This repository was archived by the owner on Jan 17, 2025. It is now read-only.
This repository was archived by the owner on Jan 17, 2025. It is now read-only.
Allow TRUNCATE grant for groups on table #92
Closed
Description
Goal
When I try to implement grant privilege including truncate I have the following error
Error: Invalid privileges list [select truncate update insert delete] for object of type table
on redshift_queries.tf line 82, in resource "redshift_grant" "data_group_tables":
82: resource "redshift_grant" "data_group_tables" {
If I comment the truncate privilege, everything goes fine.
Part of my code where I have the issue
# create data group
resource "redshift_group" "data_group" {
depends_on = [aws_redshift_cluster.redshift_cluster]
name = "DATA_USERS"
users = [
redshift_user.data_user.name
]
}
# Init tables if needed
resource "aws_redshiftdata_statement" "init_tables" {
depends_on = [redshift_schema.schema]
for_each = local.sql_table_list
cluster_identifier = aws_redshift_cluster.redshift_cluster.cluster_identifier
database = aws_redshift_cluster.redshift_cluster.database_name
db_user = aws_redshift_cluster.redshift_cluster.master_username
statement_name = replace(each.value.file_name, ".sql", "")
sql = file("templates/${each.value.file_name}")
}
# add grant on tables
resource "redshift_grant" "data_group_tables" {
for_each = aws_redshiftdata_statement.init_tables
group = redshift_group.data_group.name
schema = redshift_schema.schema.name
object_type = "table"
objects = [each.key]
privileges = [
"select",
"insert",
"delete",
"truncate",
"update"
]
}Part of the solution (I guess)
After searching a bit in the code, I found that the error comes from the validatePrivileges function from the helpers.go file (L169 for the case "TABLE")
There are probably other stuff to do but I don't have really the time to investigate for now.
AWS doc
Part of the doc for the truncate privilege
Thank you for your feedback
Metadata
Metadata
Assignees
Labels
No labels