github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/postgresql/resource_postgresql_role.go (about) 1 package postgresql 2 3 import ( 4 "database/sql" 5 "fmt" 6 7 "github.com/hashicorp/errwrap" 8 "github.com/hashicorp/terraform/helper/schema" 9 "github.com/lib/pq" 10 ) 11 12 func resourcePostgreSQLRole() *schema.Resource { 13 return &schema.Resource{ 14 Create: resourcePostgreSQLRoleCreate, 15 Read: resourcePostgreSQLRoleRead, 16 Update: resourcePostgreSQLRoleUpdate, 17 Delete: resourcePostgreSQLRoleDelete, 18 19 Schema: map[string]*schema.Schema{ 20 "name": { 21 Type: schema.TypeString, 22 Required: true, 23 ForceNew: true, 24 }, 25 "login": { 26 Type: schema.TypeBool, 27 Optional: true, 28 ForceNew: false, 29 Default: false, 30 }, 31 "password": { 32 Type: schema.TypeString, 33 Optional: true, 34 ForceNew: false, 35 }, 36 "encrypted": { 37 Type: schema.TypeBool, 38 Optional: true, 39 ForceNew: false, 40 Default: false, 41 }, 42 }, 43 } 44 } 45 46 func resourcePostgreSQLRoleCreate(d *schema.ResourceData, meta interface{}) error { 47 client := meta.(*Client) 48 conn, err := client.Connect() 49 if err != nil { 50 return err 51 } 52 defer conn.Close() 53 54 roleName := d.Get("name").(string) 55 loginAttr := getLoginStr(d.Get("login").(bool)) 56 password := d.Get("password").(string) 57 58 encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool)) 59 60 query := fmt.Sprintf("CREATE ROLE %s %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), loginAttr, encryptedCfg, password) 61 _, err = conn.Query(query) 62 if err != nil { 63 return errwrap.Wrapf("Error creating role: {{err}}", err) 64 } 65 66 d.SetId(roleName) 67 68 return resourcePostgreSQLRoleRead(d, meta) 69 } 70 71 func resourcePostgreSQLRoleDelete(d *schema.ResourceData, meta interface{}) error { 72 client := meta.(*Client) 73 conn, err := client.Connect() 74 if err != nil { 75 return err 76 } 77 defer conn.Close() 78 79 roleName := d.Get("name").(string) 80 81 query := fmt.Sprintf("DROP ROLE %s", pq.QuoteIdentifier(roleName)) 82 _, err = conn.Query(query) 83 if err != nil { 84 return errwrap.Wrapf("Error deleting role: {{err}}", err) 85 } 86 87 d.SetId("") 88 89 return nil 90 } 91 92 func resourcePostgreSQLRoleRead(d *schema.ResourceData, meta interface{}) error { 93 client := meta.(*Client) 94 conn, err := client.Connect() 95 if err != nil { 96 return err 97 } 98 defer conn.Close() 99 100 roleName := d.Get("name").(string) 101 102 var canLogin bool 103 err = conn.QueryRow("SELECT rolcanlogin FROM pg_roles WHERE rolname=$1", roleName).Scan(&canLogin) 104 switch { 105 case err == sql.ErrNoRows: 106 d.SetId("") 107 return nil 108 case err != nil: 109 return errwrap.Wrapf("Error reading role: {{err}}", err) 110 default: 111 d.Set("login", canLogin) 112 return nil 113 } 114 } 115 116 func resourcePostgreSQLRoleUpdate(d *schema.ResourceData, meta interface{}) error { 117 client := meta.(*Client) 118 conn, err := client.Connect() 119 if err != nil { 120 return err 121 } 122 defer conn.Close() 123 124 d.Partial(true) 125 126 roleName := d.Get("name").(string) 127 128 if d.HasChange("login") { 129 loginAttr := getLoginStr(d.Get("login").(bool)) 130 query := fmt.Sprintf("ALTER ROLE %s %s", pq.QuoteIdentifier(roleName), pq.QuoteIdentifier(loginAttr)) 131 _, err := conn.Query(query) 132 if err != nil { 133 return errwrap.Wrapf("Error updating login attribute for role: {{err}}", err) 134 } 135 136 d.SetPartial("login") 137 } 138 139 password := d.Get("password").(string) 140 if d.HasChange("password") { 141 encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool)) 142 143 query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password) 144 _, err := conn.Query(query) 145 if err != nil { 146 return errwrap.Wrapf("Error updating password attribute for role: {{err}}", err) 147 } 148 149 d.SetPartial("password") 150 } 151 152 if d.HasChange("encrypted") { 153 encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool)) 154 155 query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password) 156 _, err := conn.Query(query) 157 if err != nil { 158 return errwrap.Wrapf("Error updating encrypted attribute for role: {{err}}", err) 159 } 160 161 d.SetPartial("encrypted") 162 } 163 164 d.Partial(false) 165 return resourcePostgreSQLRoleRead(d, meta) 166 } 167 168 func getLoginStr(canLogin bool) string { 169 if canLogin { 170 return "login" 171 } 172 return "nologin" 173 } 174 175 func getEncryptedStr(isEncrypted bool) string { 176 if isEncrypted { 177 return "encrypted" 178 } 179 return "unencrypted" 180 }