Merge pull request #59 from IvanOfThings/feat/add-allowed-privileges-2

givorra-ls · web-flow · commit d3641715f4d7 · 2024-09-04T14:17:33.000+02:00
feat: add S3 and CREATE TEMPORARY TABLE privileges
diff --git a/pkg/resources/role/resource_role_acceptance_test.go b/pkg/resources/role/resource_role_acceptance_test.go
@@ -193,11 +193,9 @@ func TestAccResourceRole(t *testing.T) {
 		Steps: generateTestSteps([]TestStepData{
 			{
 				// Create role
-				roleName: roleName1,
-				database: "*",
-				privileges: []string{
-					"REMOTE",
-				},
+				roleName:   roleName1,
+				database:   "*",
+				privileges: resourcerole.AllowedGlobalPrivileges,
 			}}),
 	})
 	// Validate privileges on create
@@ -227,6 +225,45 @@ func TestAccResourceRole(t *testing.T) {
 			},
 		},
 	})
+	resource.Test(t, resource.TestCase{
+		Providers: testutils.Provider(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRoleResource(
+					roleName1,
+					databaseName1,
+					common.Quote([]string{"SYSTEM RELOAD DICTIONARY"}),
+				),
+				ExpectError: regexp.MustCompile("Global privilege SYSTEM RELOAD DICTIONARY is only allowed for database '\\*'"),
+			},
+		},
+	})
+	resource.Test(t, resource.TestCase{
+		Providers: testutils.Provider(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRoleResource(
+					roleName1,
+					databaseName1,
+					common.Quote([]string{"S3"}),
+				),
+				ExpectError: regexp.MustCompile("Global privilege S3 is only allowed for database '\\*'"),
+			},
+		},
+	})
+	resource.Test(t, resource.TestCase{
+		Providers: testutils.Provider(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRoleResource(
+					roleName1,
+					databaseName1,
+					common.Quote([]string{"CREATE TEMPORARY TABLE"}),
+				),
+				ExpectError: regexp.MustCompile("Global privilege CREATE TEMPORARY TABLE is only allowed for database '\\*'"),
+			},
+		},
+	})
 	// Validate privileges on update
 	resource.Test(t, resource.TestCase{
 		Providers:    testutils.Provider(),
diff --git a/pkg/resources/role/validators.go b/pkg/resources/role/validators.go
@@ -26,6 +26,8 @@ var AllowedDbLevelPrivileges = []string{
 var AllowedGlobalPrivileges = []string{
 	"REMOTE",
 	"SYSTEM RELOAD DICTIONARY",
+	"S3",
+	"CREATE TEMPORARY TABLE",
 }
 
 var AllowedPrivileges = append(AllowedDbLevelPrivileges, AllowedGlobalPrivileges...)

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,8 @@ var AllowedDbLevelPrivileges = []string{`
`26`	`26`	`var AllowedGlobalPrivileges = []string{`
`27`	`27`	`"REMOTE",`
`28`	`28`	`"SYSTEM RELOAD DICTIONARY",`
	`29`	`+ "S3",`
	`30`	`+ "CREATE TEMPORARY TABLE",`
`29`	`31`	`}`
`30`	`32`
`31`	`33`	`var AllowedPrivileges = append(AllowedDbLevelPrivileges, AllowedGlobalPrivileges...)`