Commit Graph

26 Commits

Author SHA1 Message Date
Sean Chittenden 2ebac5226c PostgreSQL: leaked pg privs (#14817)
* Fix doc bug. Spell `collation` like `lc_collate`.

* Whitespace nit in error message

* Use %q as the format verb for error messages in postgresql_database resource messages.

* REVOKE the `GRANT` given to the connection user when creating a database.

For `ROLE`s who have been delegated `CREATEDB` privileges and are not a
superuser, in order for them to `CREATE DATABASE` they need to be a member
of the `ROLE` who will be `OWNER` for the new database.  Once the
`CREATE DATABASE` is complete, `REVOKE` the `GRANT` that was given to role
so that the user who ran the `CREATE DATABASE` looses all privileges to the
target database (unless of course they're a superuser).

Fixes a regression introduced in #11452

* Delegated DBA ROLEs can now fix OWNER drift for PostgreSQL databases.

Uses the helper functions introduced in #11452
2017-05-31 20:03:32 +03:00
pbthorste deb56bd93d improve error message 2017-01-27 01:50:45 +01:00
pbthorste daba1aff9d grant role membership for when connection user is not superuser 2017-01-27 01:46:37 +01:00
pbthorste 11f680a88e remove computed true for postgres connections 2017-01-11 22:55:50 +01:00
pbthorste 0c1175f78b set default postgres connection limit 2017-01-11 22:45:30 +01:00
Sean Chittenden a96f7408dd
Fix a few small grammar nits. 2016-12-27 15:50:25 -08:00
Sean Chittenden 9ab60ecc7b
Add an Exists function for each resource type. Also add a provider RWMutex.
Some of the checks didn't support concurrent updates.  This should
improve the reliability of the provider.
2016-12-27 15:50:25 -08:00
Sean Chittenden 1d60e9ab04
Clean up the description on postgresql_database.owner. 2016-12-25 06:13:32 -08:00
Sean Chittenden e2448473cb
Clean up the DatabaseCreate call. 2016-12-10 12:32:21 +11:00
Sean Chittenden db5d7b0438
Style nit 2016-12-10 12:32:21 +11:00
Sean Chittenden bfc2a2d42f
Commit WIP re: updated postgresql_role provider.
*Read() and *Update() still need to be updated.
2016-12-10 12:32:20 +11:00
Sean Chittenden 2e529146a5
Remove unused code. 2016-12-10 12:32:20 +11:00
Sean Chittenden 6b540ecb55
Don't use d.GetOk() when the zero value is a required attribute.
Add "pathological" test.
2016-12-10 12:32:20 +11:00
Sean Chittenden 37fdc958b3
Always remove the IS_TEMPLATE attribute before dropping a database. 2016-12-10 12:32:20 +11:00
Sean Chittenden e9b2b38288
Remove SetId() call from *Read(), this isn't required for import to work. 2016-12-10 12:32:20 +11:00
Sean Chittenden 5280c37bea
`postgresql_database` resource provider should now be feature complete.
* Add support to import databases.  See docs.
* Add support for renaming databases
* Add support for all known PostgreSQL database attributes, including:
  * "allow_connections"
  * "lc_ctype"
  * "lc_collate"
  * "connection_limit"
  * "encoding"
  * "is_template"
  * "owner"
  * "tablespace_name"
  * "template"
2016-12-10 12:32:20 +11:00
Sean Chittenden 3779dfffa9
Use a string instead of the `%t` modifier for printing a bool in SQL 2016-12-10 12:32:19 +11:00
Sean Chittenden 5b66bf0745
ForceNew is required when changing the locale, ctype, and encoding.
This will cause someone some grief.  TODO: Figure out how to prevent
someone from blowing off their foot if they twiddle this after the
fact.
2016-12-10 12:32:18 +11:00
Sean Chittenden 547dcf27e1
Decorate the computed attribute where appropriate 2016-12-10 12:32:18 +11:00
Sean Chittenden 242405bdf1
Factor out the validate function for connection limits 2016-12-10 12:32:18 +11:00
Sean Chittenden 02dea2edd9
Add missing descriptions to owner and name 2016-12-10 12:32:18 +11:00
Sean Chittenden f3add9e7ef
Flesh out the CREATE DATABASE for PostgreSQL. 2016-12-10 12:32:18 +11:00
James Nugent 44af0d60df provider/postgres: Fix acceptance tests
```
› PGSSLMODE=disable PGHOST=localhost PGUSER=postgres make testacc \
	TEST=./builtin/providers/postgresql
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/05 15:39:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/postgresql -v  -timeout 120m
=== RUN   TestProvider
--- PASS: TestProvider (0.00s)
=== RUN   TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN   TestAccPostgresqlDatabase_Basic
--- PASS: TestAccPostgresqlDatabase_Basic (0.53s)
=== RUN   TestAccPostgresqlDatabase_DefaultOwner
--- PASS: TestAccPostgresqlDatabase_DefaultOwner (0.51s)
=== RUN   TestAccPostgresqlRole_Basic
--- PASS: TestAccPostgresqlRole_Basic (0.11s)
PASS
ok     	github.com/hashicorp/terraform/builtin/providers/postgresql    	1.160s
```
2016-09-05 15:39:57 -07:00
James Nugent 34a17d3b46 provider/postgres: Correct casing -> PostgreSQL 2016-09-05 15:04:48 -07:00
James Nugent 260179543a provider/postgres: Clean up definitions and errors
This commit brings the Postgres provider up to "new" standards for error
wrapping and nested structure definitions.
2016-09-05 14:46:40 -07:00
Adrian Chelaru e1eef15646 postgresql provider with "database" and "role" resources 2015-12-03 23:44:20 -08:00