* Fix doc bug. Spell `collation` like `lc_collate`.
* Whitespace nit in error message
* Use %q as the format verb for error messages in postgresql_database resource messages.
* REVOKE the `GRANT` given to the connection user when creating a database.
For `ROLE`s who have been delegated `CREATEDB` privileges and are not a
superuser, in order for them to `CREATE DATABASE` they need to be a member
of the `ROLE` who will be `OWNER` for the new database. Once the
`CREATE DATABASE` is complete, `REVOKE` the `GRANT` that was given to role
so that the user who ran the `CREATE DATABASE` looses all privileges to the
target database (unless of course they're a superuser).
Fixes a regression introduced in #11452
* Delegated DBA ROLEs can now fix OWNER drift for PostgreSQL databases.
Uses the helper functions introduced in #11452
removing a PostgreSQL role.
Add manual overrides if this isn't the desired behavior, but it should
universally be the desired outcome except when a ROLE name is reused
across multiple databases in the same PostgreSQL cluster, in which case
the `skip_drop_role` is necessary for all but the last PostgreSQL
provider.
releases.
When postgresql_schema_policy lands this attribute should be removed in
order to provide a single way of accomplishing setting permissions on
schema objects.
* Add support to import databases. See docs.
* Add support for renaming databases
* Add support for all known PostgreSQL database attributes, including:
* "allow_connections"
* "lc_ctype"
* "lc_collate"
* "connection_limit"
* "encoding"
* "is_template"
* "owner"
* "tablespace_name"
* "template"
Both libpq(3) and github.com/lib/pq both use `sslmode`. Prefer this vs
the non-standard `ssl_mode`. `ssl_mode` is supported for compatibility
but should be removed in the future.
Changelog: yes
According to the libpq documentation, "prefer" is the default in the
underlying library and so setting a different default in the Terraform
layer would be a breaking change for existing users of this provider
whose servers do not have TLS correctly configured.
The docs now link to the libpq manual's discussion of the security
implications of each of the ssl_mode options, so the user can understand
the limitations of the "prefer" default and can make an informed decision
about which setting is appropriate for their situation.
Sean Chittenden