Merge branch 'master' into master

winglot · web-flow · commit 354831c8f559 · 2023-01-16T15:10:10.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## [v1.0.4](https://github.com/brainly/terraform-provider-redshift/tree/v1.0.4) (2022-12-28)
+
+[Full Changelog](https://github.com/brainly/terraform-provider-redshift/compare/v1.0.3...v1.0.4)
+
+**Merged pull requests:**
+
+- Fix userSessionTimeoutAttr condition [\#102](https://github.com/brainly/terraform-provider-redshift/pull/102) ([robertomczak](https://github.com/robertomczak))
+- Add SESSION TIMEOUT support and missing defer rows.Close\(\) [\#101](https://github.com/brainly/terraform-provider-redshift/pull/101) ([robertomczak](https://github.com/robertomczak))
+
 ## [v1.0.3](https://github.com/brainly/terraform-provider-redshift/tree/v1.0.3) (2022-11-15)
 
 [Full Changelog](https://github.com/brainly/terraform-provider-redshift/compare/v1.0.2...v1.0.3)
diff --git a/redshift/data_source_redshift_user.go b/redshift/data_source_redshift_user.go
@@ -52,12 +52,17 @@ This data source can be used to fetch information about a specific database user
 				Computed:    true,
 				Description: `Indicates whether the user is a superuser with all database privileges.`,
 			},
+			userSessionTimeoutAttr: {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The maximum time in seconds that a session remains inactive or idle. The range is 60 seconds (one minute) to 1,728,000 seconds (20 days). If no session timeout is set for the user, the cluster setting applies.",
+			},
 		},
 	}
 }
 
 func dataSourceRedshiftUserRead(db *DBConnection, d *schema.ResourceData) error {
-	var useSysID, userValidUntil, userConnLimit, userSyslogAccess string
+	var useSysID, userValidUntil, userConnLimit, userSyslogAccess, userSessionTimeout string
 	var userSuperuser, userCreateDB bool
 
 	columns := []string{
@@ -66,6 +71,7 @@ func dataSourceRedshiftUserRead(db *DBConnection, d *schema.ResourceData) error
 		"usesuper",
 		"syslogaccess",
 		`COALESCE(useconnlimit::TEXT, 'UNLIMITED')`,
+		"sessiontimeout",
 	}
 
 	values := []interface{}{
@@ -74,6 +80,7 @@ func dataSourceRedshiftUserRead(db *DBConnection, d *schema.ResourceData) error
 		&userSuperuser,
 		&userSyslogAccess,
 		&userConnLimit,
+		&userSessionTimeout,
 	}
 
 	userName := d.Get(userNameAttr).(string)
@@ -96,12 +103,18 @@ func dataSourceRedshiftUserRead(db *DBConnection, d *schema.ResourceData) error
 		}
 	}
 
+	userSessionTimeoutNumber, err := strconv.Atoi(userSessionTimeout)
+	if err != nil {
+		return err
+	}
+
 	d.SetId(useSysID)
 	d.Set(userCreateDBAttr, userCreateDB)
 	d.Set(userSuperuserAttr, userSuperuser)
 	d.Set(userSyslogAccessAttr, userSyslogAccess)
 	d.Set(userConnLimitAttr, userConnLimitNumber)
 	d.Set(userValidUntilAttr, userValidUntil)
+	d.Set(userSessionTimeoutAttr, userSessionTimeoutNumber)
 
 	return nil
 }
diff --git a/redshift/data_source_redshift_user_test.go b/redshift/data_source_redshift_user_test.go
@@ -26,6 +26,7 @@ func TestAccDataSourceRedshiftUser_Basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.redshift_user.simple", userConnLimitAttr),
 					resource.TestCheckResourceAttrSet("data.redshift_user.simple", userSyslogAccessAttr),
 					resource.TestCheckResourceAttrSet("data.redshift_user.simple", userSuperuserAttr),
+					resource.TestCheckResourceAttrSet("data.redshift_user.simple", userSessionTimeoutAttr),
 				),
 			},
 		},
diff --git a/redshift/resource_redshift_grant.go b/redshift/resource_redshift_grant.go
@@ -292,6 +292,7 @@ func readSchemaGrants(db *DBConnection, d *schema.ResourceData) error {
 }
 
 func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
+	log.Printf("[DEBUG] Reading table grants")
 	var entityName, query string
 	_, isUser := d.GetOk(grantUserAttr)
 
