grant role membership for when connection user is not superuser
This commit is contained in:
pbthorste
parent
873f86aee9
commit
daba1aff9d
|
|
@ -122,6 +122,12 @@ func resourcePostgreSQLDatabaseCreate(d *schema.ResourceData, meta interface{})
|
|||
b := bytes.NewBufferString("CREATE DATABASE ")
|
||||
fmt.Fprint(b, pq.QuoteIdentifier(dbName))
|
||||
|
||||
//needed in order to set the owner of the db if the connection user is not a superuser
|
||||
err = grantRoleMembership(conn, d.Get(dbOwnerAttr).(string), c.username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Handle each option individually and stream results into the query
|
||||
// buffer.
|
||||
|
||||
|
|
@ -464,3 +470,18 @@ func doSetDBIsTemplate(conn *sql.DB, dbName string, isTemplate bool) error {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func grantRoleMembership(conn *sql.DB, dbOwner string, connUsername string) error {
|
||||
if dbOwner != "" && dbOwner != connUsername {
|
||||
query := fmt.Sprintf("GRANT %s TO %s", pq.QuoteIdentifier(dbOwner), pq.QuoteIdentifier(connUsername))
|
||||
_, err := conn.Query(query)
|
||||
if err != nil {
|
||||
// is already member or role
|
||||
if strings.Contains(err.Error(), "duplicate key value violates unique constraint") {
|
||||
return nil
|
||||
}
|
||||
return errwrap.Wrapf("Error granting membership: {{err}}", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue