Skip to content
This repository was archived by the owner on Jan 17, 2025. It is now read-only.

Commit 3288f24

Browse files
winglotwinglot
authored
Merge pull request #106 from brainly/feature/grant-to-public
Implement GRANT TO PUBLIC for all supported object types
2 parents 4bbf628 + 19ec557 commit 3288f24

File tree

6 files changed

+382
-71
lines changed

6 files changed

+382
-71
lines changed

docs/resources/grant.md

+9-2
Original file line numberDiff line numberDiff line change
@@ -28,14 +28,21 @@ resource "redshift_grant" "group" {
2828
}
2929
3030
# Granting permissions to execute functions or procedures requires providing their arguments' types
31-
3231
resource "redshift_grant" "user" {
3332
user = "john"
3433
schema = "my_schema"
3534
object_type = "function"
3635
objects = ["my_function(float)"]
3736
privileges = ["execute"]
3837
}
38+
39+
# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
40+
resource "redshift_grant" "public" {
41+
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
42+
schema = "my_schema"
43+
object_type = "schema"
44+
privileges = ["usage"]
45+
}
3946
```
4047

4148
<!-- schema generated by tfplugindocs -->
@@ -48,7 +55,7 @@ resource "redshift_grant" "user" {
4855

4956
### Optional
5057

51-
- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set.
58+
- **group** (String) The name of the group to grant privileges on. Either `group` or `user` parameter must be set. Settings the group name to `public` or `PUBLIC` (it is case insensitive in this case) will result in a `GRANT ... TO PUBLIC` statement.
5259
- **id** (String) The ID of this resource.
5360
- **objects** (Set of String) The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. Ignored when `object_type` is one of (`database`, `schema`).
5461
- **schema** (String) The database schema to grant privileges on.

examples/resources/redshift_grant/resource.tf

+8-1
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,18 @@ resource "redshift_grant" "group" {
1313
}
1414

1515
# Granting permissions to execute functions or procedures requires providing their arguments' types
16-
1716
resource "redshift_grant" "user" {
1817
user = "john"
1918
schema = "my_schema"
2019
object_type = "function"
2120
objects = ["my_function(float)"]
2221
privileges = ["execute"]
2322
}
23+
24+
# Granting permission to PUBLIC (GRANT ... TO PUBLIC)
25+
resource "redshift_grant" "public" {
26+
group = "public" // "public" or "PUBLIC" (it is case insensitive for this case) here indicates we want grant TO PUBLIC, not "public" group which cannot even be created in Redshift (keyword).
27+
schema = "my_schema"
28+
object_type = "schema"
29+
privileges = ["usage"]
30+
}

redshift/data_source_redshift_schema_test.go

+32-19
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,9 @@ data "redshift_schema" "schema" {
4343

4444
// Acceptance test for external redshift schema using AWS Glue Data Catalog
4545
// The following environment variables must be set, otherwise the test will be skipped:
46-
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
47-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
46+
//
47+
// REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE - source database name
48+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_DATA_CATALOG_IAM_ROLE_ARNS - comma-separated list of ARNs to use
4849
func TestAccDataSourceRedshiftSchema_ExternalDataCatalog(t *testing.T) {
4950
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_DATABASE", t)
5051
iamRoleArnsRaw := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_DATA_CATALOG_IAM_ROLE_ARNS", t)
@@ -95,11 +96,14 @@ data "redshift_schema" "spectrum" {
9596

9697
// Acceptance test for external redshift schema using Hive metastore
9798
// The following environment variables must be set, otherwise the test will be skipped:
98-
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
99-
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
100-
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
99+
//
100+
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE - source database name
101+
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME - hive metastore database endpoint FQDN or IP address
102+
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_IAM_ROLE_ARNS - comma-separated list of ARNs to use
103+
//
101104
// Additionally, the following environment variables may be optionally set:
102-
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
105+
//
106+
// REDSHIFT_EXTERNAL_SCHEMA_HIVE_PORT - hive metastore port. Default is 9083
103107
func TestAccDataSourceRedshiftSchema_ExternalHive(t *testing.T) {
104108
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_DATABASE", t)
105109
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_HIVE_HOSTNAME", t)
@@ -159,13 +163,16 @@ data "redshift_schema" "hive" {
159163

160164
// Acceptance test for external redshift schema using RDS Postgres
161165
// The following environment variables must be set, otherwise the test will be skipped:
162-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
163-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
164-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
165-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
166+
//
167+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE - source database name
168+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME - RDS endpoint FQDN or IP address
169+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_IAM_ROLE_ARNS - comma-separated list of ARNs to use
170+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
171+
//
166172
// Additionally, the following environment variables may be optionally set:
167-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
168-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
173+
//
174+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_PORT - RDS port. Default is 5432
175+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_SCHEMA - source database schema. Default is "public"
169176
func TestAccDataSourceRedshiftSchema_ExternalRdsPostgres(t *testing.T) {
170177
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_DATABASE", t)
171178
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_POSTGRES_HOSTNAME", t)
@@ -234,12 +241,15 @@ data "redshift_schema" "postgres" {
234241

235242
// Acceptance test for external redshift schema using RDS Mysql
236243
// The following environment variables must be set, otherwise the test will be skipped:
237-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
238-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
239-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
240-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
244+
//
245+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE - source database name
246+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME - RDS endpoint FQDN or IP address
247+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_IAM_ROLE_ARNS - comma-separated list of ARNs to use
248+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_SECRET_ARN - ARN of the secret in Secrets Manager containing credentials for authenticating to RDS
249+
//
241250
// Additionally, the following environment variables may be optionally set:
242-
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
251+
//
252+
// REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_PORT - RDS port. Default is 3306
243253
func TestAccDataSourceRedshiftSchema_ExternalRdsMysql(t *testing.T) {
244254
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_DATABASE", t)
245255
dbHostname := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_RDS_MYSQL_HOSTNAME", t)
@@ -302,9 +312,12 @@ data "redshift_schema" "mysql" {
302312

303313
// Acceptance test for external redshift schema using datashare database
304314
// The following environment variables must be set, otherwise the test will be skipped:
305-
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
315+
//
316+
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE - source database name
317+
//
306318
// Additionally, the following environment variables may be optionally set:
307-
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
319+
//
320+
// REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA - datashare schema name. Default is "public"
308321
func TestAccDataSourceRedshiftSchema_ExternalRedshift(t *testing.T) {
309322
dbName := getEnvOrSkip("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_DATABASE", t)
310323
dbSchema := os.Getenv("REDSHIFT_EXTERNAL_SCHEMA_REDSHIFT_SCHEMA")

0 commit comments

Comments
 (0)