jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-11 22:00:21 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb405ff296801846314167ac362d005d31d9d067
opentf/website/source/docs/providers/postgresql/r/postgresql_database.html.markdown
Sean Chittenden 2ebac5226c PostgreSQL: leaked pg privs (#14817) 
* Fix doc bug. Spell `collation` like `lc_collate`.

* Whitespace nit in error message

* Use %q as the format verb for error messages in postgresql_database resource messages.

* REVOKE the `GRANT` given to the connection user when creating a database.

For `ROLE`s who have been delegated `CREATEDB` privileges and are not a
superuser, in order for them to `CREATE DATABASE` they need to be a member
of the `ROLE` who will be `OWNER` for the new database.  Once the
`CREATE DATABASE` is complete, `REVOKE` the `GRANT` that was given to role
so that the user who ran the `CREATE DATABASE` looses all privileges to the
target database (unless of course they're a superuser).

Fixes a regression introduced in #11452

* Delegated DBA ROLEs can now fix OWNER drift for PostgreSQL databases.

Uses the helper functions introduced in #11452
2017-05-31 20:03:32 +03:00

4.3 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
postgresql PostgreSQL: postgresql_database docs-postgresql-resource-postgresql_database Creates and manages a database on a PostgreSQL server.

postgresql_database

The postgresql_database resource creates and manages database objects within a PostgreSQL server instance.

Usage

resource "postgresql_database" "my_db" {
  name              = "my_db"
  owner             = "my_role"
  template          = "template0"
  lc_collate        = "C"
  connection_limit  = -1
  allow_connections = true
}

Argument Reference

  • name - (Required) The name of the database. Must be unique on the PostgreSQL server instance where it is configured.

  • owner - (Optional) The role name of the user who will own the database, or DEFAULT to use the default (namely, the user executing the command). To create a database owned by another role or to change the owner of an existing database, you must be a direct or indirect member of the specified role, or the username in the provider is a superuser.

  • tablespace_name - (Optional) The name of the tablespace that will be associated with the database, or DEFAULT to use the template database's tablespace. This tablespace will be the default tablespace used for objects created in this database.

  • connection_limit - (Optional) How many concurrent connections can be established to this database. -1 (the default) means no limit.

  • allow_connections - (Optional) If false then no one can connect to this database. The default is true, allowing connections (except as restricted by other mechanisms, such as GRANT or REVOKE CONNECT).

  • is_template - (Optional) If true, then this database can be cloned by any user with CREATEDB privileges; if false (the default), then only superusers or the owner of the database can clone it.

  • template - (Optional) The name of the template database from which to create the database, or DEFAULT to use the default template (template0). NOTE: the default in Terraform is template0, not template1. Changing this value will force the creation of a new resource as this value can only be changed when a database is created.

  • encoding - (Optional) Character set encoding to use in the database. Specify a string constant (e.g. UTF8 or SQL_ASCII), or an integer encoding number. If unset or set to an empty string the default encoding is set to UTF8. If set to DEFAULT Terraform will use the same encoding as the template database. Changing this value will force the creation of a new resource as this value can only be changed when a database is created.

  • lc_collate - (Optional) Collation order (LC_COLLATE) to use in the database. This affects the sort order applied to strings, e.g. in queries with ORDER BY, as well as the order used in indexes on text columns. If unset or set to an empty string the default collation is set to C. If set to DEFAULT Terraform will use the same collation order as the specified template database. Changing this value will force the creation of a new resource as this value can only be changed when a database is created.

  • lc_ctype - (Optional) Character classification (LC_CTYPE) to use in the database. This affects the categorization of characters, e.g. lower, upper and digit. If unset or set to an empty string the default character classification is set to C. If set to DEFAULT Terraform will use the character classification of the specified template database. Changing this value will force the creation of a new resource as this value can only be changed when a database is created.

Import Example

postgresql_database supports importing resources. Supposing the following Terraform:

provider "postgresql" {
  alias = "admindb"
}

resource "postgresql_database" "db1" {
  provider = "postgresql.admindb"

  name = "testdb1"
}

It is possible to import a postgresql_database resource with the following command:

$ terraform import postgresql_database.db1 testdb1

Where testdb1 is the name of the database to import and postgresql_database.db1 is the name of the resource whose state will be populated as a result of the command.

Reference in New Issue View Git Blame Copy Permalink