It would be highly beneficial to use the grantRoleDefaultPrivileges resource to construct queries such as:
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
Unfortunately, specifying a owner is always mandatory, which translates into a FOR ROLE part in the query. This requirement prevents the creation of more generalized default privileges queries.
Solution
Make the owner optional, similar to how the schema is handled. Below is a draft solution for this issue.
role := d.Get("role").(string)
pgOwner := d.Get("owner").(string)
pgSchema := d.Get("schema").(string)
(...)
// If an owner is specified, build the query string to include it
var forOwner string
if pgOwner != "" {
forOwner = fmt.Sprintf("FOR ROLE %s", pq.QuoteIdentifier(pgOwner))
}
// If a schema is specified, build the query string to include it
var inSchema string
if pgSchema != "" {
inSchema = fmt.Sprintf("IN SCHEMA %s", pq.QuoteIdentifier(pgSchema))
}
query := fmt.Sprintf("ALTER DEFAULT PRIVILEGES %s %s GRANT %s ON %sS TO %s",
forOwner,
inSchema,
strings.Join(privileges, ","),
strings.ToUpper(d.Get("object_type").(string)),
pq.QuoteIdentifier(role),
)
Problem
It would be highly beneficial to use the
grantRoleDefaultPrivilegesresource to construct queries such as:Unfortunately, specifying a
owneris always mandatory, which translates into aFOR ROLEpart in the query. This requirement prevents the creation of more generalized default privileges queries.Solution
Make the
owneroptional, similar to how theschemais handled. Below is a draft solution for this issue.Expected Solution
https://github.com/cyrilgdn/terraform-provider-postgresql/blob/f46ec221181b09b153c7fc816e75c7030a3e8ab9/postgresql/resource_postgresql_default_privileges.go#L298C2-L304C3