Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement GRANT TO PUBLIC for all supported object types #106

Merged
merged 5 commits into from
Jan 30, 2023
Merged

Implement GRANT TO PUBLIC for all supported object types #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
dde62d4
Implement GRANT TO PUBLIC for all supported object types
winglot Jan 17, 2023
74a2b71
Add documentation and example usage
winglot Jan 18, 2023
23b3d4a
Add tests for grant to public for tables
winglot Jan 18, 2023
86d5653
Make the 'public' value for group case insensitive
winglot Jan 19, 2023
19ec557
Fix regexp in privileges queries for PUBLIC
winglot Jan 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions docs/resources/grant.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,21 @@ resource "redshift_grant" "group" {
}

# Granting permissions to execute functions or procedures requires providing their arguments' types

resource "redshift_grant" "user" {
user = "john"
schema = "my_schema"
object_type = "function"
objects = ["my_function(float)"]
privileges = ["execute"]
}

# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
resource "redshift_grant" "public" {
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
schema = "my_schema"
object_type = "schema"
privileges = ["usage"]
}
```

<!-- schema generated by tfplugindocs -->
Expand All @@ -48,7 +55,7 @@ resource "redshift_grant" "user" {

### Optional

- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set.
- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set. Settings the group name to `public` or `PUBLIC` (it is case insensitive in this case) will result in a `GRANT ... TO PUBLIC` statement.
- **id** (String) The ID of this resource.
- **objects** (Set of String) The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. Ignored when `object_type` is one of (`database`, `schema`).
- **schema** (String) The database schema to grant privileges on.
Expand Down
9 changes: 8 additions & 1 deletion examples/resources/redshift_grant/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,18 @@ resource "redshift_grant" "group" {
}

# Granting permissions to execute functions or procedures requires providing their arguments' types

resource "redshift_grant" "user" {
user = "john"
schema = "my_schema"
object_type = "function"
objects = ["my_function(float)"]
privileges = ["execute"]
}

# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
resource "redshift_grant" "public" {
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
schema = "my_schema"
object_type = "schema"
privileges = ["usage"]
}
51 changes: 32 additions & 19 deletions redshift/data_source_redshift_schema_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ data "redshift_schema" "schema" {

// Acceptance test for external redshift schema using AWS Glue Data Catalog
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
func TestAccDataSourceRedshiftSchema_ExternalDataCatalog(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE", t)
iamRoleArnsRaw := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_IAM_ROLE_ARNS", t)
Expand Down Expand Up @@ -95,11 +96,14 @@ data "redshift_schema" "spectrum" {

// Acceptance test for external redshift schema using Hive metastore
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
//
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
func TestAccDataSourceRedshiftSchema_ExternalHive(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME", t)
Expand Down Expand Up @@ -159,13 +163,16 @@ data "redshift_schema" "hive" {

// Acceptance test for external redshift schema using RDS Postgres
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
func TestAccDataSourceRedshiftSchema_ExternalRdsPostgres(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME", t)
Expand Down Expand Up @@ -234,12 +241,15 @@ data "redshift_schema" "postgres" {

// Acceptance test for external redshift schema using RDS Mysql
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
func TestAccDataSourceRedshiftSchema_ExternalRdsMysql(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME", t)
Expand Down Expand Up @@ -302,9 +312,12 @@ data "redshift_schema" "mysql" {

// Acceptance test for external redshift schema using datashare database
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
//
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
//
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
func TestAccDataSourceRedshiftSchema_ExternalRedshift(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE", t)
dbSchema := os.Getenv("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA")
Expand Down
Loading