Skip to content

Commit

Permalink
fix(role): allow delete from database not called postgres
Browse files Browse the repository at this point in the history
  • Loading branch information
dnz-bdeboer committed Mar 2, 2024
1 parent 150ace0 commit 0dbb680
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
10 changes: 5 additions & 5 deletions src/handler.ts
Original file line number Diff line number Diff line change
Expand Up @@ -140,13 +140,14 @@ const jumpTable: JumpTable = {
return sql
}
},
Delete: (resourceId: string) => {
Delete: (resourceId: string, props: RoleProps) => {
// TODO: if user is owner of a database, assign ownership to master user?
return [
"start transaction",
format(
"DO $$BEGIN\nIF EXISTS (select from pg_catalog.pg_roles WHERE rolname = '%s') THEN revoke all privileges on database postgres from %I; END IF;\nEND$$;",
"DO $$BEGIN\nIF EXISTS (select from pg_catalog.pg_roles WHERE rolname = '%s') THEN revoke all privileges on database %I from %I; END IF;\nEND$$;",
resourceId,
props.DatabaseName,
resourceId
),
format("drop role if exists %I", resourceId),
Expand Down Expand Up @@ -242,9 +243,8 @@ export const handler = async (
break
}
case "Delete": {
const oldResourceId = (event as CloudFormationCustomResourceDeleteEvent)
.PhysicalResourceId
sql = jumpTable[resource][requestType](resourceId, oldResourceId)
console.debug("!!!!!!!!!! DELETE", event)
sql = jumpTable[resource][requestType](resourceId, event.ResourceProperties)
break
}
}
Expand Down
4 changes: 3 additions & 1 deletion test/handler.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,9 @@ test("role with existing database", async () => {

// CloudFormation will send a delete afterward as we change the
// physical id, so test that too
const remove = deleteRequest("role", oldRoleName)
const remove = deleteRequest("role", oldRoleName, {
DatabaseName: "postgres",
})
await handler(remove)
expect(await roleExists(client, oldRoleName)).toEqual(false)
} finally {
Expand Down

0 comments on commit 0dbb680

Please sign in to comment.