github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/builtin/providers/postgresql/resource_postgresql_role.go

github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/builtin/providers/postgresql/resource_postgresql_role.go (about)

     1  package postgresql
     2  
     3  import (
     4  	"database/sql"
     5  	"fmt"
     6  
     7  	"github.com/hashicorp/terraform/helper/schema"
     8  	"github.com/lib/pq"
     9  )
    10  
    11  func resourcePostgresqlRole() *schema.Resource {
    12  	return &schema.Resource{
    13  		Create: resourcePostgresqlRoleCreate,
    14  		Read:   resourcePostgresqlRoleRead,
    15  		Update: resourcePostgresqlRoleUpdate,
    16  		Delete: resourcePostgresqlRoleDelete,
    17  
    18  		Schema: map[string]*schema.Schema{
    19  			"name": &schema.Schema{
    20  				Type:     schema.TypeString,
    21  				Required: true,
    22  				ForceNew: true,
    23  			},
    24  			"login": &schema.Schema{
    25  				Type:     schema.TypeBool,
    26  				Optional: true,
    27  				ForceNew: false,
    28  				Default:  false,
    29  			},
    30  			"password": &schema.Schema{
    31  				Type:     schema.TypeString,
    32  				Optional: true,
    33  				ForceNew: false,
    34  			},
    35  			"encrypted": &schema.Schema{
    36  				Type:     schema.TypeBool,
    37  				Optional: true,
    38  				ForceNew: false,
    39  				Default:  false,
    40  			},
    41  		},
    42  	}
    43  }
    44  
    45  func resourcePostgresqlRoleCreate(d *schema.ResourceData, meta interface{}) error {
    46  	client := meta.(*Client)
    47  	conn, err := client.Connect()
    48  	if err != nil {
    49  		return err
    50  	}
    51  	defer conn.Close()
    52  
    53  	roleName := d.Get("name").(string)
    54  	loginAttr := getLoginStr(d.Get("login").(bool))
    55  	password := d.Get("password").(string)
    56  
    57  	encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
    58  
    59  	query := fmt.Sprintf("CREATE ROLE %s %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), loginAttr, encryptedCfg, password)
    60  	_, err = conn.Query(query)
    61  	if err != nil {
    62  		return fmt.Errorf("Error creating role: %s", err)
    63  	}
    64  
    65  	d.SetId(roleName)
    66  
    67  	return nil
    68  }
    69  
    70  func resourcePostgresqlRoleDelete(d *schema.ResourceData, meta interface{}) error {
    71  	client := meta.(*Client)
    72  	conn, err := client.Connect()
    73  	if err != nil {
    74  		return err
    75  	}
    76  	defer conn.Close()
    77  
    78  	roleName := d.Get("name").(string)
    79  
    80  	query := fmt.Sprintf("DROP ROLE %s", pq.QuoteIdentifier(roleName))
    81  	_, err = conn.Query(query)
    82  	if err != nil {
    83  		return err
    84  	}
    85  
    86  	d.SetId("")
    87  
    88  	return nil
    89  }
    90  
    91  func resourcePostgresqlRoleRead(d *schema.ResourceData, meta interface{}) error {
    92  	client := meta.(*Client)
    93  	conn, err := client.Connect()
    94  	if err != nil {
    95  		return err
    96  	}
    97  	defer conn.Close()
    98  
    99  	roleName := d.Get("name").(string)
   100  
   101  	var canLogin bool
   102  	err = conn.QueryRow("select rolcanlogin from pg_roles where rolname=$1", roleName).Scan(&canLogin)
   103  	switch {
   104  	case err == sql.ErrNoRows:
   105  		d.SetId("")
   106  		return nil
   107  	case err != nil:
   108  		return fmt.Errorf("Error reading info about role: %s", err)
   109  	default:
   110  		d.Set("login", canLogin)
   111  		return nil
   112  	}
   113  }
   114  
   115  func resourcePostgresqlRoleUpdate(d *schema.ResourceData, meta interface{}) error {
   116  	client := meta.(*Client)
   117  	conn, err := client.Connect()
   118  	if err != nil {
   119  		return err
   120  	}
   121  	defer conn.Close()
   122  
   123  	d.Partial(true)
   124  
   125  	roleName := d.Get("name").(string)
   126  
   127  	if d.HasChange("login") {
   128  		loginAttr := getLoginStr(d.Get("login").(bool))
   129  		query := fmt.Sprintf("ALTER ROLE %s %s", pq.QuoteIdentifier(roleName), pq.QuoteIdentifier(loginAttr))
   130  		_, err := conn.Query(query)
   131  		if err != nil {
   132  			return fmt.Errorf("Error updating login attribute for role: %s", err)
   133  		}
   134  
   135  		d.SetPartial("login")
   136  	}
   137  
   138  	password := d.Get("password").(string)
   139  	if d.HasChange("password") {
   140  		encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
   141  
   142  		query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password)
   143  		_, err := conn.Query(query)
   144  		if err != nil {
   145  			return fmt.Errorf("Error updating password attribute for role: %s", err)
   146  		}
   147  
   148  		d.SetPartial("password")
   149  	}
   150  
   151  	if d.HasChange("encrypted") {
   152  		encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
   153  
   154  		query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password)
   155  		_, err := conn.Query(query)
   156  		if err != nil {
   157  			return fmt.Errorf("Error updating encrypted attribute for role: %s", err)
   158  		}
   159  
   160  		d.SetPartial("encrypted")
   161  	}
   162  
   163  	d.Partial(false)
   164  	return resourcePostgresqlRoleRead(d, meta)
   165  }
   166  
   167  func getLoginStr(canLogin bool) string {
   168  	if canLogin {
   169  		return "login"
   170  	}
   171  	return "nologin"
   172  }
   173  
   174  func getEncryptedStr(isEncrypted bool) string {
   175  	if isEncrypted {
   176  		return "encrypted"
   177  	}
   178  	return "unencrypted"
   179  }