brainly/terraform-provider-redshift

non-unique ids in redshift_grant possible

mtesch-um opened this issue · 0 comments

mtesch-um commented

The following produces a state with two redshift_grant resources having identical id. I think makes it impossible to ever have an import for the redshift_grant resource?

Maybe it could use . or - to join the parts? (invalid name characters https://docs.aws.amazon.com/redshift/latest/dg/r_names.html)

(yeah, it's a little contrived, but imagine it were object_type = "table" instead of schema eventually someone is going to have something like that, even if it does seem like poor naming choices)

Working import for would be really helpful for the process of terraforming an existing database - to validate that the grant resource matches the existing db grants. ie terraform import redshift_grant.mygrant y.table.x

terraform {
  required_providers {
    redshift = {
      source  = "brainly/redshift"
      version = "0.5.1"
    }
  }
}

variable "redshift_host" { type = string }
variable "redshift_username" { type = string }
variable "redshift_password" {
  type      = string
  sensitive = true
}
variable "redshift_database" { type = string }

provider "redshift" {
  host            = var.redshift_host
  username        = var.redshift_username
  password        = var.redshift_password
  database        = var.redshift_database
  sslmode         = "require"
  max_connections = 0
}

resource "redshift_user" "user" {
  name      = "xuser"
}

resource "redshift_group" "y_schema" {
  name  = "y_schema"
  users = [redshift_user.user.name]
}

resource "redshift_group" "y" {
  name  = "y"
  users = [redshift_user.user.name]
}

resource "redshift_schema" "x" {
  name  = "x"
  owner = redshift_user.user.name
}

resource "redshift_schema" "schema_x" {
  name  = "schema_x"
  owner = redshift_user.user.name
}

resource "redshift_grant" "grants" {
  group       = redshift_group.y_schema.name
  schema      = redshift_schema.x.name
  object_type = "schema"
  privileges  = ["USAGE"]
  #privileges = ["SELECT", "INSERT", "UPDATE", "DELETE", "DROP", "REFERENCES"]
}

resource "redshift_grant" "grants2" {
  group       = redshift_group.y.name
  schema      = redshift_schema.schema_x.name
  object_type = "schema"
  privileges  = ["USAGE"]
  #privileges = ["SELECT", "INSERT", "UPDATE", "DELETE", "DROP", "REFERENCES"]
}