github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/postgresql/resource_postgresql_role.go

github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/postgresql/resource_postgresql_role.go (about)

     1  package postgresql
     2  
     3  import (
     4  	"database/sql"
     5  	"fmt"
     6  
     7  	"github.com/hashicorp/errwrap"
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  	"github.com/lib/pq"
    10  )
    11  
    12  func resourcePostgreSQLRole() *schema.Resource {
    13  	return &schema.Resource{
    14  		Create: resourcePostgreSQLRoleCreate,
    15  		Read:   resourcePostgreSQLRoleRead,
    16  		Update: resourcePostgreSQLRoleUpdate,
    17  		Delete: resourcePostgreSQLRoleDelete,
    18  
    19  		Schema: map[string]*schema.Schema{
    20  			"name": {
    21  				Type:     schema.TypeString,
    22  				Required: true,
    23  				ForceNew: true,
    24  			},
    25  			"login": {
    26  				Type:     schema.TypeBool,
    27  				Optional: true,
    28  				ForceNew: false,
    29  				Default:  false,
    30  			},
    31  			"password": {
    32  				Type:     schema.TypeString,
    33  				Optional: true,
    34  				ForceNew: false,
    35  			},
    36  			"encrypted": {
    37  				Type:     schema.TypeBool,
    38  				Optional: true,
    39  				ForceNew: false,
    40  				Default:  false,
    41  			},
    42  		},
    43  	}
    44  }
    45  
    46  func resourcePostgreSQLRoleCreate(d *schema.ResourceData, meta interface{}) error {
    47  	client := meta.(*Client)
    48  	conn, err := client.Connect()
    49  	if err != nil {
    50  		return err
    51  	}
    52  	defer conn.Close()
    53  
    54  	roleName := d.Get("name").(string)
    55  	loginAttr := getLoginStr(d.Get("login").(bool))
    56  	password := d.Get("password").(string)
    57  
    58  	encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
    59  
    60  	query := fmt.Sprintf("CREATE ROLE %s %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), loginAttr, encryptedCfg, password)
    61  	_, err = conn.Query(query)
    62  	if err != nil {
    63  		return errwrap.Wrapf("Error creating role: {{err}}", err)
    64  	}
    65  
    66  	d.SetId(roleName)
    67  
    68  	return resourcePostgreSQLRoleRead(d, meta)
    69  }
    70  
    71  func resourcePostgreSQLRoleDelete(d *schema.ResourceData, meta interface{}) error {
    72  	client := meta.(*Client)
    73  	conn, err := client.Connect()
    74  	if err != nil {
    75  		return err
    76  	}
    77  	defer conn.Close()
    78  
    79  	roleName := d.Get("name").(string)
    80  
    81  	query := fmt.Sprintf("DROP ROLE %s", pq.QuoteIdentifier(roleName))
    82  	_, err = conn.Query(query)
    83  	if err != nil {
    84  		return errwrap.Wrapf("Error deleting role: {{err}}", err)
    85  	}
    86  
    87  	d.SetId("")
    88  
    89  	return nil
    90  }
    91  
    92  func resourcePostgreSQLRoleRead(d *schema.ResourceData, meta interface{}) error {
    93  	client := meta.(*Client)
    94  	conn, err := client.Connect()
    95  	if err != nil {
    96  		return err
    97  	}
    98  	defer conn.Close()
    99  
   100  	roleName := d.Get("name").(string)
   101  
   102  	var canLogin bool
   103  	err = conn.QueryRow("SELECT rolcanlogin FROM pg_roles WHERE rolname=$1", roleName).Scan(&canLogin)
   104  	switch {
   105  	case err == sql.ErrNoRows:
   106  		d.SetId("")
   107  		return nil
   108  	case err != nil:
   109  		return errwrap.Wrapf("Error reading role: {{err}}", err)
   110  	default:
   111  		d.Set("login", canLogin)
   112  		return nil
   113  	}
   114  }
   115  
   116  func resourcePostgreSQLRoleUpdate(d *schema.ResourceData, meta interface{}) error {
   117  	client := meta.(*Client)
   118  	conn, err := client.Connect()
   119  	if err != nil {
   120  		return err
   121  	}
   122  	defer conn.Close()
   123  
   124  	d.Partial(true)
   125  
   126  	roleName := d.Get("name").(string)
   127  
   128  	if d.HasChange("login") {
   129  		loginAttr := getLoginStr(d.Get("login").(bool))
   130  		query := fmt.Sprintf("ALTER ROLE %s %s", pq.QuoteIdentifier(roleName), pq.QuoteIdentifier(loginAttr))
   131  		_, err := conn.Query(query)
   132  		if err != nil {
   133  			return errwrap.Wrapf("Error updating login attribute for role: {{err}}", err)
   134  		}
   135  
   136  		d.SetPartial("login")
   137  	}
   138  
   139  	password := d.Get("password").(string)
   140  	if d.HasChange("password") {
   141  		encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
   142  
   143  		query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password)
   144  		_, err := conn.Query(query)
   145  		if err != nil {
   146  			return errwrap.Wrapf("Error updating password attribute for role: {{err}}", err)
   147  		}
   148  
   149  		d.SetPartial("password")
   150  	}
   151  
   152  	if d.HasChange("encrypted") {
   153  		encryptedCfg := getEncryptedStr(d.Get("encrypted").(bool))
   154  
   155  		query := fmt.Sprintf("ALTER ROLE %s %s PASSWORD '%s'", pq.QuoteIdentifier(roleName), encryptedCfg, password)
   156  		_, err := conn.Query(query)
   157  		if err != nil {
   158  			return errwrap.Wrapf("Error updating encrypted attribute for role: {{err}}", err)
   159  		}
   160  
   161  		d.SetPartial("encrypted")
   162  	}
   163  
   164  	d.Partial(false)
   165  	return resourcePostgreSQLRoleRead(d, meta)
   166  }
   167  
   168  func getLoginStr(canLogin bool) string {
   169  	if canLogin {
   170  		return "login"
   171  	}
   172  	return "nologin"
   173  }
   174  
   175  func getEncryptedStr(isEncrypted bool) string {
   176  	if isEncrypted {
   177  		return "encrypted"
   178  	}
   179  	return "unencrypted"
   180  }