diff --git a/docs/data-sources/group.md b/docs/data-sources/group.md new file mode 100644 index 00000000..54fd6e0c --- /dev/null +++ b/docs/data-sources/group.md @@ -0,0 +1,36 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "redshift_group Data Source - terraform-provider-redshift" +subcategory: "" +description: |- + Groups are collections of users who are all granted whatever privileges are associated with the group. You can use groups to assign privileges by role. For example, you can create different groups for sales, administration, and support and give the users in each group the appropriate access to the data they require for their work. You can grant or revoke privileges at the group level, and those changes will apply to all members of the group, except for superusers. +--- + +# redshift_group (Data Source) + +Groups are collections of users who are all granted whatever privileges are associated with the group. You can use groups to assign privileges by role. For example, you can create different groups for sales, administration, and support and give the users in each group the appropriate access to the data they require for their work. You can grant or revoke privileges at the group level, and those changes will apply to all members of the group, except for superusers. + +## Example Usage + +```terraform +data "redshift_group" "staff" { + name = "group_users" +} +``` + + +## Schema + +### Required + +- **name** (String) Name of the user group. Group names beginning with two underscores are reserved for Amazon Redshift internal use. + +### Optional + +- **id** (String) The ID of this resource. + +### Read-Only + +- **users** (Set of String) List of the user names who belong to the group + + diff --git a/examples/data-sources/redshift_group/data-source.tf b/examples/data-sources/redshift_group/data-source.tf new file mode 100644 index 00000000..90262c73 --- /dev/null +++ b/examples/data-sources/redshift_group/data-source.tf @@ -0,0 +1,3 @@ +data "redshift_group" "staff" { + name = "group_users" +} diff --git a/redshift/data_source_redshift_group.go b/redshift/data_source_redshift_group.go new file mode 100644 index 00000000..a985bde8 --- /dev/null +++ b/redshift/data_source_redshift_group.go @@ -0,0 +1,54 @@ +package redshift + +import ( + "regexp" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/lib/pq" +) + +func dataSourceRedshiftGroup() *schema.Resource { + return &schema.Resource{ + Description: ` +Groups are collections of users who are all granted whatever privileges are associated with the group. You can use groups to assign privileges by role. For example, you can create different groups for sales, administration, and support and give the users in each group the appropriate access to the data they require for their work. You can grant or revoke privileges at the group level, and those changes will apply to all members of the group, except for superusers. + `, + Read: RedshiftResourceFunc(dataSourceRedshiftGroupRead), + Schema: map[string]*schema.Schema{ + groupNameAttr: { + Type: schema.TypeString, + Required: true, + Description: "Name of the user group. Group names beginning with two underscores are reserved for Amazon Redshift internal use.", + ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^__.*"), "Group names beginning with two underscores are reserved for Amazon Redshift internal use"), + StateFunc: func(val interface{}) string { + return strings.ToLower(val.(string)) + }, + }, + groupUsersAttr: { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Description: "List of the user names who belong to the group", + }, + }, + } +} + +func dataSourceRedshiftGroupRead(db *DBConnection, d *schema.ResourceData) error { + var ( + groupId string + groupUsers []string + ) + + sql := `SELECT ARRAY(SELECT u.usename FROM pg_user_info u, pg_group g WHERE g.groname = $1 AND u.usesysid = ANY(g.grolist)) AS members, grosysid FROM pg_group WHERE groname = $1` + if err := db.QueryRow(sql, d.Get(groupNameAttr).(string)).Scan(pq.Array(&groupUsers), &groupId); err != nil { + return err + } + + d.SetId(groupId) + d.Set(groupUsersAttr, groupUsers) + return nil +} diff --git a/redshift/data_source_redshift_group_test.go b/redshift/data_source_redshift_group_test.go new file mode 100644 index 00000000..123df70f --- /dev/null +++ b/redshift/data_source_redshift_group_test.go @@ -0,0 +1,46 @@ +package redshift + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceRedshiftGroup_basic(t *testing.T) { + groupName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_acc_data_basic"), "-", "_") + userName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_acc_data_basic"), "-", "_") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckRedshiftGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceRedshiftGroupConfig_basic(groupName, userName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("data.redshift_group.group", groupNameAttr, groupName), + resource.TestCheckResourceAttr("data.redshift_group.group", fmt.Sprintf("%s.#", groupUsersAttr), "1"), + resource.TestCheckTypeSetElemAttr("data.redshift_group.group", fmt.Sprintf("%s.*", groupUsersAttr), userName), + ), + }, + }, + }) +} + +func testAccDataSourceRedshiftGroupConfig_basic(groupName string, userName string) string { + return fmt.Sprintf(` +resource "redshift_user" "user" { + %[1]s = %[2]q +} +resource "redshift_group" "group" { + %[3]s = %[4]q + %[5]s = [ redshift_user.user.%[1]s ] +} + +data "redshift_group" "group" { + %[3]s = redshift_group.group.%[3]s +} +`, userNameAttr, userName, groupNameAttr, groupName, groupUsersAttr) +} diff --git a/redshift/provider.go b/redshift/provider.go index a7e05062..853105e6 100644 --- a/redshift/provider.go +++ b/redshift/provider.go @@ -69,8 +69,10 @@ func Provider() *schema.Provider { "redshift_schema": redshiftSchema(), "redshift_privilege": redshiftPrivilege(), }, - DataSourcesMap: map[string]*schema.Resource{}, - ConfigureFunc: providerConfigure, + DataSourcesMap: map[string]*schema.Resource{ + "redshift_group": dataSourceRedshiftGroup(), + }, + ConfigureFunc: providerConfigure, } }