Skip to content

Commit

Permalink
Merge pull request #106 from brainly/feature/grant-to-public
Browse files Browse the repository at this point in the history 
Implement GRANT TO PUBLIC for all supported object types
  • Loading branch information
@winglot
winglot authored Jan 30, 2023
2 parents 4bbf628 + 19ec557 commit 3288f24
Show file tree
Hide file tree
Showing 6 changed files with 382 additions and 71 deletions.
11 changes: 9 additions & 2 deletions docs/resources/grant.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,21 @@ resource "redshift_grant" "group" {
}
# Granting permissions to execute functions or procedures requires providing their arguments' types
resource "redshift_grant" "user" {
user = "john"
schema = "my_schema"
object_type = "function"
objects = ["my_function(float)"]
privileges = ["execute"]
}
# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
resource "redshift_grant" "public" {
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
schema = "my_schema"
object_type = "schema"
privileges = ["usage"]
}
```

<!-- schema generated by tfplugindocs -->
Expand All @@ -48,7 +55,7 @@ resource "redshift_grant" "user" {

### Optional

- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set.
- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set. Settings the group name to `public` or `PUBLIC` (it is case insensitive in this case) will result in a `GRANT ... TO PUBLIC` statement.
- **id** (String) The ID of this resource.
- **objects** (Set of String) The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. Ignored when `object_type` is one of (`database`, `schema`).
- **schema** (String) The database schema to grant privileges on.
Expand Down
9 changes: 8 additions & 1 deletion examples/resources/redshift_grant/resource.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,18 @@ resource "redshift_grant" "group" {
}

# Granting permissions to execute functions or procedures requires providing their arguments' types

resource "redshift_grant" "user" {
user = "john"
schema = "my_schema"
object_type = "function"
objects = ["my_function(float)"]
privileges = ["execute"]
}

# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
resource "redshift_grant" "public" {
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
schema = "my_schema"
object_type = "schema"
privileges = ["usage"]
}
51 changes: 32 additions & 19 deletions redshift/data_source_redshift_schema_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ data "redshift_schema" "schema" {

// Acceptance test for external redshift schema using AWS Glue Data Catalog
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
func TestAccDataSourceRedshiftSchema_ExternalDataCatalog(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE", t)
iamRoleArnsRaw := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_IAM_ROLE_ARNS", t)
Expand Down Expand Up @@ -95,11 +96,14 @@ data "redshift_schema" "spectrum" {

// Acceptance test for external redshift schema using Hive metastore
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
//
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
func TestAccDataSourceRedshiftSchema_ExternalHive(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME", t)
Expand Down Expand Up @@ -159,13 +163,16 @@ data "redshift_schema" "hive" {

// Acceptance test for external redshift schema using RDS Postgres
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
func TestAccDataSourceRedshiftSchema_ExternalRdsPostgres(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME", t)
Expand Down Expand Up @@ -234,12 +241,15 @@ data "redshift_schema" "postgres" {

// Acceptance test for external redshift schema using RDS Mysql
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
//
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
func TestAccDataSourceRedshiftSchema_ExternalRdsMysql(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE", t)
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME", t)
Expand Down Expand Up @@ -302,9 +312,12 @@ data "redshift_schema" "mysql" {

// Acceptance test for external redshift schema using datashare database
// The following environment variables must be set, otherwise the test will be skipped:
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
//
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
//
// Additionally, the following environment variables may be optionally set:
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
//
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
func TestAccDataSourceRedshiftSchema_ExternalRedshift(t *testing.T) {
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE", t)
dbSchema := os.Getenv("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA")
Expand Down
Loading

0 comments on commit 3288f24

Please sign in to comment.