Remove old docs. Update docs and code to support the PUBLIC role.

This commit is contained in:
Sean Chittenden 2016-12-26 07:00:03 -08:00
parent c3a3ddc0f5
commit 73be4bc21f
No known key found for this signature in database
GPG Key ID: 4EBC9DC16C2E5E16
4 changed files with 67 additions and 94 deletions

View File

@ -79,8 +79,9 @@ func resourcePostgreSQLSchema() *schema.Resource {
schemaPolicyRoleAttr: {
Type: schema.TypeString,
Elem: &schema.Schema{Type: schema.TypeString},
Required: true,
Description: "ROLE who will receive this policy",
Optional: true,
Default: "",
Description: "ROLE who will receive this policy (default: PUBLIC)",
},
schemaPolicyUsageAttr: {
Type: schema.TypeBool,
@ -351,6 +352,9 @@ func setSchemaPolicy(txn *sql.Tx, d *schema.ResourceData) error {
pMap := p.(map[string]interface{})
rolePolicy := schemaPolicyToACL(pMap)
// The PUBLIC role can not be DROP'ed, therefore we do not need
// to prevent revoking against it not existing.
if rolePolicy.Role != "" {
var foundUser bool
err := txn.QueryRow(`SELECT TRUE FROM pg_catalog.pg_user WHERE usename = $1`, rolePolicy.Role).Scan(&foundUser)
switch {
@ -363,6 +367,7 @@ func setSchemaPolicy(txn *sql.Tx, d *schema.ResourceData) error {
queries = append(queries, rolePolicy.Revokes(schemaName)...)
}
}
}
for _, p := range added {
pMap := p.(map[string]interface{})

View File

@ -8,16 +8,48 @@ description: |-
# postgresql\_schema
The ``postgresql_schema`` resource creates and manages a schema within a
PostgreSQL database.
The ``postgresql_schema`` resource creates and manages a [schema
objects](https://www.postgresql.org/docs/current/static/ddl-schemas.html) within
a PostgreSQL database.
## Usage
```
resource "postgresql_role" "app_www" {
name = "app_www"
}
resource "postgresql_role" "app_dba" {
name = "app_dba"
}
resource "postgresql_role" "app_releng" {
name = "app_releng"
}
resource "postgresql_schema" "my_schema" {
name = "my_schema"
owner = "postgres"
policy {
usage = true
role = "${postgresql_role.app_www.name}"
}
# app_releng can create new objects in the schema. This is the role that
# migrations are executed as.
policy {
create = true
usage = true
role = "${postgresql_role.app_releng.name}"
}
policy {
create_with_grant = true
usage_with_grant = true
role = "${postgresql_role.app_dba.name}"
}
}
```
@ -25,8 +57,19 @@ resource "postgresql_schema" "my_schema" {
* `name` - (Required) The name of the schema. Must be unique in the PostgreSQL
database instance where it is configured.
* `owner` - (Optional) The ROLE who owns the schema.
* `policy` - (Optional) Can be specified multiple times for each policy. Each
policy block supports fields documented below.
The `policy` block supports:
* `create` - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA.
* `create_with_grant` - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
* `role` - (Optional) The ROLE who is receiving the policy. If this value is empty or not specified it implies the policy is referring to the [`PUBLIC` role](https://www.postgresql.org/docs/current/static/sql-grant.html).
* `usage` - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA.
* `usage_with_grant` - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.
~> **NOTE on `policy`:** The permissions of a role specified in multiple policy blocks is cumulative. For example, if the same role is specified in two different `policy` each with different permissions (e.g. `create` and `usage_with_grant`, respectively), then the specified role with have both `create` and `usage_with_grant` privileges.
## Import Example
@ -41,6 +84,10 @@ resource "postgresql_schema" "public" {
resource "postgresql_schema" "schema_foo" {
name = "my_schema"
owner = "postgres"
policy {
usage = true
}
}
```

View File

@ -1,76 +0,0 @@
---
layout: "postgresql"
page_title: "PostgreSQL: postgresql_schema_policy"
sidebar_current: "docs-postgresql-resource-postgresql_schema_policy"
description: |-
Manages the permissions of PostgreSQL schemas.
---
# postgresql\_schema\_policy
The ``postgresql_schema_policy`` resource applies the necessary SQL DCL
(`GRANT`s and `REVOKE`s) necessary to ensure access compliance to a particular
SCHEMA within a PostgreSQL database.
## Usage
```
resource "postgresql_role" "my_app" {
name = "my_app"
}
resource "postgresql_schema" "my_schema" {
name = "my_schema"
}
resource "postgresql_schema_policy" "my_schema" {
create = true
usage = true
schema = "${postgresql_schema.my_schema.name}"
role = "${postgresql_role.my_app.name}"
}
```
## Argument Reference
* `create` - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA.
* `create_with_grant` - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
* `usage` - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA.
* `usage_with_grant` - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.
* `role` - (Required) The ROLE who is receiving the policy.
* `schema` - (Required) The SCHEMA that is the target of the policy.
## Import Example
`postgresql_schema_policy` supports importing resources. Supposing the
following Terraform:
```
resource "postgresql_schema" "public" {
name = "public"
}
resource "postgresql_schema_policy" "public" {
create = true
usage = true
schema = "${postgresql_schema.public.name}"
role = "${postgresql_role.my_app.name}"
}
```
It is possible to import a `postgresql_schema_policy` resource with the
following command:
```
$ terraform import postgresql_schema_policy.public public
```
Where `public` is the name of the schema in the PostgreSQL database and
`postgresql_schema_policy.public` is the name of the resource whose state will
be populated as a result of the command.

View File

@ -25,9 +25,6 @@
<li<%= sidebar_current("docs-postgresql-resource-postgresql_schema") %>>
<a href="/docs/providers/postgresql/r/postgresql_schema.html">postgresql_schema</a>
</li>
<li<%= sidebar_current("docs-postgresql-resource-postgresql_schema_policy") %>>
<a href="/docs/providers/postgresql/r/postgresql_schema_policy.html">postgresql_schema_policy</a>
</li>
</ul>
</li>
</ul>