-
Notifications
You must be signed in to change notification settings - Fork 214
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ALL implicit privileges equality check #339
Merged
+203
−12
Merged
Changes from all commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
09a9f30
feat: improved privilege matching in case of ALL
talbx edacad1
feat: added implicit privilege check for all object types except colu…
talbx e3b92a0
test: provided unit test for arePriviligesEqual function
talbx add228c
Merge remote-tracking branch 'origin/master' into all-privileges
talbx f58fbb3
chore: merge master
talbx 8dfcf90
fix: apply review findings - removed redundant wanted param of privil…
talbx db54bfc
refactor: inlined all equal checks
talbx 54fc593
fix: use the granted priviliges set from tf instead of db, added acce…
talbx c64e956
cleanup: fixed function name typos & removed useless testing helper fn
talbx a091370
provided a more reasonable name for testCheck function in implicit gr…
talbx 30d4b45
resolve merge conflicts
talbx d288aaf
Merge branch 'cyrilgdn:main' into all-privileges
talbx 55875e9
Merge branch 'main' into all-privileges
cyrilgdn 0393157
simplified privilege set creation
talbx c35441d
fix: always set id, no matter if privileges equal or not
talbx 4f65139
fmt
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1139,6 +1139,83 @@ resource "postgresql_grant" "test" { | |
}) | ||
} | ||
|
||
func TestAccPostgresqlImplicitGrants(t *testing.T) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💪 |
||
skipIfNotAcc(t) | ||
|
||
dbSuffix, teardown := setupTestDatabase(t, true, true) | ||
defer teardown() | ||
|
||
testTables := []string{"test_schema.test_table"} | ||
createTestTables(t, dbSuffix, testTables, "") | ||
|
||
dbName, roleName := getTestDBNames(dbSuffix) | ||
|
||
// create a TF config with placeholder for privileges | ||
// it will be filled in each step. | ||
var testGrant = fmt.Sprintf(` | ||
resource "postgresql_grant" "test" { | ||
database = "%s" | ||
role = "%s" | ||
schema = "test_schema" | ||
object_type = "table" | ||
objects = ["test_table"] | ||
privileges = %%s | ||
} | ||
`, dbName, roleName) | ||
|
||
var testCheckTableGrants = func(grants ...string) resource.TestCheckFunc { | ||
return func(*terraform.State) error { | ||
return testCheckTablesPrivileges(t, dbName, roleName, []string{testTables[0]}, grants) | ||
} | ||
} | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { | ||
testAccPreCheck(t) | ||
testCheckCompatibleVersion(t, featurePrivileges) | ||
}, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: fmt.Sprintf(testGrant, `["ALL"]`), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"postgresql_grant.test", "id", fmt.Sprintf("%s_%s_test_schema_table_test_table", roleName, dbName), | ||
), | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.#", "1"), | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.0", "test_table"), | ||
testCheckTableGrants("SELECT", "INSERT", "UPDATE", "DELETE"), | ||
), | ||
}, | ||
{ | ||
Config: fmt.Sprintf(testGrant, `["SELECT"]`), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.#", "1"), | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.0", "test_table"), | ||
testCheckTableGrants("SELECT"), | ||
), | ||
}, | ||
{ | ||
// Empty list means that privileges will be applied on all tables. | ||
Config: fmt.Sprintf(testGrant, `["SELECT", "INSERT", "UPDATE", "DELETE"]`), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.#", "1"), | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.0", "test_table"), | ||
testCheckTableGrants("SELECT", "INSERT", "UPDATE", "DELETE"), | ||
), | ||
}, | ||
{ | ||
Config: fmt.Sprintf(testGrant, `[]`), | ||
Destroy: true, | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.#", "1"), | ||
resource.TestCheckResourceAttr("postgresql_grant.test", "objects.0", "test_table"), | ||
testCheckTableGrants(""), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccPostgresqlGrantSchema(t *testing.T) { | ||
// create a TF config with placeholder for privileges | ||
// it will be filled in each step. | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool 👍