@@ -344,6 +345,7 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
 	if err != nil {
 		return err
 	}
+	defer rows.Close()
 
 	for rows.Next() {
 		var objName string
@@ -388,11 +390,14 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
 			break
 		}
 	}
+	log.Printf("[DEBUG] Collected table grants")
 
 	return nil
 }
 
 func readCallableGrants(db *DBConnection, d *schema.ResourceData) error {
+	log.Printf("[DEBUG] Reading callable grants")
+
 	var entityName, query string
 
 	_, isUser := d.GetOk(grantUserAttr)
@@ -444,6 +449,7 @@ func readCallableGrants(db *DBConnection, d *schema.ResourceData) error {
 		}
 		return false
 	}
+	defer rows.Close()
 
 	privilegesSet := schema.NewSet(schema.HashString, nil)
 	for rows.Next() {
@@ -465,11 +471,13 @@ func readCallableGrants(db *DBConnection, d *schema.ResourceData) error {
 	if !privilegesSet.Equal(d.Get(grantPrivilegesAttr).(*schema.Set)) {
 		d.Set(grantPrivilegesAttr, privilegesSet)
 	}
+	log.Printf("[DEBUG] Reading callable grants - Done")
 
 	return nil
 }
 
 func readLanguageGrants(db *DBConnection, d *schema.ResourceData) error {
+	log.Printf("[DEBUG] Reading language grants")
 
 	var entityName, query string
 
@@ -503,6 +511,7 @@ func readLanguageGrants(db *DBConnection, d *schema.ResourceData) error {
 	}
 
 	objects := d.Get(grantObjectsAttr).(*schema.Set)
+	defer rows.Close()
 
 	for rows.Next() {
 		var objName string
@@ -526,6 +535,7 @@ func readLanguageGrants(db *DBConnection, d *schema.ResourceData) error {
 			break
 		}
 	}
+	log.Printf("[DEBUG] Reading language grants - Done")
 
 	return nil
 }
diff --git a/redshift/resource_redshift_user.go b/redshift/resource_redshift_user.go
@@ -16,13 +16,14 @@ import (
 )
 
 const (
-	userNameAttr         = "name"
-	userPasswordAttr     = "password"
-	userValidUntilAttr   = "valid_until"
-	userCreateDBAttr     = "create_database"
-	userConnLimitAttr    = "connection_limit"
-	userSyslogAccessAttr = "syslog_access"
-	userSuperuserAttr    = "superuser"
+	userNameAttr           = "name"
+	userPasswordAttr       = "password"
+	userValidUntilAttr     = "valid_until"
+	userCreateDBAttr       = "create_database"
+	userConnLimitAttr      = "connection_limit"
+	userSyslogAccessAttr   = "syslog_access"
+	userSuperuserAttr      = "superuser"
+	userSessionTimeoutAttr = "session_timeout"
 
 	// defaults
 	defaultUserSyslogAccess          = "RESTRICTED"
@@ -123,6 +124,13 @@ Amazon Redshift user accounts can only be created and dropped by a database supe
 				Default:       false,
 				Description:   `Determine whether the user is a superuser with all database privileges.`,
 			},
+			userSessionTimeoutAttr: {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      0,
+				Description:  "The maximum time in seconds that a session remains inactive or idle. The range is 60 seconds (one minute) to 1,728,000 seconds (20 days). If no session timeout is set for the user, the cluster setting applies.",
+				ValidateFunc: validation.All(validation.IntAtLeast(60), validation.IntAtMost(1728000)),
+			},
 		},
 	}
 }
@@ -162,6 +170,7 @@ func resourceRedshiftUserCreate(db *DBConnection, d *schema.ResourceData) error
 		sqlKey string
 	}{
 		{userConnLimitAttr, "CONNECTION LIMIT"},
+		{userSessionTimeoutAttr, "SESSION TIMEOUT"},
 	}
 
 	boolOpts := []struct {
@@ -215,7 +224,11 @@ func resourceRedshiftUserCreate(db *DBConnection, d *schema.ResourceData) error
 
 	for _, opt := range intOpts {
 		val := d.Get(opt.hclKey).(int)
-		createOpts = append(createOpts, fmt.Sprintf("%s %d", opt.sqlKey, val))
+		if opt.hclKey == userSessionTimeoutAttr && val != 0 {
+			createOpts = append(createOpts, fmt.Sprintf("%s %d", opt.sqlKey, val))
+		} else if opt.hclKey != userSessionTimeoutAttr {
+			createOpts = append(createOpts, fmt.Sprintf("%s %d", opt.sqlKey, val))
+		}
 	}
 
