Implement redshift_default_privileges resource

redshift/helpers.go

@@ -68,6 +68,11 @@ func getGroupIDFromName(tx *sql.Tx, group string) (groupID int, err error) {
 	return
 }
 
+func getUserIDFromName(tx *sql.Tx, user string) (userID int, err error) {
+	err = tx.QueryRow("SELECT usesysid FROM pg_user WHERE usename = $1", user).Scan(&userID)
+	return
+}
+
 func getSchemaIDFromName(tx *sql.Tx, schema string) (schemaID int, err error) {
 	err = tx.QueryRow("SELECT oid FROM pg_namespace WHERE nspname = $1", schema).Scan(&schemaID)
 	return
@@ -147,3 +152,33 @@ func splitCsvAndTrim(raw string) ([]string, error) {
 	}
 	return result, nil
 }
+
+func validatePrivileges(privileges []string, objectType string) bool {
+	for _, p := range privileges {
+		switch strings.ToUpper(objectType) {
+		case "SCHEMA":
+			switch strings.ToUpper(p) {
+			case "CREATE", "USAGE":
+				continue
+			default:
+				return false
+			}
+		case "TABLE":
+			switch strings.ToUpper(p) {
+			case "SELECT", "UPDATE", "INSERT", "DELETE", "REFERENCES":
+				continue
+			default:
+				return false
+			}
+		}
+
+	}
+
+	return true
+}
+
+func appendIfTrue(condition bool, item string, list *[]string) {
+	if condition {
+		*list = append(*list, item)
+	}
+}

redshift/helpers_test.go

@@ -0,0 +1,64 @@
+package redshift
+
+import (
+	"testing"
+)
+
+func TestValidatePrivileges(t *testing.T) {
+	tests := map[string]struct {
+		privileges []string
+		objectType string
+		expected   bool
+	}{
+		"valid list for schema": {
+			privileges: []string{"create", "usage"},
+			objectType: "schema",
+			expected:   true,
+		},
+		"invalid list for schema": {
+			privileges: []string{"foo"},
+			objectType: "schema",
+			expected:   false,
+		},
+		"extended invalid list for schema": {
+			privileges: []string{"create", "usage", "insert"},
+			objectType: "schema",
+			expected:   false,
+		},
+		"empty list for schema": {
+			privileges: []string{},
+			objectType: "schema",
+			expected:   true,
+		},
+		"valid list for table": {
+			privileges: []string{"insert", "update", "delete", "select", "references"},
+			objectType: "table",
+			expected:   true,
+		},
+		"invalid list for table": {
+			privileges: []string{"foobar"},
+			objectType: "schema",
+			expected:   false,
+		},
+		"extended invalid list for table": {
+			privileges: []string{"create", "usage", "insert"},
+			objectType: "table",
+			expected:   false,
+		},
+		"empty list for table": {
+			privileges: []string{},
+			objectType: "table",
+			expected:   true,
+		},
+	}
+
+	for name, tt := range tests {
+		t.Run(name, func(t *testing.T) {
+			result := validatePrivileges(tt.privileges, tt.objectType)
+
+			if result != tt.expected {
+				t.Errorf("Expected result to be `%t` but got `%t`", tt.expected, result)
+			}
+		})
+	}
+}

redshift/provider.go

@@ -120,6 +120,7 @@ func Provider() *schema.Provider {
 			"redshift_group":               redshiftGroup(),
 			"redshift_schema":              redshiftSchema(),
 			"redshift_privilege":           redshiftPrivilege(),
+			"redshift_default_privileges":  redshiftDefaultPrivileges(),
 			"redshift_database":            redshiftDatabase(),
 			"redshift_datashare":           redshiftDatashare(),
 			"redshift_datashare_privilege": redshiftDatasharePrivilege(),