Merge branch 'master' into grant-extend-supported-object-types

docs/index.md

@@ -76,6 +76,7 @@ Optional:
 - **auto_create_user** (Boolean) Create a database user with the name specified for the user if one does not exist.
 - **db_groups** (Set of String) A list of the names of existing database groups that the user will join for the current session, in addition to any group memberships for an existing user. If not specified, a new user is added only to PUBLIC.
 - **duration_seconds** (Number) The number of seconds until the returned temporary password expires.
+- **region** (String) The AWS region where the Redshift cluster is located.
 
 <a id="nestedblock--temporary_credentials--assume_role"></a>
 ### Nested Schema for `temporary_credentials.assume_role`

redshift/helpers.go

@@ -168,7 +168,7 @@ func validatePrivileges(privileges []string, objectType string) bool {
 			}
 		case "TABLE":
 			switch strings.ToUpper(p) {
-			case "SELECT", "UPDATE", "INSERT", "DELETE", "DROP", "REFERENCES":
+			case "SELECT", "UPDATE", "INSERT", "DELETE", "DROP", "REFERENCES", "RULE", "TRIGGER":
 				continue
 			default:
 				return false

redshift/helpers_test.go

@@ -31,7 +31,7 @@ func TestValidatePrivileges(t *testing.T) {
 			expected:   true,
 		},
 		"valid list for table": {
-			privileges: []string{"insert", "update", "delete", "select", "drop", "references"},
+			privileges: []string{"insert", "update", "delete", "select", "drop", "references", "rule", "trigger"},
 			objectType: "table",
 			expected:   true,
 		},

redshift/provider.go

@@ -93,6 +93,11 @@ func Provider() *schema.Provider {
 							Description:  "The unique identifier of the cluster that contains the database for which you are requesting credentials. This parameter is case sensitive.",
 							ValidateFunc: validation.StringLenBetween(1, 2147483647),
 						},
+						"region": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "The AWS region where the Redshift cluster is located.",
+						},
 						"auto_create_user": {
 							Type:        schema.TypeBool,
 							Optional:    true,
@@ -231,6 +236,11 @@ func redshiftSdkClient(d *schema.ResourceData) (*redshift.Client, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if region := d.Get("temporary_credentials.0.region").(string); region != "" {
+		cfg.Region = region
+	}
+
 	if _, ok := d.GetOk("temporary_credentials.0.assume_role"); ok {
 		var parsedRoleArn string
 		if roleArn, ok := d.GetOk("temporary_credentials.0.assume_role.0.arn"); ok {

redshift/resource_redshift_default_privileges.go

@@ -214,7 +214,7 @@ func resourceRedshiftDefaultPrivilegesReadImpl(db *DBConnection, d *schema.Resou
 }
 
 func readGroupTableDefaultPrivileges(tx *sql.Tx, d *schema.ResourceData, entityID, schemaID, ownerID int, entityIsUser bool) error {
-	var tableSelect, tableUpdate, tableInsert, tableDelete, tableDrop, tableReferences bool
+	var tableSelect, tableUpdate, tableInsert, tableDelete, tableDrop, tableReferences, tableRule, tableTrigger bool
 	var query string
 
 	if entityIsUser {
@@ -225,7 +225,9 @@ func readGroupTableDefaultPrivileges(tx *sql.Tx, d *schema.ResourceData, entityI
 		decode(charindex('a',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as insert,
 		decode(charindex('d',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as delete,
 		decode(charindex('D',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as drop,
-		decode(charindex('x',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as references
+		decode(charindex('x',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as references,
+		decode(charindex('R',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as rule,
+		decode(charindex('t',split_part(split_part(regexp_replace(array_to_string(defaclacl, '|'), 'group '||u.usename), u.usename||'=', 2) ,'/',1)),0,0,1) as trigger
 	      FROM pg_user u, pg_default_acl acl
 	      WHERE 
 		acl.defaclnamespace = $1
@@ -242,7 +244,9 @@ func readGroupTableDefaultPrivileges(tx *sql.Tx, d *schema.ResourceData, entityI
 		decode(charindex('a',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as insert,
 		decode(charindex('d',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as delete,
 		decode(charindex('D',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as drop,
-		decode(charindex('x',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as references
+		decode(charindex('x',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as references,
+		decode(charindex('R',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as rule,
+		decode(charindex('t',split_part(split_part(array_to_string(defaclacl, '|'),'group ' || gr.groname,2 ) ,'/',1)),0,0,1) as trigger
 	      FROM pg_group gr, pg_default_acl acl
 	      WHERE 
 		acl.defaclnamespace = $1
@@ -259,7 +263,9 @@ func readGroupTableDefaultPrivileges(tx *sql.Tx, d *schema.ResourceData, entityI
 		&tableInsert,
 		&tableDelete,
 		&tableDrop,
-		&tableReferences); err != nil && err != sql.ErrNoRows {
+		&tableReferences,
+		&tableRule,
+		&tableTrigger); err != nil && err != sql.ErrNoRows {
 		return fmt.Errorf("failed to collect privileges: %w", err)
 	}
 
