diff --git a/database-grants/terraform/dev/main.tf b/database-grants/terraform/dev/main.tf index 5693688f..fc76c102 100644 --- a/database-grants/terraform/dev/main.tf +++ b/database-grants/terraform/dev/main.tf @@ -54,6 +54,13 @@ module "field_data_schema" { } } +module "query_schema" { + source = "./schemas/query" + providers = { + postgresql = postgresql.treetracker + } +} + module "reporting_schema" { source = "./schemas/reporting" providers = { diff --git a/database-grants/terraform/dev/schemas/query b/database-grants/terraform/dev/schemas/query new file mode 120000 index 00000000..f086f035 --- /dev/null +++ b/database-grants/terraform/dev/schemas/query @@ -0,0 +1 @@ +../../prod/schemas/query/ \ No newline at end of file diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf index c24830ea..0730f7ba 100644 --- a/database-grants/terraform/prod/main.tf +++ b/database-grants/terraform/prod/main.tf @@ -56,6 +56,13 @@ module "messaging_schema" { } } +module "query_schema" { + source = "./schemas/query" + providers = { + postgresql = postgresql.treetracker + } +} + module "stakeholder_schema" { source = "./schemas/stakeholder" providers = { diff --git a/database-grants/terraform/prod/schemas/query/main.tf b/database-grants/terraform/prod/schemas/query/main.tf new file mode 100644 index 00000000..a471deeb --- /dev/null +++ b/database-grants/terraform/prod/schemas/query/main.tf @@ -0,0 +1,77 @@ + +module "microservice_schema" { + source = "./../../modules/microservice_schema" + schema = "query" +} + +resource "postgresql_grant" "query_messaging_schema" { + database = "treetracker" + role = "s_query" + schema = "messaging" + object_type = "schema" + privileges = ["USAGE"] +} + +resource "postgresql_grant" "query_messaging_tables" { + database = "treetracker" + role = "s_query" + schema = "messaging" + object_type = "table" + privileges = ["SELECT"] +} + +resource "postgresql_grant" "query_treetracker_schema" { + database = "treetracker" + role = "s_query" + schema = "treetracker" + object_type = "schema" + privileges = ["USAGE"] +} + +resource "postgresql_grant" "query_treetracker_tables" { + database = "treetracker" + role = "s_query" + schema = "treetracker" + object_type = "table" + privileges = ["SELECT"] +} + +resource "postgresql_grant" "query_stakeholder_schema" { + database = "treetracker" + role = "s_query" + schema = "stakeholder" + object_type = "schema" + privileges = ["USAGE"] +} + +resource "postgresql_grant" "query_stakeholder_tables" { + database = "treetracker" + role = "s_query" + schema = "stakeholder" + object_type = "table" + privileges = ["SELECT"] +} + +resource "postgresql_grant" "query_regions_schema" { + database = "treetracker" + role = "s_query" + schema = "regions" + object_type = "schema" + privileges = ["USAGE"] +} + +resource "postgresql_grant" "query_regions_tables" { + database = "treetracker" + role = "s_query" + schema = "regions" + object_type = "table" + privileges = ["SELECT"] +} + +resource "postgresql_grant" "query_public_schema" { + database = "treetracker" + role = "s_query" + schema = "public" + object_type = "schema" + privileges = ["USAGE"] +} diff --git a/database-grants/terraform/prod/schemas/query/provider.tf b/database-grants/terraform/prod/schemas/query/provider.tf new file mode 100644 index 00000000..7c80654f --- /dev/null +++ b/database-grants/terraform/prod/schemas/query/provider.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + postgresql = { + source = "cyrilgdn/postgresql" + version = "1.11.0" + } + } +} diff --git a/database-grants/terraform/test/extra/main.tf b/database-grants/terraform/test/extra/main.tf new file mode 100644 index 00000000..e69de29b diff --git a/database-grants/terraform/test/extra/provider.tf b/database-grants/terraform/test/extra/provider.tf new file mode 100644 index 00000000..7c80654f --- /dev/null +++ b/database-grants/terraform/test/extra/provider.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + postgresql = { + source = "cyrilgdn/postgresql" + version = "1.11.0" + } + } +}