 	for _, opt := range boolOpts {
@@ -253,7 +266,7 @@ func resourceRedshiftUserRead(db *DBConnection, d *schema.ResourceData) error {
 }
 
 func resourceRedshiftUserReadImpl(db *DBConnection, d *schema.ResourceData) error {
-	var userName, userValidUntil, userConnLimit, userSyslogAccess string
+	var userName, userValidUntil, userConnLimit, userSyslogAccess, userSessionTimeout string
 	var userSuperuser, userCreateDB bool
 
 	columns := []string{
@@ -262,6 +275,7 @@ func resourceRedshiftUserReadImpl(db *DBConnection, d *schema.ResourceData) erro
 		"usesuper",
 		"syslogaccess",
 		`COALESCE(useconnlimit::TEXT, 'UNLIMITED')`,
+		"sessiontimeout",
 	}
 
 	values := []interface{}{
@@ -270,6 +284,7 @@ func resourceRedshiftUserReadImpl(db *DBConnection, d *schema.ResourceData) erro
 		&userSuperuser,
 		&userSyslogAccess,
 		&userConnLimit,
+		&userSessionTimeout,
 	}
 
 	useSysID := d.Id()
@@ -301,12 +316,18 @@ func resourceRedshiftUserReadImpl(db *DBConnection, d *schema.ResourceData) erro
 		}
 	}
 
+	userSessionTimeoutNumber, err := strconv.Atoi(userSessionTimeout)
+	if err != nil {
+		return err
+	}
+
 	d.Set(userNameAttr, userName)
 	d.Set(userCreateDBAttr, userCreateDB)
 	d.Set(userSuperuserAttr, userSuperuser)
 	d.Set(userSyslogAccessAttr, userSyslogAccess)
 	d.Set(userConnLimitAttr, userConnLimitNumber)
 	d.Set(userValidUntilAttr, userValidUntil)
+	d.Set(userSessionTimeoutAttr, userSessionTimeoutNumber)
 
 	return nil
 }
@@ -451,6 +472,10 @@ func resourceRedshiftUserUpdate(db *DBConnection, d *schema.ResourceData) error
 		return err
 	}
 
+	if err := setUserSessionTimeout(tx, d); err != nil {
+		return err
+	}
+
 	if err := tx.Commit(); err != nil {
 		return fmt.Errorf("could not commit transaction: %w", err)
 	}
@@ -514,6 +539,26 @@ func setUserConnLimit(tx *sql.Tx, d *schema.ResourceData) error {
 	return nil
 }
 
+func setUserSessionTimeout(tx *sql.Tx, d *schema.ResourceData) error {
+	if !d.HasChange(userSessionTimeoutAttr) {
+		return nil
+	}
+
+	sessionTimeout := d.Get(userSessionTimeoutAttr).(int)
+	userName := d.Get(userNameAttr).(string)
+	sql := ""
+	if sessionTimeout == 0 {
+		sql = fmt.Sprintf("ALTER USER %s RESET SESSION TIMEOUT", pq.QuoteIdentifier(userName))
+	} else {
+		sql = fmt.Sprintf("ALTER USER %s SESSION TIMEOUT %d", pq.QuoteIdentifier(userName), sessionTimeout)
+	}
+	if _, err := tx.Exec(sql); err != nil {
+		return fmt.Errorf("Error updating user SESSION TIMEOUT: %w", err)
+	}
+
+	return nil
+}
+
 func setUserCreateDB(tx *sql.Tx, d *schema.ResourceData) error {
 	if !d.HasChange(userCreateDBAttr) {
 		return nil
diff --git a/redshift/resource_redshift_user_test.go b/redshift/resource_redshift_user_test.go
@@ -39,6 +39,7 @@ func TestAccRedshiftUser_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("redshift_user.user_with_defaults", "password", ""),
 					resource.TestCheckResourceAttr("redshift_user.user_with_defaults", "valid_until", "infinity"),
 					resource.TestCheckResourceAttr("redshift_user.user_with_defaults", "syslog_access", "RESTRICTED"),
+					resource.TestCheckResourceAttr("redshift_user.user_with_defaults", "session_timeout", "0"),
 
