diff --git a/cmd/plan/plan.go b/cmd/plan/plan.go index 81b74f69..b2623fdb 100644 --- a/cmd/plan/plan.go +++ b/cmd/plan/plan.go @@ -209,11 +209,19 @@ func CreateDesiredStateProvider(config *PlanConfig) (postgres.DesiredStateProvid // CreateEmbeddedPostgresForPlan creates a temporary embedded PostgreSQL instance // for validating the desired state schema. The instance should be stopped by the caller. func CreateEmbeddedPostgresForPlan(config *PlanConfig, pgVersion postgres.PostgresVersion) (*postgres.EmbeddedPostgres, error) { - // Start embedded PostgreSQL with matching version + if config.User == "" { + return nil, fmt.Errorf("target database user must not be empty when creating embedded postgres") + } + + // Start embedded PostgreSQL with matching version. + // Use the target database username so that role references match between + // the desired state (embedded) and current state (target database). + // This ensures ALTER DEFAULT PRIVILEGES FOR ROLE works correctly + // and that implicit owner roles match the target database. (issue #303) embeddedConfig := &postgres.EmbeddedPostgresConfig{ Version: pgVersion, Database: "pgschema_temp", - Username: "pgschema", + Username: config.User, Password: "pgschema", } embeddedPG, err := postgres.StartEmbeddedPostgres(embeddedConfig) diff --git a/testdata/diff/default_privilege/issue_303_for_role/diff.sql b/testdata/diff/default_privilege/issue_303_for_role/diff.sql new file mode 100644 index 00000000..cbdf338b --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/diff.sql @@ -0,0 +1 @@ +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO demouser; diff --git a/testdata/diff/default_privilege/issue_303_for_role/new.sql b/testdata/diff/default_privilege/issue_303_for_role/new.sql new file mode 100644 index 00000000..2b475a8e --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/new.sql @@ -0,0 +1,10 @@ +-- Create roles for testing +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'demouser') THEN + CREATE ROLE demouser; + END IF; +END $$; + +-- Grant default privileges with explicit FOR ROLE (issue #303) +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO demouser; diff --git a/testdata/diff/default_privilege/issue_303_for_role/old.sql b/testdata/diff/default_privilege/issue_303_for_role/old.sql new file mode 100644 index 00000000..510ca931 --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/old.sql @@ -0,0 +1,9 @@ +-- Create roles for testing +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'demouser') THEN + CREATE ROLE demouser; + END IF; +END $$; + +-- No default privileges configured diff --git a/testdata/diff/default_privilege/issue_303_for_role/plan.json b/testdata/diff/default_privilege/issue_303_for_role/plan.json new file mode 100644 index 00000000..e4adfddc --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/plan.json @@ -0,0 +1,20 @@ +{ + "version": "1.0.0", + "pgschema_version": "1.7.3", + "created_at": "1970-01-01T00:00:00Z", + "source_fingerprint": { + "hash": "965b1131737c955e24c7f827c55bd78e4cb49a75adfd04229e0ba297376f5085" + }, + "groups": [ + { + "steps": [ + { + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO demouser;", + "type": "default_privilege", + "operation": "create", + "path": "default_privileges.testuser.TABLES.demouser" + } + ] + } + ] +} diff --git a/testdata/diff/default_privilege/issue_303_for_role/plan.sql b/testdata/diff/default_privilege/issue_303_for_role/plan.sql new file mode 100644 index 00000000..cbdf338b --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/plan.sql @@ -0,0 +1 @@ +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO demouser; diff --git a/testdata/diff/default_privilege/issue_303_for_role/plan.txt b/testdata/diff/default_privilege/issue_303_for_role/plan.txt new file mode 100644 index 00000000..d9bf7a20 --- /dev/null +++ b/testdata/diff/default_privilege/issue_303_for_role/plan.txt @@ -0,0 +1,12 @@ +Plan: 1 to add. + +Summary by type: + default privileges: 1 to add + +Default privileges: + + demouser + +DDL to be executed: +-------------------------------------------------- + +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO demouser;