Commit Graph

26 Commits

Author SHA1 Message Date
Sean Chittenden 2ebac5226c PostgreSQL: leaked pg privs (#14817)
* Fix doc bug. Spell `collation` like `lc_collate`.

* Whitespace nit in error message

* Use %q as the format verb for error messages in postgresql_database resource messages.

* REVOKE the `GRANT` given to the connection user when creating a database.

For `ROLE`s who have been delegated `CREATEDB` privileges and are not a
superuser, in order for them to `CREATE DATABASE` they need to be a member
of the `ROLE` who will be `OWNER` for the new database.  Once the
`CREATE DATABASE` is complete, `REVOKE` the `GRANT` that was given to role
so that the user who ran the `CREATE DATABASE` looses all privileges to the
target database (unless of course they're a superuser).

Fixes a regression introduced in #11452

* Delegated DBA ROLEs can now fix OWNER drift for PostgreSQL databases.

Uses the helper functions introduced in #11452
2017-05-31 20:03:32 +03:00
Max Riveiro 137fcfb5de
Massively add HCL source tag in docs Markdown files
Signed-off-by: Max Riveiro <kavu13@gmail.com>
2017-04-17 13:17:54 +03:00
Radek Simko 10f53e3471 Add links to details about sensitive data in state (#13145) 2017-03-29 10:37:36 +01:00
George Christou 61277c0dbd website/docs: Run `terraform fmt` on code examples (#12075)
* docs/vsphere: Fix code block

* docs: Convert `...` to `# ...` to allow `terraform fmt`ing

* docs: Trim trailing whitespace

* docs: First-pass run of `terraform fmt` on code examples
2017-02-19 00:48:50 +02:00
Sean Chittenden a96f7408dd
Fix a few small grammar nits. 2016-12-27 15:50:25 -08:00
Sean Chittenden f2f495413e
Add a link in the `postgresql_database` pointing to postgresql.org 2016-12-26 07:01:34 -08:00
Sean Chittenden 73be4bc21f
Remove old docs. Update docs and code to support the PUBLIC role. 2016-12-26 07:00:03 -08:00
Sean Chittenden 897609878f
Automatically perform a `REASSIGN OWNED` and `DROP OWNED BY` when
removing a PostgreSQL role.

Add manual overrides if this isn't the desired behavior, but it should
universally be the desired outcome except when a ROLE name is reused
across multiple databases in the same PostgreSQL cluster, in which case
the `skip_drop_role` is necessary for all but the last PostgreSQL
provider.
2016-12-25 06:13:33 -08:00
Sean Chittenden ebc81727da
Add the postgresql_schema_policy resource. This is a WIP due to
issues with cycles when an object is destroyed.
2016-12-25 06:13:33 -08:00
Sean Chittenden de6dcbd8cd
Add the `owner` attribute to the `postgresql_schema` resource. 2016-12-25 06:13:32 -08:00
Sean Chittenden 56a193f228
Dept of second thoughts: remove authorization support before 0.8
releases.

When postgresql_schema_policy lands this attribute should be removed in
order to provide a single way of accomplishing setting permissions on
schema objects.
2016-12-13 10:28:06 -08:00
Sean Chittenden 201d9b9dfd
Fix the description for the postgresql_role. 2016-12-12 13:14:06 -08:00
Sean Chittenden d1c9ebb6c2
Add PostgreSQL schema support 2016-12-12 13:11:47 -08:00
Sean Chittenden e9dc92c18d
Change the default for `inherit` from `false` to `true` to match PostgreSQL. 2016-12-12 01:11:07 -08:00
Sean Chittenden bfc2a2d42f
Commit WIP re: updated postgresql_role provider.
*Read() and *Update() still need to be updated.
2016-12-10 12:32:20 +11:00
Sean Chittenden 5280c37bea
`postgresql_database` resource provider should now be feature complete.
* Add support to import databases.  See docs.
* Add support for renaming databases
* Add support for all known PostgreSQL database attributes, including:
  * "allow_connections"
  * "lc_ctype"
  * "lc_collate"
  * "connection_limit"
  * "encoding"
  * "is_template"
  * "owner"
  * "tablespace_name"
  * "template"
2016-12-10 12:32:20 +11:00
Sean Chittenden 300ef2bc97
Add `connect_timeout` support to the PostgreSQL provider. 2016-12-10 12:32:19 +11:00
Sean Chittenden 3750bf7af2
Depreciate the PostgreSQL provider's `ssl_mode` option in favor of `sslmode`.
Both libpq(3) and github.com/lib/pq both use `sslmode`.  Prefer this vs
the non-standard `ssl_mode`.  `ssl_mode` is supported for compatibility
but should be removed in the future.

Changelog: yes
2016-12-10 12:32:19 +11:00
Sean Chittenden a200899d93
Allow the PostgreSQL provider to talk to a non-default database. 2016-12-10 12:32:19 +11:00
Alexander Kyxap f993f0e70e Added 'connect_timeout' argument to provider 'postgresql' (#10380) 2016-11-28 16:52:10 +00:00
Anthony Stanton cb3cc5a38f Fix postgres_extension docs (#10011) 2016-11-10 11:54:56 +00:00
Sam Dunne d073a90cb1
Create provisioner for postgresql extensions
This change adds support for installing postgresql extensions on a
postgresql server.
2016-10-04 16:32:28 +01:00
Martin Atkins 220d73f32c provider/postgresql: default ssl_mode is "prefer"
According to the libpq documentation, "prefer" is the default in the
underlying library and so setting a different default in the Terraform
layer would be a breaking change for existing users of this provider
whose servers do not have TLS correctly configured.

The docs now link to the libpq manual's discussion of the security
implications of each of the ssl_mode options, so the user can understand
the limitations of the "prefer" default and can make an informed decision
about which setting is appropriate for their situation.
2016-04-17 08:32:02 -07:00
Xavier Sellier fc9825e4c4 - Add support for 'ssl_mode' options present in lib/pq
- Update psotgresql provider's documentation
- Enforce default value to 'require' for ssl_mode
2016-04-11 13:20:39 -04:00
Pablo Porto b3ecf8eb73 Fix missing double quotes in postgresql_database resource 2016-03-09 23:42:59 +00:00
Adrian Chelaru e1eef15646 postgresql provider with "database" and "role" resources 2015-12-03 23:44:20 -08:00