forked from pulumi/pulumi-postgresql
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is a hacky patch to make creating Roles work for
Pulumi-wrapped-terraform postgres provider with a Cockroach DB backend. Proper discussion is here: cyrilgdn/terraform-provider-postgresql#372 To start using it locally, after installing the dependencies (I believe just `go` and `pulumictl`: https://github.com/pulumi/pulumictl), with the appropriate version number (I'm using v3.10.0): `make provider && pulumi plugin rm resource postgresql && pulumi plugin install resource postgresql v3.10.0 -f bin/pulumi-resource-postgresql` The version number just needs to match what you are currently depending on. `pulumi plugin ls` should show it.
- Loading branch information
Showing
8 changed files
with
150 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index b7cb0fa..3d81772 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -195,7 +195,8 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| hclKey string | ||
| sqlKey string | ||
| }{ | ||
| - {roleConnLimitAttr, "CONNECTION LIMIT"}, | ||
| + // TODO: Re-enable. Testing if this a cockroach DB issue. | ||
| + // {roleConnLimitAttr, "CONNECTION LIMIT"}, | ||
| } | ||
|
|
||
| type boolOptType struct { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index 3d81772..8710210 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -205,7 +205,7 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| sqlKeyDisable string | ||
| } | ||
| boolOpts := []boolOptType{ | ||
| - {roleSuperuserAttr, "SUPERUSER", "NOSUPERUSER"}, | ||
| + // {roleSuperuserAttr, "SUPERUSER", "NOSUPERUSER"}, | ||
| {roleCreateDBAttr, "CREATEDB", "NOCREATEDB"}, | ||
| {roleCreateRoleAttr, "CREATEROLE", "NOCREATEROLE"}, | ||
| {roleInheritAttr, "INHERIT", "NOINHERIT"}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index 8710210..5760616 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -208,7 +208,7 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| // {roleSuperuserAttr, "SUPERUSER", "NOSUPERUSER"}, | ||
| {roleCreateDBAttr, "CREATEDB", "NOCREATEDB"}, | ||
| {roleCreateRoleAttr, "CREATEROLE", "NOCREATEROLE"}, | ||
| - {roleInheritAttr, "INHERIT", "NOINHERIT"}, | ||
| + // {roleInheritAttr, "INHERIT", "NOINHERIT"}, | ||
| {roleLoginAttr, "LOGIN", "NOLOGIN"}, | ||
| // roleEncryptedPassAttr is used only when rolePasswordAttr is set. | ||
| // {roleEncryptedPassAttr, "ENCRYPTED", "UNENCRYPTED"}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index 5760616..edaffce 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -214,9 +214,9 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| // {roleEncryptedPassAttr, "ENCRYPTED", "UNENCRYPTED"}, | ||
| } | ||
|
|
||
| - if db.featureSupported(featureRLS) { | ||
| - boolOpts = append(boolOpts, boolOptType{roleBypassRLSAttr, "BYPASSRLS", "NOBYPASSRLS"}) | ||
| - } | ||
| + //if db.featureSupported(featureRLS) { | ||
| + // boolOpts = append(boolOpts, boolOptType{roleBypassRLSAttr, "BYPASSRLS", "NOBYPASSRLS"}) | ||
| + //} | ||
|
|
||
| if db.featureSupported(featureReplication) { | ||
| boolOpts = append(boolOpts, boolOptType{roleReplicationAttr, "REPLICATION", "NOREPLICATION"}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index edaffce..a85d17d 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -218,9 +218,9 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| // boolOpts = append(boolOpts, boolOptType{roleBypassRLSAttr, "BYPASSRLS", "NOBYPASSRLS"}) | ||
| //} | ||
|
|
||
| - if db.featureSupported(featureReplication) { | ||
| - boolOpts = append(boolOpts, boolOptType{roleReplicationAttr, "REPLICATION", "NOREPLICATION"}) | ||
| - } | ||
| + //if db.featureSupported(featureReplication) { | ||
| + // boolOpts = append(boolOpts, boolOptType{roleReplicationAttr, "REPLICATION", "NOREPLICATION"}) | ||
| + //} | ||
|
|
||
