It would be highly beneficial to use the grantRoleDefaultPrivileges resource to construct queries such as:
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
Unfortunately, specifying a owner is always mandatory, which translates into a FOR ROLE part in the query. This requirement prevents the creation of more generalized default privileges queries.
Solution
Make the owner optional, similar to how the schema is handled. Below is a draft solution for this issue.
role := d.Get("role").(string)
pgOwner := d.Get("owner").(string)
pgSchema := d.Get("schema").(string)
(...)
// If an owner is specified, build the query string to include it
var forOwner string
if pgOwner != "" {
forOwner = fmt.Sprintf("FOR ROLE %s", pq.QuoteIdentifier(pgOwner))
}
// If a schema is specified, build the query string to include it
var inSchema string
if pgSchema != "" {
inSchema = fmt.Sprintf("IN SCHEMA %s", pq.QuoteIdentifier(pgSchema))
}
query := fmt.Sprintf("ALTER DEFAULT PRIVILEGES %s %s GRANT %s ON %sS TO %s",
forOwner,
inSchema,
strings.Join(privileges, ","),
strings.ToUpper(d.Get("object_type").(string)),
pq.QuoteIdentifier(role),
)
Problem
It would be highly beneficial to use the
grantRoleDefaultPrivileges
resource to construct queries such as:Unfortunately, specifying a
owner
is always mandatory, which translates into aFOR ROLE
part in the query. This requirement prevents the creation of more generalized default privileges queries.Solution
Make the
owner
optional, similar to how theschema
is handled. Below is a draft solution for this issue.Expected Solution
https://github.com/cyrilgdn/terraform-provider-postgresql/blob/f46ec221181b09b153c7fc816e75c7030a3e8ab9/postgresql/resource_postgresql_default_privileges.go#L298C2-L304C3