Allow GRANTs to PUBLIC

[craigmaclachlan]

I just started using the provider and ran into an issue. I tried to grant permissions on a new schema to public, but this caused an error and broke my state file. Setting the user to be "public" results in an error like this during plan:

Error: failed to get user ID: sql: no rows in result set

I think the issue is when trying to check the state, the code runs a query filtering for the username, but public is special, so it isn't listed.

terraform-provider-redshift/redshift/resource_redshift_grant.go

Line 235 in e97b39e

func readSchemaGrants(db *DBConnection, d *schema.ResourceData) error {

Would it be possible to add functionality to handle public?

[farfromunique]

I can confirm that any attempt to grant or revoke permissions on the public schema will break the statefile. Specifically, when the state is refreshed, TF properly parses and handles things until it comes to the grant for public. That returns 0 rows (because public is a special schema), and TF immediately throws an error.

I can see a few ways around this:

• Add an escape hatch to the code mentioned above, to bypass the queries if the schema name is 'public'
  • If this is used, we should also include any other schemas that have this issue
  • Documentation would need to be updated to reflect this
• Add an additional check to the code, so that it runs a query that works properly for 'public' (and any other schemas with this issue)
• Change the used query to give results no matter what schema is queried
• Add an error during parsing if a GRANT is specified for the 'public' schema
  • This would also need documentation updated
• Add a message to the documentation saying, basically, "DO NOT DO THIS!" and make it an own-risk type of thing

Personally, I'd vote for changing the query, but I don't know if there's a query that would do this.