Add support for routines in postgresql_default_privileges (#535)

Hi,

This PR adds some support for routines in the
`postgresql_default_privileges` resource.

I hope it is satisfactory. Go is not my strength, so please let me know
if it is insufficient as I will retract this PR in that case.

Related: #470

---------

Signed-off-by: Thomas D. Spear <[email protected]>
Co-authored-by: Cyril Gaudin <[email protected]>

Author: tspearconquest

postgresql/resource_postgresql_default_privileges.go

@@ -53,10 +53,11 @@ func resourcePostgreSQLDefaultPrivileges() *schema.Resource {
 					"table",
 					"sequence",
 					"function",
+					"routine",
 					"type",
 					"schema",
 				}, false),
-				Description: "The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema)",
+				Description: "The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, routine, type, schema)",
 			},
 			"privileges": {
 				Type:        schema.TypeSet,
@@ -87,6 +88,13 @@ func resourcePostgreSQLDefaultPrivilegesRead(db *DBConnection, d *schema.Resourc
 		)
 	}
 
+	if objectType == "routine" && !db.featureSupported(featureRoutine) {
+		return fmt.Errorf(
+			"object type ROUTINE is not supported for this Postgres version (%s)",
+			db.version,
+		)
+	}
+
 	exists, err := checkRoleDBSchemaExists(db, d)
 	if err != nil {
 		return err
@@ -119,6 +127,13 @@ func resourcePostgreSQLDefaultPrivilegesCreate(db *DBConnection, d *schema.Resou
 		return fmt.Errorf("cannot specify `schema` when `object_type` is `schema`")
 	}
 
+	if objectType == "routine" && !db.featureSupported(featureRoutine) {
+		return fmt.Errorf(
+			"object type ROUTINE is not supported for this Postgres version (%s)",
+			db.version,
+		)
+	}
+
 	if d.Get("with_grant_option").(bool) && strings.ToLower(d.Get("role").(string)) == "public" {
 		return fmt.Errorf("with_grant_option cannot be true for role 'public'")
 	}

postgresql/resource_postgresql_default_privileges_test.go

@@ -346,3 +346,55 @@ resource "postgresql_default_privileges" "test_ro" {
 		})
 	}
 }
+
+func TestAccPostgresqlDefaultPrivileges_Routines(t *testing.T) {
+	skipIfNotAcc(t)
+
+	dbSuffix, teardown := setupTestDatabase(t, true, true)
+	defer teardown()
+
+	config := getTestConfig(t)
+	dbName, roleName := getTestDBNames(dbSuffix)
+
+	resourceConfig := fmt.Sprintf(`
+resource "postgresql_default_privileges" "test" {
+	database          = "%s"
+	schema            = "test_schema"
+	owner             = "%s"
+	role              = "%s"
+	object_type       = "routine"
+	privileges        = ["EXECUTE"]
+}
+`, dbName, config.Username, roleName)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testCheckCompatibleVersion(t, featurePrivileges)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: resourceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					// Create a test function to check if default privileges are applied
+					func(*terraform.State) error {
+						dbExecute(
+							t, config.connStr(dbName),
+							"CREATE FUNCTION test_schema.test_function() RETURNS int AS $$ SELECT 1; $$ LANGUAGE sql;",
+						)
+
+						db := connectAsTestRole(t, roleName, dbName)
+						defer closeDB(t, db)
+
+						if _, err := db.Exec("SELECT test_schema.test_function();"); err != nil {
+							t.Fatalf("Expected test role to be able to execute function, got error: %s", err)
+						}
+
+						return nil
+					},
+				),
+			},
+		},
+	})
+}

postgresql/resource_postgresql_grant.go

@@ -30,6 +30,7 @@ var objectTypes = map[string]string{
 	"table":    "r",
 	"sequence": "S",
 	"function": "f",
+	"routine":  "f",
 	"type":     "T",
 	"schema":   "n",
 }

website/docs/r/postgresql_default_privileges.html.markdown

@@ -32,7 +32,7 @@ resource "postgresql_default_privileges" "read_only_tables" {
 * `database` - (Required) The database to grant default privileges for this role.
 * `owner` - (Required) Specifies the role that creates objects for which the default privileges will be applied.
 * `schema` - (Optional) The database schema to set default privileges for this role.
-* `object_type` - (Required) The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
+* `object_type` - (Required) The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, routine, type, schema).
 * `privileges` - (Required) List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.