 					testAccCheckRedshiftUserExists("user_create_database"),
 					resource.TestCheckResourceAttr("redshift_user.user_with_create_database", "name", "user_create_database"),
@@ -51,6 +52,10 @@ func TestAccRedshiftUser_Basic(t *testing.T) {
 					testAccCheckRedshiftUserExists("user_superuser"),
 					resource.TestCheckResourceAttr("redshift_user.user_superuser", "name", "user_superuser"),
 					resource.TestCheckResourceAttr("redshift_user.user_superuser", "superuser", "true"),
+
+					testAccCheckRedshiftUserExists("user_timeout"),
+					resource.TestCheckResourceAttr("redshift_user.user_timeout", "name", "user_timeout"),
+					resource.TestCheckResourceAttr("redshift_user.user_timeout", "session_timeout", "60"),
 				),
 			},
 		},
@@ -375,6 +380,12 @@ resource "redshift_user" "user_superuser" {
   superuser = true
   password = "FooBarBaz123"
 }
+
+resource "redshift_user" "user_timeout" {
+  name = "user_timeout"
+  password = "FooBarBaz123"
+  session_timeout = 60
+}
 `
 
 func TestPermanentUsername(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -292,6 +292,7 @@ func readSchemaGrants(db DBConnection, d schema.ResourceData) error {`
`292`	`292`	`}`
`293`	`293`
`294`	`294`	`func readTableGrants(db DBConnection, d schema.ResourceData) error {`
	`295`	`+ log.Printf("[DEBUG] Reading table grants")`
`295`	`296`	`var entityName, query string`
`296`	`297`	`_, isUser := d.GetOk(grantUserAttr)`
`297`	`298`
`@@ -344,6 +345,7 @@ func readTableGrants(db DBConnection, d schema.ResourceData) error {`
`344`	`345`	`if err != nil {`
`345`	`346`	`return err`
`346`	`347`	`}`
	`348`	`+ defer rows.Close()`
`347`	`349`
`348`	`350`	`for rows.Next() {`
`349`	`351`	`var objName string`
`@@ -388,11 +390,14 @@ func readTableGrants(db DBConnection, d schema.ResourceData) error {`
`388`	`390`	`break`
`389`	`391`	`}`
`390`	`392`	`}`
	`393`	`+ log.Printf("[DEBUG] Collected table grants")`
`391`	`394`
`392`	`395`	`return nil`
`393`	`396`	`}`
`394`	`397`
`395`	`398`	`func readCallableGrants(db DBConnection, d schema.ResourceData) error {`
	`399`	`+ log.Printf("[DEBUG] Reading callable grants")`
	`400`	`+`
`396`	`401`	`var entityName, query string`
`397`	`402`
`398`	`403`	`_, isUser := d.GetOk(grantUserAttr)`
`@@ -444,6 +449,7 @@ func readCallableGrants(db DBConnection, d schema.ResourceData) error {`
`444`	`449`	`}`
`445`	`450`	`return false`
`446`	`451`	`}`
	`452`	`+ defer rows.Close()`
`447`	`453`
`448`	`454`	`privilegesSet := schema.NewSet(schema.HashString, nil)`
`449`	`455`	`for rows.Next() {`
`@@ -465,11 +471,13 @@ func readCallableGrants(db DBConnection, d schema.ResourceData) error {`
`465`	`471`	`if !privilegesSet.Equal(d.Get(grantPrivilegesAttr).(*schema.Set)) {`
`466`	`472`	`d.Set(grantPrivilegesAttr, privilegesSet)`
`467`	`473`	`}`
	`474`	`+ log.Printf("[DEBUG] Reading callable grants - Done")`
`468`	`475`
`469`	`476`	`return nil`
`470`	`477`	`}`
`471`	`478`
`472`	`479`	`func readLanguageGrants(db DBConnection, d schema.ResourceData) error {`
	`480`	`+ log.Printf("[DEBUG] Reading language grants")`
`473`	`481`
`474`	`482`	`var entityName, query string`
`475`	`483`
`@@ -503,6 +511,7 @@ func readLanguageGrants(db DBConnection, d schema.ResourceData) error {`
`503`	`511`	`}`
`504`	`512`
`505`	`513`	`objects := d.Get(grantObjectsAttr).(*schema.Set)`
	`514`	`+ defer rows.Close()`
`506`	`515`
`507`	`516`	`for rows.Next() {`
`508`	`517`	`var objName string`
`@@ -526,6 +535,7 @@ func readLanguageGrants(db DBConnection, d schema.ResourceData) error {`
`526`	`535`	`break`
`527`	`536`	`}`
`528`	`537`	`}`
	`538`	`+ log.Printf("[DEBUG] Reading language grants - Done")`
`529`	`539`
`530`	`540`	`return nil`
`531`	`541`	`}`