This repository was archived by the owner on Jan 17, 2025. It is now read-only.
This repository was archived by the owner on Jan 17, 2025. It is now read-only.
All ACL access will be revoked in the future #117
Description
Hi,
I found out from AWS support that all access to ACLs will be revoked from Redshift, as they consider this to be internal information and don't want users to access it directly. This will break the provider, as it relies heavily on ACLs for grants and default privileges.
I asked them for alternatives, and they exist:
svv_relation_privileges,svv_schema_privileges,svv_database_privilegesand so on for table/schema/database/etc privilegessvv_default_privilegesfor default privileges
They didn't tell me exactly when access will be revoked.
I'm not familiar with Go at all so I can't rewrite the whole thing, but I checked the readDatabaseGrants function to see what changes are required, and it seems doable with something like this:
func readDatabaseGrants(db *DBConnection, d *schema.ResourceData) error {
var identityType, identityName, query string
var databaseCreate, databaseTemp bool
_, isUser := d.GetOk(grantUserAttr)
if isUser {
identityType = "user"
identityName = d.Get(grantUserAttr).(string)
} else {
identityType = "group"
identityName = d.Get(grantGroupAttr).(string)
}
query = `
SELECT privilege_type
FROM svv_database_privileges
WHERE
database_name=$1
AND identity_type=$2
AND identity_name=$3
`
queryArgs := []interface{}{db.client.databaseName, identityType, identityName}
...
}
Everything below that line would have to be updated, since the query now returns a list of privileges for that database and identity, and that's the part I can't do.