@@ -270,6 +276,8 @@ func readGroupTableDefaultPrivileges(tx *sql.Tx, d *schema.ResourceData, entityI
 	appendIfTrue(tableDelete, "delete", &privileges)
 	appendIfTrue(tableDrop, "drop", &privileges)
 	appendIfTrue(tableReferences, "references", &privileges)
+	appendIfTrue(tableRule, "rule", &privileges)
+	appendIfTrue(tableTrigger, "trigger", &privileges)
 
 	log.Printf("[DEBUG] Collected privileges for ID %d: %v\n", entityID, privileges)
 

redshift/resource_redshift_default_privileges_test.go

@@ -29,14 +29,14 @@ resource "redshift_default_privileges" "group" {
   group = redshift_group.group.name
   owner = "root"
   object_type = "table"
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 
 resource "redshift_default_privileges" "user" {
   user = redshift_user.user.name
   owner = "root"
   object_type = "table"
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 `, groupName, userName)
 
@@ -51,24 +51,28 @@ resource "redshift_default_privileges" "user" {
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "id", fmt.Sprintf("gn:%s_noschema_on:root_ot:table", groupName)),
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "group", groupName),
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "object_type", "table"),
-					resource.TestCheckResourceAttr("redshift_default_privileges.group", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_default_privileges.group", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "trigger"),
 
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "id", fmt.Sprintf("un:%s_noschema_on:root_ot:table", userName)),
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "user", userName),
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "object_type", "table"),
-					resource.TestCheckResourceAttr("redshift_default_privileges.user", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_default_privileges.user", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "trigger"),
 				),
 			},
 		},
@@ -92,14 +96,14 @@ resource "redshift_default_privileges" "group" {
   group = redshift_group.group.name
   owner = "root"
   object_type = "table"
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 
 resource "redshift_default_privileges" "user" {
   user = redshift_user.user.name
   owner = "root"
   object_type = "table"
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 `, groupName, userName)
 
@@ -139,24 +143,28 @@ resource "redshift_default_privileges" "user" {
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "id", fmt.Sprintf("gn:%s_noschema_on:root_ot:table", groupName)),
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "group", groupName),
 					resource.TestCheckResourceAttr("redshift_default_privileges.group", "object_type", "table"),
-					resource.TestCheckResourceAttr("redshift_default_privileges.group", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_default_privileges.group", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.group", "privileges.*", "trigger"),
 
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "id", fmt.Sprintf("un:%s_noschema_on:root_ot:table", userName)),
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "user", userName),
 					resource.TestCheckResourceAttr("redshift_default_privileges.user", "object_type", "table"),
-					resource.TestCheckResourceAttr("redshift_default_privileges.user", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_default_privileges.user", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_default_privileges.user", "privileges.*", "trigger"),
 				),
 			},
 			{

