Data sources for roles

[dcuenot]

Hi,

First, well done for your provider, it's very useful!
I have a feature request, do you plan to Data sources for existing roles?

Expected code could be like this:

data "postgresql_role" "my_admin" {
  name     = "my_admin"
}

And my expected behaviour is to load an existing role, and to grant new roles to it.

Thanks in advance for your feedback
Regards

Damien

[cyrilgdn]

Hi @dcuenot,

What fields would you like to have in this data?

I already had the same thought but at the end, I concluded that I only need the role name (to use in a postgresql_grant for example) and it doesn't make so much sense to load a data with a role name to read its name.
But if you need another role field it could make sense.

[dcuenot]

Hi @cyrilgdn,

Regarding the fields I need in this data, I don't have a clear answer, because I'm not an expert in Terraform.
I will explain my use-case, and maybe it will help you to understand.

In my code, I have a first step to create my Azure PostgreSQL server:

resource "azurerm_postgresql_server" "postgresql" {
  name                = "database-postgresql"
  location            = var.resource-group.location
  resource_group_name = var.resource-group.name

  administrator_login                   = "my-admin"
  administrator_login_password = "my-secret"

  sku_name   = "GP_Gen5_2"
  version    = "11"
  storage_mb = 51200
}

After this creation, I'm creating some roles in this server:

resource "postgresql_role" "admin" {
  name     = "admin"
  login    = false
}
resource "postgresql_role" "materialized_view_owner" {
  name     = "materialized_view_owner"
  login    = false
}

And what I want to do, is to add my-admin into the roles admin & materialized_view_owner.
So to do this, I think I need a data source, in order to modify the roles for my-admin user, but maybe you see another way :)

Thanks in advance for your help
Regards

[cyrilgdn]

@dcuenot

And what I want to do, is to add my-admin into the roles admin & materialized_view_owner.

If you want to GRANT my-admin TO admin, you can just write:

resource "postgresql_role" "admin" {
  name     = "admin"
  login    = false

  roles = [
    "my-admin"
  ]
}

But if you want to GRANT admin TO my-admin, it's currently not possible but will be in the next release (1.9.0) thanks to the work of @dvdliao in #4 .

You'll be able to write:

resource postgresql_grant_role "my_admin" {
  role              = "my-admin"
  grant_role        = "admin
}

[cyrilgdn]

@dcuenot FYI, v1.9.0 has just been released with the new postgresql_grant_role resource.

[dcuenot]

I just tested it, and it's working perfectly! Thanks