2015-10-27 11:04:19 +01:00
|
|
|
package postgresql
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
"github.com/hashicorp/terraform/terraform"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestAccPostgresqlRole_Basic(t *testing.T) {
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
CheckDestroy: testAccCheckPostgresqlRoleDestroy,
|
|
|
|
Steps: []resource.TestStep{
|
2016-09-05 23:46:40 +02:00
|
|
|
{
|
2015-10-27 11:04:19 +01:00
|
|
|
Config: testAccPostgresqlRoleConfig,
|
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckPostgresqlRoleExists("postgresql_role.myrole2", "true"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.myrole2", "name", "myrole2"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.myrole2", "login", "true"),
|
2016-12-22 09:36:21 +01:00
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.myrole2", "skip_drop_role", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.myrole2", "skip_reassign_owned", "false"),
|
2016-11-06 22:16:12 +01:00
|
|
|
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "name", "testing_role_with_defaults"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "superuser", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "create_database", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "create_role", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "inherit", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "replication", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "bypass_row_level_security", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "connection_limit", "-1"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "encrypted_password", "true"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "password", ""),
|
|
|
|
resource.TestCheckResourceAttr(
|
2016-12-12 10:18:13 +01:00
|
|
|
"postgresql_role.role_with_defaults", "valid_until", "infinity"),
|
2016-12-22 09:36:21 +01:00
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "skip_drop_role", "false"),
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"postgresql_role.role_with_defaults", "skip_reassign_owned", "false"),
|
2015-10-27 11:04:19 +01:00
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccCheckPostgresqlRoleDestroy(s *terraform.State) error {
|
|
|
|
client := testAccProvider.Meta().(*Client)
|
|
|
|
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
|
|
if rs.Type != "postgresql_role" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
exists, err := checkRoleExists(client, rs.Primary.ID)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error checking role %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if exists {
|
|
|
|
return fmt.Errorf("Role still exists after destroy")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccCheckPostgresqlRoleExists(n string, canLogin string) resource.TestCheckFunc {
|
|
|
|
return func(s *terraform.State) error {
|
|
|
|
rs, ok := s.RootModule().Resources[n]
|
|
|
|
if !ok {
|
|
|
|
return fmt.Errorf("Resource not found: %s", n)
|
|
|
|
}
|
|
|
|
|
|
|
|
if rs.Primary.ID == "" {
|
|
|
|
return fmt.Errorf("No ID is set")
|
|
|
|
}
|
|
|
|
|
|
|
|
actualCanLogin := rs.Primary.Attributes["login"]
|
|
|
|
if actualCanLogin != canLogin {
|
|
|
|
return fmt.Errorf("Wrong value for login expected %s got %s", canLogin, actualCanLogin)
|
|
|
|
}
|
|
|
|
|
|
|
|
client := testAccProvider.Meta().(*Client)
|
|
|
|
exists, err := checkRoleExists(client, rs.Primary.ID)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error checking role %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !exists {
|
|
|
|
return fmt.Errorf("Role not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkRoleExists(client *Client, roleName string) (bool, error) {
|
|
|
|
conn, err := client.Connect()
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
var _rez int
|
|
|
|
err = conn.QueryRow("SELECT 1 from pg_roles d WHERE rolname=$1", roleName).Scan(&_rez)
|
|
|
|
switch {
|
|
|
|
case err == sql.ErrNoRows:
|
|
|
|
return false, nil
|
|
|
|
case err != nil:
|
|
|
|
return false, fmt.Errorf("Error reading info about role: %s", err)
|
|
|
|
default:
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var testAccPostgresqlRoleConfig = `
|
|
|
|
resource "postgresql_role" "myrole2" {
|
|
|
|
name = "myrole2"
|
|
|
|
login = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "postgresql_role" "role_with_pwd" {
|
|
|
|
name = "role_with_pwd"
|
|
|
|
login = true
|
|
|
|
password = "mypass"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "postgresql_role" "role_with_pwd_encr" {
|
|
|
|
name = "role_with_pwd_encr"
|
|
|
|
login = true
|
|
|
|
password = "mypass"
|
|
|
|
encrypted = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "postgresql_role" "role_with_pwd_no_login" {
|
|
|
|
name = "role_with_pwd_no_login"
|
|
|
|
password = "mypass"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "postgresql_role" "role_simple" {
|
|
|
|
name = "role_simple"
|
|
|
|
}
|
2016-11-06 22:16:12 +01:00
|
|
|
|
|
|
|
resource "postgresql_role" "role_with_defaults" {
|
|
|
|
name = "testing_role_with_defaults"
|
|
|
|
superuser = false
|
|
|
|
create_database = false
|
|
|
|
create_role = false
|
|
|
|
inherit = false
|
|
|
|
login = false
|
|
|
|
replication = false
|
|
|
|
bypass_row_level_security = false
|
|
|
|
connection_limit = -1
|
|
|
|
encrypted_password = true
|
|
|
|
password = ""
|
2016-12-22 09:36:21 +01:00
|
|
|
skip_drop_role = false
|
|
|
|
skip_reassign_owned = false
|
2016-12-12 10:18:13 +01:00
|
|
|
valid_until = "infinity"
|
2016-11-06 22:16:12 +01:00
|
|
|
}
|
2015-10-27 11:04:19 +01:00
|
|
|
`
|