mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-03-12 07:01:03 -04:00
a0b70b0ec7
A number of PRs have come through which modified the vendor folder without recording the proper information. This resets everything back to the recorded version.
98 lines
2.2 KiB
Markdown
98 lines
2.2 KiB
Markdown
# `postgresql-acl`
|
|
|
|
## `acl` Library
|
|
|
|
`acl` parses
|
|
[PostgreSQL's ACL syntax](https://www.postgresql.org/docs/current/static/sql-grant.html#SQL-GRANT-NOTES)
|
|
and returns a usable structure. Library documentation is available at
|
|
[https://godoc.org/github.com/sean-/postgresql-acl](https://godoc.org/github.com/sean-/postgresql-acl).
|
|
|
|
|
|
```go
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/sean-/postgresql-acl"
|
|
)
|
|
|
|
func structToString() acl.ACL {
|
|
return acl.ACL{
|
|
Role: "foo",
|
|
GrantedBy: "bar",
|
|
Privileges: acl.Usage | acl.Create,
|
|
GrantOptions: acl.Create,
|
|
}
|
|
}
|
|
|
|
func stringToStruct() acl.Schema {
|
|
// Parse an aclitem string
|
|
aclitem, err := acl.Parse("foo=C*U/bar")
|
|
if err != nil {
|
|
panic(fmt.Sprintf("bad: %v", err))
|
|
}
|
|
|
|
// Verify that ACL permissions are appropriate for a schema type
|
|
schema, err := acl.NewSchema(aclitem)
|
|
if err != nil {
|
|
panic(fmt.Sprintf("bad: %v", err))
|
|
}
|
|
|
|
return schema
|
|
}
|
|
|
|
func main() {
|
|
fmt.Printf("ACL Struct to String: %+q\n", structToString().String())
|
|
fmt.Printf("ACL String to Struct: %#v\n", stringToStruct().String())
|
|
}
|
|
```
|
|
|
|
```text
|
|
ACL Struct to String: "foo=UC*/bar"
|
|
ACL String to Struct: "foo=UC*/bar"
|
|
```
|
|
|
|
## Supported PostgreSQL `aclitem` Types
|
|
|
|
- column permissions
|
|
- database
|
|
- domain
|
|
- foreign data wrappers
|
|
- foreign server
|
|
- function
|
|
- language
|
|
- large object
|
|
- schema
|
|
- sequences
|
|
- table
|
|
- table space
|
|
- type
|
|
|
|
## Notes
|
|
|
|
The output from `String()` should match the ordering of characters in `aclitem`.
|
|
|
|
The target of each of these ACLs (e.g. schema name, table name, etc) is not
|
|
contained within PostgreSQLs `aclitem` and it is expected this value is managed
|
|
elsewhere in your object model.
|
|
|
|
Arrays of `aclitem` are supposed to be iterated over by the caller. For
|
|
example:
|
|
|
|
```go
|
|
const schema = "public"
|
|
var name, owner string
|
|
var acls []string
|
|
err := conn.QueryRow("SELECT n.nspname, pg_catalog.pg_get_userbyid(n.nspowner), COALESCE(n.nspacl, '{}'::aclitem[])::TEXT[] FROM pg_catalog.pg_namespace n WHERE n.nspname = $1", schema).Scan(&name, &owner, pq.Array(&acls))
|
|
if err == nil {
|
|
for _, acl := range acls {
|
|
acl, err = pgacl.NewSchema(acl)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// ...
|
|
}
|
|
}
|
|
```
|