redshift/resource_redshift_grant.go

@@ -305,7 +305,9 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
     decode(charindex('a',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as insert,
     decode(charindex('d',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as delete,
     decode(charindex('D',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as drop,
-    decode(charindex('x',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as references
+    decode(charindex('x',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as references,
+    decode(charindex('R',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as rule,
+    decode(charindex('t',split_part(split_part(regexp_replace(array_to_string(relacl, '|'),'group '||u.usename), u.usename||'=', 2) ,'/',1)),null,0,0,0,1) as trigger
   FROM pg_user u, pg_class cl
   JOIN pg_namespace nsp ON nsp.oid = cl.relnamespace
   WHERE
@@ -323,7 +325,9 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
     decode(charindex('a',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as insert,
     decode(charindex('d',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as delete,
     decode(charindex('D',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as drop,
-    decode(charindex('x',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as references
+    decode(charindex('x',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as references,
+    decode(charindex('R',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as rule,
+    decode(charindex('t',split_part(split_part(array_to_string(relacl, '|'),'group ' || gr.groname,2 ) ,'/',1)), null,0, 0,0, 1) as trigger
   FROM pg_group gr, pg_class cl
   JOIN pg_namespace nsp ON nsp.oid = cl.relnamespace
   WHERE
@@ -343,9 +347,9 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
 
 	for rows.Next() {
 		var objName string
-		var tableSelect, tableUpdate, tableInsert, tableDelete, tableDrop, tableReferences bool
+		var tableSelect, tableUpdate, tableInsert, tableDelete, tableDrop, tableReferences, tableRule, tableTrigger bool
 
-		if err := rows.Scan(&objName, &tableSelect, &tableUpdate, &tableInsert, &tableDelete, &tableDrop, &tableReferences); err != nil {
+		if err := rows.Scan(&objName, &tableSelect, &tableUpdate, &tableInsert, &tableDelete, &tableDrop, &tableReferences, &tableRule, &tableTrigger); err != nil {
 			return err
 		}
 
@@ -372,6 +376,12 @@ func readTableGrants(db *DBConnection, d *schema.ResourceData) error {
 		if tableReferences {
 			privilegesSet.Add("references")
 		}
+		if tableRule {
+			privilegesSet.Add("rule")
+		}
+		if tableTrigger {
+			privilegesSet.Add("trigger")
+		}
 
 		if !privilegesSet.Equal(d.Get(grantPrivilegesAttr).(*schema.Set)) {
 			d.Set(grantPrivilegesAttr, privilegesSet)

redshift/resource_redshift_grant_test.go

@@ -147,7 +147,7 @@ resource "redshift_grant" "grant" {
 
   object_type = "table"
   objects = ["pg_user_info"]
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 
 resource "redshift_grant" "grant_user" {
@@ -156,7 +156,7 @@ resource "redshift_grant" "grant_user" {
 
   object_type = "table"
   objects = ["pg_user_info"]
-  privileges = ["select", "update", "insert", "delete", "drop", "references"]
+  privileges = ["select", "update", "insert", "delete", "drop", "references", "rule", "trigger"]
 }
 `, groupName, userName)
 
@@ -174,27 +174,31 @@ resource "redshift_grant" "grant_user" {
 					resource.TestCheckResourceAttr("redshift_grant.grant", "object_type", "table"),
 					resource.TestCheckResourceAttr("redshift_grant.grant", "objects.#", "1"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "objects.*", "pg_user_info"),
-					resource.TestCheckResourceAttr("redshift_grant.grant", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_grant.grant", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_grant.grant", "privileges.*", "trigger"),
 
 					resource.TestCheckResourceAttr("redshift_grant.grant_user", "id", fmt.Sprintf("un:%s_ot:table_pg_catalog_pg_user_info", userName)),
 					resource.TestCheckResourceAttr("redshift_grant.grant_user", "user", userName),
 					resource.TestCheckResourceAttr("redshift_grant.grant_user", "schema", "pg_catalog"),
 					resource.TestCheckResourceAttr("redshift_grant.grant_user", "object_type", "table"),
 					resource.TestCheckResourceAttr("redshift_grant.grant_user", "objects.#", "1"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "objects.*", "pg_user_info"),
-					resource.TestCheckResourceAttr("redshift_grant.grant_user", "privileges.#", "6"),
+					resource.TestCheckResourceAttr("redshift_grant.grant_user", "privileges.#", "8"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "select"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "update"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "insert"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "delete"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "drop"),
 					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "references"),
+					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "rule"),
+					resource.TestCheckTypeSetElemAttr("redshift_grant.grant_user", "privileges.*", "trigger"),
 				),
 			},
 		},