通过 Terraform 向角色授予特权和权限不起作用

Question

根据terraform doc，我创建了一个用户和角色如下：

resource "postgresql_role" "ro_role" {
  name     = "ro_role"
}

resource "postgresql_role" "ro_user" {
  name     = "ro_user"
  login    = true
  password = "some sensitive password"
}

创建成功。接下来，当尝试对角色授予权限时，例如只添加 SELECT 的只读角色，它根本不会添加任何权限。此外，当登录到 Postgres 并尝试 SELECT 查询时，它给了我一个权限被拒绝的错误。

resource "postgresql_grant" "readonly_tables" {
  database    = var.database
  role        = "ro_role"
  schema      = "public"
  object_type = "table"
  objects     = []
  privileges  = ["SELECT"]
}

授予权限的 terraform 文档： https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/postgresql_grant

Answer 1

您可能没有在 public 架构上授予自己 USAGE。根据您提供的文档，您需要定义如下资源：

resource "postgresql_grant" "readonly_tables_schema_usage_public" {
  database    = var.database
  role        = "ro_role"
  schema      = "public"
  object_type = "schema"
  objects     = ["public]
  privileges  = ["USAGE"]
}

postgresql_role.ro_user 资源也未分配 ro_role。您将需要 ro_user 实际拥有分配给 ro_role:

的权限

resource "postgresql_role" "ro_user" {
  name     = "ro_user"
  login    = true
  password = "some sensitive password",
  roles=[postgresql_role.ro_role.role]
}

通过 Terraform 向角色授予特权和权限不起作用

grant privileges and permissions to a role via terrafrom is not working

postgresql

amazon-rds

terraform

terragrunt

cicd