Before revoking a privilege from a schema, check to ensure role exists.
This commit is contained in:
parent
6c91676c40
commit
d92a3caedf
|
@ -350,8 +350,19 @@ func setSchemaPolicy(txn *sql.Tx, d *schema.ResourceData) error {
|
|||
for _, p := range dropped {
|
||||
pMap := p.(map[string]interface{})
|
||||
rolePolicy := schemaPolicyToACL(pMap)
|
||||
|
||||
var foundUser bool
|
||||
err := txn.QueryRow(`SELECT TRUE FROM pg_catalog.pg_user WHERE usename = $1`, rolePolicy.Role).Scan(&foundUser)
|
||||
switch {
|
||||
case err == sql.ErrNoRows:
|
||||
// Don't execute this role's REVOKEs because the role
|
||||
// was dropped first and therefore doesn't exist.
|
||||
case err != nil:
|
||||
return errwrap.Wrapf("Error reading schema: {{err}}", err)
|
||||
default:
|
||||
queries = append(queries, rolePolicy.Revokes(schemaName)...)
|
||||
}
|
||||
}
|
||||
|
||||
for _, p := range added {
|
||||
pMap := p.(map[string]interface{})
|
||||
|
|
|
@ -69,11 +69,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
|
|||
resource.TestCheckResourceAttr("postgresql_role.policy_move", "name", "policy_move"),
|
||||
|
||||
resource.TestCheckResourceAttr("postgresql_role.all_with_grantstay", "name", "all_with_grantstay"),
|
||||
// resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
|
||||
resource.TestCheckResourceAttr("postgresql_role.all_with_grantdrop", "name", "all_with_grantdrop"),
|
||||
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "name", "test4"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "owner", "all_without_grant_stay"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "6"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.#", "7"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create", "false"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.create_with_grant", "true"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.108605972.role", "all_with_grantstay"),
|
||||
|
@ -99,11 +99,11 @@ func TestAccPostgresqlSchema_AddPolicy(t *testing.T) {
|
|||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.role", "policy_compose"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage", "false"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.3959936977.usage_with_grant", "true"),
|
||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
|
||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
|
||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
|
||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
|
||||
// resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create", "false"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.create_with_grant", "true"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.role", "all_with_grantdrop"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage", "false"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.4178211897.usage_with_grant", "true"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create", "true"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.create_with_grant", "false"),
|
||||
resource.TestCheckResourceAttr("postgresql_schema.test4", "policy.815478369.role", "policy_compose"),
|
||||
|
@ -298,9 +298,9 @@ resource "postgresql_role" "all_with_grantstay" {
|
|||
name = "all_with_grantstay"
|
||||
}
|
||||
|
||||
// resource "postgresql_role" "all_with_grantdrop" {
|
||||
// name = "all_with_grantdrop"
|
||||
// }
|
||||
resource "postgresql_role" "all_with_grantdrop" {
|
||||
name = "all_with_grantdrop"
|
||||
}
|
||||
|
||||
resource "postgresql_schema" "test4" {
|
||||
name = "test4"
|
||||
|
@ -336,11 +336,11 @@ resource "postgresql_schema" "test4" {
|
|||
role = "${postgresql_role.all_with_grantstay.name}"
|
||||
}
|
||||
|
||||
// policy {
|
||||
// create_with_grant = true
|
||||
// usage_with_grant = true
|
||||
// role = "${postgresql_role.all_with_grantdrop.name}"
|
||||
// }
|
||||
policy {
|
||||
create_with_grant = true
|
||||
usage_with_grant = true
|
||||
role = "${postgresql_role.all_with_grantdrop.name}"
|
||||
}
|
||||
|
||||
policy {
|
||||
create_with_grant = true
|
||||
|
|
Loading…
Reference in New Issue