postgresql_schema

The postgresql_schema resource creates and manages schema objects within a PostgreSQL database.

Usage

resource "postgresql_role" "app_www" {
  name = "app_www"
}

resource "postgresql_role" "app_dba" {
  name = "app_dba"
}

resource "postgresql_role" "app_releng" {
  name = "app_releng"
}

resource "postgresql_schema" "my_schema" {
  name  = "my_schema"
  owner = "postgres"

  policy {
    usage = true
    role  = "${postgresql_role.app_www.name}"
  }

  # app_releng can create new objects in the schema.  This is the role that
  # migrations are executed as.
  policy {
    create = true
    usage  = true
    role   = "${postgresql_role.app_releng.name}"
  }

  policy {
    create_with_grant = true
    usage_with_grant  = true
    role              = "${postgresql_role.app_dba.name}"
  }
}

Argument Reference

name - (Required) The name of the schema. Must be unique in the PostgreSQL database instance where it is configured.
owner - (Optional) The ROLE who owns the schema.
if_not_exists - (Optional) When true, use the existing schema if it exists. (Default: true)
policy - (Optional) Can be specified multiple times for each policy. Each policy block supports fields documented below.

The policy block supports:

create - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA.
create_with_grant - (Optional) Should the specified ROLE have CREATE privileges to the specified SCHEMA and the ability to GRANT the CREATE privilege to other ROLEs.
role - (Optional) The ROLE who is receiving the policy. If this value is empty or not specified it implies the policy is referring to the PUBLIC role.
usage - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA.
usage_with_grant - (Optional) Should the specified ROLE have USAGE privileges to the specified SCHEMA and the ability to GRANT the USAGE privilege to other ROLEs.

NOTE on policy: The permissions of a role specified in multiple policy blocks is cumulative. For example, if the same role is specified in two different policy each with different permissions (e.g. create and usage_with_grant, respectively), then the specified role with have both create and usage_with_grant privileges.

Import Example

postgresql_schema supports importing resources. Supposing the following Terraform:

resource "postgresql_schema" "public" {
  name = "public"
}

resource "postgresql_schema" "schema_foo" {
  name  = "my_schema"
  owner = "postgres"

  policy {
    usage = true
  }
}

It is possible to import a postgresql_schema resource with the following command:

$ terraform import postgresql_schema.schema_foo my_schema

Where my_schema is the name of the schema in the PostgreSQL database and postgresql_schema.schema_foo is the name of the resource whose state will be populated as a result of the command.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/postgresql/r/postgresql_schema.html