "encrypted_password", "true"),`
provider/postgresql: Fix failing acceptance test (#11375) 2017-01-24 13:10:56 +01:00			`resource.TestCheckNoResourceAttr("postgresql_role.role_with_defaults", "password"),`
Add a test to make sure the implied `connection_limit` default of `-1` is always set. Covers: #11161 2017-01-12 00:21:17 +01:00			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "valid_until", "infinity"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_drop_role", "false"),`
			`resource.TestCheckResourceAttr("postgresql_role.role_with_defaults", "skip_reassign_owned", "false"),`
postgresql provider with "database" and "role" resources 2015-10-27 11:04:19 +01:00			`),`
			`},`
			`},`
			`})`
			`}`

Follow up to #11161 to fix `connection_limit` updates to a ROLE. 2017-01-12 01:24:00 +01:00			`func TestAccPostgresqlRole_Update(t *testing.T) {`
			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckPostgresqlRoleDestroy,`
			`Steps: []resource.TestStep{`
			`{`
			`Config: testAccPostgresqlRoleUpdate1Config,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "-1"),`
			`),`
			`},`
			`{`
			`Config: testAccPostgresqlRoleUpdate2Config,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckPostgresqlRoleExists("postgresql_role.update_role", "true"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "name", "update_role2"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "login", "true"),`
			`resource.TestCheckResourceAttr("postgresql_role.update_role", "connection_limit", "5"),`
			`),`
			`},`
			`},`
			`})`
			`}`

postgresql provider with "database" and "role" resources 2015-10-27 11:04:19 +01:00			`func testAccCheckPostgresqlRoleDestroy(s *terraform.State) error {`
			`client := testAccProvider.Meta().(*Client)`

			`for _, rs := range s.RootModule().Resources {`
			`if rs.Type != "postgresql_role" {`
			`continue`
			`}`

			`exists, err := checkRoleExists(client, rs.Primary.ID)`

			`if err != nil {`
			`return fmt.Errorf("Error checking role %s", err)`
			`}`

			`if exists {`
			`return fmt.Errorf("Role still exists after destroy")`
			`}`
			`}`

			`return nil`
			`}`

			`func testAccCheckPostgresqlRoleExists(n string, canLogin string) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`rs, ok := s.RootModule().Resources[n]`
			`if !ok {`
			`return fmt.Errorf("Resource not found: %s", n)`
			`}`

			`if rs.Primary.ID == "" {`
			`return fmt.Errorf("No ID is set")`
			`}`

			`actualCanLogin := rs.Primary.Attributes["login"]`
			`if actualCanLogin != canLogin {`
			`return fmt.Errorf("Wrong value for login expected %s got %s", canLogin, actualCanLogin)`
			`}`

			`client := testAccProvider.Meta().(*Client)`
			`exists, err := checkRoleExists(client, rs.Primary.ID)`

			`if err != nil {`
			`return fmt.Errorf("Error checking role %s", err)`
			`}`

			`if !exists {`
			`return fmt.Errorf("Role not found")`
			`}`

			`return nil`
			`}`
			`}`

			`func checkRoleExists(client *Client, roleName string) (bool, error) {`
			`conn, err := client.Connect()`
			`if err != nil {`
			`return false, err`
			`}`
			`defer conn.Close()`

			`var _rez int`
			`err = conn.QueryRow("SELECT 1 from pg_roles d WHERE rolname=$1", roleName).Scan(&_rez)`
			`switch {`
			`case err == sql.ErrNoRows:`
			`return false, nil`
			`case err != nil:`
			`return false, fmt.Errorf("Error reading info about role: %s", err)`
			`default:`
			`return true, nil`
			`}`
			`}`

			var testAccPostgresqlRoleConfig = `
			`resource "postgresql_role" "myrole2" {`
			`name = "myrole2"`
			`login = true`
			`}`

			`resource "postgresql_role" "role_with_pwd" {`
			`name = "role_with_pwd"`
			`login = true`
			`password = "mypass"`
			`}`

			`resource "postgresql_role" "role_with_pwd_encr" {`
			`name = "role_with_pwd_encr"`
			`login = true`
			`password = "mypass"`
			`encrypted = true`
			`}`

			`resource "postgresql_role" "role_with_pwd_no_login" {`
			`name = "role_with_pwd_no_login"`
			`password = "mypass"`
			`}`

			`resource "postgresql_role" "role_simple" {`
			`name = "role_simple"`
			`}`
Commit WIP re: updated postgresql_role provider. Read() and Update() still need to be updated. 2016-11-06 22:16:12 +01:00
			`resource "postgresql_role" "role_with_defaults" {`
			`name = "testing_role_with_defaults"`
			`superuser = false`
			`create_database = false`
			`create_role = false`
			`inherit = false`
			`login = false`
			`replication = false`
			`bypass_row_level_security = false`
			`connection_limit = -1`
			`encrypted_password = true`
			`password = ""`
Automatically perform a `REASSIGN OWNED` and `DROP OWNED BY` when removing a PostgreSQL role. Add manual overrides if this isn't the desired behavior, but it should universally be the desired outcome except when a ROLE name is reused across multiple databases in the same PostgreSQL cluster, in which case the `skip_drop_role` is necessary for all but the last PostgreSQL provider. 2016-12-22 09:36:21 +01:00			`skip_drop_role = false`
			`skip_reassign_owned = false`
Change the default for `valid_until` to `infinity` to match the default. 2016-12-12 10:18:13 +01:00			`valid_until = "infinity"`
Commit WIP re: updated postgresql_role provider. Read() and Update() still need to be updated. 2016-11-06 22:16:12 +01:00			`}`
postgresql provider with "database" and "role" resources 2015-10-27 11:04:19 +01:00			`
Follow up to #11161 to fix `connection_limit` updates to a ROLE. 2017-01-12 01:24:00 +01:00
			var testAccPostgresqlRoleUpdate1Config = `
			`resource "postgresql_role" "update_role" {`
			`name = "update_role"`
			`login = true`
			`}`
			`

			var testAccPostgresqlRoleUpdate2Config = `
			`resource "postgresql_role" "update_role" {`
			`name = "update_role2"`
			`login = true`
			`connection_limit = 5`
			`}`
			`