Before revoking a privilege from a schema, check to ensure role exists.

2016-12-25 04:56:39 -08:00 · 2016-12-25 04:56:39 -08:00 · d92a3caedf
parent 6c91676c40
commit d92a3caedf
2 changed files with 27 additions and 16 deletions
--- a/builtin/providers/postgresql/resource_postgresql_schema.go
+++ b/builtin/providers/postgresql/resource_postgresql_schema.go
@ -350,7 +350,18 @@ func setSchemaPolicy(txn *sql.Tx, d *schema.ResourceData) error {
 	for _, p := range dropped {
 		pMap := p.(map[string]interface{})
 		rolePolicy := schemaPolicyToACL(pMap)
-		queries = append(queries, rolePolicy.Revokes(schemaName)...)
+
 		var foundUser bool
 		err := txn.QueryRow(`SELECT TRUE FROM pg_catalog.pg_user WHERE usename = $1`, rolePolicy.Role).Scan(&foundUser)
 		switch {
 		case err == sql.ErrNoRows:
 			// Don't execute this role's REVOKEs because the role
 			// was dropped first and therefore doesn't exist.
 		case err != nil:
 			return errwrap.Wrapf("Error reading schema: {{err}}", err)
 		default:
 			queries = append(queries, rolePolicy.Revokes(schemaName)...)
 		}
 	}
 	for _, p := range added {
--- a/builtin/providers/postgresql/resource_postgresql_schema_test.go
+++ b/builtin/providers/postgresql/resource_postgresql_schema_test.go
@ -69,11 +69,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
 					resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
-					// resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
+					resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
-					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "6"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "7"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
@ -99,11 +99,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
-					// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
-					// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
-					// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
-					// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
-					// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
+					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
 					resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
@ -298,9 +298,9 @@ resource "postgresql_role" "all_with_grantstay" {
  name = "all_with_grantstay"
 }
-// resource "postgresql_role" "all_with_grantdrop" {
+resource "postgresql_role" "all_with_grantdrop" {
-//   name = "all_with_grantdrop"
+  name = "all_with_grantdrop"
-// }
+}
 resource "postgresql_schema" "test4" {
  name = "test4"
@ -336,11 +336,11 @@ resource "postgresql_schema" "test4" {
    role = "${postgresql_role.all_with_grantstay.name}"
  }
-  // policy {
+  policy {
-  //   create_with_grant = true
+    create_with_grant = true
-  //   usage_with_grant = true
+    usage_with_grant = true
-  //   role = "${postgresql_role.all_with_grantdrop.name}"
+    role = "${postgresql_role.all_with_grantdrop.name}"
-  // }
+  }
  policy {
    create_with_grant = true