Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ALL privileges for postgresql_grant #32

Closed
icterine opened this issue Jan 7, 2021 · 5 comments · Fixed by #339
Closed

Fix ALL privileges for postgresql_grant #32

icterine opened this issue Jan 7, 2021 · 5 comments · Fixed by #339
Labels
bug Something isn't working

Comments

@icterine
Copy link

icterine commented Jan 7, 2021
edited by cyrilgdn
Loading

Hi

It will be good if postgresql_grant resource will allow ALL in addition to others like

privileges - (Required) The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.

as per

GRANT { { CREATE | USAGE } [,...] | **ALL** [ PRIVILEGES ] }
    ON SCHEMA schema_name [, ...]
    TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]

edit by @cyrilgdn :
Recreation of hashicorp/terraform-provider-postgresql#72 and hashicorp/terraform-provider-postgresql#166
@cyrilgdn cyrilgdn changed the title Allow ALL privilegies for postgresql_grant Fix ALL privileges for postgresql_grant Jan 10, 2021
@cyrilgdn cyrilgdn added the bug Something isn't working label Jan 10, 2021
@cyrilgdn
Copy link
Owner

Hi @icterine ,

It's already possible but actually does not work correctly. If you set privileges = ["ALL"], all privileges will be correctly granted but then the next terraform plan will show a diff.

We need to find a way to fix it (I think will need a new all_privileges settings which will conflict with privileges but I need to check if it works)

@zswanson
Copy link

zswanson commented Jul 13, 2021
edited
Loading

Is there any way to work around this in the meantime? Its not blocking anything but it tends to confuse people and leads to a lot of uncertainty on whether the plan is valid.

@cyrilgdn
Copy link
Owner

@zswanson You can simply pass all the possible privileges, and to avoid passing in multiple resources you can define local variables for that.

e.g.:

locals {
  all_privileges_database = ["CREATE", "CONNECT", "TEMPORARY", "TEMP"]
  all_privileges_table = ["SELECT", "INSERT", "UPDATE", "DELETE", "TRUNCATE", "REFERENCES", "TRIGGER"]
}


resource "postgresql_grant" "test" {
  database    = "test_db"
  role        = "test_role"
  schema      = "public"
  object_type = "table"
  privileges  = local.all_privileges_table
}

Allowed privileges per type are defined here: https://github.com/cyrilgdn/terraform-provider-postgresql/blob/master/postgresql/helpers.go#L237-L244

See also: https://www.postgresql.org/docs/current/sql-grant.html

@benesch benesch mentioned this issue Jul 18, 2021
Closed
@nitrocode
Copy link

nitrocode commented Aug 5, 2021
edited
Loading

For some reason TEMP always needs to be added with every apply. Perhaps all_privileges_database should be

locals {
  all_privileges_database = ["CREATE", "CONNECT", "TEMPORARY"]
}

@cyrilgdn cyrilgdn mentioned this issue Jan 30, 2022
Closed
@sarahkadar
Copy link

I see the same issue but with SELECT only.

@cyrilgdn cyrilgdn mentioned this issue Oct 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: ALL implicit privileges equality check talbx/terraform-provider-postgresql
5 participants
@sarahkadar @zswanson @cyrilgdn @nitrocode @icterine