Merge pull request #59 from bendrucker/superuser-password-unknown

`user`: handle unknown superuser passwords
brainly · Apr 19, 2022 · beadcd1 · beadcd1
2 parents 6c2781e + cd2e11b
commit beadcd1
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 1 deletion.
diff --git a/redshift/resource_redshift_user.go b/redshift/resource_redshift_user.go
@@ -57,8 +57,10 @@ Amazon Redshift user accounts can only be created and dropped by a database supe
 		},
 		CustomizeDiff: func(_ context.Context, d *schema.ResourceDiff, p interface{}) error {
 			isSuperuser := d.Get(userSuperuserAttr).(bool)
+			isPasswordKnown := d.NewValueKnown(userPasswordAttr)
+
 			password, hasPassword := d.GetOk(userPasswordAttr)
-			if isSuperuser && (!hasPassword || password.(string) == "") {
+			if isSuperuser && isPasswordKnown && (!hasPassword || password.(string) == "") {
 				return fmt.Errorf("Users that are superusers must define a password.")
 			}
 

diff --git a/redshift/resource_redshift_user_test.go b/redshift/resource_redshift_user_test.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
@@ -228,6 +229,62 @@ resource "redshift_user" "superuser" {
 	})
 }
 
+func TestAccRedshiftUser_SuperuserUnknownPassword(t *testing.T) {
+	userName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_acc_superuser"), "-", "_")
+	config := fmt.Sprintf(`
+resource "redshift_user" "superuser" {
+  name = %[1]q
+  superuser = true
+	password  = unknown_string.password.result 
+}
+
+resource "unknown_string" "password" {}
+`, userName)
+
+	// unknownProvider is a mock provider that generates computed values that are unknown at plan time
+	// It simulates the behavior of the `random_password` resource
+	unknownProvider := &schema.Provider{
+		Schema: map[string]*schema.Schema{},
+		ResourcesMap: map[string]*schema.Resource{
+			"unknown_string": {
+				Schema: map[string]*schema.Schema{
+					"result": {
+						Type:     schema.TypeString,
+						Computed: true,
+					},
+				},
+				Create: func(d *schema.ResourceData, meta interface{}) error {
+					d.SetId("test")
+					d.Set("result", "TestPassword123")
+					return nil
+				},
+				Read: func(d *schema.ResourceData, meta interface{}) error {
+					return nil
+				},
+				Delete: func(d *schema.ResourceData, meta interface{}) error {
+					return nil
+				},
+			},
+		},
+	}
+
+	providers := map[string]*schema.Provider{
+		"unknown":  unknownProvider,
+		"redshift": testAccProvider,
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    providers,
+		CheckDestroy: testAccCheckRedshiftUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+			},
+		},
+	})
+}
+
 func testAccCheckRedshiftUserDestroy(s *terraform.State) error {
 	client := testAccProvider.Meta().(*Client)