Merge pull request #57 from IvanOfThings/feat/add-allowed-privileges

feat: add privileges to drop dictionaries and views

Author: givorra-ls

docs/resources/role.md

@@ -17,7 +17,7 @@ Resource to manage Clickhouse roles
 
 ### Required
 
-- `database` (String) Database where to grant permissions to the user
+- `database` (String) Database where to grant permissions to the user. You can apply privileges to all databases by using '*'
 - `name` (String) Role name
 
 ### Optional

pkg/resources/role/resource_role.go

@@ -22,7 +22,7 @@ func ResourceRole() *schema.Resource {
 				Required:    true,
 			},
 			"database": {
-				Description: "Database where to grant permissions to the user",
+				Description: "Database where to grant permissions to the user. You can apply privileges to all databases by using '*'",
 				Type:        schema.TypeString,
 				Required:    true,
 			},

pkg/resources/role/validators.go

@@ -17,11 +17,15 @@ var AllowedDbLevelPrivileges = []string{
 	"CREATE DICTIONARY",
 	"DROP DATABASE",
 	"DROP TABLE",
+	"DROP DICTIONARY",
+	"DROP VIEW",
 	"SHOW TABLES",
+	"dictGet",
 }
 
 var AllowedGlobalPrivileges = []string{
 	"REMOTE",
+	"SYSTEM RELOAD DICTIONARY",
 }
 
 var AllowedPrivileges = append(AllowedDbLevelPrivileges, AllowedGlobalPrivileges...)
@@ -46,7 +50,6 @@ func ValidatePrivileges(database string, privileges *schema.Set) diag.Diagnostic
 
 func validatePrivilege(database string, privilege string, diagnostics *diag.Diagnostics) {
 	isAllowed := false
-	upperCasePrivilege := strings.ToUpper(privilege)
 
 	if IsGlobalPrivilege(privilege) && database != "*" {
 		diagnostic := diag.Diagnostic{
@@ -60,7 +63,7 @@ func validatePrivilege(database string, privilege string, diagnostics *diag.Diag
 		return
 	}
 	for _, allowedPrivilege := range AllowedPrivileges {
-		if upperCasePrivilege == allowedPrivilege {
+		if privilege == allowedPrivilege {
 			isAllowed = true
 			break
 		}