Skip to content
This repository was archived by the owner on Jan 17, 2025. It is now read-only.

Commit 19ec557

Browse files
winglotwinglot
committed
Fix regexp in privileges queries for PUBLIC
1 parent 86d5653 commit 19ec557

File tree

2 files changed

+28
-15
lines changed

2 files changed

+28
-15
lines changed

redshift/resource_redshift_grant.go

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -247,8 +247,8 @@ func readDatabaseGrants(db *DBConnection, d *schema.ResourceData) error {
247247
if isGrantToPublic(d) {
248248
query = `
249249
SELECT
250-
decode(charindex('C',split_part(split_part(regexp_replace(replace(array_to_string(db.datacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as create,
251-
decode(charindex('T',split_part(split_part(regexp_replace(replace(array_to_string(db.datacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as temporary
250+
decode(charindex('C',split_part(split_part(regexp_replace(replace(array_to_string(db.datacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as create,
251+
decode(charindex('T',split_part(split_part(regexp_replace(replace(array_to_string(db.datacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as temporary
252252
FROM pg_database db
253253
WHERE
254254
db.datname=$1
@@ -308,8 +308,8 @@ func readSchemaGrants(db *DBConnection, d *schema.ResourceData) error {
308308
if isGrantToPublic(d) {
309309
query = `
310310
SELECT
311-
decode(charindex('C',split_part(split_part(regexp_replace(replace(array_to_string(ns.nspacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as create,
312-
decode(charindex('U',split_part(split_part(regexp_replace(replace(array_to_string(ns.nspacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as usage
311+
decode(charindex('C',split_part(split_part(regexp_replace(replace(array_to_string(ns.nspacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as create,
312+
decode(charindex('U',split_part(split_part(regexp_replace(replace(array_to_string(ns.nspacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0,0,1) as usage
313313
FROM pg_namespace ns
314314
WHERE
315315
ns.nspname=$1
@@ -389,14 +389,14 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
389389
query = `
390390
SELECT
391391
relname,
392-
decode(charindex('r',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as select,
393-
decode(charindex('w',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as update,
394-
decode(charindex('a',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as insert,
395-
decode(charindex('d',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as delete,
396-
decode(charindex('D',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as drop,
397-
decode(charindex('x',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as references,
398-
decode(charindex('R',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as rule,
399-
decode(charindex('t',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as trigger
392+
decode(charindex('r',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as select,
393+
decode(charindex('w',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as update,
394+
decode(charindex('a',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as insert,
395+
decode(charindex('d',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as delete,
396+
decode(charindex('D',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as drop,
397+
decode(charindex('x',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as references,
398+
decode(charindex('R',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as rule,
399+
decode(charindex('t',split_part(split_part(regexp_replace(replace(array_to_string(relacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)),null,0,0,0,1) as trigger
400400
FROM pg_class cl
401401
JOIN pg_namespace nsp ON nsp.oid = cl.relnamespace
402402
WHERE
@@ -511,7 +511,7 @@ func readCallableGrants(db *DBConnection, d *schema.ResourceData) error {
511511
query = `
512512
SELECT
513513
proname,
514-
decode(nvl(charindex('X',split_part(split_part(regexp_replace(replace(array_to_string(pr.proacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0), 0,0,1) as execute
514+
decode(nvl(charindex('X',split_part(split_part(regexp_replace(replace(array_to_string(pr.proacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0), 0,0,1) as execute
515515
FROM pg_proc_info pr
516516
JOIN pg_namespace nsp ON nsp.oid = pr.pronamespace
517517
WHERE
@@ -599,7 +599,7 @@ func readLanguageGrants(db *DBConnection, d *schema.ResourceData) error {
599599
query = `
600600
SELECT
601601
lanname,
602-
decode(nvl(charindex('U',split_part(split_part(regexp_replace(replace(array_to_string(lg.lanacl, '|'), '"', ''),'[^|+]=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0), 0,0,1) as usage
602+
decode(nvl(charindex('U',split_part(split_part(regexp_replace(replace(array_to_string(lg.lanacl, '|'), '"', ''),'[^|]+=','__avoidUserPrivs__'), '=', 2) ,'/',1)), 0), 0,0,1) as usage
603603
FROM pg_language lg
604604
`
605605
queryArgs = []interface{}{}

redshift/resource_redshift_grant_test.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313

1414
func TestAccRedshiftGrant_SchemaToPublic(t *testing.T) {
1515
schemaName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_schema"), "-", "_")
16+
userName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_user"), "-", "_")
1617
config := fmt.Sprintf(`
1718
resource "redshift_schema" "test" {
1819
name = %[1]q
@@ -25,7 +26,19 @@ resource "redshift_grant" "public" {
2526
object_type = "schema"
2627
privileges = ["create", "usage"]
2728
}
28-
`, schemaName)
29+
30+
# Add user with different privileges to see if we do not catch them by accident
31+
resource "redshift_user" "test" {
32+
name = %[2]q
33+
password = "Foo123456$"
34+
}
35+
resource "redshift_grant" "user" {
36+
user = redshift_user.test.name
37+
schema = %[1]q
38+
object_type = "schema"
39+
privileges = ["usage"]
40+
}
41+
`, schemaName, userName)
2942

3043
resource.Test(t, resource.TestCase{
3144
PreCheck: func() { testAccPreCheck(t) },

0 commit comments

Comments
 (0)