Skip to content

Commit

Permalink
A change showing several features that Cockroach does not support,
Browse files Browse the repository at this point in the history 
specifically just to create a role.
  • Loading branch information
@kylepl
kylepl committed Nov 7, 2023
1 parent a961e75 commit 9c2eced
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 24 deletions.
29 changes: 16 additions & 13 deletions postgresql/helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -534,16 +534,18 @@ func pgLockRole(txn *sql.Tx, role string) error {
if _, err := txn.Exec("SET statement_timeout = 0"); err != nil {
return fmt.Errorf("could not disable statement_timeout: %w", err)
}
if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_roles WHERE rolname = $1", role); err != nil {
return fmt.Errorf("could not get advisory lock for role %s: %w", role, err)
}

if _, err := txn.Exec(
"SELECT pg_advisory_xact_lock(member::bigint) FROM pg_auth_members JOIN pg_roles ON roleid = pg_roles.oid WHERE rolname = $1",
role,
); err != nil {
return fmt.Errorf("could not get advisory lock for members of role %s: %w", role, err)
}
// TODO: Cockroach does not support `pg_advisory_xact_lock`.
//if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_roles WHERE rolname = $1", role); err != nil {
// return fmt.Errorf("could not get advisory lock for role %s: %w", role, err)
//}

// TODO: Cockroach does not support `pg_advisory_xact_lock`.
//if _, err := txn.Exec(
// "SELECT pg_advisory_xact_lock(member::bigint) FROM pg_auth_members JOIN pg_roles ON roleid = pg_roles.oid WHERE rolname = $1",
// role,
//); err != nil {
// return fmt.Errorf("could not get advisory lock for members of role %s: %w", role, err)
//}

return nil
}
Expand All @@ -554,9 +556,10 @@ func pgLockDatabase(txn *sql.Tx, database string) error {
if _, err := txn.Exec("SET statement_timeout = 0"); err != nil {
return fmt.Errorf("could not disable statement_timeout: %w", err)
}
if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_database WHERE datname = $1", database); err != nil {
return fmt.Errorf("could not get advisory lock for database %s: %w", database, err)
}
// TODO: Cockroach does not support `pg_advisory_xact_lock`.
//if _, err := txn.Exec("SELECT pg_advisory_xact_lock(oid::bigint) FROM pg_database WHERE datname = $1", database); err != nil {
// return fmt.Errorf("could not get advisory lock for database %s: %w", database, err)
//}

return nil
}
Expand Down
26 changes: 15 additions & 11 deletions postgresql/resource_postgresql_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,13 +189,16 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro
sqlKey string
}{
{rolePasswordAttr, "PASSWORD"},
{roleValidUntilAttr, "VALID UNTIL"},
// TODO: Disabled because of `pq: timestamp "294277-01-01T00:00:00Z" exceeds supported timestamp bounds`
// Not sure where the timestamp is coming from, guessing this?
// {roleValidUntilAttr, "VALID UNTIL"},
}
intOpts := []struct {
hclKey string
sqlKey string
}{
{roleConnLimitAttr, "CONNECTION LIMIT"},
// TODO: Re-enable. Testing if this a cockroach DB issue.
// {roleConnLimitAttr, "CONNECTION LIMIT"},
}

type boolOptType struct {
Expand All @@ -204,22 +207,22 @@ func resourcePostgreSQLRoleCreate(db *DBConnection, d *schema.ResourceData) erro
sqlKeyDisable string
}
boolOpts := []boolOptType{
{roleSuperuserAttr, "SUPERUSER", "NOSUPERUSER"},
// {roleSuperuserAttr, "SUPERUSER", "NOSUPERUSER"},
{roleCreateDBAttr, "CREATEDB", "NOCREATEDB"},
{roleCreateRoleAttr, "CREATEROLE", "NOCREATEROLE"},
{roleInheritAttr, "INHERIT", "NOINHERIT"},
// {roleInheritAttr, "INHERIT", "NOINHERIT"},
{roleLoginAttr, "LOGIN", "NOLOGIN"},
// roleEncryptedPassAttr is used only when rolePasswordAttr is set.
// {roleEncryptedPassAttr, "ENCRYPTED", "UNENCRYPTED"},
}

if db.featureSupported(featureRLS) {
boolOpts = append(boolOpts, boolOptType{roleBypassRLSAttr, "BYPASSRLS", "NOBYPASSRLS"})
}
//if db.featureSupported(featureRLS) {
// boolOpts = append(boolOpts, boolOptType{roleBypassRLSAttr, "BYPASSRLS", "NOBYPASSRLS"})
//}

if db.featureSupported(featureReplication) {
boolOpts = append(boolOpts, boolOptType{roleReplicationAttr, "REPLICATION", "NOREPLICATION"})
}
//if db.featureSupported(featureReplication) {
// boolOpts = append(boolOpts, boolOptType{roleReplicationAttr, "REPLICATION", "NOREPLICATION"})
//}

createOpts := make([]string, 0, len(stringOpts)+len(intOpts)+len(boolOpts))

Expand Down Expand Up @@ -918,7 +921,8 @@ func revokeRoles(txn *sql.Tx, d *schema.ResourceData) error {

rows, err := txn.Query(query, role)
if err != nil {
return fmt.Errorf("could not get roles list for role %s: %w", role, err)
// TODO: Just causing an error to check it was here.
return fmt.Errorf("could not get roles list for role (SEE IT CHANGED) %s: %w: %s", role, err, query)
}
defer rows.Close()

Expand Down

0 comments on commit 9c2eced

Please sign in to comment.