Before revoking a privilege from a schema, check to ensure role exists.
This commit is contained in:
parent
6c91676c40
commit
d92a3caedf
|
@ -350,8 +350,19 @@ func setSchemaPolicy(txn *sql.Tx, d *schema.ResourceData) error {
|
||||||
for _, p := range dropped {
|
for _, p := range dropped {
|
||||||
pMap := p.(map[string]interface{})
|
pMap := p.(map[string]interface{})
|
||||||
rolePolicy := schemaPolicyToACL(pMap)
|
rolePolicy := schemaPolicyToACL(pMap)
|
||||||
|
|
||||||
|
var foundUser bool
|
||||||
|
err := txn.QueryRow(`SELECT TRUE FROM pg_catalog.pg_user WHERE usename = $1`, rolePolicy.Role).Scan(&foundUser)
|
||||||
|
switch {
|
||||||
|
case err == sql.ErrNoRows:
|
||||||
|
// Don't execute this role's REVOKEs because the role
|
||||||
|
// was dropped first and therefore doesn't exist.
|
||||||
|
case err != nil:
|
||||||
|
return errwrap.Wrapf("Error reading schema: {{err}}", err)
|
||||||
|
default:
|
||||||
queries = append(queries, rolePolicy.Revokes(schemaName)...)
|
queries = append(queries, rolePolicy.Revokes(schemaName)...)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for _, p := range added {
|
for _, p := range added {
|
||||||
pMap := p.(map[string]interface{})
|
pMap := p.(map[string]interface{})
|
||||||
|
|
|
@ -69,11 +69,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
|
||||||
resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
|
resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
|
||||||
|
|
||||||
resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
|
resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
|
resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
|
||||||
|
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "6"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "7"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
|
||||||
|
@ -99,11 +99,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
|
||||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
|
||||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
|
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
|
||||||
|
@ -298,9 +298,9 @@ resource "postgresql_role" "all_with_grantstay" {
|
||||||
name = "all_with_grantstay"
|
name = "all_with_grantstay"
|
||||||
}
|
}
|
||||||
|
|
||||||
// resource "postgresql_role" "all_with_grantdrop" {
|
resource "postgresql_role" "all_with_grantdrop" {
|
||||||
// name = "all_with_grantdrop"
|
name = "all_with_grantdrop"
|
||||||
// }
|
}
|
||||||
|
|
||||||
resource "postgresql_schema" "test4" {
|
resource "postgresql_schema" "test4" {
|
||||||
name = "test4"
|
name = "test4"
|
||||||
|
@ -336,11 +336,11 @@ resource "postgresql_schema" "test4" {
|
||||||
role = "${postgresql_role.all_with_grantstay.name}"
|
role = "${postgresql_role.all_with_grantstay.name}"
|
||||||
}
|
}
|
||||||
|
|
||||||
// policy {
|
policy {
|
||||||
// create_with_grant = true
|
create_with_grant = true
|
||||||
// usage_with_grant = true
|
usage_with_grant = true
|
||||||
// role = "${postgresql_role.all_with_grantdrop.name}"
|
role = "${postgresql_role.all_with_grantdrop.name}"
|
||||||
// }
|
}
|
||||||
|
|
||||||
policy {
|
policy {
|
||||||
create_with_grant = true
|
create_with_grant = true
|
||||||
|
|
Loading…
Reference in New Issue