From 563342aa76fd8c0f37e72042ca0e9e003a844cd1 Mon Sep 17 00:00:00 2001 From: winebarrel Date: Thu, 9 Apr 2020 17:40:41 +0900 Subject: [PATCH 1/2] WIP --- mysql/resource_grant.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go index 8e8e84d30..d5c162812 100644 --- a/mysql/resource_grant.go +++ b/mysql/resource_grant.go @@ -23,7 +23,7 @@ type MySQLGrant struct { func resourceGrant() *schema.Resource { return &schema.Resource{ Create: CreateGrant, - Update: nil, + Update: UpdateGrant, Read: ReadGrant, Delete: DeleteGrant, Importer: &schema.ResourceImporter{ @@ -69,7 +69,6 @@ func resourceGrant() *schema.Resource { "privileges": { Type: schema.TypeSet, Optional: true, - ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, @@ -272,6 +271,16 @@ func ReadGrant(d *schema.ResourceData, meta interface{}) error { return nil } +func UpdateGrant(d *schema.ResourceData, meta interface{}) error { + if d.HasChange("privileges") { + oldPrivs, newPrivs := d.GetChange("plaintext_password") + log.Printf("xxx old: %v\n", oldPrivs) + log.Printf("xxx new: %v\n", newPrivs) + } + + return nil +} + func DeleteGrant(d *schema.ResourceData, meta interface{}) error { db := meta.(*MySQLConfiguration).Db From 75581613b5f8a7138064028c0a4cb9f2a47797a0 Mon Sep 17 00:00:00 2001 From: winebarrel Date: Thu, 9 Apr 2020 18:34:41 +0900 Subject: [PATCH 2/2] Support mysql_grant resource update --- mysql/resource_grant.go | 71 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 68 insertions(+), 3 deletions(-) diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go index d5c162812..dc9462613 100644 --- a/mysql/resource_grant.go +++ b/mysql/resource_grant.go @@ -272,10 +272,75 @@ func ReadGrant(d *schema.ResourceData, meta interface{}) error { } func UpdateGrant(d *schema.ResourceData, meta interface{}) error { + db := meta.(*MySQLConfiguration).Db + + hasRoles, err := supportsRoles(db) + + if err != nil { + return err + } + + userOrRole, _, err := userOrRole( + d.Get("user").(string), + d.Get("host").(string), + d.Get("role").(string), + hasRoles) + + if err != nil { + return err + } + + database := d.Get("database").(string) + table := d.Get("table").(string) + if d.HasChange("privileges") { - oldPrivs, newPrivs := d.GetChange("plaintext_password") - log.Printf("xxx old: %v\n", oldPrivs) - log.Printf("xxx new: %v\n", newPrivs) + err = updatePrivileges(d, db, userOrRole, database, table) + + if err != nil { + return err + } + } + + return nil +} + +func updatePrivileges(d *schema.ResourceData, db *sql.DB, user string, database string, table string) error { + oldPrivsIf, newPrivsIf := d.GetChange("privileges") + oldPrivs := oldPrivsIf.(*schema.Set) + newPrivs := newPrivsIf.(*schema.Set) + grantIfs := newPrivs.Difference(oldPrivs).List() + revokeIfs := oldPrivs.Difference(newPrivs).List() + + if len(grantIfs) > 0 { + grants := make([]string, len(grantIfs)) + + for i, v := range grantIfs { + grants[i] = v.(string) + } + + sql := fmt.Sprintf("GRANT %s ON %s.%s TO %s", strings.Join(grants, ","), database, table, user) + + log.Printf("[DEBUG] SQL: %s", sql) + + if _, err := db.Exec(sql); err != nil { + return err + } + } + + if len(revokeIfs) > 0 { + revokes := make([]string, len(revokeIfs)) + + for i, v := range revokeIfs { + revokes[i] = v.(string) + } + + sql := fmt.Sprintf("REVOKE %s ON %s.%s FROM %s", strings.Join(revokes, ","), database, table, user) + + log.Printf("[DEBUG] SQL: %s", sql) + + if _, err := db.Exec(sql); err != nil { + return err + } } return nil