| createOpts := make([]string, 0, len(stringOpts)+len(intOpts)+len(boolOpts)) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index a85d17d..983da3f 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -189,7 +189,9 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro | ||
| sqlKey string | ||
| }{ | ||
| {rolePasswordAttr, "PASSWORD"}, | ||
| - {roleValidUntilAttr, "VALID UNTIL"}, | ||
| + // TODO: Disabled because of `pq: timestamp "294277-01-01T00:00:00Z" exceeds supported timestamp bounds` | ||
| + // Not sure where the timestamp is coming from, guessing this? | ||
| + // {roleValidUntilAttr, "VALID UNTIL"}, | ||
| } | ||
| intOpts := []struct { | ||
| hclKey string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| diff --git a/postgresql/helpers.go b/postgresql/helpers.go | ||
| index 1cc0cd1..7279fef 100644 | ||
| --- a/postgresql/helpers.go | ||
| +++ b/postgresql/helpers.go | ||
| @@ -534,16 +534,18 @@ func pgLockRole(txn *sql.Tx, role string) error { | ||
| if _, err := txn.Exec("SET statement_timeout = 0"); err != nil { | ||
| return fmt.Errorf("could not disable statement_timeout: %w", err) | ||
| } | ||
| - if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_roles WHERE rolname = $1", role); err != nil { | ||
| - return fmt.Errorf("could not get advisory lock for role %s: %w", role, err) | ||
| - } | ||
| - | ||
| - if _, err := txn.Exec( | ||
| - "SELECT pg_advisory_xact_lock(member::bigint) FROM pg_auth_members JOIN pg_roles ON roleid = pg_roles.oid WHERE rolname = $1", | ||
| - role, | ||
| - ); err != nil { | ||
| - return fmt.Errorf("could not get advisory lock for members of role %s: %w", role, err) | ||
| - } | ||
| + // TODO: Cockroach does not support `pg_advisory_xact_lock`. | ||
| + //if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_roles WHERE rolname = $1", role); err != nil { | ||
| + // return fmt.Errorf("could not get advisory lock for role %s: %w", role, err) | ||
| + //} | ||
| + | ||
| + // TODO: Cockroach does not support `pg_advisory_xact_lock`. | ||
| + //if _, err := txn.Exec( | ||
| + // "SELECT pg_advisory_xact_lock(member::bigint) FROM pg_auth_members JOIN pg_roles ON roleid = pg_roles.oid WHERE rolname = $1", | ||
| + // role, | ||
| + //); err != nil { | ||
| + // return fmt.Errorf("could not get advisory lock for members of role %s: %w", role, err) | ||
| + //} | ||
|
|
||
| return nil | ||
| } | ||
| @@ -554,9 +556,10 @@ func pgLockDatabase(txn *sql.Tx, database string) error { | ||
| if _, err := txn.Exec("SET statement_timeout = 0"); err != nil { | ||
| return fmt.Errorf("could not disable statement_timeout: %w", err) | ||
| } | ||
| - if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_database WHERE datname = $1", database); err != nil { | ||
| - return fmt.Errorf("could not get advisory lock for database %s: %w", database, err) | ||
| - } | ||
| + // TODO: Cockroach does not support `pg_advisory_xact_lock`. | ||
| + //if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_database WHERE datname = $1", database); err != nil { | ||
| + // return fmt.Errorf("could not get advisory lock for database %s: %w", database, err) | ||
| + //} | ||
|
|
||
| return nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| diff --git a/postgresql/resource_postgresql_role.go b/postgresql/resource_postgresql_role.go | ||
| index 983da3f..3b44415 100644 | ||
| --- a/postgresql/resource_postgresql_role.go | ||
| +++ b/postgresql/resource_postgresql_role.go | ||
| @@ -921,7 +921,8 @@ func revokeRoles(txn *sql.Tx, d *schema.ResourceData) error { | ||
|
|
||
| rows, err := txn.Query(query, role) | ||
| if err != nil { | ||
| - return fmt.Errorf("could not get roles list for role %s: %w", role, err) | ||
| + // TODO: Just causing an error to check it was here. | ||
| + return fmt.Errorf("could not get roles list for role (SEE IT CHANGED) %s: %w: %s", role, err, query) | ||
| } | ||
| defer rows.Close() | ||
|
|